Merge pull request autotest#5652 from cliping/fips

graphics: Add two cases about disable fips
chunfuwen · Jul 15, 2024 · edf7e56 · edf7e56
2 parents 925e270 + f7ddb36
commit edf7e56
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/libvirt/tests/cfg/graphics/graphics_functional.cfg b/libvirt/tests/cfg/graphics/graphics_functional.cfg
@@ -339,6 +339,16 @@
                                     valid_time = 60
                                     opt_str = " --gtk-vnc-debug"
                                     rv_log_auth = "Authentication failed"
+                        - disable_fips:
+                            vnc_autoport = "yes"
+                            check_fips = "yes"
+                            check_qemu_pattern = "-enable-fips"
+                            expect_exist = False
+                            variants:
+                                - without_passwd:
+                                - with_passwd:
+                                    graphic_passwd = "PASSWORD.EXAMPLE"
+                                    vnc_passwd_place = "guest"
                 - spice_vnc:
                     spice_xml = yes
                     vnc_xml = yes

diff --git a/libvirt/tests/src/graphics/graphics_functional.py b/libvirt/tests/src/graphics/graphics_functional.py
@@ -989,10 +989,11 @@ def check_qemu_command_line(params):
     :param params: dict for parameters
     """
     check_qemu_pattern = params.get('check_qemu_pattern')
+    expect_exist = eval(params.get('expect_exist', 'True'))
     if check_qemu_pattern:
         logging.debug("Checking qemu command line with "
                       "pattern:%s", check_qemu_pattern)
-        libvirt.check_qemu_cmd_line(check_qemu_pattern)
+        libvirt.check_qemu_cmd_line(check_qemu_pattern, expect_exist=expect_exist)
 
 
 def handle_auto_filled_items(given_graphic_attrs, vm, params):
@@ -1590,6 +1591,17 @@ def cleanup(params):
     libvirtd.restart()
 
 
+def is_enable_fips():
+    """
+    Check FIPS status
+
+    :param return: True or False, True for enable FIPS
+    """
+    cmd = "cat /proc/sys/crypto/fips_enabled"
+    ret = process.run(cmd, shell=True)
+    return True if ret.stdout_text.strip() else False
+
+
 def run(test, params, env):
     """
     Test of libvirt SPICE related features.
@@ -1647,6 +1659,11 @@ def run(test, params, env):
     insecure_channels = params.get("insecure_channels", "not_set")
     autoport = params.get("spice_autoport", "yes")
     spice_tls = params.get("spice_tls", "not_set")
+    check_fips = params.get("check_fips", "no") == 'yes'
+
+    if check_fips:
+        if not is_enable_fips():
+            test.cancel("This test need to disable FIPS.")
 
     sockets = block_ports(params)
     networks = setup_networks(params, test)