Remove unused test bits

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2025-09-01 15:08:33 +00:00 · 2017-03-13 12:06:24 +00:00
parent b6c5cdec05
commit 5c1662b1c1
10 changed files with 0 additions and 223 deletions
--- a/tools/check-config/Dockerfile
+++ b/tools/check-config/Dockerfile
@@ -1,4 +0,0 @@
-FROM alpine:3.5
-RUN apk update && apk upgrade && apk add --no-cache bash
-ADD https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh /usr/bin/check-config.sh
-ENTRYPOINT ["/bin/bash", "/usr/bin/check-config.sh"]
--- a/tools/check-config/Makefile
+++ b/tools/check-config/Makefile
@@ -1,29 +0,0 @@
-.PHONY: tag push
-
-BASE=alpine:3.5
-IMAGE=check-config
-
-default: push
-
-hash:
-	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
-	tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build -
-	docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat /usr/bin/check-config.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
-
-push: hash
-	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
-		(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
-		 docker push mobylinux/$(IMAGE):$(shell cat hash))
-	docker rmi $(IMAGE):build
-	rm -f hash
-
-tag: hash
-	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
-		docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
-	docker rmi $(IMAGE):build
-	rm -f hash
-
-clean:
-	rm -f hash
-
-.DELETE_ON_ERROR:
--- a/tools/check-kernel-config/Dockerfile
+++ b/tools/check-kernel-config/Dockerfile
@@ -1,3 +0,0 @@
-FROM alpine:3.5
-ADD check-kernel-config.sh /usr/bin/check-kernel-config.sh
-ENTRYPOINT ["/bin/sh", "/usr/bin/check-kernel-config.sh"]
--- a/tools/check-kernel-config/Makefile
+++ b/tools/check-kernel-config/Makefile
@@ -1,29 +0,0 @@
-.PHONY: tag push
-
-BASE=alpine:3.5
-IMAGE=check-kernel-config
-
-default: push
-
-hash: Dockerfile check-kernel-config.sh
-	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
-	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
-	docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat /usr/bin/check-kernel-config.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
-
-push: hash
-	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
-		(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
-		 docker push mobylinux/$(IMAGE):$(shell cat hash))
-	docker rmi $(IMAGE):build
-	rm -f hash
-
-tag: hash
-	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
-		docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
-	docker rmi $(IMAGE):build
-	rm -f hash
-
-clean:
-	rm -f hash
-
-.DELETE_ON_ERROR:
--- a/tools/check-kernel-config/check-kernel-config.sh
+++ b/tools/check-kernel-config/check-kernel-config.sh
@@ -1,70 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "starting kernel config sanity test with /proc/config.gz"
-
-# decompress /proc/config.gz from the Moby host
-zcat /proc/config.gz > unzipped_config
-
-kernelVersion="$(uname -r)"
-kernelMajor="${kernelVersion%%.*}"
-kernelMinor="${kernelVersion#$kernelMajor.}"
-kernelMinor="${kernelMinor%%.*}"
-
-# Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
-# Positive cases
-cat unzipped_config | grep CONFIG_BUG=y
-cat unzipped_config | grep CONFIG_DEBUG_KERNEL=y
-cat unzipped_config | grep CONFIG_DEBUG_RODATA=y
-cat unzipped_config | grep CONFIG_CC_STACKPROTECTOR=y
-cat unzipped_config | grep CONFIG_CC_STACKPROTECTOR_STRONG=y
-cat unzipped_config | grep CONFIG_STRICT_DEVMEM=y
-cat unzipped_config | grep CONFIG_SYN_COOKIES=y
-cat unzipped_config | grep CONFIG_DEBUG_CREDENTIALS=y
-cat unzipped_config | grep CONFIG_DEBUG_NOTIFIERS=y
-cat unzipped_config | grep CONFIG_DEBUG_LIST=y
-cat unzipped_config | grep CONFIG_SECCOMP=y
-cat unzipped_config | grep CONFIG_SECCOMP_FILTER=y
-cat unzipped_config | grep CONFIG_SECURITY=y
-cat unzipped_config | grep CONFIG_SECURITY_YAMA=y
-cat unzipped_config | grep CONFIG_PANIC_ON_OOPS=y
-cat unzipped_config | grep CONFIG_DEBUG_SET_MODULE_RONX=y
-cat unzipped_config | grep CONFIG_SYN_COOKIES=y
-cat unzipped_config | grep CONFIG_LEGACY_VSYSCALL_NONE=y
-cat unzipped_config | grep CONFIG_RANDOMIZE_BASE=y
-
-# Conditional on kernel version
-if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then
-  cat unzipped_config | grep CONFIG_IO_STRICT_DEVMEM=y
-  cat unzipped_config | grep CONFIG_UBSAN=y
-fi
-if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then
-  cat unzipped_config | grep CONFIG_SLAB_FREELIST_RANDOM=y
-fi
-if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then
-  cat unzipped_config | grep CONFIG_HARDENED_USERCOPY=y
-  cat unzipped_config | grep CONFIG_RANDOMIZE_MEMORY=y
-fi
-
-# poisoning cannot be enabled in 4.4
-if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 9 ]; then
-  cat unzipped_config | grep CONFIG_PAGE_POISONING=y
-  cat unzipped_config | grep CONFIG_PAGE_POISONING_NO_SANITY=y
-  cat unzipped_config | grep CONFIG_PAGE_POISONING_ZERO=y
-fi
-
-if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 10 ]; then
-  cat unzipped_config | grep CONFIG_BUG_ON_DATA_CORRUPTION=y
-fi
-
-# Negative cases
-cat unzipped_config | grep 'CONFIG_ACPI_CUSTOM_METHOD is not set'
-cat unzipped_config | grep 'CONFIG_COMPAT_BRK is not set'
-cat unzipped_config | grep 'CONFIG_DEVKMEM is not set'
-cat unzipped_config | grep 'CONFIG_COMPAT_VDSO is not set'
-cat unzipped_config | grep 'CONFIG_KEXEC is not set'
-cat unzipped_config | grep 'CONFIG_HIBERNATION is not set'
-cat unzipped_config | grep 'CONFIG_LEGACY_PTYS is not set'
-cat unzipped_config | grep 'CONFIG_X86_X32 is not set'
-cat unzipped_config | grep 'CONFIG_MODIFY_LDT_SYSCALL is not set'