Got one of the tests working... hoping I can get the last bit of chal…

…lenge 8 tests fixed before the dry run tomorrow.

linux/instructions/challenge_7.md

@@ -10,6 +10,10 @@ main. See if you can figure out how to get it up and running.
 
 The name of the app is carrot-cruncher. The last dev got the repo cloned somewhere, 
 but they never said where... hopefully you'll able to find it. When you do, supposedly
-there was a new branch pushed to the remote repo, so you'll need to figure out how to
-authenticate to that repo, clone the remote branches down, then you'll be off to 
-the races... Goodluck!
+there was a new working branch pushed to the remote repo, so you'll need to figure out how to
+authenticate to that repo.
+
+There was a note in confluence about a process that picks up keys in the local git server.
+Supposedly all you had to do was copy some file to the 'ssh-keys/' directory near all the
+repos and git takes it from there? So I gues try that? Then clone the remote branches down, 
+then you'll be off to the races... Goodluck!

linux/instructions/challenge_8.md

@@ -1,4 +1,4 @@
-Challenge 7: Git branch management
+Challenge 8: Git branch management
 ==============================
 
 Great, now that you've got it cloned down, you'll need to figure out which

linux/instructions/challenge_9.md

@@ -0,0 +1,4 @@
+Challenge 9: Git secret removal
+==============================
+
+placeholder file

linux/scripts/init.sh

@@ -128,7 +128,7 @@ cp "${wsroot}"/instructions/challenge_{0,1}.md /home/appuser/
 
 
 ### Setup a local git server and clone to repo
-if ! (cd /srv/git/repositories/carrot-cruncher && git show-ref --verify --quiet "refs/heads/release/bunnies_v1") ; then
+if ! (cd /srv/git/repositories/carrot-cruncher.git && git show-ref --verify --quiet "refs/heads/release/bunnies_v1" && -f /home/git/git-shell-commands/no-interactive-login) ; then
   sudo chmod +x /tmp/scripts/setup-git.sh
   # if /tmp/scripts/setup-git.sh > /tmp/setup-git.log 2>&1; then
   if /tmp/scripts/setup-git.sh; then

linux/scripts/linux-workshop-admin.sh

@@ -139,28 +139,36 @@ _check-webapp-reachable() {
 }
 
 _check-ssh-setup() {
-  if su - appuser -c "cd /tmp/ && git clone git@localhost:/srv/git/repositories/carrot-cruncher.git"; then
-    rm -rf /tmp/carrot-cruncher
+  local test_dir=${wsroot}/git-checks
+  local git_home="/srv/git"
+  local repo_dir="${git_home}/repositories/carrot-cruncher.git"
+  cat ${git_home}/ssh-keys/id_rsa.pub >> /home/git/.ssh/authorized_keys && rm -f ${git_home}/ssh-keys/id_rsa.pub || echo "No key to copy"
+  [[ -d ${test_dir} ]] || mkdir -m 777 ${test_dir}
+  [[ ! -d ${test_dir}/carrot-cruncher ]] || rm -rf /${test_dir}/*
+  if su - appuser -c "git clone 'git@localhost:${repo_dir}' ${test_dir}/carrot-cruncher"; then
+    rm -rf /${test_dir}/*
     _score-for-challenge 7
   else
     log-error "SSH Keys not setup successfully"
   fi
 }
 
 _check-git-branch-merged-correct() {
-  local test_dir=${wsroot}/git-check
+  local test_dir=${wsroot}/git-checks
   local repo_dir="/srv/git/repositories/carrot-cruncher.git"
-  if [ "$(git rev-parse master)" = "$(git rev-parse release/bunnies_v1)" ] then
-    log-info "commits match"
-  else
-    log-error "commits don't match"
-  fi
+  # pushd "${repo_dir}" > /dev/null
+  # git config --global --add safe.directory ${repo_dir}
+  # if [ "$(git rev-parse main)" = "$(git rev-parse release/bunnies_v1)" ]; then
+  #   log-info "commits match"
+  # else
+  #   log-error "commits don't match"
+  # fi
   pushd "${test_dir}" > /dev/null
   # Clone if the directory is empty
   if [ ! "$(ls -A ${test_dir})" ]; then
-      su - git -c "GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=accept-new' git clone 'git@localhost:${repo_dir}' ${test_dir}"
+      su - appuser -c "git clone 'git@localhost:${repo_dir}' ${test_dir}"
   fi
-  su - git -c "git fetch; git checkout main; git pull origin main"
+  su - appuser -c "cd ${test_dir}; git fetch; git checkout main; git pull origin main"
   if grep -q carrot main.go; then
     _score-for-challenge 8
   else
@@ -169,6 +177,18 @@ _check-git-branch-merged-correct() {
   popd > /dev/null
 }
 
+_check-secret-removed() {
+  SECRET_PATTERN="SSN: 1234-BUNNY"
+
+  # Check each commit for the secret pattern
+  for commit in $(git rev-list --all); do
+      if git show "$commit":banking.txt | grep -q "$SECRET_PATTERN"; then
+          echo "Secret found in commit $commit"
+          # Additional actions can be taken here, like breaking the loop or logging details
+      fi
+  done
+}
+
 ###
 # Main wrapper def & callable for scorables
 ###
@@ -179,6 +199,7 @@ main() {
   _check-systemd-service-running
   _check-debfile-service-running
   _check-webapp-reachable
+  _check-ssh-setup
   _check-git-branch-merged-correct
 }
 

linux/scripts/setup-git.sh

@@ -1,6 +1,4 @@
 #!/usr/bin/env bash
-set -euxo pipefail
-
 GIT_USER=${GIT_USER:-git}
 APP_USER=${APP_USER:-appuser}
 GIT_HOME=${GIT_HOME:-/srv/git}
@@ -67,7 +65,8 @@ function _init_git_repo() {
   log-info "Initializing remote carrot cruncher"
   rm -rf "${REPO_DIR}"
   mkdir -p "${REPO_DIR}"
-  chown -R "${GIT_USER}:${GIT_USER}" "${REPO_DIR}"
+  mkdir "${GIT_HOME}/ssh-keys"
+  chown -R "${GIT_USER}:${GIT_USER}" "${GIT_HOME}"
   pushd "${REPO_DIR}" >/dev/null
   su - ${GIT_USER} -c "git config --global init.defaultBranch ${DEFAULT_BRANCH}"
   su - ${GIT_USER} -c "git config --global user.email 'bugs@bigbadbunnies.com'"
@@ -118,7 +117,7 @@ function _create_release_branch() {
 
 function _polish_off() {
   chsh --shell "$(command -v git-shell)" "${GIT_USER}" # switch Git User to git-shell
-  [[ ! -d /home/git/git-shell-commands ]] || mkdir -m 777 /home/git/git-shell-commands
+  [[ -d /home/git/git-shell-commands ]] || mkdir -m 777 /home/git/git-shell-commands
   cat >/home/git/git-shell-commands/no-interactive-login <<\EOF
 #!/bin/sh
 printf '%s\n' "Hi! You've successfully authenticated, but we do not"

linux/scripts/test.bats

@@ -151,18 +151,15 @@ _solve-challenge-7() {
   local ssh_dir="/home/appuser/.ssh"
   local public_key_file="${ssh_dir}/id_rsa.pub"
   local private_key_file="${ssh_dir}/id_rsa"
-  local authorized_keys_file="/home/git/.ssh/authorized_keys"  
   local known_hosts_file="${ssh_dir}/known_hosts"
   local user="appuser"
 
-  if [[ -d "${ssh_dir}" ]]; then
-    rm -rf "${ssh_dir}"
-  fi
+  [[ -d "${ssh_dir}" ]] && rm -rf "${ssh_dir}"
   mkdir -p "${ssh_dir}"
   chown "${user}:${user}" "${ssh_dir}"
   chmod 700 "${ssh_dir}"
   su - "${user}" -c "ssh-keygen -t rsa -f ${private_key_file} -q -N ''"
-  cat "${public_key_file}" >>"${authorized_keys_file}"
+  cp "${public_key_file}" "/srv/git/ssh-keys"
   su - "${user}" -c "ssh-keyscan -H localhost >> ${known_hosts_file}"
 }
 
@@ -179,27 +176,27 @@ _solve-challenge-8() {
 
 ################################################################################
 
-# @test "init steps succeeded" {
-#   [[ -f "/home/appuser/challenge_0.md" ]]
-#   [[ -f "/home/appuser/challenge_1.md" ]]
-# }
+@test "init steps succeeded" {
+  [[ -f "/home/appuser/challenge_0.md" ]]
+  [[ -f "/home/appuser/challenge_1.md" ]]
+}
 
-# @test "challenge 1" {
-#   # Fails before solution
-#   [[ ! -f /opt/app/app ]]
-#   [[ ! -x /opt/app/app ]]
+@test "challenge 1" {
+  # Fails before solution
+  [[ ! -f /opt/app/app ]]
+  [[ ! -x /opt/app/app ]]
 
-#   # Passes after solution
-#   _solve-challenge-1
-#   local score="$(_get-score)"
-#   sleep 1
-#   printf 'DEBUG: Score from challenge 1: %s\n' "${score}"
-#   [[ "${score}" -ge 100 ]]
-#   [[ -f "/home/appuser/challenge_2.md" ]] # next instruction gets put in homedir
-# }
+  # Passes after solution
+  _solve-challenge-1
+  local score="$(_get-score)"
+  sleep 1
+  printf 'DEBUG: Score from challenge 1: %s\n' "${score}"
+  [[ "${score}" -ge 100 ]]
+  [[ -f "/home/appuser/challenge_2.md" ]] # next instruction gets put in homedir
+}
 
-# # This test also end ups implicitly tests two challenges' scores at once, which is
-# # good
+# This test also end ups implicitly tests two challenges' scores at once, which is
+# good
 # @test "challenge 2" {
 #   # Fails before solution
 #   [[ ! -f "/home/appuser/challenge_3.md" ]]
@@ -267,31 +264,40 @@ _solve-challenge-8() {
 # }
 
 @test "challenge 7" {
+  # Fails before solution
+  [[ ! -f "/home/appuser/challenge_8.md" ]]
+
+  # Passes after solution
   _solve-challenge-7
-  chmod 777 /opt/git/carrot-cruncher
+  sleep 10
   su - "appuser" -c "pushd /opt/git/carrot-cruncher >/dev/null; git config --global --add safe.directory /opt/git/carrot-cruncher; git fetch"
+  echo "running this"
   [[ -f "/home/appuser/challenge_8.md" ]]
 }
 
 @test "challenge 8" {
+  # Fails before solution
+  [[ ! -f "/home/appuser/challenge_9.md" ]]
+
+  # Passes after solution
   local git_dir=/srv/git/repositories/carrot-cruncher.git
   _solve-challenge-8
   pushd "${git_dir}" >/dev/null
   git config --global --add safe.directory /srv/git/repositories/carrot-cruncher.git
-  if [ "$(git rev-parse master)" = "$(git rev-parse release/bunnies_v1)" ] ; then
+  if [ "$(git rev-parse main)" = "$(git rev-parse release/bunnies_v1)" ] ; then
     return 1
   fi
   popd >/dev/null
-  # [[ -f "/home/appuser/challenge_9.md" ]]
+  [[ -f "/home/appuser/challenge_9.md" ]]
 }
 
-@test "simulate score accumulation" {
-  _solve-challenge-1
-  # each of these assignments does NOT increment the score var, but assigning it
-  # suppresses the useless output from the first call anyway
-  score="$(_get-score)"
-  score="$(_get-score)"
-  score="$(_get-score)"
-  printf 'DEBUG: Score after accumulation: %s\n' "${score}"
-  [[ "${score}" -ge 300 ]]
-}
+# @test "simulate score accumulation" {
+#   _solve-challenge-1
+#   # each of these assignments does NOT increment the score var, but assigning it
+#   # suppresses the useless output from the first call anyway
+#   score="$(_get-score)"
+#   score="$(_get-score)"
+#   score="$(_get-score)"
+#   printf 'DEBUG: Score after accumulation: %s\n' "${score}"
+#   [[ "${score}" -ge 300 ]]
+# }