shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Code

Merge pull request #30389 from keszybz/test-ukify-du

Browse Source 
Remove temporary directories created by test_ukify
This commit is contained in:
Yu Watanabe 2023-12-11 18:37:05 +09:00 committed by GitHub
commit 004e22412e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 63 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/ukify/test/meson.build
View File

@ -16,5 +16,6 @@ if want_ukify and want_tests != 'false'
files('test_ukify.py'),
args: args,
env : test_env,
timeout : 120,
suite : 'ukify')
endif

112
src/ukify/test/test_ukify.py
View File

@ -418,11 +418,11 @@ def test_check_splash():
with pytest.raises(OSError):
ukify.check_splash(os.devnull)
def test_basic_operation(kernel_initrd, tmpdir):
def test_basic_operation(kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
output = f'{tmpdir}/basic.efi'
output = f'{tmp_path}/basic.efi'
opts = ukify.parse_args([
'build',
*kernel_initrd,
@ -438,11 +438,13 @@ def test_basic_operation(kernel_initrd, tmpdir):
# let's check that objdump likes the resulting file
subprocess.check_output(['objdump', '-h', output])
def test_sections(kernel_initrd, tmpdir):
shutil.rmtree(tmp_path)
def test_sections(kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
output = f'{tmpdir}/basic.efi'
output = f'{tmp_path}/basic.efi'
opts = ukify.parse_args([
'build',
*kernel_initrd,
@ -466,8 +468,10 @@ def test_sections(kernel_initrd, tmpdir):
for sect in 'text osrel cmdline linux initrd uname test'.split():
assert re.search(fr'^\s*\d+\s+\.{sect}\s+[0-9a-f]+', dump, re.MULTILINE)
def test_addon(tmpdir):
output = f'{tmpdir}/addon.efi'
shutil.rmtree(tmp_path)
def test_addon(tmp_path):
output = f'{tmp_path}/addon.efi'
args = [
'build',
f'--output={output}',
@ -513,14 +517,12 @@ baz,3
assert found is True
def unbase64(filename):
tmp = tempfile.NamedTemporaryFile()
base64.decode(filename.open('rb'), tmp)
tmp.flush()
return tmp
def test_uname_scraping(kernel_initrd):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
@ -530,7 +532,7 @@ def test_uname_scraping(kernel_initrd):
assert re.match(r'\d+\.\d+\.\d+', uname)
@pytest.mark.parametrize("days", [365*10, None])
def test_efi_signing_sbsign(days, kernel_initrd, tmpdir):
def test_efi_signing_sbsign(days, kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
if not shutil.which('sbsign'):
@ -540,7 +542,7 @@ def test_efi_signing_sbsign(days, kernel_initrd, tmpdir):
cert = unbase64(ourdir / 'example.signing.crt.base64')
key = unbase64(ourdir / 'example.signing.key.base64')
output = f'{tmpdir}/signed.efi'
output = f'{tmp_path}/signed.efi'
args = [
'build',
*kernel_initrd,
@ -572,13 +574,15 @@ def test_efi_signing_sbsign(days, kernel_initrd, tmpdir):
assert 'Signature verification OK' in dump
def test_efi_signing_pesign(kernel_initrd, tmpdir):
shutil.rmtree(tmp_path)
def test_efi_signing_pesign(kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
if not shutil.which('pesign'):
pytest.skip('pesign not found')
nss_db = f'{tmpdir}/nss_db'
nss_db = f'{tmp_path}/nss_db'
name = 'Test_Secureboot'
author = 'systemd'
@ -588,7 +592,7 @@ def test_efi_signing_pesign(kernel_initrd, tmpdir):
cmd = f'efikeygen -d {nss_db} -S -k -c CN={author} -n {name}'.split(' ')
subprocess.check_call(cmd)
output = f'{tmpdir}/signed.efi'
output = f'{tmp_path}/signed.efi'
opts = ukify.parse_args([
'build',
*kernel_initrd,
@ -615,7 +619,9 @@ def test_efi_signing_pesign(kernel_initrd, tmpdir):
assert f"The signer's common name is {author}" in dump
def test_inspect(kernel_initrd, tmpdir, capsys):
shutil.rmtree(tmp_path)
def test_inspect(kernel_initrd, tmp_path, capsys):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
if not shutil.which('sbsign'):
@ -625,7 +631,7 @@ def test_inspect(kernel_initrd, tmpdir, capsys):
cert = unbase64(ourdir / 'example.signing.crt.base64')
key = unbase64(ourdir / 'example.signing.key.base64')
output = f'{tmpdir}/signed2.efi'
output = f'{tmp_path}/signed2.efi'
uname_arg='1.2.3'
osrel_arg='Linux'
cmdline_arg='ARG1 ARG2 ARG3'
@ -660,8 +666,9 @@ def test_inspect(kernel_initrd, tmpdir, capsys):
expected_linux = '.linux:\n size:'
assert expected_linux in text
shutil.rmtree(tmp_path)
def test_pcr_signing(kernel_initrd, tmpdir):
def test_pcr_signing(kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
if systemd_measure() is None:
@ -671,7 +678,7 @@ def test_pcr_signing(kernel_initrd, tmpdir):
pub = unbase64(ourdir / 'example.tpm2-pcr-public.pem.base64')
priv = unbase64(ourdir / 'example.tpm2-pcr-private.pem.base64')
output = f'{tmpdir}/signed.efi'
output = f'{tmp_path}/signed.efi'
args = [
'build',
*kernel_initrd,
@ -683,8 +690,9 @@ def test_pcr_signing(kernel_initrd, tmpdir):
f'--pcr-private-key={priv.name}',
] + arg_tools
# If the public key is not explicitly specified, it is derived automatically. Let's make sure everything
# works as expected both when the public keys is specified explicitly and when it is derived from the
# If the public key is not explicitly specified, it is derived
# automatically. Let's make sure everything works as expected both when the
# public keys is specified explicitly and when it is derived from the
# private key.
for extra in ([f'--pcrpkey={pub.name}', f'--pcr-public-key={pub.name}'], []):
opts = ukify.parse_args(args + extra)
@ -708,23 +716,25 @@ def test_pcr_signing(kernel_initrd, tmpdir):
# So let's just call it with a dummy output argument.
subprocess.check_call([
'objcopy',
*(f'--dump-section=.{n}={tmpdir}/out.{n}' for n in (
*(f'--dump-section=.{n}={tmp_path}/out.{n}' for n in (
'pcrpkey', 'pcrsig', 'osrel', 'uname', 'cmdline')),
output,
tmpdir / 'dummy',
tmp_path / 'dummy',
],
text=True)
assert open(tmpdir / 'out.pcrpkey').read() == open(pub.name).read()
assert open(tmpdir / 'out.osrel').read() == 'ID=foobar\n'
assert open(tmpdir / 'out.uname').read() == '1.2.3'
assert open(tmpdir / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
sig = open(tmpdir / 'out.pcrsig').read()
assert open(tmp_path / 'out.pcrpkey').read() == open(pub.name).read()
assert open(tmp_path / 'out.osrel').read() == 'ID=foobar\n'
assert open(tmp_path / 'out.uname').read() == '1.2.3'
assert open(tmp_path / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
sig = open(tmp_path / 'out.pcrsig').read()
sig = json.loads(sig)
assert list(sig.keys()) == ['sha1']
assert len(sig['sha1']) == 4 # four items for four phases
def test_pcr_signing2(kernel_initrd, tmpdir):
shutil.rmtree(tmp_path)
def test_pcr_signing2(kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
if systemd_measure() is None:
@ -737,10 +747,10 @@ def test_pcr_signing2(kernel_initrd, tmpdir):
priv2 = unbase64(ourdir / 'example.tpm2-pcr-private2.pem.base64')
# simulate a microcode file
with open(f'{tmpdir}/microcode', 'wb') as microcode:
with open(f'{tmp_path}/microcode', 'wb') as microcode:
microcode.write(b'1234567890')
output = f'{tmpdir}/signed.efi'
output = f'{tmp_path}/signed.efi'
assert kernel_initrd[0] == '--linux'
opts = ukify.parse_args([
'build',
@ -776,35 +786,37 @@ def test_pcr_signing2(kernel_initrd, tmpdir):
subprocess.check_call([
'objcopy',
*(f'--dump-section=.{n}={tmpdir}/out.{n}' for n in (
*(f'--dump-section=.{n}={tmp_path}/out.{n}' for n in (
'pcrpkey', 'pcrsig', 'osrel', 'uname', 'cmdline', 'initrd')),
output,
tmpdir / 'dummy',
tmp_path / 'dummy',
],
text=True)
assert open(tmpdir / 'out.pcrpkey').read() == open(pub2.name).read()
assert open(tmpdir / 'out.osrel').read() == 'ID=foobar\n'
assert open(tmpdir / 'out.uname').read() == '1.2.3'
assert open(tmpdir / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
assert open(tmpdir / 'out.initrd', 'rb').read(10) == b'1234567890'
assert open(tmp_path / 'out.pcrpkey').read() == open(pub2.name).read()
assert open(tmp_path / 'out.osrel').read() == 'ID=foobar\n'
assert open(tmp_path / 'out.uname').read() == '1.2.3'
assert open(tmp_path / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
assert open(tmp_path / 'out.initrd', 'rb').read(10) == b'1234567890'
sig = open(tmpdir / 'out.pcrsig').read()
sig = open(tmp_path / 'out.pcrsig').read()
sig = json.loads(sig)
assert list(sig.keys()) == ['sha1']
assert len(sig['sha1']) == 6 # six items for six phases paths
def test_key_cert_generation(tmpdir):
shutil.rmtree(tmp_path)
def test_key_cert_generation(tmp_path):
opts = ukify.parse_args([
'genkey',
f"--pcr-public-key={tmpdir / 'pcr1.pub.pem'}",
f"--pcr-private-key={tmpdir / 'pcr1.priv.pem'}",
f"--pcr-public-key={tmp_path / 'pcr1.pub.pem'}",
f"--pcr-private-key={tmp_path / 'pcr1.priv.pem'}",
'--phases=enter-initrd enter-initrd:leave-initrd',
f"--pcr-public-key={tmpdir / 'pcr2.pub.pem'}",
f"--pcr-private-key={tmpdir / 'pcr2.priv.pem'}",
f"--pcr-public-key={tmp_path / 'pcr2.pub.pem'}",
f"--pcr-private-key={tmp_path / 'pcr2.priv.pem'}",
'--phases=sysinit ready',
f"--secureboot-private-key={tmpdir / 'sb.priv.pem'}",
f"--secureboot-certificate={tmpdir / 'sb.cert.pem'}",
f"--secureboot-private-key={tmp_path / 'sb.priv.pem'}",
f"--secureboot-certificate={tmp_path / 'sb.cert.pem'}",
])
assert opts.verb == 'genkey'
ukify.check_cert_and_keys_nonexistent(opts)
@ -816,9 +828,9 @@ def test_key_cert_generation(tmpdir):
if not shutil.which('openssl'):
return
for key in (tmpdir / 'pcr1.priv.pem',
tmpdir / 'pcr2.priv.pem',
tmpdir / 'sb.priv.pem'):
for key in (tmp_path / 'pcr1.priv.pem',
tmp_path / 'pcr2.priv.pem',
tmp_path / 'sb.priv.pem'):
out = subprocess.check_output([
'openssl', 'rsa',
'-in', key,
@ -828,8 +840,8 @@ def test_key_cert_generation(tmpdir):
assert 'Private-Key' in out
assert '2048 bit' in out
for pub in (tmpdir / 'pcr1.pub.pem',
tmpdir / 'pcr2.pub.pem'):
for pub in (tmp_path / 'pcr1.pub.pem',
tmp_path / 'pcr2.pub.pem'):
out = subprocess.check_output([
'openssl', 'rsa',
'-pubin',
@ -842,7 +854,7 @@ def test_key_cert_generation(tmpdir):
out = subprocess.check_output([
'openssl', 'x509',
'-in', tmpdir / 'sb.cert.pem',
'-in', tmp_path / 'sb.cert.pem',
'-text',
'-noout',
], text = True)