1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
if [ ! -e /dev/urandom ]; then
echo "There is no /dev/urandom."
exit 1
fi
kodev create myapp
cd myapp || exit 1
kodev info
timeout --preserve-status -k 60s -s SIGQUIT 60s kodev run &
sleep 5
# Find the parent and child processes
PARENT_PID=$(pgrep -o kore)
CHILD_PIDS=$(pgrep -P "$PARENT_PID")
# Assume everything is OK initially
ALL_OK=true
# If no child processes are found, print a message and exit
if [ -z "$CHILD_PIDS" ]; then
echo "No kore child processes found."
exit
fi
# Check each child process
for PID_CHILD in $CHILD_PIDS; do
# Get the Seccomp status code (the number only)
STATUS_CODE=$(grep '^Seccomp:' "/proc/$PID_CHILD/status" | awk '{print $2}')
if [ "$STATUS_CODE" -ne 2 ]; then
echo "[X] Warning! Process PID: $PID_CHILD has Seccomp status $STATUS_CODE (not 2)"
ALL_OK=false
fi
done
# Print the final conclusion based on the check
if [ "$ALL_OK" = true ]; then
echo "[OK] All child processes have Seccomp status 2. The security sandbox is enabled correctly."
else
echo "[ERROR] Please note: Not all child processes are in Seccomp mode 2."
exit 1
fi
# A concise and robust loop to wait for a service to be ready.
for _ in {1..10}; do
# Use --spider: doesn't download the page, just checks if it's there.
# It's more efficient for a health check. Output is silenced.
if wget --spider -q -T 5 --tries=1 --no-check-certificate https://127.0.0.1:8888 2>/dev/null; then
# If wget succeeds, break the loop.
break
fi
# If it fails, wait a second before the next attempt.
sleep 1
done
# After the loop, check one last time. If it still fails, the service is truly down.
# This check ensures that the loop didn't just end on its 10th (failed) attempt.
if ! wget --spider -q -T 5 --tries=1 --no-check-certificate https://127.0.0.1:8888 2>/dev/null; then
echo "ERROR: Service at https://127.0.0.1:8888 not ready after 10 attempts." >&2
exit 1
else
echo "[OK] Service is ready at https://127.0.0.1:8888"
fi
cd ..
rm -fr myapp
kill -SIGQUIT "$PARENT_PID"
# Wait for the kore process to actually terminate
for _ in {1..10}; do
if ! pgrep -P "$PARENT_PID" > /dev/null; then
break
fi
sleep 1
done
|
