Lakshmi,
On Mon, Mar 30, 2020 at 09:29:54AM -0700, Lakshmi Ramasubramanian wrote:
> On 3/30/20 9:26 AM, Lakshmi Ramasubramanian wrote:
> > On 3/26/20 9:25 PM, Vitaly Chikunov wrote:
> >
> > > --- /dev/null
> > > +++ b/tests/gen-keys.sh
> > > @@ -0,0 +1,97 @@
> > > +#!/bin/bash
> > > +# SPDX-License-Identifier: GPL-2.0
> > Should this be "# SPDX-License-Identifier: GPL-2.0+"
> >
> > > +# This script leaves test-ca.conf, *.cer, *.pub, *.key files for
> > > sing/verify tests.
> > > +# They are never deleted except by `make distclean'.
> > > +
> > > diff --git a/tests/sign_verify.test b/tests/sign_verify.test
> > > new file mode 100755
> > > index 0000000..190b23a
> > > --- /dev/null
> > > +++ b/tests/sign_verify.test
> > > @@ -0,0 +1,364 @@
> > > +#!/bin/bash
> > > +# SPDX-License-Identifier: GPL-2.0
> > Same comment as above.
> >
> > > +# Check that detached signature matches xattr signature
> > > +_test_sigfile() {
> > > + local file=$1 attr=$2 file_sig=$3 file_sig2=$4
> > > +
> > > + if [ ! -e $file_sig ]; then
> > > + red_always
> > > + echo "evmctl ima_sign: no detached signature $file_sig"
> > > + color_restore
> > > + rm $file
> >
> > Should the file be not deleted in case of failure, so that one can check
> > the file manually?
> >
> > > + return $FAIL
> > > + fi
> > > +
> > > + _extract_xattr $file $attr $file_sig2
> > > + if ! cmp -bl $file_sig $file_sig2; then
> > > + red_always
> > > + echo "evmctl ima_sign: xattr signature on $file differ from
> > > detached $file_sig"
> > > + color_restore
> > > + rm $file $file_sig $file_sig2
> > Same as above - should the files be not deleted in case of failure?
These files will be overwritten by subsequent tests anyway, so there is
not point to keep them.
Thanks,
> >
> > thanks,
> > -lakshmi
>
> + Mimi and linux-integrity
