-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
163 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
name: Test FIPS Mode | ||
|
||
on: | ||
workflow_call: | ||
|
||
jobs: | ||
container-test-job: | ||
runs-on: ubuntu-latest | ||
container: | ||
image: photon:4.0 | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
version: | ||
- 3.10.13 | ||
- 3.11.5 | ||
arch: | ||
- x86_64 | ||
env: | ||
RELENV_DATA: ${{ github.workspace }} | ||
|
||
steps: | ||
|
||
- name: Install System Dependencies | ||
run: | | ||
yum install -y openssl-fips-provider python3 python3-virtualenv git gcc | ||
- uses: actions/checkout@v3 | ||
|
||
- name: Download Build Artifact | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: ${{ matrix.version }}-${{ matrix.arch }}-linux-gnu.tar.xz | ||
path: ./build/ | ||
|
||
- name: Create Virtual Environment | ||
run: | | ||
virtualenv venv | ||
- name: Install Virtual Environment Dependencies | ||
run: | | ||
./venv/bin/pip3 install -r requirements/tests.txt | ||
- name: Run Fips Tests | ||
run: | | ||
./venv/bin/python3 -m pytest -v tests/test_fips_photon.py |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
import os | ||
import sys | ||
import platform | ||
|
||
import pytest | ||
|
||
from relenv.common import list_archived_builds, plat_from_triplet | ||
from relenv.create import create | ||
|
||
|
||
def get_build_version(): | ||
if "RELENV_PY_VERSION" in os.environ: | ||
return os.environ["RELENV_PY_VERSION"] | ||
builds = list(list_archived_builds()) | ||
versions = [] | ||
for version, arch, plat in builds: | ||
sysplat = plat_from_triplet(plat) | ||
if sysplat == sys.platform and arch == platform.machine().lower(): | ||
versions.append(version) | ||
if versions: | ||
return versions[0] | ||
|
||
|
||
@pytest.fixture(scope="module") | ||
def build_version(): | ||
return get_build_version() | ||
|
||
|
||
@pytest.fixture(scope="module") | ||
def minor_version(): | ||
yield get_build_version().rsplit(".", 1)[0] | ||
|
||
|
||
@pytest.fixture | ||
def build(tmp_path, build_version): | ||
create("test", tmp_path, version=build_version) | ||
yield tmp_path / "test" | ||
|
||
|
||
@pytest.fixture | ||
def pipexec(build): | ||
if sys.platform == "win32": | ||
exc = build / "Scripts" / "pip3.exe" | ||
else: | ||
exc = build / "bin" / "pip3" | ||
yield exc | ||
|
||
|
||
@pytest.fixture | ||
def pyexec(build): | ||
if sys.platform == "win32": | ||
exc = build / "Scripts" / "python.exe" | ||
else: | ||
exc = build / "bin" / "python3" | ||
yield exc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
import os | ||
import pathlib | ||
import platform | ||
import subprocess | ||
|
||
import pytest | ||
|
||
from .conftest import get_build_version | ||
|
||
|
||
def check_test_environment(): | ||
uname = platform.uname() | ||
return ( | ||
"photon" in uname.version | ||
and "ph4" in uname.release | ||
and pathlib.Path("/etc/ssl/fipsmodule.cnf") | ||
) | ||
|
||
|
||
pytestmark = [ | ||
pytest.mark.skipif(not get_build_version(), reason="Build archive does not exist"), | ||
pytest.mark.skipif( | ||
not check_test_environment(), reason="Not running on photon 4 with fips enabled" | ||
), | ||
] | ||
|
||
|
||
def test_fips_mode(pyexec, build): | ||
env = os.environ.copy() | ||
proc = subprocess.run( | ||
[ | ||
pyexec, | ||
"-c", | ||
"import hashlib; hashlib.sha256(b'')", | ||
], | ||
check=False, | ||
env=env, | ||
capture_output=True, | ||
) | ||
assert proc.exitcode == 0 | ||
assert b"ValueError" not in proc.stderr | ||
proc = subprocess.run( | ||
[ | ||
pyexec, | ||
"-c", | ||
"import hashlib; hashlib.md5(b'')", | ||
], | ||
check=False, | ||
env=env, | ||
capture_output=True, | ||
) | ||
assert b"ValueError" in proc.stderr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters