From 22a0aac8cdea40335431266d2c4a77971bb3984e Mon Sep 17 00:00:00 2001 From: Eddy Ashton Date: Thu, 30 Jan 2025 09:46:35 +0000 Subject: [PATCH 1/8] Log on failure --- tests/code_update.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/code_update.py b/tests/code_update.py index 5d5bc884ae7..9bc5b2674f3 100644 --- a/tests/code_update.py +++ b/tests/code_update.py @@ -96,7 +96,9 @@ def test_verify_quotes(network, args): ) # Quick API validation - confirm that all of these /quotes/self entries match the collection returned from /quotes - assert j in all_quotes + assert ( + j in all_quotes + ), f"Didn't find {node.node_id}'s quote in collection\n{j}\n{json.dumps(all_quotes)}" return network From 264c1e72c037d0e87c5ca768994abc32fb6a3022 Mon Sep 17 00:00:00 2001 From: Eddy Ashton Date: Thu, 30 Jan 2025 09:47:47 +0000 Subject: [PATCH 2/8] Tweak pipeline to get straight to the failing test --- .azure-pipelines-templates/deploy_aci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml index 27119203fcb..c42a8793963 100644 --- a/.azure-pipelines-templates/deploy_aci.yml +++ b/.azure-pipelines-templates/deploy_aci.yml @@ -101,7 +101,7 @@ jobs: set -ex cd /CCF/build npm config set cache /ccfci/workspace_$(Build.BuildNumber)/.npm - WORKSPACE=/ccfci/workspace_$(Build.BuildNumber) ELECTION_TIMEOUT_MS=10000 ./tests.sh -VV -T Test -LE "benchmark|tlstest|suite|snp_flaky" -E "lts_compatibility" + WORKSPACE=/ccfci/workspace_$(Build.BuildNumber) ELECTION_TIMEOUT_MS=10000 ./tests.sh -VV -T Test -R code_update # TODO: Temp! # Remove irrelevant and bulky data from workspace before uploading find /ccfci/workspace_$(Build.BuildNumber) -type f -name cchost -delete find /ccfci/workspace_$(Build.BuildNumber) -type f -name "*.so" -delete From 21c81b9a6d73efda8bdc38b7a5031459de3ec05d Mon Sep 17 00:00:00 2001 From: Eddy Ashton Date: Thu, 30 Jan 2025 10:16:33 +0000 Subject: [PATCH 3/8] Ok I'm not allowed to do this anymore --- .azure-pipelines-templates/deploy_aci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml index c42a8793963..a71adc45228 100644 --- a/.azure-pipelines-templates/deploy_aci.yml +++ b/.azure-pipelines-templates/deploy_aci.yml @@ -101,7 +101,7 @@ jobs: set -ex cd /CCF/build npm config set cache /ccfci/workspace_$(Build.BuildNumber)/.npm - WORKSPACE=/ccfci/workspace_$(Build.BuildNumber) ELECTION_TIMEOUT_MS=10000 ./tests.sh -VV -T Test -R code_update # TODO: Temp! + WORKSPACE=/ccfci/workspace_$(Build.BuildNumber) ELECTION_TIMEOUT_MS=10000 ./tests.sh -VV -T Test -R code_update # Remove irrelevant and bulky data from workspace before uploading find /ccfci/workspace_$(Build.BuildNumber) -type f -name cchost -delete find /ccfci/workspace_$(Build.BuildNumber) -type f -name "*.so" -delete From b66a2f11cca843689e6c81aa804cfdfd74871366 Mon Sep 17 00:00:00 2001 From: Eddy Ashton Date: Thu, 30 Jan 2025 12:53:26 +0000 Subject: [PATCH 4/8] Tweet tweet --- .snpcc_canary | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.snpcc_canary b/.snpcc_canary index f24b6684a51..bc1c6f559e2 100644 --- a/.snpcc_canary +++ b/.snpcc_canary @@ -4,4 +4,4 @@ /-xXx--//-----x=x--/-xXx--/---x---->>>--/ ... /\/\d(-_-)b/\/\ -----vmpl-- \ No newline at end of file +----vmpl--- \ No newline at end of file From ae9ae9a09e2437c0f29211c8b857266798c5d64d Mon Sep 17 00:00:00 2001 From: Eddy Ashton Date: Thu, 30 Jan 2025 14:11:10 +0000 Subject: [PATCH 5/8] The Fix: Return uvm_endorsements in collection --- src/node/rpc/node_frontend.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/node/rpc/node_frontend.h b/src/node/rpc/node_frontend.h index 1f6fbb7583a..555288cb275 100644 --- a/src/node/rpc/node_frontend.h +++ b/src/node/rpc/node_frontend.h @@ -785,6 +785,7 @@ namespace ccf q.raw = node_info.quote_info.quote; q.endorsements = node_info.quote_info.endorsements; q.format = node_info.quote_info.format; + q.uvm_endorsements = node_quote_info.uvm_endorsements; // get_measurement attempts to re-validate the quote to extract // mrenclave and the Open Enclave is insufficiently flexible to From 86201f9237d770fec936d366d64d5b8358b4aa4e Mon Sep 17 00:00:00 2001 From: Eddy Ashton Date: Thu, 30 Jan 2025 14:11:19 +0000 Subject: [PATCH 6/8] Restore full tests --- .azure-pipelines-templates/deploy_aci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure-pipelines-templates/deploy_aci.yml b/.azure-pipelines-templates/deploy_aci.yml index a71adc45228..27119203fcb 100644 --- a/.azure-pipelines-templates/deploy_aci.yml +++ b/.azure-pipelines-templates/deploy_aci.yml @@ -101,7 +101,7 @@ jobs: set -ex cd /CCF/build npm config set cache /ccfci/workspace_$(Build.BuildNumber)/.npm - WORKSPACE=/ccfci/workspace_$(Build.BuildNumber) ELECTION_TIMEOUT_MS=10000 ./tests.sh -VV -T Test -R code_update + WORKSPACE=/ccfci/workspace_$(Build.BuildNumber) ELECTION_TIMEOUT_MS=10000 ./tests.sh -VV -T Test -LE "benchmark|tlstest|suite|snp_flaky" -E "lts_compatibility" # Remove irrelevant and bulky data from workspace before uploading find /ccfci/workspace_$(Build.BuildNumber) -type f -name cchost -delete find /ccfci/workspace_$(Build.BuildNumber) -type f -name "*.so" -delete From 4b13218dcf25a8bfbccddf209d62c3c64d050c93 Mon Sep 17 00:00:00 2001 From: Eddy Ashton Date: Thu, 30 Jan 2025 15:18:32 +0000 Subject: [PATCH 7/8] ok, that was me --- src/node/rpc/node_frontend.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/node/rpc/node_frontend.h b/src/node/rpc/node_frontend.h index 555288cb275..dbc305e0ccd 100644 --- a/src/node/rpc/node_frontend.h +++ b/src/node/rpc/node_frontend.h @@ -785,7 +785,7 @@ namespace ccf q.raw = node_info.quote_info.quote; q.endorsements = node_info.quote_info.endorsements; q.format = node_info.quote_info.format; - q.uvm_endorsements = node_quote_info.uvm_endorsements; + q.uvm_endorsements = node_info.quote_info.uvm_endorsements; // get_measurement attempts to re-validate the quote to extract // mrenclave and the Open Enclave is insufficiently flexible to From e0b84c4d4a087f3a2af2102b1ebb02e7b6f77a74 Mon Sep 17 00:00:00 2001 From: Eddy Ashton Date: Thu, 30 Jan 2025 17:25:45 +0000 Subject: [PATCH 8/8] Disable some more tests on SNP --- tests/code_update.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/code_update.py b/tests/code_update.py index 9bc5b2674f3..a56ef8d03b9 100644 --- a/tests/code_update.py +++ b/tests/code_update.py @@ -650,6 +650,7 @@ def format_expected_host_data(entries): @reqs.description("Adding a new measurement invalidates open proposals") +@reqs.not_snp("Cannot produce alternative measurement on SNP") def test_proposal_invalidation(network, args): primary, _ = network.find_nodes() @@ -726,7 +727,8 @@ def run(args): # Measurements test_measurements_tables(network, args) - test_add_node_with_untrusted_measurement(network, args) + if not snp.IS_SNP: + test_add_node_with_untrusted_measurement(network, args) # Host data/security policy test_host_data_tables(network, args) @@ -742,10 +744,10 @@ def run(args): test_endorsements_tables(network, args) test_add_node_with_no_uvm_endorsements(network, args) - # NB: Assumes the current nodes are still using args.package, so must run before test_update_all_nodes - test_proposal_invalidation(network, args) - if not snp.IS_SNP: + # NB: Assumes the current nodes are still using args.package, so must run before test_update_all_nodes + test_proposal_invalidation(network, args) + # This is in practice equivalent to either "unknown measurement" or "unknown host data", but is explicitly # testing that (without artifically removing/corrupting those values) a replacement package differs # in one of these values