Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test_apparmor.py failure on Focal #5636

Closed
2 tasks
kushaldas opened this issue Nov 17, 2020 · 1 comment · Fixed by #5638
Closed
2 tasks

test_apparmor.py failure on Focal #5636

kushaldas opened this issue Nov 17, 2020 · 1 comment · Fixed by #5638

Comments

@kushaldas
Copy link
Contributor

kushaldas commented Nov 17, 2020
edited
Loading

Description

Steps to Reproduce

  • molecule test -s libvirt-staging-focal

Expected Behavior

  • tests should pass

Actual Behavior

    _________ test_apparmor_enforced[ansible://app-staging-/sbin/dhclient] _________
    [gw0] linux -- Python 3.7.3 /root/code/securedrop/.venv/bin/python3

    host = <testinfra.host.Host ansible://app-staging>
    aa_enforced = '/sbin/dhclient'

        @pytest.mark.parametrize('aa_enforced', sdvars.apparmor_enforce)
        def test_apparmor_enforced(host, aa_enforced):
            awk = ("awk '/[0-9]+ profiles.*enforce./"
                   "{flag=1;next}/^[0-9]+.*/{flag=0}flag'")
            with host.sudo():
                c = host.check_output("aa-status | {}".format(awk))
    >           assert aa_enforced in c
    E           AssertionError: assert '/sbin/dhclient' in '   /usr/bin/man\n   /usr/lib/NetworkManager/nm-dhcp-client.action\n   /usr/lib/NetworkManager/nm-dhcp-helper\n   /usr...bin/dhclient\n   lsb_release\n  
 man_filter\n   man_groff\n   nvidia_modprobe\n   nvidia_modprobe//kmod\n   system_tor'

    ../testinfra/app/test_apparmor.py:102: AssertionError

Comments

Most probably the dhclient path has changed in Focal.
@kushaldas
Copy link
Contributor Author

Yup, the correct path is /usr/sbin/dhclient in Focal.

kushaldas added a commit that referenced this issue Nov 17, 2020
@kushaldas
Fixes #5636 uses right path of dhclient in Focal
99509cf 
`sbin/dhclient` string is the correct path in Xenial and on Focal.

In Xenial the file is at `/sbin/dhclient`.
In Focal the file is at `/usr/sbin/dhclient`
@kushaldas kushaldas mentioned this issue Nov 17, 2020
Merged
9 tasks
@eloquence eloquence changed the title test_apparmor.py failiure on Focal test_apparmor.py failure on Focal Nov 30, 2020
emkll pushed a commit that referenced this issue Nov 30, 2020
@kushaldas @emkll
Fixes #5636 uses right path of dhclient in Focal
39832f7 
`sbin/dhclient` string is the correct path in Xenial and on Focal.

In Xenial the file is at `/sbin/dhclient`.
In Focal the file is at `/usr/sbin/dhclient`
zenmonkeykstop pushed a commit that referenced this issue Dec 7, 2020
@kushaldas @emkll
Add staging-with-rebase-focal to CI and fix testinfra tests (#5638)
42c8eba 
* Fixes #5636 uses right path of dhclient in Focal

`sbin/dhclient` string is the correct path in Xenial and on Focal.

In Xenial the file is at `/sbin/dhclient`.
In Focal the file is at `/usr/sbin/dhclient`

* Adds CI job staging-test-with-rebase-focal

This will run the Focal staging job in the CI.

* Updates test strings to verify gpg2 output

* Adds systemd service file ossec and DNS fix

Disables systemd-resolved and hardcoded DNS for Focal
In Focal by default we have systemd-resolved trying to do DNS
resolution. This does not pick up our DNS configuration via resolvconf.
So, we can have hardcoded /etc/resolv.conf via template file.

Enables and restarts OSSEC service properly via systemd module
Now instead of a command, we are enabling and restarting the service
using the Ansible systemd module.

We also remove the old /etc/init.d/ossec file as only we want
only our service to exists.

* Update listing port test

Now uses testinfra primitives instead of lsof workaround

* Adds ossec.service file while building the ossec-server package

We remove the /etc/init.d/ossec file and using the systemd
service file in the ossec-server package.

* Uses ossec.service only for Focal build

* Adds new testinfra test for ossec

We verify that Xenial uses sysv script, and Focal is using
the ossec.service file to start the service in the mon server.

* Consolidates resolvconf config for dual distros

Under Focal, we were writing the nameserver info to two (2) files, but
only testing one of them. Using a vars-based approach now, and the test
logic now looks in the correct spot for Focal.

* Adds systemd service check for ossec-agent

Same as we've done for ossec-server, let's make sure that ossec-agent is
also managed via systemd when running under Focal.

* Use service file ossec pacakges

* Adds ossec.service file for the agent

OSSEC server and agent requires two different service files.
Details at https://kushaldas.in/posts/story-of-debugging-exit-0.html

Co-authored-by: mickael e <mickael@freedom.press>
Co-authored-by: Conor Schaefer <conor@freedom.press>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add staging-with-rebase-focal to CI and fix testinfra tests freedomofpress/securedrop
1 participant
@kushaldas