Add /hardening/*/uefi tests
#276
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jiri Jaburek <[email protected]>
mildas
reviewed
Oct 22, 2024
conf/waivers/20-long-term
Outdated
Comment on lines
139
to
141
| # https://github.com/ComplianceAsCode/content/issues/12508 | ||
| /hardening/ansible/uefi/anssi_bp28_(enhanced|high) | ||
| status == 'error' |
There was a problem hiding this comment.
Not relevant anymore? ComplianceAsCode/content#12514
mildas
approved these changes
Oct 22, 2024
mildas
reviewed
Oct 22, 2024
I think that would make sense on the profile level, but probably not on the test type / variant level. Ie. we already do not have disabled |
/hardening/anaconda is not included because the upstream kickstarts
are not UEFI compatible, ie.
Failed to find a suitable stage1 device: EFI System Partition
cannot be of type xfs.; EFI System Partition must be mounted on
one of /boot/efi.; EFI System Partition cannot be of type lvmpv.
Signed-off-by: Jiri Jaburek <[email protected]>
|
I'll launch a full daily run on this, to make sure it didn't break anything. edit: all green |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes #19 .
These tests are especially important for RHEL-10 (which might be UEFI-by-default), but they seem to work well on others, so I left them without a
distrolimitation. ComplianceAsCode/content#12510 and ComplianceAsCode/content#12508 were already found using them (on non-RHEL-10).Yes, they increase the testing matrix a bit, but I would argue these are just as useful as
with-guivariants, if not more.Regarding missing
/hardening/anaconda, the commit message explains it:I'd like to merge these as
brokenfor now (not run in any automation), because while they do work, it's usually only on the 3rd retry on RHEL-9.5, something is causing the VM to fail to start and/or get DHCP, with about 70% reproducibility rate.Having these tests merged would help long-term debugging of the issue (so I didn't want to just delete my work), and I'll create a GH issue to make sure we don't forget, but I also feel uncomfortable adding more broken-ish tests to our regular pipelines, we already have
image-builderfor that .. 😁