chore: Stop using secureblue for integration testing

This would occasionally cause tests to fail cause SecureBlue would rightfully make changes to their code. We shouldn't be relying on this anymore as it was a crutch to lean on when we were first starting this project
2024-06-30 16:57:11 -04:00 · 2024-06-30 16:57:11 -04:00 · 1a348f8137
commit 1a348f8137
parent 7a563f42da
2 changed files with 0 additions and 76 deletions
--- a/integration-tests/Earthfile
+++ b/integration-tests/Earthfile
@ -3,7 +3,6 @@ PROJECT blue-build/cli

 all:
 	BUILD +test-image
-	BUILD +test-secureblue
 	BUILD +test-legacy-image
 	BUILD +build
 	BUILD +rebase
@ -24,20 +23,6 @@ test-legacy-image:

 	DO +RUN_TESTS

-test-secureblue:
-	FROM +build-template --src=template-secureblue
-	WORKDIR /tmp/test
-	COPY ./test-scripts/secureblue/*.sh ./
-
-	DO +RUN_TESTS
-
-test-secureblue-ucore:
-	FROM +build-template --src=template-secureblue-ucore
-	WORKDIR /tmp/test
-	COPY ./test-scripts/secureblue/*.sh ./
-
-	DO +RUN_TESTS
-
 build-template:
 	ARG --required src
 	FROM DOCKERFILE \
@ -56,18 +41,6 @@ template-legacy-containerfile:

 	SAVE ARTIFACT /test

-template-secureblue:
-	FROM +secureblue-base
-	RUN bluebuild -vv generate -o Containerfile recipes/general/recipe-silverblue-nvidia.yml
-
-	SAVE ARTIFACT /test
-
-template-secureblue-ucore:
-	FROM +secureblue-base
-	RUN bluebuild -vv generate -o Containerfile recipes/server/recipe-server-main.yml
-
-	SAVE ARTIFACT /test
-
 build:
 	FROM +test-base

@ -90,14 +63,6 @@ switch:
 	RUN mkdir -p /etc/bluebuild && touch $BB_TEST_LOCAL_IMAGE
 	RUN bluebuild -vv switch recipes/recipe.yml

-secureblue-base:
-	FROM +test-base
-
-	RUN rm -fr /test
-	GIT CLONE https://github.com/secureblue/secureblue.git /test
-
-	DO +GEN_KEYPAIR
-
 legacy-base:
 	FROM ../+blue-build-cli-alpine
 	RUN apk update --no-cache && apk add bash grep jq sudo coreutils
--- a/integration-tests/test-scripts/secureblue/100-test-chmod.sh
+++ b/integration-tests/test-scripts/secureblue/100-test-chmod.sh
@ -1,41 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-# Function to check if hardening has been applied correctly
-check_hardening() {
-  local sysctl_conf="/usr/etc/sysctl.d/hardening.conf"
-  local bwrap="/usr/bin/bwrap"
-
-  # Check for the presence of user namespace hardening
-  if grep -q "user.max_user_namespaces = 0" "$sysctl_conf" &&
-     grep -q "kernel.unprivileged_userns_clone = 0" "$sysctl_conf"; then
-    printf "Hardening settings are correctly applied in %s\n" "$sysctl_conf"
-  else
-    printf "Hardening settings are missing or incorrect in %s\n" "$sysctl_conf" >&2
-    return 1
-  fi
-
-  # Check ownership and SUID bit of bwrap
-  if [ "$(stat -c '%U' "$bwrap")" = "root" ] && [ "$(stat -c '%a' "$bwrap")" -eq 4755 ]; then
-    printf "%s ownership and permissions are correctly set\n" "$bwrap"
-  else
-    printf "%s ownership or permissions are incorrect\n" "$bwrap" >&2
-    return 1
-  fi
-}
-
-# Main function to orchestrate the checks
-main() {
-  set -euo pipefail
-  
-  # Perform the checks
-  if ! check_hardening; then
-    printf "Hardening checks failed\n" >&2
-    exit 1
-  else
-    printf "All hardening checks passed\n"
-  fi
-}
-
-main "$@"