From 772fca02cef1898d908b3d643ff91514c113169a Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Mon, 16 Sep 2019 11:36:54 -0500
Subject: req: 3b: Finish optional key verification requirements

---
 devel/requirements/3b_runner.xml     | 104 +++++++++++++++++++++++++++++++++--
 devel/requirements/verification-list |  10 ++--
 2 files changed, 105 insertions(+), 9 deletions(-)

diff --git a/devel/requirements/3b_runner.xml b/devel/requirements/3b_runner.xml
index c41c0c1..4123cdb 100644
--- a/devel/requirements/3b_runner.xml
+++ b/devel/requirements/3b_runner.xml
@@ -196,7 +196,7 @@
                 </formalpara>
                 <formalpara id="Runner.Verify.language">
                     <title>Runner.Verify.language</title>
-                    <para>The system shall verify that the HorizonScript contains at most one <literal>language</literal> key.</para>
+                    <para>The system shall verify that the HorizonScript contains zero or one <literal>language</literal> key.</para>
                 </formalpara>
                 <formalpara id="Runner.Verify.language.Format">
                     <title>Runner.Verify.language.Format</title>
@@ -204,7 +204,7 @@
                 </formalpara>
                 <formalpara id="Runner.Verify.keymap">
                     <title>Runner.Verify.keymap</title>
-                    <para>The system shall verify that the HorizonScript contains at most one <literal>keymap</literal> key.</para>
+                    <para>The system shall verify that the HorizonScript contains zero or one <literal>keymap</literal> key.</para>
                 </formalpara>
                 <formalpara id="Runner.Verify.keymap.Valid">
                     <title>Runner.Verify.keymap.Valid</title>
@@ -212,7 +212,7 @@
                 </formalpara>
                 <formalpara id="Runner.Verify.firmware">
                     <title>Runner.Verify.firmware</title>
-                    <para>The system shall verify that the HorizonScript contains at most one <literal>firmware</literal> key.</para>
+                    <para>The system shall verify that the HorizonScript contains zero or one <literal>firmware</literal> key.</para>
                 </formalpara>
                 <formalpara id="Runner.Verify.firmware.Boolean">
                     <title>Runner.Verify.firmware.Boolean</title>
@@ -224,7 +224,7 @@
                 </formalpara>
                 <formalpara id="Runner.Verify.timezone">
                     <title>Runner.Verify.timezone</title>
-                    <para>The system shall verify that the HorizonScript contains at most one <literal>timezone</literal> key.</para>
+                    <para>The system shall verify that the HorizonScript contains zero or one <literal>timezone</literal> key.</para>
                 </formalpara>
                 <formalpara id="Runner.Verify.timezone.zoneinfo">
                     <title>Runner.Verify.timezone.zoneinfo</title>
@@ -246,6 +246,102 @@
                     <title>Runner.Verify.signingkey.ValidPath</title>
                     <para>The system shall verify that the value of each <literal>signingkey</literal> key is either an absolute local path beginning with an ASCII backslash (<literal>/</literal>), or a valid URL utilising the HTTPS protocol.</para>
                 </formalpara>
+                <formalpara id="Runner.Verify.username">
+                    <title>Runner.Verify.username</title>
+                    <para>The system shall verify that the HorizonScript contains zero to 255 <literal>username</literal> keys.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.username.Unique">
+                    <title>Runner.Verify.username.Unique</title>
+                    <para>The system shall verify that the value of each <literal>username</literal> key is unique.</para>
+                </formalpara>
+                <formalpara id="Runnver.Verify.username.System">
+                    <title>Runner.Verify.username.System</title>
+                    <para>The system shall verify that the value of each <literal>username</literal> key does not match a system-defined account.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.username.Valid">
+                    <title>Runner.Verify.username.Valid</title>
+                    <para>The system shall verify that the value of each <literal>username</literal> key is a valid Linux user account name.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.useralias">
+                    <title>Runner.Verify.useralias</title>
+                    <para>The system shall verify that the HorizonScript contains a number of <literal>useralias</literal> keys equal or less than the number of <literal>username</literal> keys.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.useralias.Validity">
+                    <title>Runner.Verify.useralias.Validity</title>
+                    <para>The system shall verify that each <literal>useralias</literal> key has a valid form of two values in a space-separated tuple, with the second value reading to the end of the line (optionally containing spaces).</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.useralias.Name">
+                    <title>Runner.Verify.useralias.Name</title>
+                    <para>The system shall verify that the first value in each <literal>useralias</literal> key tuple is an account name specified in a <literal>username</literal> key.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.useralias.Unique">
+                    <title>Runner.Verify.useralias.Unique</title>
+                    <para>The system shall verify that only one <literal>useralias</literal> key is specified per account name.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.userpw">
+                    <title>Runner.Verify.userpw</title>
+                    <para>The system shall verify that the HorizonScript contains a number of <literal>userpw</literal> keys equal or less than the number of <literal>username</literal> keys.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.userpw.Validity">
+                    <title>Runner.Verify.userpw.Validity</title>
+                    <para>The system shall verify that each <literal>userpw</literal> key has a valid form of two values in a space-separated tuple.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.userpw.Name">
+                    <title>Runner.Verify.userpw.Name</title>
+                    <para>The system shall verify that the first value in each <literal>userpw</literal> key tuple is an account name specified in a <literal>username</literal> key.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.userpw.Unique">
+                    <title>Runner.Verify.userpw.Unique</title>
+                    <para>The system shall verify that only one <literal>userpw</literal> key is specified per account name.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.userpw.Crypt">
+                    <title>Runner.Verify.userpw.Crypt</title>
+                    <para>The system shall verify that the second value for each <literal>userpw</literal> key tuple is in the format: <literal>$</literal>, either <literal>2</literal> for Blowfish or <literal>6</literal> for SHA-512, <literal>$</literal>, and then variant data.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usericon">
+                    <title>Runner.Verify.usericon</title>
+                    <para>The system shall verify that the HorizonScript contains a number of <literal>usericon</literal> keys equal or less than the number of <literal>username</literal> keys.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usericon.Validity">
+                    <title>Runner.Verify.usericon.Validity</title>
+                    <para>The system shall verify that each <literal>usericon</literal> key has a valid form of two values in a space-separated tuple.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usericon.Name">
+                    <title>Runner.Verify.usericon.Name</title>
+                    <para>The system shall verify that the first value in each <literal>usericon</literal> key tuple is an account name specified in a <literal>username</literal> key.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usericon.Unique">
+                    <title>Runner.Verify.usericon.Unique</title>
+                    <para>The system shall verify that only one <literal>usericon</literal> key is specified per account name.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usericon.ValidPath">
+                    <title>Runner.Verify.usericon.ValidPath</title>
+                    <para>The system shall verify that the second value of each <literal>usericon</literal> key tuple is either an absolute local path beginning with an ASCII backslash (<literal>/</literal>), or a valid URL utilising the HTTP or HTTPS protocols.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usergroups">
+                    <title>Runner.Verify.usergroups</title>
+                    <para>The system shall verify any <literal>usergroups</literal> keys contained in the HorizonScript.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usergroups.Validity">
+                    <title>Runner.Verify.usergroups.Validity</title>
+                    <para>The system shall verify that each <literal>usergroups</literal> key has a valid form of two values in a space-separated tuple.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usergroups.Name">
+                    <title>Runner.Verify.usergroups.Name</title>
+                    <para>The system shall verify that the first value in each <literal>usergroups</literal> key tuple is an account name specified in a <literal>username</literal> key.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usergroups.Count">
+                    <title>Runner.Verify.usergroups.Count</title>
+                    <para>The system shall verify that all <literal>usergroups</literal> key tuples for a specified account name specify a combined total of sixteen or fewer groups.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usergroups.Unique">
+                    <title>Runner.Verify.usergroups.Unique</title>
+                    <para>The system shall verify that a group is specified only once for each account name.</para>
+                </formalpara>
+                <formalpara id="Runner.Verify.usergroups.Group">
+                    <title>Runner.Verify.usergroups.Group</title>
+                    <para>The system shall verify that each group specified is a valid system-defined group name.</para>
+                </formalpara>
             </section>
         </section>
         <section id="runner_execute">
diff --git a/devel/requirements/verification-list b/devel/requirements/verification-list
index 5d3a28e..6a1ed56 100644
--- a/devel/requirements/verification-list
+++ b/devel/requirements/verification-list
@@ -16,11 +16,11 @@ Optional Keys
 ✓   timezone
 ✓   repository
 ✓   signingkey
-    username
-    useralias
-    userpw
-    usericon
-    usergroups
+✓   username
+✓   useralias
+✓   userpw
+✓   usericon
+✓   usergroups
 
 Disk Partitioning Keys
 
-- 
cgit v1.2.3-70-g09d2