Fix test for user profile in sd-app

QUBES_GPG_DOMAIN will be conditionally set based on the running VM in order to support template consolidation. See freedomofpress/securedrop-client#1141
freedomofpress · Oct 15, 2020 · 64a24e5 · 64a24e5
1 parent 396ec0c
commit 64a24e5
Show file tree

Hide file tree

Showing 8 changed files with 44 additions and 4 deletions.
diff --git a/tests/base.py b/tests/base.py
@@ -125,3 +125,27 @@ def logging_configured(self):
         # so let's investigate further.
         # cmd_output = self._run("sudo grep -F \"action 'action-0-omprog' suspended (module 'omprog')\" /var/log/syslog | wc -l").strip()  # noqa
         # self.assertTrue(cmd_output == "0")
+
+    def qubes_gpg_domain_configured(self, vmname=False):
+        """
+        Ensure the QUBES_GPG_DOMAIN is properly set for a given AppVM. This
+        var is set by a script /etc/profile.d.
+        sd-app should have it set to sd-gpg.
+        All other AppVMs should not have this configured.
+        """
+        expected_profile_app = 'if [ "$(qubesdb-read /name)" = "sd-app" ]; then export QUBES_GPG_DOMAIN="sd-gpg"; fi\n'  # noqa: E501
+        expected_env_app = "sd-gpg"
+        expected_env_all = ""
+        profile_path = "/etc/profile.d/sd-app-qubes-gpg-domain.sh"
+
+        env_cmd = 'echo "$QUBES_GPG_DOMAIN"'
+        env_contents = self._run(env_cmd)
+
+        if vmname == "sd-app":
+            self.assertTrue(self._fileExists(profile_path))
+            profile_contents = self._get_file_contents(profile_path)
+            self.assertEqual(profile_contents, expected_profile_app)
+            self.assertEqual(env_contents, expected_env_app)
+        else:
+            self.assertFalse(self._fileExists(profile_path))
+            self.assertEqual(env_contents, expected_env_all)
diff --git a/tests/test_app.py b/tests/test_app.py
@@ -9,10 +9,8 @@ def setUp(self):
         self.vm_name = "sd-app"
         super(SD_App_Tests, self).setUp()
 
-    def test_decrypt_sd_user_profile(self):
-        contents = self._get_file_contents("/etc/profile.d/sd-app-qubes-gpg-domain.sh")
-        expected_content = 'export QUBES_GPG_DOMAIN="sd-gpg"\n'
-        self.assertEqual(contents, expected_content)
+    def test_gpg_domain_configured(self):
+        self.qubes_gpg_domain_configured(self.vm_name)
 
     def test_open_in_dvm_desktop(self):
         contents = self._get_file_contents("/usr/share/applications/open-in-dvm.desktop")

diff --git a/tests/test_gpg.py b/tests/test_gpg.py
@@ -52,6 +52,9 @@ def test_logging_disabled(self):
         # Logging to sd-log should be disabled on sd-gpg
         self.assertFalse(self._fileExists("/etc/rsyslog.d/sdlog.conf"))
 
+    def test_gpg_domain_configured(self):
+        self.qubes_gpg_domain_configured(self.vm_name)
+
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_GPG_Tests)

diff --git a/tests/test_log_vm.py b/tests/test_log_vm.py
@@ -49,6 +49,9 @@ def test_log_dirs_properly_named(self):
         # Confirm we don't have 'host' entries from Whonix VMs
         self.assertFalse("host" in log_dirs)
 
+    def test_gpg_domain_configured(self):
+        self.qubes_gpg_domain_configured(self.vm_name)
+
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_Log_Tests)

diff --git a/tests/test_proxy_vm.py b/tests/test_proxy_vm.py
@@ -52,6 +52,9 @@ def test_mime_types(self):
                     actual_app = self._run("xdg-mime query default {}".format(mime_type))
                     self.assertEqual(actual_app, expected_app)
 
+    def test_gpg_domain_configured(self):
+        self.qubes_gpg_domain_configured(self.vm_name)
+
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_Proxy_Tests)

diff --git a/tests/test_sd_devices.py b/tests/test_sd_devices.py
@@ -45,6 +45,9 @@ def test_open_in_dvm_desktop(self):
         for line in expected_contents:
             self.assertTrue(line in contents)
 
+    def test_gpg_domain_configured(self):
+        self.qubes_gpg_domain_configured(self.vm_name)
+
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_Devices_Tests)

diff --git a/tests/test_sd_whonix.py b/tests/test_sd_whonix.py
@@ -74,6 +74,9 @@ def test_whonix_torrc(self):
             "Whonix GW torrc contains duplicate %include lines",
         )
 
+    def test_gpg_domain_configured(self):
+        self.qubes_gpg_domain_configured(self.vm_name)
+
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_Whonix_Tests)

diff --git a/tests/test_viewer.py b/tests/test_viewer.py
@@ -36,6 +36,9 @@ def test_mime_types(self):
                     actual_app = self._run("xdg-mime query default {}".format(mime_type))
                     self.assertEqual(actual_app, expected_app)
 
+    def test_gpg_domain_configured(self):
+        self.qubes_gpg_domain_configured(self.vm_name)
+
 
 def load_tests(loader, tests, pattern):
     suite = unittest.TestLoader().loadTestsFromTestCase(SD_Viewer_Tests)