tests/kola: remove dtb exceptions in upgrade test SELinux checks

Fixes coreos/fedora-coreos-tracker#1808
HuijingHei · Nov 1, 2024 · 710456c · 710456c
1 parent 8ce159a
commit 710456c
Showing 1 changed file with 26 additions and 1 deletion.
diff --git a/tests/kola/upgrade/extended/test.sh b/tests/kola/upgrade/extended/test.sh
@@ -162,6 +162,27 @@ wait-for-coreos-fix-selinux-labels() {
         echo "Waited for coreos-fix-selinux-labels.service to finish"
 }
 
+# Check if the rollback deployment has the dtb copy fix and if not
+# delete the rollback deployment.
+# https://github.com/coreos/fedora-coreos-tracker/issues/1808
+#
+# NOTE: we can drop this once the newest barrier release for all
+# streams is newer than 41.20241028.x.x.
+drop_rollback_if_needed() {
+    # The dtb copy issue was only ever an issue ever on aarch64
+    [ "$(arch)" != 'aarch64' ] && return
+    # We only need to drop if the rollback deployment is older than
+    # when the fixed ostree was included. It should be fixed in the
+    # next round of releases after 41.20241028. Note 41.20241028.0.0
+    # is not a real build and uses `0` for the stream identifier, but
+    # should sort accordingly.
+    previous=$(rpm-ostree status --json | jq -r '.deployments[] | select(.booted == false).version')
+    if (! vergt $previous '41.20241028.0.0') && vergt $version '41.20241028.0.0'; then
+        echo "Dropping rollback deployment because it could have mislabeled dtb files"
+        rpm-ostree cleanup -r
+    fi
+}
+
 selinux-sanity-check() {
     # First make sure the migrations/fix script has finished if this is the boot
     # where the fixes are taking place.
@@ -206,8 +227,9 @@ selinux-sanity-check() {
             # Add in a few temporary glob exceptions
             # https://github.com/coreos/fedora-coreos-tracker/issues/1806
             [[ "${path}" =~ /etc/selinux/targeted/active/ ]] && continue
+            # Do not need this when the fixed ostree was included
             # https://github.com/coreos/fedora-coreos-tracker/issues/1808
-            [[ "${path}" =~ /boot/ostree/.*/dtb ]] && continue
+            verlt $version '41.20241028.0.0' && [[ "${path}" =~ /boot/ostree/.*/dtb ]] && continue
             if [[ "${exceptions[$path]:-noexception}" == 'noexception' ]]; then
                 echo "Unexpected mislabeled file found: ${path}"
                 found="1"
@@ -232,6 +254,9 @@ if vereq $version $target_version; then
     if ! echo "$state" | grep -q "CoreOS aleph version"; then
         fatal "check bootupctl status output"
     fi
+    # Next if the dtb copy fix wasn't present in the previous deployment
+    # then we'll delete that deployment before proceeding
+    drop_rollback_if_needed
     # One last check!
     selinux-sanity-check
     exit 0