-
Notifications
You must be signed in to change notification settings - Fork 576
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tests: enable testing with snapd snap FIPS variant #14476
tests: enable testing with snapd snap FIPS variant #14476
Conversation
ce5476e
to
9cc5ae2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bulk of the changes look good. I left a comment on a code comment that could use some clearer wording IMO.
LGTM when you want.
build-aux/snap/snapcraft.yaml
Outdated
echo "-- appending FIPS tag to version $VERSION" | ||
VERSION="$VERSION-fips" | ||
if [ "${VERSION%/+fips/}" != "$VERSION" ] ; then | ||
# we gave a '+fips' element in the version |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gave?
370abed
to
6f7de3b
Compare
fi | ||
# TODO detect when doing a FIPS snap build on LP |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a ticket for that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few comments
build-aux/snap/snapcraft.yaml
Outdated
if [ "${VERSION%/+fips/}" != "$VERSION" ] ; then | ||
# we have a '+fips' element in the version, which may be coming from | ||
# debian/changelog or git tag | ||
echo "-- deteceted FIPS build" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Detected?
build-aux/snap/snapcraft.yaml
Outdated
if [ -f fips-build ] ; then | ||
echo "-- appending FIPS tag to version $VERSION" | ||
VERSION="$VERSION-fips" | ||
if [ "${VERSION%/+fips/}" != "$VERSION" ] ; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you mean "${VERSION%+fips}"
or "${VERSION/%+fips/}"
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah yes, too many changes going back and forth, /+fips/
let me fix that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, so if it was supposed to be /+fips/
it does not have to end with then. Is that what you wanted?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's just a simplification, debian/rules checks simply checks for +fips too (not necessarily at the end), but we'll only ever append +fips as a suffix in teh changelog
build-aux/snap/snapcraft.yaml
Outdated
# TODO detect when doing a FIPS snap build on LP | ||
|
||
if [ -f fips-build ]; then | ||
if [ "${VERSION%/+fips/}" = "$VERSION" ] ; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here, did you mean "${VERSION%+fips}" or "${VERSION/%+fips/}"?
Signed-off-by: Maciej Borzecki <[email protected]>
Extend the test to verify FIPS snapd support when it's running from the snapd snap. Signed-off-by: Maciej Borzecki <[email protected]>
Download either a regular of a FIPS snap artifact depending on systems group the test workflow has been started for. Signed-off-by: Maciej Borzecki <[email protected]>
Signed-off-by: Maciej Borzecki <[email protected]>
Do the same as we do for the deb. Signed-off-by: Maciej Borzecki <[email protected]>
Signed-off-by: Maciej Borzecki <[email protected]>
Signed-off-by: Maciej Borzecki <[email protected]>
Add a very ugly check for the presence of 1.21 FIPS toolchain. Signed-off-by: Maciej Borzecki <[email protected]>
Set snapdfips build tag when building in FIPS mode. Signed-off-by: Maciej Borzecki <[email protected]>
Signed-off-by: Maciej Borzecki <[email protected]>
6f7de3b
to
d25cf94
Compare
Failing tests:
|
Based on #14439. Add spread testing of FIPS snap variant.
Related: SNAPDENG-23245