fedora-qa / os-autoinst-distri-fedora

Clone
Source Code
GIT

#370 Add a post-install 'are all packages signed' check (#369)
Merged 3 months ago by adamwill. Opened 3 months ago by adamwill.
check-signed-packages  into  main

file modified
+28 -1 
@@ -898,6 +898,33 @@ 
 

                  "USER_LOGIN": "false"
 

              }
 

          },
 

+         "check_packages_signed": {
 

+             "profiles": {
 

+                 "fedora-BaseOS-dvd-iso-x86_64-*-64bit": 50,
 

+                 "fedora-CoreOS-colive-iso-x86_64-*-64bit": 20,
 

+                 "fedora-IoT-dvd_ostree-iso-aarch64-*-aarch64": 20,
 

+                 "fedora-IoT-dvd_ostree-iso-x86_64-*-64bit": 20,
 

+                 "fedora-KDE-live-iso-x86_64-*-64bit": 15,
 

+                 "fedora-Minimal-raw_xz-raw.xz-aarch64-*-aarch64": 12,
 

+                 "fedora-Server-dvd-iso-aarch64-*-aarch64": 10,
 

+                 "fedora-Server-dvd-iso-ppc64le-*-ppc64le": 10,
 

+                 "fedora-Server-dvd-iso-x86_64-*-64bit": 10,
 

+                 "fedora-Server-raw_xz-raw.xz-aarch64-*-aarch64": 12,
 

+                 "fedora-Silverblue-dvd_ostree-iso-ppc64le-*-ppc64le": 50,
 

+                 "fedora-Silverblue-dvd_ostree-iso-x86_64-*-64bit": 50,
 

+                 "fedora-Workstation-live-iso-ppc64le-*-ppc64le": 10,
 

+                 "fedora-Workstation-live-iso-x86_64-*-64bit": 10,
 

+                 "fedora-Workstation-live_osbuild-iso-x86_64-*-64bit": 60,
 

+                 "fedora-Workstation-raw_xz-raw.xz-aarch64-*-aarch64": 12,
 

+                 "fedora-i3-live-x86_64-*-64bit": 70
 

+             },
 

+             "settings": {
 

+                 "BOOTFROM": "c",
 

+                 "HDD_1": "disk_%FLAVOR%_%MACHINE%.qcow2",
 

+                 "POSTINSTALL": "check_packages_signed",
 

+                 "START_AFTER_TEST": "%DEPLOY_UPLOAD_TEST%"
 

+             }
 

+         },
 

          "cloud_autocloud": {
 

              "profiles": {
 

                  "fedora-Cloud_Base-qcow2-qcow2-aarch64-*-aarch64": 30,
 
@@ -1733,7 +1760,7 @@ 
 

              },
 

              "settings": {
 

                  "PACKAGE_SET": "default",
 

-                 "POSTINSTALL": "_collect_data",
 

+                 "POSTINSTALL": "check_packages_signed _collect_data",
 

                  "RETRY": "%INSTALL_RETRY%"
 

              }
 

          },

file added
+23 
@@ -0,0 +1,23 @@ 
 

+ use base "installedtest";
 

+ use strict;
 

+ use testapi;
 

+ use utils;
 

+ 

+ sub run {
 

+     my $self = shift;
 

+     if (not(check_screen "root_console", 0)) {
 

+         $self->root_console(tty => 4);
 

+     }
 

+     assert_screen "root_console";
 

+     # for aarch64 non-english tests
 

+     console_loadkeys_us;
 

+     die("Unsigned package(s) found!") unless (script_run 'rpm -qa --queryformat "%{NAME} %{RSAHEADER:pgpsig}\n" | grep -v gpg-pubkey | grep "(none)"');
 

+ }
 

+ 

+ sub test_flags {
 

+     return {fatal => 1};
 

+ }
 

+ 

+ 1;
 

+ 

+ # vim: set sw=4 et:

This came up in blocker bug meeting discussion today. We really
should check that all packages are signed after a default install.

Signed-off-by: Adam Williamson awilliam@redhat.com

rebased onto 97b619a
3 months ago

The check fails on netinst...I'll have to look into why. Also, the experience of the failure tells me I should rejig the test to make failures more investigatable...

rebased onto 97b619a
3 months ago

rebased onto 97b619a
3 months ago

rebased onto 97b619a
3 months ago

OK, current version of this looks good in tests on staging. Merging.

Pull-Request has been merged by adamwill
3 months ago
Metadata
None
No Tags
Changes Summary 2
+28 -1
file changed
templates.fif.json
+23
file added
tests/check_packages_signed.pm
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.