Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix profile.d tests for sd-app #623

Merged
merged 1 commit into from
Oct 16, 2020
Merged

Fix profile.d tests for sd-app #623

merged 1 commit into from
Oct 16, 2020
+44 −4

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Oct 14, 2020
edited by conorsch
Loading

Status

Ready for review
This PR should be reviewed at the same time as freedomofpress/securedrop-client#1159 and freedomofpress/securedrop-builder#202.

Description of Changes

Fixes #621
QUBES_GPG_DOMAIN is conditionally set based on the running VM in order to support template consolidation. See freedomofpress/securedrop-client#1141

This will also help testing both client and packaging PRs that resolve these test failures.

Testing

Build a client package based on the following branches/PRs:

Apply the diff below to install the sd-app package locally instead of through apt server

diff --git a/dom0/sd-app-files.sls b/dom0/sd-app-files.sls
index 9828d4e..55b3b18 100644
--- a/dom0/sd-app-files.sls
+++ b/dom0/sd-app-files.sls
@@ -14,8 +14,9 @@ include:
 
 # FPF repo is setup in "securedrop-workstation" template
 install-securedrop-client-package:
-  pkg.installed:
-    - pkgs:
-      - securedrop-client
-    - require:
-      - sls: fpf-apt-test-repo
+  file.managed:
+   - name: /opt/securedrop-client.deb
+   - source: salt://sd/sd-workstation/securedrop-client_0.2.1+buster_all.deb
+   - mode: 644
+  cmd.run:
+   - name: apt install --allow-downgrades -y /opt/securedrop-client.deb
  • make dev should complete successfully
  • make test should complete successfully (except sd-app being up-to-date, this is because the client version needs to be bumped)

Checklist

If you have made changes to the provisioning logic

  • All tests (make test) pass in dom0 of a Qubes install (except the upgrades for sd-app (the client version needs to be bumped)

@emkll emkll mentioned this pull request Oct 14, 2020
Merged
10 tasks
@emkll emkll force-pushed the fix-test-sd-app-profile branch from 598cc16 to 599f846 Compare October 14, 2020 21:56
eloquence
eloquence reviewed Oct 14, 2020
View reviewed changes
tests/test_app.py Outdated
@@ -11,7 +11,7 @@ def setUp(self):

def test_decrypt_sd_user_profile(self):
contents = self._get_file_contents("/etc/profile.d/sd-app-qubes-gpg-domain.sh")
expected_content = 'export QUBES_GPG_DOMAIN="sd-gpg"\n'
expected_content = 'if [ "$(qubesdb-read /name)" = "sd-app" ]; then export QUBES_GPG_DOMAIN="sd-gpg"; fi\n' # noqa: E501
Copy link
Member

@eloquence eloquence Oct 14, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This'll work, but to make this more of a test of behavior rather than implementation I wonder if it might be better to check if the output of qvm-run -p sd-app "echo \$QUBES_GPG_DOMAIN" is the expected sd-gpg -- that way we could also run the inverse test in the other AppVMs, and would be more independent of the implementation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good call, updated the test in f65b62c

Copy link
Member

@eloquence eloquence Oct 14, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! In case you didn't already consider and reject that in this case, note that have a base.py we can use to avoid duplication of test code -- see logging_configured as an example. Because these helper methods don't start with test, they won't be run as part of the test suite unless explicitly invoked with test_* methods in child classes, as we do for the logging test.

(Personally, I would vote to remove the content test now because I don't find these types of tests that directly duplicate implementation super-helpful, especially with the behavior test in place, but defer to you and reviewer of course.)

@emkll emkll force-pushed the fix-test-sd-app-profile branch 2 times, most recently from a7cdf03 to f65b62c Compare October 14, 2020 22:37
@zenmonkeykstop zenmonkeykstop self-assigned this Oct 15, 2020
zenmonkeykstop
zenmonkeykstop previously approved these changes Oct 15, 2020
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Built client and patched as per test plan.

  • make dev completed happily
  • make test completed successfully with the exception of test_all_sd_vms_uptodate, which only failed because the securedrop-client nightly is available as an upgradable option

LGTM once it's flipped out of "in dev" status - suggested test refactoring would be nice to have but I don't think it should block merge.

@emkll
Fix test for user profile in sd-app
64a24e5 
QUBES_GPG_DOMAIN will be conditionally set based on the running VM in order to support template consolidation. See freedomofpress/securedrop-client#1141
@emkll emkll force-pushed the fix-test-sd-app-profile branch from f65b62c to 64a24e5 Compare October 15, 2020 15:07
@emkll
Copy link
Contributor Author

emkll commented Oct 15, 2020

Updated tests based on feedback and rebased on latest main

@conorsch conorsch self-requested a review October 16, 2020 23:14
conorsch
conorsch approved these changes Oct 16, 2020
View reviewed changes
Copy link
Contributor

@conorsch conorsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works well. Confirming all tests passing, sans one, which is an artifact of the manual deb installation, noted in the test plan.

@conorsch conorsch merged commit 6f8a6b9 into main Oct 16, 2020
conorsch pushed a commit that referenced this pull request Oct 19, 2020
Updates sd-app gpg config tests
17cc36f 
Follow-up to [0]. Post-consolidation, we can expect the /etc/profile.d/
path to be present on all systems, but only on sd-app should it return
"sd-gpg" rather than an empty string.

[0] #623
conorsch pushed a commit that referenced this pull request Oct 21, 2020
Updates sd-app gpg config tests
09e4a00 
Follow-up to [0]. Post-consolidation, we can expect the /etc/profile.d/
path to be present on all systems, but only on sd-app should it return
"sd-gpg" rather than an empty string.

[0] #623
conorsch pushed a commit that referenced this pull request Oct 27, 2020
Updates sd-app gpg config tests
b00a0ca 
Follow-up to [0]. Post-consolidation, we can expect the /etc/profile.d/
path to be present on all systems, but only on sd-app should it return
"sd-gpg" rather than an empty string.

[0] #623
@legoktm legoktm deleted the fix-test-sd-app-profile branch May 28, 2024 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eloquence eloquence eloquence left review comments

@conorsch conorsch conorsch approved these changes

@zenmonkeykstop zenmonkeykstop zenmonkeykstop left review comments

Assignees

@zenmonkeykstop zenmonkeykstop

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Many test failures in dom0 due to recent sd-app changes
4 participants
@emkll @eloquence @conorsch @zenmonkeykstop