diff --git a/README.md b/README.md index ce87da5..08b7919 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,69 @@ Some checks can be disabled in the `/etc/evocheck.cf` config file. Tests can be run with Vagrant and the provided `VagrantFile`. +## How to contribute + +Read the CONTRIBUTING.md file. + +Try to respect the following conventions. + +### Use the verbose mode to explain errors + +The `failed` function takes a mandatory first argument for the check name and a secondary optional argument for the message to display in verbose mode. Example : + +```shell +test -f /path/to/file || failed "IS_FILE_EXISTS" "Missing file \`/path/to/file'" +``` + +If the test is in a loop and might yield multiple errors, It's better to print a single error in normal mode and every error in verbose mode. + +```shell +for user in $users; do + if ! groups "$user" | grep -q adm; then + failed "IS_USERINADMGROUP" "User $user doesn't belong to \`adm' group" + test "${VERBOSE}" = 1 || break + fi +done +``` + +In a single check with multiple conditions, the verbose message helps determine which condition failed. Example : + +```shell +if [ "$last_upgrade" -eq 0 ]; then + [ "$install_date" -lt "$limit" ] && failed "IS_NOTUPGRADED" "The system has never been updated" +else + [ "$last_upgrade" -lt "$limit" ] && failed "IS_NOTUPGRADED" "The system hasn't been updated for too long" +fi +``` + +### Use existing predicates + +There are a few predicate functions that help making conditionals. + +For Debian versions : `is_debian`, `is_debian_stretch`, `is_debian_jessie`… +For packs : `is_pack_web`, `is_pack_samba`. +For installed packages : `is_installed []`. + +### Extact variables + +It's better not to inline function calls inside tests. Instead of this : + +```shell +test "$(stat --format "%a" $MINIFW_FILE)" = "600" || failed "IS_MINIFWPERMS" +``` + +… prefer that : + +```shell +actual=$(stat --format "%a" $MINIFW_FILE) +expected="600" +test "$expected" = "$actual" || failed "IS_MINIFWPERMS" +``` + +### Verify assumptions + +It's better to verify that a file, a directory or a command is present before using it, even if it's true in more than 99% of situations. + ## How to build the package for a new Debian release On the master branch, add the last stable version with a release tag.