[PATCH v2 1/2] qemuxml2argvtest: Sanitize testing of '-enable-fips'
Peter Krempa
pkrempa at redhat.com
Wed Oct 21 08:35:26 UTC 2020
Rename 'FLAG_FIPS' to 'FLAG_FIPS_HOST' to signify that we are simulating
a host supporting fips mode and use the flag to assert 'enabeFips'
argument of 'qemuProcessCreatePretendCmdBuild' rather than passing it
via QEMU_CAPS_ENABLE_FIPS.
This prepares the testsuite for testing of -enable-fips deprecation in
qemu-5.2.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
tests/qemuxml2argvdata/fips-enabled.args | 31 --------------
.../fips-enabled.x86_64-5.1.0.args | 40 ++++++++++++++++++
.../fips-enabled.x86_64-latest.args | 41 +++++++++++++++++++
tests/qemuxml2argvtest.c | 11 +++--
tests/testutilsqemu.h | 2 +-
5 files changed, 87 insertions(+), 38 deletions(-)
delete mode 100644 tests/qemuxml2argvdata/fips-enabled.args
create mode 100644 tests/qemuxml2argvdata/fips-enabled.x86_64-5.1.0.args
create mode 100644 tests/qemuxml2argvdata/fips-enabled.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/fips-enabled.args b/tests/qemuxml2argvdata/fips-enabled.args
deleted file mode 100644
index 91b32bd96c..0000000000
--- a/tests/qemuxml2argvdata/fips-enabled.args
+++ /dev/null
@@ -1,31 +0,0 @@
-LC_ALL=C \
-PATH=/bin \
-HOME=/tmp/lib/domain--1-QEMUGuest1 \
-USER=test \
-LOGNAME=test \
-XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
-XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
-XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-QEMU_AUDIO_DRV=none \
-/usr/bin/qemu-system-i386 \
--name QEMUGuest1 \
--S \
--enable-fips \
--machine pc,accel=tcg,usb=off,dump-guest-core=off \
--m 214 \
--realtime mlock=off \
--smp 1,sockets=1,cores=1,threads=1 \
--uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
--display none \
--no-user-config \
--nodefaults \
--chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
-server,nowait \
--mon chardev=charmonitor,id=monitor,mode=control \
--rtc base=utc \
--no-shutdown \
--no-acpi \
--usb \
--drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
--device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
--device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvdata/fips-enabled.x86_64-5.1.0.args b/tests/qemuxml2argvdata/fips-enabled.x86_64-5.1.0.args
new file mode 100644
index 0000000000..e0e416d391
--- /dev/null
+++ b/tests/qemuxml2argvdata/fips-enabled.x86_64-5.1.0.args
@@ -0,0 +1,40 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-i386 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
+-enable-fips \
+-machine pc-i440fx-5.1,accel=tcg,usb=off,dump-guest-core=off \
+-cpu qemu64 \
+-m 214 \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1",\
+"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\
+"file":"libvirt-1-storage"}' \
+-device ide-hd,bus=ide.0,unit=0,drive=libvirt-1-format,id=ide0-0-0,bootindex=1 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
+resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/fips-enabled.x86_64-latest.args b/tests/qemuxml2argvdata/fips-enabled.x86_64-latest.args
new file mode 100644
index 0000000000..c06046c398
--- /dev/null
+++ b/tests/qemuxml2argvdata/fips-enabled.x86_64-latest.args
@@ -0,0 +1,41 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-i386 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
+-enable-fips \
+-machine pc,accel=tcg,usb=off,dump-guest-core=off,memory-backend=pc.ram \
+-cpu qemu64 \
+-m 214 \
+-object memory-backend-ram,id=pc.ram,size=224395264 \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1",\
+"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\
+"file":"libvirt-1-storage"}' \
+-device ide-hd,bus=ide.0,unit=0,drive=libvirt-1-format,id=ide0-0-0,bootindex=1 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
+resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index abc982890f..cdd606cb42 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -380,7 +380,7 @@ testCheckExclusiveFlags(int flags)
{
virCheckFlags(FLAG_EXPECT_FAILURE |
FLAG_EXPECT_PARSE_ERROR |
- FLAG_FIPS |
+ FLAG_FIPS_HOST |
FLAG_REAL_CAPS |
FLAG_SKIP_LEGACY_CPUS |
FLAG_SLIRP_HELPER |
@@ -399,6 +399,7 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv,
unsigned int flags,
bool jsonPropsValidation)
{
+ bool enableFips = !!(flags & FLAG_FIPS_HOST);
size_t i;
if (qemuProcessCreatePretendCmdPrepare(drv, vm, migrateURI, false,
@@ -489,7 +490,7 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv,
}
return qemuProcessCreatePretendCmdBuild(drv, vm, migrateURI,
- (flags & FLAG_FIPS), false,
+ enableFips, false,
jsonPropsValidation);
}
@@ -610,9 +611,6 @@ testCompareXMLToArgv(const void *data)
virSetConnectSecret(conn);
virSetConnectStorage(conn);
- if (virQEMUCapsGet(info->qemuCaps, QEMU_CAPS_ENABLE_FIPS))
- flags |= FLAG_FIPS;
-
if (testCheckExclusiveFlags(info->flags) < 0)
goto cleanup;
@@ -2961,7 +2959,8 @@ mymain(void)
DO_TEST("panic-no-address",
QEMU_CAPS_DEVICE_PANIC);
- DO_TEST("fips-enabled", QEMU_CAPS_ENABLE_FIPS);
+ DO_TEST_CAPS_ARCH_VER_FULL("fips-enabled", "x86_64", "5.1.0", ARG_FLAGS, FLAG_FIPS_HOST);
+ DO_TEST_CAPS_ARCH_LATEST_FULL("fips-enabled", "x86_64", ARG_FLAGS, FLAG_FIPS_HOST);
DO_TEST("shmem", QEMU_CAPS_DEVICE_IVSHMEM);
DO_TEST("shmem-plain-doorbell", QEMU_CAPS_DEVICE_IVSHMEM,
diff --git a/tests/testutilsqemu.h b/tests/testutilsqemu.h
index 66f9cef48e..79af1be50d 100644
--- a/tests/testutilsqemu.h
+++ b/tests/testutilsqemu.h
@@ -48,7 +48,7 @@ typedef enum {
typedef enum {
FLAG_EXPECT_FAILURE = 1 << 0,
FLAG_EXPECT_PARSE_ERROR = 1 << 1,
- FLAG_FIPS = 1 << 2,
+ FLAG_FIPS_HOST = 1 << 2, /* simulate host with FIPS mode enabled */
FLAG_REAL_CAPS = 1 << 3,
FLAG_SKIP_LEGACY_CPUS = 1 << 4,
FLAG_SLIRP_HELPER = 1 << 5,
--
2.26.2
More information about the libvir-list
mailing list