Remove cert agency from code

os-autoinst · Feb 25, 2025 · 928a0aa · 928a0aa
1 parent 8a9bb72
commit 928a0aa
Show file tree

Hide file tree

Showing 25 changed files with 83 additions and 83 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -60,7 +60,7 @@ tests/sles4sap/ @a-kpappas @alvarocarvajald @Amrysliu @BillAnastasiadis @emiura
 data/security/ @feri @ilmanzo @paolostivanin @realcharmer @tjyrinki
 lib/security/ @feri @ilmanzo @paolostivanin @realcharmer @tjyrinki
 lib/main_security.pm @feri @ilmanzo @paolostivanin @realcharmer @tjyrinki
-lib/atsec_test.pm @feri @ilmanzo @paolostivanin @realcharmer @tjyrinki
+lib/eal4_test.pm @feri @ilmanzo @paolostivanin @realcharmer @tjyrinki
 lib/selinuxtest.pm @feri @ilmanzo @paolostivanin @realcharmer @tjyrinki
 schedule/security/ @feri @ilmanzo @paolostivanin @realcharmer @tjyrinki
 test_data/security/ @feri @ilmanzo @paolostivanin @realcharmer @tjyrinki

diff --git a/data/atsec/kvm_check_network.xml → data/eal4/kvm_check_network.xml b/data/atsec/kvm_check_network.xml → data/eal4/kvm_check_network.xml
diff --git a/lib/atsec_test.pm → lib/eal4_test.pm b/lib/atsec_test.pm → lib/eal4_test.pm
@@ -3,10 +3,10 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 
-# Summary: Base module for ATSEC test cases
+# Summary: Base module for EAL4 test cases
 # Maintainer: QE Security <[email protected]>
 
-package atsec_test;
+package eal4_test;
 
 use base Exporter;
 
@@ -22,7 +22,7 @@ our @EXPORT = qw(
   $client_ip
 );
 
-our $code_dir = '/usr/local/atsec';
+our $code_dir = '/usr/local/eal4';
 our @white_list_for_dbus = (
     'org.freedesktop.hostname1',
     'org.freedesktop.locale1',

diff --git a/schedule/security/atsec_tests.yaml b/schedule/security/atsec_tests.yaml
diff --git a/schedule/security/cc_eal4.yaml b/schedule/security/cc_eal4.yaml
@@ -0,0 +1,30 @@
+name: eal4_tests
+description: >
+    This is for EAL4 tests
+schedule:
+    - installation/bootloader_start
+    - security/boot_disk
+    - security/eal4/setup_eal4_env
+    - '{{disable_root_ssh}}'
+    - security/eal4/accessible_network_interface
+    - security/eal4/kvm_check
+    - security/eal4/drng_test_preparation
+    - security/eal4/dbus_services_exposure
+    - security/eal4/check_undocumented_security_programs
+    - security/eal4/dbus_fuzzer
+    - security/eal4/syscall_thrasher
+    - security/eal4/netlink_message
+    - security/eal4/chrony_pid_file
+    - security/eal4/permission_settings
+    - '{{check_processor_vulnerability_mitigations}}'
+conditional_schedule:
+    check_processor_vulnerability_mitigations:
+        ARCH:
+            x86_64:
+                - security/eal4/check_processor_vulnerability_mitigations
+            aarch64:
+                - security/eal4/check_processor_vulnerability_mitigations
+    disable_root_ssh:
+        ARCH:
+            s390x:
+                - security/cc/disable_root_ssh
diff --git a/schedule/security/cc_ipsec.yaml b/schedule/security/cc_ipsec.yaml
@@ -7,7 +7,7 @@ schedule:
     - '{{remove_bridge_network}}'
     - '{{setup_multimachine}}'
     - security/cc/cc_audit_test_setup
-    - security/atsec/setup_atsec_env
+    - security/eal4/setup_eal4_env
     - '{{disable_root_ssh}}'
     - '{{cc_ipsec}}'
 conditional_schedule:

diff --git a/tests/security/cc/apparmor_negative_test.pm b/tests/security/cc/apparmor_negative_test.pm
@@ -3,7 +3,7 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 #
-# Summary: Run 'AppArmor negative test' test case of ATSec test suite
+# Summary: Run 'AppArmor negative test' test case of EAL4 test suite
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#109307
 

diff --git a/tests/security/cc/extended_apparmor_interface_trace_test.pm b/tests/security/cc/extended_apparmor_interface_trace_test.pm
@@ -3,7 +3,7 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 #
-# Summary: Run 'Extended AppArmor interface trace test' test case of ATSec test suite
+# Summary: Run 'Extended AppArmor interface trace test' test case of EAL4 test suite
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#111242
 

diff --git a/tests/security/cc/ipsec/ipsec_certificate.pm b/tests/security/cc/ipsec/ipsec_certificate.pm
@@ -12,7 +12,7 @@ use strict;
 use warnings;
 use testapi;
 use utils;
-use atsec_test;
+use eal4_test;
 use Utils::Architectures;
 use lockapi;
 use version_utils 'is_sle';
@@ -35,7 +35,7 @@ sub run {
     my ($self) = @_;
     select_console 'root-console';
 
-    assert_script_run('cd /usr/local/atsec/ipsec/certificates');
+    assert_script_run('cd /usr/local/eal4/ipsec/certificates');
 
     my $role = get_var('HOSTNAME');
     my $children = get_children();
@@ -47,12 +47,12 @@ sub run {
         $case_name =~ s/_/-/g;
 
         if ($role eq 'server') {
-            assert_script_run("sh prepare-ipsec-test.sh $case_name $atsec_test::server_ip $atsec_test::client_ip server");
+            assert_script_run("sh prepare-ipsec-test.sh $case_name $eal4_test::server_ip $eal4_test::client_ip server");
             mutex_create("server_ready_$tmp_case_name");
             mutex_wait("client_done_$tmp_case_name", $child);
             next;
         }
-        assert_script_run("sh prepare-ipsec-test.sh $case_name $atsec_test::client_ip $atsec_test::server_ip client");
+        assert_script_run("sh prepare-ipsec-test.sh $case_name $eal4_test::client_ip $eal4_test::server_ip client");
         mutex_wait("server_ready_$tmp_case_name");
         my $output = script_output("ipsec up $case_name", 120);
 
@@ -74,11 +74,11 @@ sub run {
             else {
                 if ($case_name eq 'rsa768') {
                     $result = 'softfail';
-                    $record_message = "$case_name pass, as ATSec document says, it needs more analysis";
+                    $record_message = "$case_name pass, as EAL4 document says, it needs more analysis";
 
                 }
                 # When the ipsec up succeed, we need to check if the connection is created
-                my $ping_ret = script_run("ping -c 1 -W 2 $atsec_test::server_ip");
+                my $ping_ret = script_run("ping -c 1 -W 2 $eal4_test::server_ip");
                 if ($ping_ret != 0) {
                     $result = 'fail';
                     $record_message = "The $case_name test result is expected, but the connection does NOT work";
@@ -97,7 +97,7 @@ sub run {
     wait_for_children() if ($role eq 'server');
 
     my $netdev = 'eth0';
-    my $ip = $role eq 'server' ? $atsec_test::server_ip : $atsec_test::client_ip;
+    my $ip = $role eq 'server' ? $eal4_test::server_ip : $eal4_test::client_ip;
 
     # Delete the ip that we added if arch is s390x
     assert_script_run("ip addr del $ip/24 dev $netdev") if (is_s390x);

diff --git a/tests/security/cc/ipsec/ipsec_ciphers.pm b/tests/security/cc/ipsec/ipsec_ciphers.pm
@@ -3,7 +3,7 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 #
-# Summary: Run ATSec 'ipsec ciphers' case
+# Summary: Run EAL4 'ipsec ciphers' case
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#110980
 
@@ -20,7 +20,7 @@ sub run {
     select_console 'root-console';
 
     assert_script_run('export SYSTEMD_PAGER=""');
-    assert_script_run('cd /usr/local/atsec/ipsec/IPSEC_basic_eval');
+    assert_script_run('cd /usr/local/eal4/ipsec/IPSEC_basic_eval');
 
     mutex_wait('READY_FOR_IPSEC_CIPHERS');
 

diff --git a/tests/security/cc/ipsec/ipsec_client.pm b/tests/security/cc/ipsec/ipsec_client.pm
@@ -13,7 +13,7 @@ use warnings;
 use testapi;
 use utils;
 use audit_test;
-use atsec_test;
+use eal4_test;
 use Utils::Architectures;
 use lockapi;
 use network_utils 'iface';
@@ -25,15 +25,15 @@ sub run {
     # We don't run setup_multimachine in s390x, but we need to know the server and client's
     # ip address, so we add a known ip to NETDEV.
     my $netdev = iface;
-    assert_script_run("ip addr add $atsec_test::client_ip/24 dev $netdev") if (is_s390x);
+    assert_script_run("ip addr add $eal4_test::client_ip/24 dev $netdev") if (is_s390x);
 
     assert_script_run("cd $audit_test::test_dir/ipsec_configuration/toe");
     mutex_wait('IPSEC_SERVER_READY');
 
     # Setup the ipip tunnel to the IPSec gateway and test it
     # 192.168.100.1 is configured in the server by ipsec_setup_tunnel_server.sh
     # We need to check if it's accessible to find the network issue easily.
-    assert_script_run("./ipsec_setup_tunnel_toe.sh start $atsec_test::client_ip $atsec_test::server_ip");
+    assert_script_run("./ipsec_setup_tunnel_toe.sh start $eal4_test::client_ip $eal4_test::server_ip");
     assert_script_run('ping -W1 -c1 192.168.100.1');
 
     # Install IPSec configuration

diff --git a/tests/security/cc/ipsec/ipsec_server.pm b/tests/security/cc/ipsec/ipsec_server.pm
@@ -13,7 +13,7 @@ use warnings;
 use testapi;
 use utils;
 use audit_test;
-use atsec_test;
+use eal4_test;
 use Utils::Architectures;
 use lockapi;
 use mmapi 'get_children';
@@ -26,12 +26,12 @@ sub run {
     # We don't run setup_multimachine in s390x, but we need to know the server and client's
     # ip address, so we add a known ip to NETDEV.
     my $netdev = iface;
-    assert_script_run("ip addr add $atsec_test::server_ip/24 dev $netdev") if (is_s390x);
+    assert_script_run("ip addr add $eal4_test::server_ip/24 dev $netdev") if (is_s390x);
 
     assert_script_run("cd $audit_test::test_dir/ipsec_configuration/server");
 
     # Create ipip tunnel to the TOE system
-    assert_script_run("./ipsec_setup_tunnel_server.sh start $atsec_test::server_ip $atsec_test::client_ip");
+    assert_script_run("./ipsec_setup_tunnel_server.sh start $eal4_test::server_ip $eal4_test::client_ip");
 
     # Install IPSec configuration
     assert_script_run('make install');

diff --git a/tests/security/cc/ipsec/weak_ipsec_ciphers.pm b/tests/security/cc/ipsec/weak_ipsec_ciphers.pm
@@ -3,7 +3,7 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 #
-# Summary: Run ATSec 'Weak IPsec ciphers' case
+# Summary: Run EAL4 'Weak IPsec ciphers' case
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#101226
 
@@ -19,7 +19,7 @@ sub run {
     my ($self) = @_;
     select_console 'root-console';
 
-    assert_script_run('cd /usr/local/atsec/ipsec/IPSEC_basic_eval');
+    assert_script_run('cd /usr/local/eal4/ipsec/IPSEC_basic_eval');
     my $timeout = is_s390x() ? 180 : 90;
     my $output = script_output('bash test_basic_ipsec_eval_weak.bash', $timeout);
 

diff --git a/...ity/atsec/accessible_network_interface.pm → ...rity/eal4/accessible_network_interface.pm b/...ity/atsec/accessible_network_interface.pm → ...rity/eal4/accessible_network_interface.pm
@@ -3,7 +3,7 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 #
-# Summary: Run 'Accessible network interface' test case of ATSec test suite
+# Summary: Run 'Accessible network interface' test case of EAL4 test suite
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#111899
 
@@ -12,7 +12,7 @@ use strict;
 use warnings;
 use testapi;
 use utils;
-use atsec_test;
+use eal4_test;
 use Data::Dumper;
 
 sub run {

diff --git a/...ck_processor_vulnerability_mitigations.pm → ...ck_processor_vulnerability_mitigations.pm b/...ck_processor_vulnerability_mitigations.pm → ...ck_processor_vulnerability_mitigations.pm
@@ -3,7 +3,7 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 #
-# Summary: Run 'Check for processor vulnerability mitigations' test case of ATSec test suite
+# Summary: Run 'Check for processor vulnerability mitigations' test case of EAL4 test suite
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#111809
 
@@ -12,7 +12,7 @@ use strict;
 use warnings;
 use testapi;
 use utils;
-use atsec_test;
+use eal4_test;
 use Utils::Architectures;
 
 sub run {
@@ -24,7 +24,7 @@ sub run {
     my $log_file = 'spectre-meltdown-checker.log';
 
     # use the file in gitlab
-    assert_script_run("cd $atsec_test::code_dir/pentest/cpu-vul");
+    assert_script_run("cd $eal4_test::code_dir/pentest/cpu-vul");
 
     # Run the test script
     script_run("sh $script --no-color > $log_file 2>&1", timeout => 180);

diff --git a/...c/check_undocumented_security_programs.pm → ...4/check_undocumented_security_programs.pm b/...c/check_undocumented_security_programs.pm → ...4/check_undocumented_security_programs.pm
@@ -3,7 +3,7 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 #
-# Summary: Run 'Check for undocumented security-relevant programs' test case of ATSec test suite
+# Summary: Run 'Check for undocumented security-relevant programs' test case of EAL4 test suite
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#111671
 

diff --git a/tests/security/atsec/chrony_pid_file.pm → tests/security/eal4/chrony_pid_file.pm b/tests/security/atsec/chrony_pid_file.pm → tests/security/eal4/chrony_pid_file.pm
@@ -3,7 +3,7 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 #
-# Summary: Run 'chrony pid file test' test case of ATSec test suite
+# Summary: Run 'chrony pid file test' test case of EAL4 test suite
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#111386
 

diff --git a/tests/security/atsec/dbus_fuzzer.pm → tests/security/eal4/dbus_fuzzer.pm b/tests/security/atsec/dbus_fuzzer.pm → tests/security/eal4/dbus_fuzzer.pm
@@ -3,7 +3,7 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 #
-# Summary: Run 'DBus fuzzer' test case of ATSec test suite
+# Summary: Run 'DBus fuzzer' test case of EAL4 test suite
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#109978
 
@@ -12,7 +12,7 @@ use strict;
 use warnings;
 use testapi;
 use utils;
-use atsec_test;
+use eal4_test;
 use Mojo::Util 'trim';
 use Data::Dumper;
 
@@ -25,7 +25,7 @@ sub run {
     zypper_call('in glib2-devel libffi-devel');
 
     # Compile
-    assert_script_run("cd $atsec_test::code_dir/pentest/dfuzzer-master/src");
+    assert_script_run("cd $eal4_test::code_dir/pentest/dfuzzer-master/src");
     assert_script_run('make');
 
     my $output = script_output('./dfuzzer -l 2>&1');
@@ -50,7 +50,7 @@ sub run {
     record_info('Result of dfuzzer -l', Dumper(\@bus_list));
 
     # Analyse the results
-    my %hash_white_list = map { $_ => 1 } @atsec_test::white_list_for_dbus;
+    my %hash_white_list = map { $_ => 1 } @eal4_test::white_list_for_dbus;
     my @unknown_bus_name = grep { !$hash_white_list{$_} } (@bus_list);
 
     # After filtering there should be no unknown name

diff --git a/.../security/atsec/dbus_services_exposure.pm → ...s/security/eal4/dbus_services_exposure.pm b/.../security/atsec/dbus_services_exposure.pm → ...s/security/eal4/dbus_services_exposure.pm
@@ -3,7 +3,7 @@
 # Copyright 2022 SUSE LLC
 # SPDX-License-Identifier: FSFAP
 #
-# Summary: Run 'DBus services exposure' test case of ATSec test suite
+# Summary: Run 'DBus services exposure' test case of EAL4 test suite
 # Maintainer: QE Security <[email protected]>
 # Tags: poo#109542
 
@@ -12,7 +12,7 @@ use strict;
 use warnings;
 use testapi;
 use utils;
-use atsec_test;
+use eal4_test;
 use Data::Dumper;
 use version_utils 'is_sle';
 use Utils::Architectures 'is_s390x';
@@ -92,11 +92,11 @@ sub run {
     # https://bugzilla.suse.com/show_bug.cgi?id=1216538
     if (is_sle('>=15-SP6') && is_s390x) {
         $white_list_for_busctl{virtqemud} = 1;
-        push(@atsec_test::white_list_for_dbus, '1.28', '1.38');
+        push(@eal4_test::white_list_for_dbus, '1.28', '1.38');
     }
 
     # Analyse the results.
-    foreach my $wl (@atsec_test::white_list_for_dbus) {
+    foreach my $wl (@eal4_test::white_list_for_dbus) {
 
         # Remove the well known names which are in the white list.
         delete $dbus_send_results{$wl} if $dbus_send_results{$wl};