From 62e289d5a6f6ee61ca02df2c396752ac5c356ff1 Mon Sep 17 00:00:00 2001
From: Karel Srot <ksrot@redhat.com>
Date: Tue, 10 Jan 2023 11:02:22 +0100
Subject: [PATCH] Run selected keylime e2e tests in Fedora CI

---
 .fmf/version |  1 +
 ci.fmf       | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 .fmf/version
 create mode 100644 ci.fmf

diff --git a/.fmf/version b/.fmf/version
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/.fmf/version
@@ -0,0 +1 @@
+1
diff --git a/ci.fmf b/ci.fmf
new file mode 100644
index 0000000..a338918
--- /dev/null
+++ b/ci.fmf
@@ -0,0 +1,40 @@
+/keylime-e2e-tests-with-python-agent:
+
+  summary: run selected keylime e2e tests using Python keylime_agent
+
+  context:
+    swtpm: yes
+    agent: python
+
+  prepare:
+    - how: shell
+      script:
+       - dnf config-manager --set-enabled updates-testing updates-testing-modular
+       - systemctl disable --now dnf-makecache.service || true
+       - systemctl disable --now dnf-makecache.timer || true
+    - how: shell
+      order: 90
+      script:
+       - sed -i "s/tpm_hash_alg =.*/tpm_hash_alg = sha256/" /etc/keylime.conf
+
+  discover:
+    how: fmf
+    url: https://github.com/RedHat-SP-Security/keylime-tests
+    ref: "@.tmt/dynamic_ref.fmf"
+    test:
+     - /setup/configure_tpm_emulator
+     - /setup/configure_kernel_ima_module/ima_policy_signing
+     - /setup/inject_SELinux_AVC_check
+     - /functional/basic-attestation-on-localhost
+     - /functional/measured-boot-swtpm-sanity
+     - /functional/ek-cert-use-ek_check_script
+     - /functional/ek-cert-use-ek_handle-custom-ca_certs
+
+  execute:
+    how: tmt
+
+  adjust:
+    - when: distro == fedora-rawhide
+      environment:
+          AVC_CHECK_AUSEARCH_PARAMS: "-se keylime"
+      because: "On Rawhide we ignore SELinux AVCs not related to keylime"