On 3/30/20 9:26 AM, Lakshmi Ramasubramanian wrote:
On 3/26/20 9:25 PM, Vitaly Chikunov wrote:
--- /dev/null
+++ b/tests/gen-keys.sh
@@ -0,0 +1,97 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
Should this be "# SPDX-License-Identifier: GPL-2.0+"
+# This script leaves test-ca.conf, *.cer, *.pub, *.key files for
sing/verify tests.
+# They are never deleted except by `make distclean'.
+
diff --git a/tests/sign_verify.test b/tests/sign_verify.test
new file mode 100755
index 0000000..190b23a
--- /dev/null
+++ b/tests/sign_verify.test
@@ -0,0 +1,364 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
Same comment as above.
+# Check that detached signature matches xattr signature
+_test_sigfile() {
+ local file=$1 attr=$2 file_sig=$3 file_sig2=$4
+
+ if [ ! -e $file_sig ]; then
+ red_always
+ echo "evmctl ima_sign: no detached signature $file_sig"
+ color_restore
+ rm $file
Should the file be not deleted in case of failure, so that one can check
the file manually?
+ return $FAIL
+ fi
+
+ _extract_xattr $file $attr $file_sig2
+ if ! cmp -bl $file_sig $file_sig2; then
+ red_always
+ echo "evmctl ima_sign: xattr signature on $file differ from
detached $file_sig"
+ color_restore
+ rm $file $file_sig $file_sig2
Same as above - should the files be not deleted in case of failure?
thanks,
-lakshmi
+ Mimi and linux-integrity
