Adds config tests for kernel-related packages

The microcode package was just added, so let's test for it. Also updated the kernel version to be a constant, so we can reuse it inside package names, notable the firmware image (for additional hardware support).
freedomofpress · Nov 2, 2018 · bb708cb · bb708cb
1 parent 8388607
commit bb708cb
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/molecule/testinfra/staging/common/test_grsecurity.py b/molecule/testinfra/staging/common/test_grsecurity.py
@@ -3,6 +3,9 @@
 import re
 
 
+KERNEL_VERSION = "4.4.162"
+
+
 def test_ssh_motd_disabled(File):
     """
     Ensure the SSH MOTD (Message of the Day) is disabled.
@@ -16,6 +19,9 @@ def test_ssh_motd_disabled(File):
 @pytest.mark.skipif(os.environ.get('FPF_GRSEC', 'true') == "false",
                     reason="Need to skip in environment w/o grsec")
 @pytest.mark.parametrize("package", [
+    'intel-microcode',
+    'linux-firmware-image-{}-grsec'.format(KERNEL_VERSION),
+    'linux-image-{}-grsec'.format(KERNEL_VERSION),
     'paxctl',
     'securedrop-grsec',
 ])
@@ -76,7 +82,7 @@ def test_grsecurity_kernel_is_running(Command):
     """
     c = Command('uname -r')
     assert c.stdout.endswith('-grsec')
-    assert c.stdout == '4.4.162-grsec'
+    assert c.stdout == '{}-grsec'.format(KERNEL_VERSION)
 
 
 @pytest.mark.skipif(os.environ.get('FPF_GRSEC', 'true') == "false",