feat: several role improvements #8

richm · 2023-11-28T21:00:08Z

When adding files to the trustdb, wait until the server recognizes
that the trustdb is updated before returning.

Do not use compiled C programs for testing trust, just use
executable shell scripts.

Clean up after tests

Refactor the check of various EL versions for fapolicyd features - did not work correctly on CentOS and Fedora

make the default value for fapolicyd_setup_enable_service to be true - not sure why anyone would run the role but not want fapolicyd running - goes against every other role that manages a service

Signed-off-by: Rich Megginson [email protected]

richm · 2023-11-29T01:56:32Z

@radosroka @Koncpa I realize this is a pretty big change - but with these changes, tests pass on every platform, both upstream and in our various downstream test suites

richm · 2023-11-29T02:00:59Z

oh - and another change - AFAICT the tests do not need compiled binary executables - they just need executable files - the gcc and glibc packages take a few minutes to install over a slow connection, so better to just skip them - all we really care about is that fapolicyd allows the specified executable to be run, and disallows executables with a different name or checksum

spetrosi · 2023-11-29T09:27:53Z

[citest]

richm · 2023-11-29T14:07:51Z

[citest]

richm · 2023-11-29T15:52:44Z

[citest]

When adding files to the trustdb, wait until the server recognizes that the trustdb is updated before returning. Do not use compiled C programs for testing trust, just use executable shell scripts. Set vars such as __fapolicyd_trust_supported et. al. based on os family and version rather than using distribution version. One reason is that CentOS Stream was excluded from many features but it should be included. Clean up after tests Other minor improvements Signed-off-by: Rich Megginson <[email protected]>

richm · 2023-12-05T01:04:18Z

@Koncpa @radosroka @xjezda00 It seems that systemctl restart fapolicyd is the only reliable way to update the trustdb. When removing files without adding files, fapolicyd-cli --update does nothing on RHEL 8.8.

richm · 2023-12-05T01:04:23Z

[citest]

richm requested a review from spetrosi as a code owner November 28, 2023 21:00

richm force-pushed the fix-test-cleanup branch 2 times, most recently from c5bc0c8 to e00a462 Compare November 29, 2023 00:32

richm changed the title ~~refactor: several role improvements~~ feat: several role improvements Nov 29, 2023

richm force-pushed the fix-test-cleanup branch from e00a462 to 90e3949 Compare November 29, 2023 01:53

richm force-pushed the fix-test-cleanup branch from 55cecd5 to 40b3c9f Compare November 29, 2023 16:48

richm requested review from radosroka and Koncpa November 29, 2023 16:48

Koncpa approved these changes Dec 1, 2023

View reviewed changes

systemctl restart fapolicyd is the only reliable way

df13c2c

Koncpa self-requested a review December 5, 2023 16:50

Koncpa approved these changes Dec 5, 2023

View reviewed changes

radosroka approved these changes Dec 5, 2023

View reviewed changes

richm merged commit 243dbed into linux-system-roles:main Dec 6, 2023
22 checks passed

richm deleted the fix-test-cleanup branch December 6, 2023 14:19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: several role improvements #8

feat: several role improvements #8

richm commented Nov 28, 2023 •

edited

Loading

richm commented Nov 29, 2023

richm commented Nov 29, 2023

spetrosi commented Nov 29, 2023

richm commented Nov 29, 2023

richm commented Nov 29, 2023

richm commented Dec 5, 2023

richm commented Dec 5, 2023

feat: several role improvements #8

feat: several role improvements #8

Conversation

richm commented Nov 28, 2023 • edited Loading

richm commented Nov 29, 2023

richm commented Nov 29, 2023

spetrosi commented Nov 29, 2023

richm commented Nov 29, 2023

richm commented Nov 29, 2023

richm commented Dec 5, 2023

richm commented Dec 5, 2023

richm commented Nov 28, 2023 •

edited

Loading