Run selected keylime e2e tests in Fedora CI
This commit is contained in:
parent
a6f4d0df36
commit
62e289d5a6
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
||||
1
|
40
ci.fmf
Normal file
40
ci.fmf
Normal file
@ -0,0 +1,40 @@
|
||||
/keylime-e2e-tests-with-python-agent:
|
||||
|
||||
summary: run selected keylime e2e tests using Python keylime_agent
|
||||
|
||||
context:
|
||||
swtpm: yes
|
||||
agent: python
|
||||
|
||||
prepare:
|
||||
- how: shell
|
||||
script:
|
||||
- dnf config-manager --set-enabled updates-testing updates-testing-modular
|
||||
- systemctl disable --now dnf-makecache.service || true
|
||||
- systemctl disable --now dnf-makecache.timer || true
|
||||
- how: shell
|
||||
order: 90
|
||||
script:
|
||||
- sed -i "s/tpm_hash_alg =.*/tpm_hash_alg = sha256/" /etc/keylime.conf
|
||||
|
||||
discover:
|
||||
how: fmf
|
||||
url: https://github.com/RedHat-SP-Security/keylime-tests
|
||||
ref: "@.tmt/dynamic_ref.fmf"
|
||||
test:
|
||||
- /setup/configure_tpm_emulator
|
||||
- /setup/configure_kernel_ima_module/ima_policy_signing
|
||||
- /setup/inject_SELinux_AVC_check
|
||||
- /functional/basic-attestation-on-localhost
|
||||
- /functional/measured-boot-swtpm-sanity
|
||||
- /functional/ek-cert-use-ek_check_script
|
||||
- /functional/ek-cert-use-ek_handle-custom-ca_certs
|
||||
|
||||
execute:
|
||||
how: tmt
|
||||
|
||||
adjust:
|
||||
- when: distro == fedora-rawhide
|
||||
environment:
|
||||
AVC_CHECK_AUSEARCH_PARAMS: "-se keylime"
|
||||
because: "On Rawhide we ignore SELinux AVCs not related to keylime"
|
Loading…
Reference in New Issue
Block a user