securedrop icon indicating copy to clipboard operation
securedrop copied to clipboard

Published 20 hours ago verified publisher icon freedomofpress

Consider running spectre/meltdown tests in testinfra

Open emkll opened this issue 4 years ago • 1 comments

Description

In https://github.com/freedomofpress/securedrop/pull/5318 , we introduced the ability to run testinfra over tor on production-like setups. During release testing on hardware, we manually run the spectre/meltdown tests (https://github.com/speed47/spectre-meltdown-checker/) to ensure the running kernel contains mitigations against these vulnerabilities.

In order to reduce QA burden, we should automatically run these tests as part of the testinfra suite. Furthermore, it will allow us to code around false positives due to grsecurity hardening described in https://github.com/freedomofpress/securedrop/issues/5040#issuecomment-559597643 the

User Stories

As a QA / release engineer, I would like to minimize the time required to test, and automate as many testing steps as possible.

emkll avatar Jan 22 '21 17:01 emkll

(Not a CI issue as these tests are hw-specific)

zenmonkeykstop avatar Oct 27 '21 17:10 zenmonkeykstop