Run selected keylime e2e tests in Fedora CI

This commit is contained in:
Karel Srot 2023-01-10 11:02:22 +01:00
parent a6f4d0df36
commit 62e289d5a6
2 changed files with 41 additions and 0 deletions

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

40
ci.fmf Normal file
View File

@ -0,0 +1,40 @@
/keylime-e2e-tests-with-python-agent:
summary: run selected keylime e2e tests using Python keylime_agent
context:
swtpm: yes
agent: python
prepare:
- how: shell
script:
- dnf config-manager --set-enabled updates-testing updates-testing-modular
- systemctl disable --now dnf-makecache.service || true
- systemctl disable --now dnf-makecache.timer || true
- how: shell
order: 90
script:
- sed -i "s/tpm_hash_alg =.*/tpm_hash_alg = sha256/" /etc/keylime.conf
discover:
how: fmf
url: https://github.com/RedHat-SP-Security/keylime-tests
ref: "@.tmt/dynamic_ref.fmf"
test:
- /setup/configure_tpm_emulator
- /setup/configure_kernel_ima_module/ima_policy_signing
- /setup/inject_SELinux_AVC_check
- /functional/basic-attestation-on-localhost
- /functional/measured-boot-swtpm-sanity
- /functional/ek-cert-use-ek_check_script
- /functional/ek-cert-use-ek_handle-custom-ca_certs
execute:
how: tmt
adjust:
- when: distro == fedora-rawhide
environment:
AVC_CHECK_AUSEARCH_PARAMS: "-se keylime"
because: "On Rawhide we ignore SELinux AVCs not related to keylime"