From 0a1363d8eba4aabe77953b2fccd5fb1b911db8cf Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 12 Nov 2024 10:59:04 +0100 Subject: [PATCH] test/e2e: remove FIPS test First, creating a global file /etc/system-fips was never a good idea for testing as it affects other running tests at the same time. And as of a recent change to FIPS mounts[1] we no longer use the file so the test breaks with c/common v0.61. Instead it uses the kernel file /proc/sys/crypto/fips_enabled which requires the real fips mode to be activated and that in turn requires a reboot. As such this is not somthing that can be tested in upstream CI like that. [1] https://github.com/containers/common/pull/2174 Signed-off-by: Paul Holzinger --- test/e2e/run_test.go | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index b956a8a9cd..478e34ca7f 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1034,21 +1034,6 @@ echo -n madeit-$teststring >$tmpfile Expect(session.OutputToString()).To(ContainSubstring("key.pem")) }) - It("podman run with FIPS mode secrets", func() { - SkipIfRootless("rootless can not manipulate system-fips file") - fipsFile := "/etc/system-fips" - err = os.WriteFile(fipsFile, []byte{}, 0755) - Expect(err).ToNot(HaveOccurred()) - - session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "ls", "/run/secrets"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring("system-fips")) - - err = os.Remove(fipsFile) - Expect(err).ToNot(HaveOccurred()) - }) - It("podman run without group-add", func() { session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "id"}) session.WaitWithDefaultTimeout()