diff options
| -rwxr-xr-x | bin/ubuntucore_image_checks.py | 12 | ||||
| -rw-r--r-- | units/image/jobs.pxu | 18 |
2 files changed, 29 insertions, 1 deletions
diff --git a/bin/ubuntucore_image_checks.py b/bin/ubuntucore_image_checks.py index a7866dc..e381e61 100755 --- a/bin/ubuntucore_image_checks.py +++ b/bin/ubuntucore_image_checks.py @@ -65,6 +65,7 @@ class ModelInfo(): def __init__(self): self.authority = None self.brand = None + self.grade = None for line in io.StringIO(Snapd().get_assertions('model').text): if ':' in line: entry = line.split(':', maxsplit=1) @@ -72,6 +73,8 @@ class ModelInfo(): self.authority = entry[1].strip() if entry[0] == 'brand-id': self.brand = entry[1].strip() + if entry[0] == 'grade': + self.grade = entry[1].strip() def test_model_authority(self): if not self.authority: @@ -87,6 +90,13 @@ class ModelInfo(): raise SystemExit('ERROR: model brand must be canonical') print('PASS') + def test_model_grade(self): + if not self.grade: + raise SystemExit('ERROR: failed to get model grade info') + if self.grade == 'dangerous': + raise SystemExit('ERROR: model grade must not be dangerous') + print('PASS') + def main(): if len(sys.argv) != 2: @@ -108,6 +118,8 @@ def main(): modelinfo.test_model_authority() elif action == 'model-brand': modelinfo.test_model_brand() + elif action == 'model-grade': + modelinfo.test_model_grade() else: raise SystemExit('ERROR: unrecognised action') diff --git a/units/image/jobs.pxu b/units/image/jobs.pxu index efe8d4e..2cbbff5 100644 --- a/units/image/jobs.pxu +++ b/units/image/jobs.pxu @@ -69,4 +69,20 @@ plugin: shell command: ubuntucore_image_checks.py model-brand estimated_duration: 2.0 -flags: preserve-locale \ No newline at end of file +flags: preserve-locale + +id: image/model-grade-not-dangerous +category_id: image +summary: Check that the model grade is not missing or set to dangerous +requires: + lsb.distributor_id == "Ubuntu Core" and int(lsb.release) >= 20 +description: + Images with the 'dangerous' grade (the lowest of all available grades) + results in certain security measures to be relaxed. + Images that require strict security related implementations must + have the model grade set to a grade higher than 'dangerous'. +plugin: shell +command: + ubuntucore_image_checks.py model-grade +estimated_duration: 2.0 +flags: preserve-locale |