Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RHELC-1117] Fix backtrace in kernel signature verification #952

Merged
merged 2 commits into from
Oct 31, 2023
Merged

[RHELC-1117] Fix backtrace in kernel signature verification #952

merged 2 commits into from
Oct 31, 2023

Conversation

r0x0d
Copy link
Member

@r0x0d r0x0d commented Oct 10, 2023

The old method we used was causing a backtrace during the fingerprint verification as it was consulting the yumdb and in return it was reporting metadata that was not relevant.

This commit introduces an minimal refactor that changes the way we query for the package, so instead of relying in querying the rpmdb first, we use rpm directly to do the job.

Jira Issues: RHELC-1117

Checklist

  • PR has been tested manually in a VM (either author or reviewer)
  • Jira issue has been made public if possible
  • [RHELC-] is part of the PR title
  • GitHub label has been added to help with Release notes
  • PR title explains the change from the user's point of view
  • Code and tests are documented properly
  • The commits are squashed to as few commits as possible (without losing data)
  • When merged: Jira issue has been updated to Release Pending if relevant

@r0x0d
Fix backtrace in kernel signature verification
0f17df6 
The old method we used was causing a backtrace during the fingerprint
verification as it was consulting the yumdb and in return it was
reporting metadata that was not relevant.

This commit introduces an minimal refactor that changes the way we query
for the package, so instead of relying in querying the rpmdb first, we
use rpm directly to do the job.

Signed-off-by: Rodolfo Olivieri <rolivier@redhat.com>
@codecov
Copy link

codecov bot commented Oct 10, 2023
edited
Loading

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (5e9d275) 93.99% compared to head (7041e9b) 93.99%.
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #952      +/-   ##
==========================================
- Coverage   93.99%   93.99%   -0.01%     
==========================================
  Files          44       44              
  Lines        4166     4164       -2     
  Branches      739      739              
==========================================
- Hits         3916     3914       -2     
  Misses        177      177              
  Partials       73       73
Flag Coverage Δ
centos-linux-7 89.38% <100.00%> (-0.01%) ⬇️
centos-linux-8 89.96% <100.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
...el/actions/system_checks/rhel_compatible_kernel.py 100.00% <100.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@r0x0d
Mock the _get_loaded_kmods to avoid running lsmod
7041e9b 
Sometimes lsmod was failing because it couldn't be found in the system,
and since the return or execution of this function is not needed by the
test result, mocking it to null value is an easy fix.

Signed-off-by: Rodolfo Olivieri <rolivier@redhat.com>
pr-watson
pr-watson approved these changes Oct 10, 2023
View reviewed changes
Copy link
Contributor

@pr-watson pr-watson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me, approved

@r0x0d r0x0d added bug Something isn't working tests/tier0 PR ready to run the essential test suit. Equivalent to `/packit test --labels tier0`. labels Oct 11, 2023
@has-bot
Copy link
Member

has-bot commented Oct 11, 2023

/packit test --labels tier0

@oamg/conversions-qe please review results and provide ack.

@Venefilyn Venefilyn added the kind/bug-fix A bug has been fixed label Oct 31, 2023
@Venefilyn
Copy link
Member

Did anyone verify to work this in a VM?

@Venefilyn Venefilyn merged commit 8c77aa0 into oamg:main Oct 31, 2023
38 of 68 checks passed
@r0x0d r0x0d deleted the kernel-signature-backtrace branch October 31, 2023 16:54
@r0x0d
Copy link
Member Author

r0x0d commented Oct 31, 2023

Did anyone verify to work this in a VM?

I did while I was developing the solution, but not sure if someone else tested it either...

@pr-watson pr-watson mentioned this pull request Dec 8, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pr-watson pr-watson pr-watson approved these changes

Assignees
No one assigned
Labels
bug Something isn't working kind/bug-fix A bug has been fixed tests/tier0 PR ready to run the essential test suit. Equivalent to `/packit test --labels tier0`.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@r0x0d @has-bot @Venefilyn @pr-watson