Skip to content

[rhcos-4.17] - Backport failing test for FIPS & LUKS #4259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[rhcos-4.17] - Backport failing test for FIPS & LUKS #4259

wants to merge 1 commit into from

Conversation

aaradhak
Copy link
Member

Backporting #4181

gemini-code-assist[bot]
gemini-code-assist bot reviewed Aug 13, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds a new test to verify that cryptsetup lukscreate fails with FIPS-incompatible algorithms. The overall logic of the test is sound. I've made a couple of suggestions to improve code quality and robustness: one related to error handling to preserve stack traces for better debugging, and another to simplify a helper function and make it more robust against invalid inputs.

mantle/kola/tests/fips/failure.go
Comment on lines +98 to +100
if err := ignitionFailure(c); err != nil {
c.Fatal(err.Error())
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Calling err.Error() can discard useful information, such as a stack trace if the error was created with pkg/errors. It's better to pass the error object directly to c.Fatal() for better debugging.

Suggested change
if err := ignitionFailure(c); err != nil {
c.Fatal(err.Error())
}
if err := ignitionFailure(c); err != nil {
c.Fatal(err)
}

mantle/kola/tests/fips/failure.go
Comment on lines +103 to +119
// Read file and verify if it contains a pattern
// 1. Read file, make sure it exists
// 2. regex for pattern
func fileContainsPattern(path string, searchPattern string) (bool, error) {
file, err := os.ReadFile(path)
if err != nil {
return false, err
}
// File has content, but the pattern is not present
match := regexp.MustCompile(searchPattern).Match(file)
if match {
// Pattern found
return true, nil
}
// Pattern not found
return false, nil
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This function can be simplified. The comments are noisy and partially incorrect. Using regexp.MustCompile on a pattern passed as an argument is risky as it will panic on an invalid pattern. A better approach is to use a function like regexp.Match which returns an error on compilation failure, making the function more robust.

// fileContainsPattern reads a file and reports whether it contains a match for a regular expression.
func fileContainsPattern(path string, searchPattern string) (bool, error) {
	file, err := os.ReadFile(path)
	if err != nil {
		return false, err
	}
	return regexp.Match(searchPattern, file)
}

@aaradhak aaradhak closed this Aug 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aaradhak