1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 17:34:18 +03:00

qemuxml2argvtest: Sanitize testing of '-enable-fips'

Rename 'FLAG_FIPS' to 'FLAG_FIPS_HOST' to signify that we are simulating
a host supporting fips mode and use the flag to assert 'enabeFips'
argument of 'qemuProcessCreatePretendCmdBuild' rather than passing it
via QEMU_CAPS_ENABLE_FIPS.

This prepares the testsuite for testing of -enable-fips deprecation in
qemu-5.2.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Peter Krempa 2020-10-21 10:08:11 +02:00
parent 25cb07498e
commit ca8f7b8a02
5 changed files with 87 additions and 38 deletions

View File

@ -1,31 +0,0 @@
LC_ALL=C \
PATH=/bin \
HOME=/tmp/lib/domain--1-QEMUGuest1 \
USER=test \
LOGNAME=test \
XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-i386 \
-name QEMUGuest1 \
-S \
-enable-fips \
-machine pc,accel=tcg,usb=off,dump-guest-core=off \
-m 214 \
-realtime mlock=off \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
-display none \
-no-user-config \
-nodefaults \
-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
-no-acpi \
-usb \
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3

View File

@ -0,0 +1,40 @@
LC_ALL=C \
PATH=/bin \
HOME=/tmp/lib/domain--1-QEMUGuest1 \
USER=test \
LOGNAME=test \
XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-i386 \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object secret,id=masterKey0,format=raw,\
file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
-enable-fips \
-machine pc-i440fx-5.1,accel=tcg,usb=off,dump-guest-core=off \
-cpu qemu64 \
-m 214 \
-overcommit mem-lock=off \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
-display none \
-no-user-config \
-nodefaults \
-chardev socket,id=charmonitor,fd=1729,server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
-no-acpi \
-boot strict=on \
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1",\
"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\
"file":"libvirt-1-storage"}' \
-device ide-hd,bus=ide.0,unit=0,drive=libvirt-1-format,id=ide0-0-0,bootindex=1 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
resourcecontrol=deny \
-msg timestamp=on

View File

@ -0,0 +1,41 @@
LC_ALL=C \
PATH=/bin \
HOME=/tmp/lib/domain--1-QEMUGuest1 \
USER=test \
LOGNAME=test \
XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-i386 \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object secret,id=masterKey0,format=raw,\
file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
-enable-fips \
-machine pc,accel=tcg,usb=off,dump-guest-core=off,memory-backend=pc.ram \
-cpu qemu64 \
-m 214 \
-object memory-backend-ram,id=pc.ram,size=224395264 \
-overcommit mem-lock=off \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
-display none \
-no-user-config \
-nodefaults \
-chardev socket,id=charmonitor,fd=1729,server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
-no-acpi \
-boot strict=on \
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1",\
"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\
"file":"libvirt-1-storage"}' \
-device ide-hd,bus=ide.0,unit=0,drive=libvirt-1-format,id=ide0-0-0,bootindex=1 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
resourcecontrol=deny \
-msg timestamp=on

View File

@ -380,7 +380,7 @@ testCheckExclusiveFlags(int flags)
{
virCheckFlags(FLAG_EXPECT_FAILURE |
FLAG_EXPECT_PARSE_ERROR |
FLAG_FIPS |
FLAG_FIPS_HOST |
FLAG_REAL_CAPS |
FLAG_SKIP_LEGACY_CPUS |
FLAG_SLIRP_HELPER |
@ -399,6 +399,7 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv,
unsigned int flags,
bool jsonPropsValidation)
{
bool enableFips = !!(flags & FLAG_FIPS_HOST);
size_t i;
if (qemuProcessCreatePretendCmdPrepare(drv, vm, migrateURI, false,
@ -489,7 +490,7 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv,
}
return qemuProcessCreatePretendCmdBuild(drv, vm, migrateURI,
(flags & FLAG_FIPS), false,
enableFips, false,
jsonPropsValidation);
}
@ -610,9 +611,6 @@ testCompareXMLToArgv(const void *data)
virSetConnectSecret(conn);
virSetConnectStorage(conn);
if (virQEMUCapsGet(info->qemuCaps, QEMU_CAPS_ENABLE_FIPS))
flags |= FLAG_FIPS;
if (testCheckExclusiveFlags(info->flags) < 0)
goto cleanup;
@ -2962,7 +2960,8 @@ mymain(void)
DO_TEST("panic-no-address",
QEMU_CAPS_DEVICE_PANIC);
DO_TEST("fips-enabled", QEMU_CAPS_ENABLE_FIPS);
DO_TEST_CAPS_ARCH_VER_FULL("fips-enabled", "x86_64", "5.1.0", ARG_FLAGS, FLAG_FIPS_HOST);
DO_TEST_CAPS_ARCH_LATEST_FULL("fips-enabled", "x86_64", ARG_FLAGS, FLAG_FIPS_HOST);
DO_TEST("shmem", QEMU_CAPS_DEVICE_IVSHMEM);
DO_TEST("shmem-plain-doorbell", QEMU_CAPS_DEVICE_IVSHMEM,

View File

@ -48,7 +48,7 @@ typedef enum {
typedef enum {
FLAG_EXPECT_FAILURE = 1 << 0,
FLAG_EXPECT_PARSE_ERROR = 1 << 1,
FLAG_FIPS = 1 << 2,
FLAG_FIPS_HOST = 1 << 2, /* simulate host with FIPS mode enabled */
FLAG_REAL_CAPS = 1 << 3,
FLAG_SKIP_LEGACY_CPUS = 1 << 4,
FLAG_SLIRP_HELPER = 1 << 5,