diff --git a/tests/base.py b/tests/base.py index 3ff8cc45..9be67e7b 100644 --- a/tests/base.py +++ b/tests/base.py @@ -55,6 +55,10 @@ def setUp(self): with open("config.json") as config_file: self.dom0_config = json.load(config_file) + # A VM shouldn't have any configuration keys it doesn't explicitly + # expect. + self.expected_config_keys = set() + # def tearDown(self): # self.vm.shutdown() @@ -153,6 +157,14 @@ def _vm_config_read(self, key): except subprocess.CalledProcessError: return None + def _vm_config_check(self, expected): + """Check that the set of expected by the VM keys equals the set of keys + actually configured. + """ + actual = set(self._run("qubesdb-list /vm-config/").split("\n")) + actual.discard("") # if "qubesdb-list" returned nothing + self.assertEqual(actual, set(expected)) + def logging_configured(self): """ Make sure rsyslog is configured to send in data to sd-log vm. @@ -203,18 +215,8 @@ def mailcap_hardened(self): # Ensure that the wildcard rule worked as expected. self.assertEqual(mailcap_result, 'logger "Mailcap is disabled." <{}'.format(tmpfile_name)) - def qubes_gpg_domain_configured(self, vmname=False): - """ - Ensure the QUBES_GPG_DOMAIN is properly set for a given AppVM. This - var is set by a script /etc/profile.d. - sd-app should have it set to sd-gpg. - All other AppVMs should not have this configured. + def test_vm_config_keys(self): + """Every VM should check that it has only the configuration keys it + expects. """ - env_contents = self._vm_config_read("QUBES_GPG_DOMAIN") - - if vmname == "sd-app": - expected_env = "sd-gpg" - else: - expected_env = None - - self.assertEqual(env_contents, expected_env) + self._vm_config_check(self.expected_config_keys) diff --git a/tests/test_app.py b/tests/test_app.py index ad80ea37..ff67ee56 100644 --- a/tests/test_app.py +++ b/tests/test_app.py @@ -8,9 +8,7 @@ class SD_App_Tests(SD_VM_Local_Test): def setUp(self): self.vm_name = "sd-app" super(SD_App_Tests, self).setUp() - - def test_gpg_domain_configured(self): - self.qubes_gpg_domain_configured(self.vm_name) + self.expected_config_keys = {"QUBES_GPG_DOMAIN", "SD_SUBMISSION_KEY_FPR"} def test_open_in_dvm_desktop(self): contents = self._get_file_contents("/usr/share/applications/open-in-dvm.desktop") diff --git a/tests/test_gpg.py b/tests/test_gpg.py index 9a6cd23b..3e179f42 100644 --- a/tests/test_gpg.py +++ b/tests/test_gpg.py @@ -80,9 +80,6 @@ def test_logging_disabled(self): # Logging to sd-log should be disabled on sd-gpg self.assertFalse(self._fileExists("/etc/rsyslog.d/sdlog.conf")) - def test_gpg_domain_configured(self): - self.qubes_gpg_domain_configured(self.vm_name) - def load_tests(loader, tests, pattern): suite = unittest.TestLoader().loadTestsFromTestCase(SD_GPG_Tests) diff --git a/tests/test_log_vm.py b/tests/test_log_vm.py index dae20cf2..6f00ef2c 100644 --- a/tests/test_log_vm.py +++ b/tests/test_log_vm.py @@ -48,9 +48,6 @@ def test_log_dirs_properly_named(self): # Confirm we don't have 'host' entries from Whonix VMs self.assertFalse("host" in log_dirs) - def test_gpg_domain_configured(self): - self.qubes_gpg_domain_configured(self.vm_name) - def load_tests(loader, tests, pattern): suite = unittest.TestLoader().loadTestsFromTestCase(SD_Log_Tests) diff --git a/tests/test_proxy_vm.py b/tests/test_proxy_vm.py index 2c7d98f8..425150c8 100644 --- a/tests/test_proxy_vm.py +++ b/tests/test_proxy_vm.py @@ -9,6 +9,7 @@ class SD_Proxy_Tests(SD_VM_Local_Test): def setUp(self): self.vm_name = "sd-proxy" super(SD_Proxy_Tests, self).setUp() + self.expected_config_keys = {"SD_PROXY_ORIGIN"} def test_do_not_open_here(self): """ @@ -85,9 +86,6 @@ def test_mime_types(self): def test_mailcap_hardened(self): self.mailcap_hardened() - def test_gpg_domain_configured(self): - self.qubes_gpg_domain_configured(self.vm_name) - def load_tests(loader, tests, pattern): suite = unittest.TestLoader().loadTestsFromTestCase(SD_Proxy_Tests) diff --git a/tests/test_sd_devices.py b/tests/test_sd_devices.py index b7625d65..a6ceaad3 100644 --- a/tests/test_sd_devices.py +++ b/tests/test_sd_devices.py @@ -49,9 +49,6 @@ def test_open_in_dvm_desktop(self): for line in expected_contents: self.assertTrue(line in contents) - def test_gpg_domain_configured(self): - self.qubes_gpg_domain_configured(self.vm_name) - def load_tests(loader, tests, pattern): suite = unittest.TestLoader().loadTestsFromTestCase(SD_Devices_Tests) diff --git a/tests/test_sd_whonix.py b/tests/test_sd_whonix.py index 43c53037..6b7b1435 100644 --- a/tests/test_sd_whonix.py +++ b/tests/test_sd_whonix.py @@ -10,6 +10,7 @@ def setUp(self): self.vm_name = "sd-whonix" self.whonix_apt_list = "/etc/apt/sources.list.d/derivative.list" super(SD_Whonix_Tests, self).setUp() + self.expected_config_keys = {"SD_HIDSERV_HOSTNAME", "SD_HIDSERV_KEY"} def test_accept_sd_xfer_extracted_file(self): with open("config.json") as c: @@ -63,9 +64,6 @@ def test_whonix_torrc(self): "Whonix GW torrc contains duplicate %include lines", ) - def test_gpg_domain_configured(self): - self.qubes_gpg_domain_configured(self.vm_name) - def load_tests(loader, tests, pattern): suite = unittest.TestLoader().loadTestsFromTestCase(SD_Whonix_Tests) diff --git a/tests/test_viewer.py b/tests/test_viewer.py index 71cf3947..c1c31bc6 100644 --- a/tests/test_viewer.py +++ b/tests/test_viewer.py @@ -47,9 +47,6 @@ def test_mime_types(self): def test_mailcap_hardened(self): self.mailcap_hardened() - def test_gpg_domain_configured(self): - self.qubes_gpg_domain_configured(self.vm_name) - def load_tests(loader, tests, pattern): suite = unittest.TestLoader().loadTestsFromTestCase(SD_Viewer_Tests)