QA Regression Testing

Merge ~alexmurray/qa-regression-testing:lpcraft-ci into qa-regression-testing:master

  1. Git
  2. lp:~alexmurray/qa-regression-testing
  3. lpcraft-ci
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: 88598b71c9c937897eb45cab3a30c0699cc8064a
Proposed branch: ~alexmurray/qa-regression-testing:lpcraft-ci
Merge into: qa-regression-testing:master
Diff against target: 139 lines (+104/-3)
3 files modified
.launchpad.yaml (+57/-0)
lpcraft-runner (+44/-0)
scripts/test-gnupg.py (+3/-3)
Reviewer Review Type Date Requested Status
Ubuntu Security Team Pending
Review via email: mp+437474@code.launchpad.net

Description of the change

So I am not sure if this is the best way to shoehorn lpcraft for CI of QRT but it is an initial stab at least. I wanted to try and make sure each script on each series gets enumerated as a separate job with the least amount of copy-pasta in the .launchpad.yaml - there may be a better way bit this appears to work for now.

Currently the gcc-security tests fail but should pass once https://code.launchpad.net/~alexmurray/qa-regression-testing/+git/qa-regression-testing/+merge/437462 is merged.

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

Note the duplicate test runs and hence job entries seen in the test output is a known bug in Launchpad - https://bugs.launchpad.net/launchpad/+bug/1999591 (ie there should only be one coverage:0 etc - but say for gcc-security we expect there to be 3 instances - gcc-security:0, gcc-security:1 etc for each bionic, focal and jammy - but there should not be multiple gcc-security:0 which is due to the aforementioned bug)

Revision history for this message
Alex Murray (alexmurray) wrote :

Ok, I feel like this PoC is ready for review now - tests pass for both sudo and gnupg and once gcc-security changes get merged that should pass too.

Then we can look at extending this to cover other test scripts in QRT.

Can someone please take a look?

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/.launchpad.yaml b/.launchpad.yaml
2new file mode 100644
3index 0000000..d5548f2
4--- /dev/null
5+++ b/.launchpad.yaml
6@@ -0,0 +1,57 @@
7+pipeline:
8+ - coverage
9+ -
10+ - gcc-security
11+ - gnupg
12+ - sudo
13+
14+jobs:
15+ coverage:
16+ series: jammy
17+ architectures: amd64
18+ run: |
19+ # TODO parse the .launchpad.yaml and for each series check the list of
20+ # tests for any missing compared to the scripts in scripts/test-xxx.py
21+ true
22+
23+ # test we can run testlib.require_nonroot() scripts
24+ gcc-security:
25+ matrix:
26+ - series: jammy
27+ architectures: amd64
28+ - series: focal
29+ architectures: amd64
30+ - series: bionic
31+ architectures: amd64
32+ packages:
33+ - sudo
34+ run: |
35+ ./lpcraft-runner gcc-security
36+
37+ # test we can run testlib.require_sudo() scripts
38+ sudo:
39+ matrix:
40+ - series: jammy
41+ architectures: amd64
42+ - series: focal
43+ architectures: amd64
44+ - series: bionic
45+ architectures: amd64
46+ packages:
47+ - sudo
48+ run: |
49+ ./lpcraft-runner sudo
50+
51+ # test we can run testlib.require_root() scripts
52+ gnupg:
53+ matrix:
54+ - series: jammy
55+ architectures: amd64
56+ - series: focal
57+ architectures: amd64
58+ - series: bionic
59+ architectures: amd64
60+ packages:
61+ - sudo
62+ run: |
63+ ./lpcraft-runner gnupg
64diff --git a/lpcraft-runner b/lpcraft-runner
65new file mode 100755
66index 0000000..883290d
67--- /dev/null
68+++ b/lpcraft-runner
69@@ -0,0 +1,44 @@
70+#!/bin/bash
71+set -euo pipefail
72+
73+test=$1
74+
75+# setup an unprivileged user
76+getent passwd ubuntu >/dev/null || useradd -m -U ubuntu
77+# allow sudo access
78+grep -q "ubuntu ALL=(ALL) NOPASSWD: ALL" /etc/sudoers || echo "ubuntu ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
79+# one test for each require_nonroot, require_sudo and require_root
80+script="./scripts/test-${test}.py"
81+tarball="${TMPDIR:-/tmp}/qrt-test-${test}.tar.gz"
82+rm -f "$tarball"
83+./scripts/make-test-tarball "$script"
84+# figure out what user we need to run as
85+user=ubuntu
86+if grep -q '^\s*testlib.require_sudo()' "$script"; then
87+ user=sudo
88+elif grep -q '^\s*testlib.require_root()' "$script"; then
89+ user=root
90+fi
91+
92+# now work with script directly
93+script="./$(basename "$script")"
94+if [ $user = ubuntu ] || [ $user = sudo ]; then
95+ # work in ~ubuntu
96+ cd ~ubuntu || exit
97+ runuser -u ubuntu -- tar --overwrite -xf "$tarball"
98+ cd "$(basename "${tarball%.tar.gz}")" || exit
99+ ./install-packages "$script"
100+ # run with correct permissions / user
101+ if [ $user = sudo ]; then
102+ runuser -u ubuntu -- sudo "$script"
103+ else
104+ runuser -u ubuntu -- "$script"
105+ fi
106+else
107+ # run as root in $HOME
108+ cd "$HOME" || exit
109+ tar --overwrite -xf "$tarball"
110+ cd "$(basename "${tarball%.tar.gz}")" || exit
111+ ./install-packages "$script"
112+ "$script"
113+fi
114diff --git a/scripts/test-gnupg.py b/scripts/test-gnupg.py
115index aeaed7f..45311cf 100755
116--- a/scripts/test-gnupg.py
117+++ b/scripts/test-gnupg.py
118@@ -168,7 +168,7 @@ Expire-Date: 0
119 def test_03_recv_keys(self):
120 '''Test that public keys can be loaded by default from the network.'''
121
122- cmd = '/usr/bin/%s --keyserver keyserver.ubuntu.com --recv-keys 0x8972F4DFDC6DC026' % app
123+ cmd = '/usr/bin/%s --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0x8972F4DFDC6DC026' % app
124 self.assertShellExitEquals(0, ['/bin/su', '-c', cmd, user.login])
125 self.assertShellExitEquals(0, ['/bin/su', '-c', '/usr/bin/%s --fingerprint kees@ubuntu.com | fgrep -q -- "A5C3 F68F 229D D60F 723E 6E13 8972 F4DF DC6D C026"' % app, user.login])
126
127@@ -272,10 +272,10 @@ wrhmLbkm5ONbPbLWtiPk1HY=
128 # been removed from the server. Should find a new one to test.
129 #
130 # Specifying a short ID should get us three keys
131- #self.assertShellExitEquals(0, ['/bin/su', '-c', '/usr/bin/%s --keyserver keyserver.ubuntu.com --recv-keys 0x70096AD1 2>&1 | grep -q -- "Total number processed: 3"' % app, user.login])
132+ #self.assertShellExitEquals(0, ['/bin/su', '-c', '/usr/bin/%s --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0x70096AD1 2>&1 | grep -q -- "Total number processed: 3"' % app, user.login])
133
134 # Specifying a long ID should get us only one key
135- self.assertShellExitEquals(0, ['/bin/su', '-c', '/usr/bin/%s --keyserver keyserver.ubuntu.com --recv-keys 0xEC4B033C70096AD1 2>&1 | grep -q -- "Total number processed: 1"' % app, user.login])
136+ self.assertShellExitEquals(0, ['/bin/su', '-c', '/usr/bin/%s --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0xEC4B033C70096AD1 2>&1 | grep -q -- "Total number processed: 1"' % app, user.login])
137
138 def test_20_escape_filename_CVE_2018_12020(self):
139 '''test escaping of original filename CVE-2018-12020'''

Subscribers

People subscribed via source and target branches