action #52817
Updated by whdu almost 5 years ago
We have been creating our own FIPS image and not don't use existing image generated by `create_hdd_gnome` `create_hdd_textmode` in functional job group before, because we would like to test "kernel fips mode" during installation and use the image for other FIPS regression testing. Currently, installation. Now, there is `fips_env_tests_setup` which create a default+WE image. But WE is not necessary for other tests except **seahorse** and **hexchat**. This proposal is to only perform installation testing with fips=1 enabled. And do not generate any images for simplicity. For other fips test suite, we use the normal a basic textmode image created by create_hdd_gnome in functional job group, and add leave WE installation to a step **fips_setup** (`tests/fips/fips_setup.pm`) at the beginning. We test suite dedicated on X11 testing. I believe by this approach the cases running speed could be improved, and it could help us to avoid the testing delay caused by image uploading failed issue (usually happened for s390x).**fips_setup** could also be used in the installation for only to verify FIPS kernel mode environment has been successfully configured. improved. The variable **FIPS** in `lib/bootloader_setup.pm` will also be renamed to **FIPS_INSTALLATION**. **FIPS_INSTALLATION**, and a section to verify FIPS kernel mode environment will be added to `tests/fips/fips_setup.pm`. In case "FIPS kernel mode" may not work caused by fips=1 bugs, other test suites it could also be switched to "fips single mode" with variable "FIPS_ENV_MODE=1". Which has already been implemented. Our additional work is to make `lib/main_common.pm` detect the mode type by itself so we could only set FIPS_ENV_MODE=1 at one place. Consider to make this change with PR#52808 and PR#52805 together.