add encrypted workstation upgrade tests (current and previous)

Summary:
This requires us to handle decryption each time we reboot in
the upgrade process, so factor that little block out into the
base class so we don't have to keep pasting it. It's also a
bit tricky to integrate into the 'catch a boot loop' code we
have to deal with #1349721, but I think this should work. There
is a matching openqa_fedora_tools diff to generate the disk
image.

Test Plan:
Run the tests, check that they work, run the other
upgrade and encrypted install tests and check they still work
properly too.

Reviewers: garretraziel

Reviewed By: garretraziel

Subscribers: tflink

Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D922
This commit is contained in:
Adam Williamson 2016-07-08 08:56:57 -07:00
parent 31328c17a8
commit aacd01ea8b
10 changed files with 121 additions and 5 deletions

View File

@ -224,6 +224,15 @@ sub get_host_dns {
return @forwards;
}
sub boot_decrypt {
# decrypt storage during boot; arg is timeout (in seconds)
my $self = shift;
my $timeout = shift || 60;
assert_screen "boot_enter_passphrase", $timeout; #
type_string get_var("ENCRYPT_PASSWORD");
send_key "ret";
}
1;
# vim: set sw=4 et:

View File

@ -0,0 +1,15 @@
{
"area": [
{
"width": 207,
"xpos": 0,
"ypos": 169,
"type": "match",
"height": 31
}
],
"tags": [
"boot_enter_passphrase"
],
"properties": []
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.6 KiB

View File

@ -0,0 +1,15 @@
{
"area": [
{
"xpos": 395,
"ypos": 362,
"width": 33,
"height": 40,
"type": "match"
}
],
"properties": [],
"tags": [
"boot_enter_passphrase"
]
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.7 KiB

View File

@ -809,6 +809,17 @@
},
test_suite => { name => "upgrade_kde_64bit" },
},
{
machine => { name => "64bit" },
prio => 30,
product => {
arch => "x86_64",
distri => "fedora",
flavor => "universal",
version => "*",
},
test_suite => { name => "upgrade_desktop_encrypted_64bit" },
},
{
machine => { name => "64bit" },
prio => 50,
@ -853,6 +864,17 @@
},
test_suite => { name => "upgrade_2_kde_64bit" },
},
{
machine => { name => "64bit" },
prio => 50,
product => {
arch => "x86_64",
distri => "fedora",
flavor => "universal",
version => "*",
},
test_suite => { name => "upgrade_2_desktop_encrypted_64bit" },
},
{
machine => { name => "64bit" },
prio => 40,
@ -1577,6 +1599,19 @@
{ key => "DESKTOP", value => "kde" },
],
},
{
name => "upgrade_desktop_encrypted_64bit",
settings => [
{ key => "ROOT_PASSWORD", value => "weakpassword" },
{ key => "USER_LOGIN", value => "test" },
{ key => "USER_PASSWORD", value => "weakpassword" },
{ key => "BOOTFROM", value => "c" },
{ key => "HDD_1", value => "disk_f%CURRREL%_desktopencrypt_x86_64.img" },
{ key => "UPGRADE", value => "1" },
{ key => "DESKTOP", value => "gnome" },
{ key => "ENCRYPT_PASSWORD", value => "weakpassword" },
],
},
{
name => "upgrade_2_minimal_64bit",
settings => [
@ -1623,6 +1658,19 @@
{ key => "DESKTOP", value => "kde" },
],
},
{
name => "upgrade_2_desktop_encrypted_64bit",
settings => [
{ key => "ROOT_PASSWORD", value => "weakpassword" },
{ key => "USER_LOGIN", value => "test" },
{ key => "USER_PASSWORD", value => "weakpassword" },
{ key => "BOOTFROM", value => "c" },
{ key => "HDD_1", value => "disk_f%PREVREL%_desktopencrypt_x86_64.img" },
{ key => "UPGRADE", value => "1" },
{ key => "DESKTOP", value => "gnome" },
{ key => "ENCRYPT_PASSWORD", value => "weakpassword" },
],
},
{
name => "upgrade_desktop_32bit",
settings => [

View File

@ -5,9 +5,11 @@ use testapi;
sub run {
# If KICKSTART is set, then the wait_time needs to consider the
# install time. if UPGRADE, we have to wait for the entire upgrade
# unless ENCRYPT_PASSWORD is set (in which case the postinstall
# test does the waiting)
my $wait_time = 300;
$wait_time = 1800 if (get_var("KICKSTART"));
$wait_time = 6000 if (get_var("UPGRADE"));
$wait_time = 6000 if (get_var("UPGRADE") && !get_var("ENCRYPT_PASSWORD"));
# Wait for the login screen
assert_screen "graphical_login", $wait_time;

View File

@ -3,10 +3,13 @@ use strict;
use testapi;
sub run {
my $self = shift;
my $wait_time = 300;
# if we're running an upgrade, we must wait for the entire upgrade
# process to run
$wait_time = 6000 if (get_var("UPGRADE"));
# decrypt disks during boot
assert_screen "boot_enter_passphrase", 300; #
type_string get_var("ENCRYPT_PASSWORD");
send_key "ret";
$self->boot_decrypt($wait_time);
}
sub test_flags {

View File

@ -4,6 +4,10 @@ use testapi;
sub run {
my $self = shift;
# decrypt disks during boot if necessary
if (get_var("ENCRYPT_PASSWORD")) {
$self->boot_decrypt(60);
}
# wait for either graphical or text login
if (get_var('DESKTOP')) {
@ -22,6 +26,11 @@ sub run {
script_run "reboot";
# decrypt if necessary
if (get_var("ENCRYPT_PASSWORD")) {
$self->boot_decrypt(60);
}
if (get_var('DESKTOP')) {
$self->boot_to_login_screen("graphical_login", 30, 90); # DM takes time to load
} else {

View File

@ -23,16 +23,31 @@ sub run {
script_run "dnf system-upgrade reboot";
# fail immediately if we see a DNF error message
die "DNF reported failure" if (check_screen "upgrade_fail");
die "DNF reported failure" if (check_screen "upgrade_fail", 15);
if (get_var("ENCRYPT_PASSWORD")) {
$self->boot_decrypt(60);
}
# try and catch if we hit RHBZ #1349721 and work around it
if (check_screen "bootloader") {
# wait some secs for the screen to clear
sleep 10;
if (get_var("ENCRYPT_PASSWORD")) {
$self->boot_decrypt(60);
}
if (check_screen "bootloader") {
record_soft_failure;
$self->do_bootloader(postinstall=>1, params=>"enforcing=0");
if (get_var("ENCRYPT_PASSWORD")) {
$self->boot_decrypt(60);
}
}
}
# in encrypted case we need to wait a bit so postinstall test
# doesn't bogus match on the encryption prompt we just completed
# before it disappears from view
if (get_var("ENCRYPT_PASSWORD")) {
sleep 5;
}
}