Run selected keylime e2e tests in Fedora CI

2023-01-10 11:02:22 +01:00 · 2023-01-10 11:02:22 +01:00 · 62e289d5a6
parent a6f4d0df36
commit 62e289d5a6
2 changed files with 41 additions and 0 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
+1
--- a/ci.fmf
+++ b/ci.fmf
@ -0,0 +1,40 @@
+/keylime-e2e-tests-with-python-agent:
+
+  summary: run selected keylime e2e tests using Python keylime_agent
+
+  context:
+    swtpm: yes
+    agent: python
+
+  prepare:
+    - how: shell
+      script:
+       - dnf config-manager --set-enabled updates-testing updates-testing-modular
+       - systemctl disable --now dnf-makecache.service || true
+       - systemctl disable --now dnf-makecache.timer || true
+    - how: shell
+      order: 90
+      script:
+       - sed -i "s/tpm_hash_alg =.*/tpm_hash_alg = sha256/" /etc/keylime.conf
+
+  discover:
+    how: fmf
+    url: https://github.com/RedHat-SP-Security/keylime-tests
+    ref: "@.tmt/dynamic_ref.fmf"
+    test:
+     - /setup/configure_tpm_emulator
+     - /setup/configure_kernel_ima_module/ima_policy_signing
+     - /setup/inject_SELinux_AVC_check
+     - /functional/basic-attestation-on-localhost
+     - /functional/measured-boot-swtpm-sanity
+     - /functional/ek-cert-use-ek_check_script
+     - /functional/ek-cert-use-ek_handle-custom-ca_certs
+
+  execute:
+    how: tmt
+
+  adjust:
+    - when: distro == fedora-rawhide
+      environment:
+          AVC_CHECK_AUSEARCH_PARAMS: "-se keylime"
+      because: "On Rawhide we ignore SELinux AVCs not related to keylime"