keylime/e2e_tests.fmf

81 lines
2.3 KiB
Plaintext
Raw Normal View History

# define context to filter out all test requiring TPM device
context:
swtpm: yes
agent: rust
execute:
how: tmt
/functional:
summary: run keylime e2e tests
discover:
how: fmf
url: https://github.com/RedHat-SP-Security/keylime-tests
ref: "@.tmt/dynamic_ref.fmf"
test:
- /setup/configure_tpm_emulator
- /setup/inject_SELinux_AVC_check
# change IMA policy to simple and run one attestation scenario
# this is to utilize also a different parser
- /setup/configure_kernel_ima_module/ima_policy_simple
- /functional/basic-attestation-on-localhost
# now change IMA policy to signing and run all tests
- /setup/configure_kernel_ima_module/ima_policy_signing
- "^/functional/.*"
- "^/compatibility/.*"
/package-update:
summary: package update scenario
prepare:
- how: shell
order: 90
script:
# remove installed (tested) keylime and any leftovers
- dnf -y remove '*keylime*'
- rm -rf /var/lib/keylime /etc/keylime
# install older keylime
- dnf -y install keylime --disablerepo test-artifacts
discover:
- name: Update_scenario_setup
how: fmf
url: https://github.com/RedHat-SP-Security/keylime-tests
ref: "@.tmt/dynamic_ref.fmf"
test:
- /setup/configure_tpm_emulator
- /setup/inject_SELinux_AVC_check
- /setup/enable_keylime_debug_messages
- /setup/configure_kernel_ima_module/ima_policy_signing
# do the actual keylime test setup
- /update/basic-attestation-on-localhost/setup
- name: Update_keylime_package
how: shell
tests:
- name: keylime_update
test: dnf -y update '*keylime*'
duration: 2m
- name: Test_scenario_post-update
how: fmf
url: https://github.com/RedHat-SP-Security/keylime-tests
ref: "@.tmt/dynamic_ref.fmf"
test:
# run the post-update test scenario
- /update/basic-attestation-on-localhost/test
2023-08-22 15:57:31 +00:00
/rpmverify:
summary: rpmverify test
discover:
- name: test
how: shell
tests:
- name: rpmverify
test: 'rpmverify $(rpm -qa | grep keylime)'
duration: 2m