Fixes the grsec test with python reformatting

KERNEL_VERSION is defined for each function as required.
freedomofpress · Feb 5, 2021 · 026f254 · 026f254
1 parent c7d30df
commit 026f254
Showing 1 changed file with 19 additions and 5 deletions.
diff --git a/molecule/testinfra/common/test_grsecurity.py b/molecule/testinfra/common/test_grsecurity.py
@@ -4,10 +4,6 @@
 import testutils
 
 sdvars = testutils.securedrop_test_vars
-if host.system_info.codename == "xenial":
-    KERNEL_VERSION = sdvars.grsec_version_xenial
-else:
-    KERNEL_VERSION = sdvars.grsec_version_focal
 testinfra_hosts = [sdvars.app_hostname, sdvars.monitor_hostname]
 
 
@@ -22,7 +18,7 @@ def test_ssh_motd_disabled(host):
 
 
 @pytest.mark.parametrize("package", [
-    'linux-image-{}-grsec-securedrop'.format(KERNEL_VERSION),
+    'linux-image-{}-grsec-securedrop',
     'paxctl',
     'securedrop-grsec',
 ])
@@ -32,6 +28,12 @@ def test_grsecurity_apt_packages(host, package):
     Includes the FPF-maintained metapackage, as well as paxctl, for managing
     PaX flags on binaries.
     """
+    if host.system_info.codename == "xenial":
+        KERNEL_VERSION = sdvars.grsec_version_xenial
+    else:
+        KERNEL_VERSION = sdvars.grsec_version_focal
+    if package.startswith("linux-image"):
+        package = package.format(KERNEL_VERSION)
     assert host.package(package).is_installed
 
 
@@ -75,6 +77,10 @@ def test_grsecurity_kernel_is_running(host):
     """
     Make sure the currently running kernel is specific grsec kernel.
     """
+    if host.system_info.codename == "xenial":
+        KERNEL_VERSION = sdvars.grsec_version_xenial
+    else:
+        KERNEL_VERSION = sdvars.grsec_version_focal
     c = host.run('uname -r')
     assert c.stdout.strip().endswith('-grsec-securedrop')
     assert c.stdout.strip() == '{}-grsec-securedrop'.format(KERNEL_VERSION)
@@ -208,6 +214,10 @@ def test_wireless_disabled_in_kernel_config(host, kernel_opts):
     remove wireless support from the kernel. Let's make sure wireless is
     disabled in the running kernel config!
     """
+    if host.system_info.codename == "xenial":
+        KERNEL_VERSION = sdvars.grsec_version_xenial
+    else:
+        KERNEL_VERSION = sdvars.grsec_version_focal
     with host.sudo():
         kernel_config_path = "/boot/config-{}-grsec-securedrop".format(KERNEL_VERSION)
         kernel_config = host.file(kernel_config_path).content_string
@@ -226,6 +236,10 @@ def test_kernel_options_enabled_config(host, kernel_opts):
     Tests kernel config for options that should be enabled
     """
 
+    if host.system_info.codename == "xenial":
+        KERNEL_VERSION = sdvars.grsec_version_xenial
+    else:
+        KERNEL_VERSION = sdvars.grsec_version_focal
     with host.sudo():
         kernel_config_path = "/boot/config-{}-grsec-securedrop".format(KERNEL_VERSION)
         kernel_config = host.file(kernel_config_path).content_string