Merge pull request #3913 from freedomofpress/3838-bump-kernels-to-4.4…

….162 Update grsecurity kernels to 4.4.162
freedomofpress · Nov 26, 2018 · 36cbb21 · 36cbb21
2 parents 1b5ea7d + 9234c32
commit 36cbb21
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/install_files/ansible-base/group_vars/all/securedrop b/install_files/ansible-base/group_vars/all/securedrop
@@ -53,5 +53,5 @@ securedrop_cond_reboot_file: /tmp/sd-reboot-now
 
 # If you bump this, also remember to bump in molecule/builder/tests/vars.yml
 securedrop_pkg_grsec:
-  ver: "4.4.144-1"
-  depends: "linux-image-3.14.79-grsec,linux-image-4.4.135-grsec,linux-firmware-image-4.4.135-grsec,linux-image-4.4.144-grsec,linux-firmware-image-4.4.144-grsec"
+  ver: "4.4.162"
+  depends: "intel-microcode,linux-image-4.4.144-grsec,linux-firmware-image-4.4.144-grsec,linux-image-4.4.162-grsec,linux-firmware-image-4.4.162-grsec"
diff --git a/molecule/builder/tests/vars.yml b/molecule/builder/tests/vars.yml
@@ -3,7 +3,7 @@ securedrop_version: "0.11.0~rc1"
 ossec_version: "3.0.0"
 keyring_version: "0.1.2"
 config_version: "0.1.1"
-grsec_version: "4.4.144-1"
+grsec_version: "4.4.162"
 
 # These values will be interpolated with values populated above
 # via helper functions in the tests.

diff --git a/molecule/testinfra/staging/common/test_grsecurity.py b/molecule/testinfra/staging/common/test_grsecurity.py
@@ -3,6 +3,9 @@
 import re
 
 
+KERNEL_VERSION = pytest.securedrop_test_vars.grsec_version
+
+
 def test_ssh_motd_disabled(File):
     """
     Ensure the SSH MOTD (Message of the Day) is disabled.
@@ -16,6 +19,9 @@ def test_ssh_motd_disabled(File):
 @pytest.mark.skipif(os.environ.get('FPF_GRSEC', 'true') == "false",
                     reason="Need to skip in environment w/o grsec")
 @pytest.mark.parametrize("package", [
+    'intel-microcode',
+    'linux-firmware-image-{}-grsec'.format(KERNEL_VERSION),
+    'linux-image-{}-grsec'.format(KERNEL_VERSION),
     'paxctl',
     'securedrop-grsec',
 ])
@@ -76,7 +82,7 @@ def test_grsecurity_kernel_is_running(Command):
     """
     c = Command('uname -r')
     assert c.stdout.endswith('-grsec')
-    assert c.stdout == '4.4.144-grsec'
+    assert c.stdout == '{}-grsec'.format(KERNEL_VERSION)
 
 
 @pytest.mark.skipif(os.environ.get('FPF_GRSEC', 'true') == "false",

diff --git a/molecule/testinfra/staging/vars/staging.yml b/molecule/testinfra/staging/vars/staging.yml
@@ -169,3 +169,4 @@ log_events_with_ossec_alerts:
     rule_id: "400503"
 
 fpf_apt_repo_url: "https://apt-test.freedom.press"
+grsec_version: "4.4.162"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -169,3 +169,4 @@ log_events_with_ossec_alerts:
		rule_id: "400503"

		fpf_apt_repo_url: "https://apt-test.freedom.press"
		grsec_version: "4.4.162"