Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CI staging job testing Ubuntu 24.04 (noble) #7360

Draft
wants to merge 7 commits into
base: develop
Choose a base branch
from
Draft

Add CI staging job testing Ubuntu 24.04 (noble) #7360

wants to merge 7 commits into from

Conversation

zenmonkeykstop
Copy link
Contributor

Status

Work in progress

Description of Changes

Fixes #7312

  • adds libvirt-staging-noble molecule scenario
  • updates staging CI to run against both Focal and Noble

Testing

  • Visual review
  • A staging(noble) job runs in addition to CI, and completes the testinfra tests.
  • CI is green, with the exception of staging(noble) as there are unrelated failures expected there until full noble compatibility

@zenmonkeykstop zenmonkeykstop changed the title Stg noble staging Add CI staging job testing Ubuntu 24.04 (noble) Nov 28, 2024
@legoktm legoktm added the noble Ubuntu Noble related work label Dec 2, 2024
@legoktm legoktm mentioned this pull request Dec 13, 2024
Open
@legoktm
Copy link
Member

legoktm commented Dec 13, 2024

Remaining staging failures:

  • There's no longer apparmor profiles for sbin/dhclient and /usr/lib/connman/scripts/dhclient-script because they're no longer shipped in noble
  • same with /usr/sbin/tcpdump I think?
  • test_interface_up is failing against the source interface
  • ip6tables -S is exiting with a zero status code despite IPv6 being fully disabled at the kernel level. Might be a nftables change or Linux 6.6. Maybe there's a better way to verify IPv6 is fully disabled?
  • paxtest outputs different results

zenmonkeykstop and others added 4 commits December 20, 2024 14:44
@zenmonkeykstop @legoktm
parameterise staging CI job for ubuntu version
ea3f8ac
@legoktm
Ignore apparmor failures caused by ubuntu_pro_apt_news
ca12c06 
This is an upstream Ubuntu bug that was fixed, but occurs before
packages are updated and SecureDrop is installed, so there's really
nothing for us to do until new VM images and installer ISOs are
made available

Fixes #7385.
@legoktm
Simplify apparmor profile tests
24c818b 
Instead of maintaining the same version-specific list of profiles six
times, just check against a single list of profiles we care about,
namely tor and apache2. The rest are not something under our control and
vary based on the Ubuntu version.

test_apparmor_ensure_not_disabled was mostly broken, because it was
looking for files like
`/etc/apparmor.d/disabled/usr.sbin./usr/sbin/tor`, which of course would
never exist. Instead just check that there are no disable files
installed.
@legoktm
DNM: Add extra debug output to test_interface_up
90e3527
@legoktm
Improve test_grsecurity_paxtest and update for noble
6aa21e9 
* Remove the unnecessary diffing and templating, just keep what we
  want to assert against as a plain string.
* Avoid shelling out to grep, we can do the filtering in Python.
@legoktm
Copy link
Member

legoktm commented Dec 21, 2024

I've just been pushing stuff here for now as I work through the failures, later we can figure out if we want them to get individual PRs or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
noble Ubuntu Noble related work
Projects
SecureDrop dev cycle
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Set up noble staging job
2 participants
@zenmonkeykstop @legoktm