Skip to content

Upstreaming some SecureDrop's test changes #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Upstreaming some SecureDrop's test changes #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
3e05922
SecureDrop: fix config.json wrongly set to prod
deeplow Aug 22, 2025
4a4fd6a
Workaround: run `make test` test in root console
deeplow Aug 20, 2025
235a5d9
Remove presentation mode enabling
deeplow Sep 1, 2025
915fc13
Run dom0 tests with virtual screen (xvfb)
deeplow Sep 2, 2025
046c6b6
WIP: config.json in dev env was missing
deeplow Sep 11, 2025
c9f62a7
Improve explanation of why xvfb is needed
legoktm Sep 11, 2025
53d1d53
Merge pull request #1 from freedomofpress/securedrop-fix-dev-config
legoktm Sep 11, 2025
aecc722
Revert "WIP: config.json in dev env was missing"
legoktm Sep 12, 2025
dbe018b
Merge pull request #2 from freedomofpress/restore-dev
deeplow Sep 23, 2025
b787f19
Merge branch 'QubesOS:main' into main
deeplow Sep 23, 2025
7e5e35e
Remove sd-whonix set up
deeplow Sep 30, 2025
2d3ce93
Merge pull request #3 from freedomofpress/sd-whonix-removal
deeplow Oct 2, 2025
13af906
Merge branch 'QubesOS:main' into main
deeplow Oct 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions main.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,11 +181,6 @@ if (check_var('SECUREDROP_INSTALL', '1')) {
autotest::loadtest("tests/whonix_firstrun.pm", name => "Setup_sys-whonix");

autotest::loadtest("tests/securedrop/install_workstation.pm");

# Setup sd-whonix connection
my $args = OpenQA::Test::RunArgs->new();
$args->{whonix_gw_override} = 'sd-whonix';
autotest::loadtest("tests/whonix_firstrun.pm", name =>"Setup_sd-whonix", run_args => $args);
} elsif (check_var('SECUREDROP_TEST', "test_dom0")) {
autotest::loadtest("tests/securedrop/test_dom0.pm");
} elsif (check_var('SECUREDROP_TEST', "test_gui")) {
Expand Down
21 changes: 12 additions & 9 deletions tests/securedrop/install_workstation.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ sub install_staging {
assert_script_run('qvm-run -p work -- "rpm -Kv securedrop-workstation-dom0-config-*.rpm"'); # TODO confirm output is correct
assert_script_run('qvm-run -p work -- "cat /home/user/securedrop-workstation-dom0-config-*.rpm" > securedrop-workstation.rpm');
assert_script_run('sudo dnf -y install securedrop-workstation.rpm');

# setup staging config.json
assert_script_run('echo {\"submission_key_fpr\": \"65A1B5FF195B56353CC63DFFCC40EF1228271441\", \"hidserv\": {\"hostname\": \"bnbo6ryxq24fz27chs5fidscyqhw2hlyweelg4nmvq76tpxvofpyn4qd.onion\", \"key\": \"FDF476DUDSB5M27BIGEVIFCFGHQJ46XS3STAP7VG6Z2OWXLHWZPA\"}, \"environment\": \"staging\", \"vmsizes\": {\"sd_app\": 10, \"sd_log\": 5}} | sudo tee /usr/share/securedrop-workstation-dom0-config/config.json');
assert_script_run('curl https://raw.githubusercontent.com/freedomofpress/securedrop/d91dc67/securedrop/tests/files/test_journalist_key.sec.no_passphrase | sudo tee /usr/share/securedrop-workstation-dom0-config/sd-journalist.sec');
assert_script_run('sdw-admin --validate');

};

sub install_dev {
Expand Down Expand Up @@ -63,6 +69,12 @@ sub install_dev {
assert_script_run('qvm-run -p sd-dev "cd securedrop-workstation && make build-rpm"', timeout => 1000);
assert_script_run("qvm-run --pass-io sd-dev 'cat /home/user/securedrop-workstation/rpm-build/RPMS/noarch/*.rpm' > /tmp/sdw.rpm");
assert_script_run('sudo dnf -y install /tmp/sdw.rpm', timeout => 1000);

# setup dev config.json
assert_script_run('echo {\"submission_key_fpr\": \"65A1B5FF195B56353CC63DFFCC40EF1228271441\", \"hidserv\": {\"hostname\": \"bnbo6ryxq24fz27chs5fidscyqhw2hlyweelg4nmvq76tpxvofpyn4qd.onion\", \"key\": \"FDF476DUDSB5M27BIGEVIFCFGHQJ46XS3STAP7VG6Z2OWXLHWZPA\"}, \"environment\": \"dev\", \"vmsizes\": {\"sd_app\": 10, \"sd_log\": 5}} | sudo tee /usr/share/securedrop-workstation-dom0-config/config.json');
assert_script_run('curl https://raw.githubusercontent.com/freedomofpress/securedrop/d91dc67/securedrop/tests/files/test_journalist_key.sec.no_passphrase | sudo tee /usr/share/securedrop-workstation-dom0-config/sd-journalist.sec');
assert_script_run('sdw-admin --validate');

};

sub run {
Expand All @@ -71,11 +83,6 @@ sub run {
$self->select_gui_console;
assert_screen "desktop";

# Enable "presentation mode" to prevent the screen from going dark
assert_and_click('disable-screen-blanking-click-power-tray-icon');
assert_and_click('disable-screen-blanking-click-presentation-mode');
send_key('esc');

x11_start_program('xterm');
send_key('alt-f10'); # maximize xterm to ease troubleshooting

Expand All @@ -85,10 +92,6 @@ sub run {

install_dev;

assert_script_run('echo {\"submission_key_fpr\": \"65A1B5FF195B56353CC63DFFCC40EF1228271441\", \"hidserv\": {\"hostname\": \"bnbo6ryxq24fz27chs5fidscyqhw2hlyweelg4nmvq76tpxvofpyn4qd.onion\", \"key\": \"FDF476DUDSB5M27BIGEVIFCFGHQJ46XS3STAP7VG6Z2OWXLHWZPA\"}, \"environment\": \"prod\", \"vmsizes\": {\"sd_app\": 10, \"sd_log\": 5}} | sudo tee /usr/share/securedrop-workstation-dom0-config/config.json');
assert_script_run('curl https://raw.githubusercontent.com/freedomofpress/securedrop/d91dc67/securedrop/tests/files/test_journalist_key.sec.no_passphrase | sudo tee /usr/share/securedrop-workstation-dom0-config/sd-journalist.sec');
assert_script_run('sdw-admin --validate');

assert_script_run('env xset -dpms; env xset s off', valid => 0, timeout => 10); # disable screen blanking during long command
assert_script_run('sdw-admin --apply | tee /tmp/sdw-admin-apply.log', timeout => 6000); # long timeout due to slow virt.
upload_logs('/tmp/sdw-admin-apply.log', failok => 1);
Expand Down
15 changes: 10 additions & 5 deletions tests/securedrop/test_dom0.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,7 @@ use serial_terminal qw(select_root_console);
sub run {
my ($self) = @_;

$self->select_gui_console;

x11_start_program('xterm');
send_key('alt-f10'); # maximize xterm to ease troubleshooting
$self->select_root_console;

# HACK: work around "extra-files" failing to be obtained via the usual route (via CASEDIR b64)
assert_script_run("qvm-run -p sd-dev 'curl https://raw.githubusercontent.com/QubesOS/openqa-tests-qubesos/refs/heads/main/extra-files/convert_junit.py 2>/dev/null' > /home/user/convert_junit.py");
Expand All @@ -33,9 +30,17 @@ sub run {
# Setup testing requirements and run tests
assert_script_run('rpm -q python3-pytest || sudo qubes-dom0-update -y python3-pytest', timeout => 300);
assert_script_run('rpm -q python3-pytest-cov || sudo qubes-dom0-update -y python3-pytest-cov', timeout => 300);

# Install virtual screen (xvfb) so that launcher tests can access a display, otherwise not available in a root console
# See https://github.com/freedomofpress/securedrop-workstation/issues/1411
assert_script_run('rpm -q xorg-x11-server-Xvfb || sudo qubes-dom0-update -y xorg-x11-server-Xvfb', timeout => 300);

# Set up credentials
script_run('ln -s /usr/share/securedrop-workstation-dom0-config/config.json /home/user/securedrop-workstation/config.json');
script_run('ln -s /usr/share/securedrop-workstation-dom0-config/sd-journalist.sec /home/user/securedrop-workstation/sd-journalist.sec');
script_run("env CI=true make -C $sdw_path test | tee make-test.log", timeout => 2400);

# Run tests (xvfb-run needed to simulate screen in root console)
assert_script_run("xvfb-run env CI=true make -C $sdw_path test | tee make-test.log", timeout => 2400);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's enough to set DISPLAY=:0 instead? User session is logged in after all, no?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea. But sadly it doesn't seem have worked: https://openqa.qubes-os.org/tests/155644/logfile?filename=serial_terminal.txt#line-214. With :0.0 it didn't work either.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, could be some more variables, like XAUTHORITY=/run/lightdm/user/xauthority. It makes Qt apps work for me when started from tty2.

I think it's worth trying to avoid xvfb-run, because two X servers may result in weird errors down the road - for example applications using dbus activation will open on the primary x server (as user's dbus session daemon has DISPLAY=:0), which may confuse some tests at some point.



curl_via_netvm; # necessary for upload_logs
Expand Down