From ba24bbd0d0a9e597a28e28bc42997330ff351e04 Mon Sep 17 00:00:00 2001
From: Stefan Agner <stefan@agner.ch>
Date: Wed, 8 Oct 2025 15:23:27 +0200
Subject: [PATCH] Fix pytest

---
 tests/api/test_security.py                    |  9 ++-
 tests/docker/test_interface.py                |  9 ---
 tests/plugins/test_plugin_base.py             |  7 +--
 .../evaluation/test_evaluate_source_mods.py   | 58 ++++---------------
 tests/test_updater.py                         |  7 +--
 5 files changed, 21 insertions(+), 69 deletions(-)

diff --git a/tests/api/test_security.py b/tests/api/test_security.py
index 2ef5d5313..18531e7ab 100644
--- a/tests/api/test_security.py
+++ b/tests/api/test_security.py
@@ -41,11 +41,10 @@ async def test_api_security_options_pwned(api_client, coresys: CoreSys):
 async def test_api_integrity_check(
     api_client, coresys: CoreSys, supervisor_internet: AsyncMock
 ):
-    """Test security integrity check."""
-    coresys.security.content_trust = False
-
+    """Test security integrity check - now deprecated."""
     resp = await api_client.post("/security/integrity")
     result = await resp.json()
 
-    assert result["data"]["core"] == "untested"
-    assert result["data"]["supervisor"] == "untested"
+    # CodeNotary integrity check has been removed
+    assert "error" in result["data"]
+    assert "deprecated" in result["data"]["error"].lower()
diff --git a/tests/docker/test_interface.py b/tests/docker/test_interface.py
index e3c0f3314..2a297ef81 100644
--- a/tests/docker/test_interface.py
+++ b/tests/docker/test_interface.py
@@ -32,15 +32,6 @@ from supervisor.jobs import JobSchedulerOptions, SupervisorJob
 from tests.common import load_json_fixture
 
 
-@pytest.fixture(autouse=True)
-def mock_verify_content(coresys: CoreSys):
-    """Mock verify_content utility during tests."""
-    with patch.object(
-        coresys.security, "verify_content", return_value=None
-    ) as verify_content:
-        yield verify_content
-
-
 @pytest.mark.parametrize(
     "cpu_arch, platform",
     [
diff --git a/tests/plugins/test_plugin_base.py b/tests/plugins/test_plugin_base.py
index c47144a5b..0e1ba0b5b 100644
--- a/tests/plugins/test_plugin_base.py
+++ b/tests/plugins/test_plugin_base.py
@@ -17,7 +17,6 @@ from supervisor.exceptions import (
     AudioJobError,
     CliError,
     CliJobError,
-    CodeNotaryUntrusted,
     CoreDNSError,
     CoreDNSJobError,
     DockerError,
@@ -337,14 +336,12 @@ async def test_repair_failed(
         patch.object(
             DockerInterface, "arch", new=PropertyMock(return_value=CpuArch.AMD64)
         ),
-        patch(
-            "supervisor.security.module.cas_validate", side_effect=CodeNotaryUntrusted
-        ),
+        patch.object(DockerInterface, "install", side_effect=DockerError),
     ):
         await plugin.repair()
 
     capture_exception.assert_called_once()
-    assert check_exception_chain(capture_exception.call_args[0][0], CodeNotaryUntrusted)
+    assert check_exception_chain(capture_exception.call_args[0][0], DockerError)
 
 
 @pytest.mark.parametrize(
diff --git a/tests/resolution/evaluation/test_evaluate_source_mods.py b/tests/resolution/evaluation/test_evaluate_source_mods.py
index 084b56baf..37dbe1c2f 100644
--- a/tests/resolution/evaluation/test_evaluate_source_mods.py
+++ b/tests/resolution/evaluation/test_evaluate_source_mods.py
@@ -1,40 +1,22 @@
 """Test evaluation base."""
 
 # pylint: disable=import-error,protected-access
-import errno
-import os
-from pathlib import Path
-from unittest.mock import AsyncMock, patch
+from unittest.mock import patch
 
 from supervisor.const import CoreState
 from supervisor.coresys import CoreSys
-from supervisor.exceptions import CodeNotaryError, CodeNotaryUntrusted
-from supervisor.resolution.const import ContextType, IssueType
-from supervisor.resolution.data import Issue
 from supervisor.resolution.evaluations.source_mods import EvaluateSourceMods
 
 
 async def test_evaluation(coresys: CoreSys):
-    """Test evaluation."""
-    with patch(
-        "supervisor.resolution.evaluations.source_mods._SUPERVISOR_SOURCE",
-        Path(f"{os.getcwd()}/supervisor"),
-    ):
-        sourcemods = EvaluateSourceMods(coresys)
-        await coresys.core.set_state(CoreState.RUNNING)
+    """Test evaluation - CodeNotary removed."""
+    sourcemods = EvaluateSourceMods(coresys)
+    await coresys.core.set_state(CoreState.RUNNING)
 
-        assert sourcemods.reason not in coresys.resolution.unsupported
-        coresys.security.verify_own_content = AsyncMock(side_effect=CodeNotaryUntrusted)
-        await sourcemods()
-        assert sourcemods.reason in coresys.resolution.unsupported
-
-        coresys.security.verify_own_content = AsyncMock(side_effect=CodeNotaryError)
-        await sourcemods()
-        assert sourcemods.reason not in coresys.resolution.unsupported
-
-        coresys.security.verify_own_content = AsyncMock()
-        await sourcemods()
-        assert sourcemods.reason not in coresys.resolution.unsupported
+    # CodeNotary checking removed, evaluation always returns False now
+    assert sourcemods.reason not in coresys.resolution.unsupported
+    await sourcemods()
+    assert sourcemods.reason not in coresys.resolution.unsupported
 
 
 async def test_did_run(coresys: CoreSys):
@@ -63,27 +45,11 @@ async def test_did_run(coresys: CoreSys):
 
 
 async def test_evaluation_error(coresys: CoreSys):
-    """Test error reading file during evaluation."""
+    """Test error reading file during evaluation - CodeNotary removed."""
     sourcemods = EvaluateSourceMods(coresys)
     await coresys.core.set_state(CoreState.RUNNING)
-    corrupt_fs = Issue(IssueType.CORRUPT_FILESYSTEM, ContextType.SYSTEM)
 
+    # CodeNotary checking removed, evaluation always returns False now
+    assert sourcemods.reason not in coresys.resolution.unsupported
+    await sourcemods()
     assert sourcemods.reason not in coresys.resolution.unsupported
-    assert corrupt_fs not in coresys.resolution.issues
-
-    with patch(
-        "supervisor.utils.codenotary.dirhash",
-        side_effect=(err := OSError()),
-    ):
-        err.errno = errno.EBUSY
-        await sourcemods()
-        assert sourcemods.reason not in coresys.resolution.unsupported
-        assert corrupt_fs in coresys.resolution.issues
-        assert coresys.core.healthy is True
-
-        coresys.resolution.dismiss_issue(corrupt_fs)
-        err.errno = errno.EBADMSG
-        await sourcemods()
-        assert sourcemods.reason not in coresys.resolution.unsupported
-        assert corrupt_fs in coresys.resolution.issues
-        assert coresys.core.healthy is False
diff --git a/tests/test_updater.py b/tests/test_updater.py
index b1cf21bb7..f2451f2d4 100644
--- a/tests/test_updater.py
+++ b/tests/test_updater.py
@@ -86,10 +86,10 @@ async def test_os_update_path(
     """Test OS upgrade path across major versions."""
     coresys.os._board = "rpi4"  # pylint: disable=protected-access
     coresys.os._version = AwesomeVersion(version)  # pylint: disable=protected-access
-    with patch.object(type(coresys.security), "verify_own_content"):
-        await coresys.updater.fetch_data()
+    # CodeNotary verification removed
+    await coresys.updater.fetch_data()
 
-        assert coresys.updater.version_hassos == AwesomeVersion(expected)
+    assert coresys.updater.version_hassos == AwesomeVersion(expected)
 
 
 @pytest.mark.usefixtures("no_job_throttle")
@@ -105,7 +105,6 @@ async def test_delayed_fetch_for_connectivity(
         load_binary_fixture("version_stable.json")
     )
     coresys.websession.head = AsyncMock()
-    coresys.security.verify_own_content = AsyncMock()
 
     # Network connectivity change causes a series of async tasks to eventually do a version fetch
     # Rather then use some kind of sleep loop, set up listener for start of fetch data job