test_deb_package_contains_expected_conffiles fails on macOS

[redshiftzero]

Description

Unexpected test failure when building debs on mac

Steps to Reproduce

make build-debs

Expected Behavior

All tests pass

Actual Behavior

     test_deb_package_contains_expected_conffiles[docker://xenial-sd-dpkg-verification-/tmp/build/securedrop-app-code_0.12.0~rc1+xenial_amd64.deb]
    [gw2] darwin -- Python 2.7.14 /Users/redshiftzero/.virtualenvs/securedrop/bin/python

    host = <testinfra.host.Host object at 0x110c6ea90>
    deb = '/tmp/build/securedrop-app-code_0.12.0~rc1+xenial_amd64.deb'

        @pytest.mark.parametrize("deb", deb_packages)
        def test_deb_package_contains_expected_conffiles(host, deb):
            """
            Ensures the `securedrop-app-code` package declares only whitelisted
            `conffiles`. Several files in `/etc/` would automatically be marked
            conffiles, which would break unattended updates to critical package
            functionality such as AppArmor profiles. This test validates overrides
            in the build logic to unset those conffiles.
            """
            deb_package = host.file(deb.format(
                securedrop_test_vars.securedrop_version))

            # Only relevant for the securedrop-app-code package:
            if "securedrop-app-code" in deb_package.path:
                tmpdir = tempfile.mkdtemp()
                # The `--raw-extract` flag includes `DEBIAN/` dir with control files
                host.run("dpkg-deb --raw-extract {} {}".format(deb, tmpdir))
                conffiles_path = os.path.join(tmpdir, "DEBIAN", "conffiles")
                f = host.file(conffiles_path)

    >           assert f.is_file
    E           assert False
    E            +  where False = <file /var/folders/gv/2r10zvfj303fyd5_6yn_p0b80000gn/T/tmp2wh6VC/DEBIAN/conffiles>.is_file

Comments

Introduced after merge of #4167, needs investigation

[rocodes]

Might be late to the party, but I believe I can repro this on mac:

=================================== FAILURES ===================================
     test_deb_package_contains_expected_conffiles[docker://xenial-sd-dpkg-verification-/tmp/build/securedrop-app-code_1.3.0~rc1+xenial_amd64.deb] 
    [gw7] darwin -- Python 3.7.5 /Users/ro/.virtualenvs/securedrop/bin/python3.7
    
    host = <testinfra.host.Host object at 0x10e3fb0d0>
    deb = '/tmp/build/securedrop-app-code_1.3.0~rc1+xenial_amd64.deb'
    
        @pytest.mark.parametrize("deb", deb_packages)
        def test_deb_package_contains_expected_conffiles(host, deb):
            """
            Ensures the `securedrop-app-code` package declares only whitelisted
            `conffiles`. Several files in `/etc/` would automatically be marked
            conffiles, which would break unattended updates to critical package
            functionality such as AppArmor profiles. This test validates overrides
            in the build logic to unset those conffiles.
            """
            deb_package = host.file(deb.format(
                securedrop_test_vars.securedrop_version))
        
            # For the securedrop-app-code package:
            if "securedrop-app-code" in deb_package.path:
                tmpdir = tempfile.mkdtemp()
                # The `--raw-extract` flag includes `DEBIAN/` dir with control files
                host.run("dpkg-deb --raw-extract {} {}".format(deb, tmpdir))
                conffiles_path = os.path.join(tmpdir, "DEBIAN", "conffiles")
                f = host.file(conffiles_path)
        
    >           assert f.is_file
    E           assert False
    E            +  where False = <file /var/folders/nl/gzvqfpls4fv9q3jxbgzydx5c0000gn/T/tmpd_qgj1zt/DEBIAN/conffiles>.is_file
    
    tests/test_securedrop_deb_package.py:252: AssertionError
    =============== 1 failed, 222 passed, 1 xpassed in 50.32 seconds ===============

However, looking at #4764 made me curious, and sure enough, the debs were built and I was able to proceed with make staging :

 PLAY RECAP *********************************************************************
    app-staging                : ok=181  changed=96   unreachable=0    failed=0
    localhost                  : ok=3    changed=0    unreachable=0    failed=0
    mon-staging                : ok=146  changed=74   unreachable=0    failed=0

Please let me know if I can make this explanation more useful!

[legoktm]

While I do expect the dev, etc. environments to work on a Mac, I think it's a reasonable expectation that you need to use a Debian/Ubuntu system to build packages. Is supporting package builds on macOS important/necessary?

[legoktm]

The conclusion from today's server dev hangout was that for package building we will document that Debian stable (currently bullseye) should be used (ticket to be filed). We're not opposed to making whatever fails on macOS to be disabled with xfails, but someone else would need to contribute that and keep it up to date.