Open sssoleileraaa opened 3 years ago
It looks like ./securedrop_admin verify
also fails on test_fpf_apt_repo.py::test_apt_repo_present
if you are using the apt-test server. The output is confusing, but here is what I was able to gather while watching this long script run (a consolidated grouping of the failures and skips where some of the failures happened twice - one for the mon and one for the app):
skip test_apparmor.py::test_app_apparmor_complain
fail test_ossec_agent.py::test_ossec_keyfile_present
fail test_cron_apt.py::test_cron_apt_repo_list
fail test_fpf_apt_repo.py::test_fpf_apt_repo_present
skip test_grsecurity.py::test_pax_flags (grub-probe)
skip test_grsecurity.py::test_pax_flags (grub-mkdevicemap)
skip test_grsecurity.py::test_pax_flags (grub-script-check)
fail test_ossec_server.py::test_ossec_keyfiles (sslmanager.key)
fail test_ossec_server.py::test_ossec_keyfiles (sslmanager.cert)
pass test_ossec_server.py::test_procmail
skip test_journalist_mail.py::TestJournalistMail::test_procmail
skip test_journalist_mail.py::TestJournalistMail::test_send_encrypted_alert
skip test_journalist_mail.py::TestJournalistMail::test_missing_journalist_alert
skip test_journalist_mail.py::TestJournalistMail::test_ossec_rule_journalist
skip test_journalist_mail.py::TestJournalistMail::test_process_submissions_today
skip test_journalist_mail.py::TestJournalistMail::test_journalist_mail_notification
at the end it says:
4 failed, 7 skipped, 3 xfailed
but it looks like more tests were skipped in the output
Description
./securedrop-admin verify
can be run after installing SecureDrop to check that the install is set up and functioning properly. If you are a developer testing SecureDrop packages hosted on the apt-test server, then you probably ran thesecuredrop-qa.yml
playbook to replace/etc/apt/sources.list.d/apt_freedom_press.list
with/etc/apt/sources.list.d/apt_test_freedom_press.list
(containing the corresponding apt repo urls within the files) on yourapp
andmon
servers.Sometimes during QA you have to run
./securedrop-admin install
with changed site settings, which I believe renames the/etc/apt/sources.list.d/apt_test_freedom_press.list
files on both servers to/etc/apt/sources.list.d/apt_freedom_press.list
but does not change the apt repo url within the files, so it remainshttps://apt-test.freedom.press
. Then, when you run./securedrop-admin verify
the test will fail (after about 20 minutes of run time) saying that the apt repo doesn't match the name of the source list file. The script fails and stops all remaining checks, so you have to run thesecuredrop-qa.yml
playbook again to undo the renaming of the source file.So two things:
(1) If we want
./securedrop-admin install
to ensure that we're using our stable apt server (instead of apt-test), then we should also make sure to update the contents of the source list file to specify the correct server. (2) Since the install script overwrites our apt-test source list file, we should make it clear in the developer docs that you should run thesecuredrop-qa.yml
playbook again before running./securedrop-admin verify
OR perhaps add an option for skipping this check if doing QA (other ideas?)