Re: [PATCH v2 2/3] selftests/bpf: Add test_progs opts for sign-file and kernel priv key + cert

Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> · Wed, 8 Jun 2022 17:12:41 -0700

On Wed, Jun 8, 2022 at 4:15 AM Roberto Sassu <roberto.sassu@xxxxxxxxxx> wrote:
>
> According to the logs of the eBPF CI, built kernel and tests are copied to
> a virtual machine to run there.
>
> Since a test for a new helper to verify PKCS#7 signatures requires to sign
> data to be verified, extend test_progs to store in the test_env data
> structure (accessible by individual tests) the path of sign-file and of the
> kernel private key and cert.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> ---
>  tools/testing/selftests/bpf/test_progs.c | 12 ++++++++++++
>  tools/testing/selftests/bpf/test_progs.h |  3 +++
>  2 files changed, 15 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c
> index c639f2e56fc5..90ce2c06a15e 100644
> --- a/tools/testing/selftests/bpf/test_progs.c
> +++ b/tools/testing/selftests/bpf/test_progs.c
> @@ -707,6 +707,8 @@ enum ARG_KEYS {
>         ARG_TEST_NAME_GLOB_DENYLIST = 'd',
>         ARG_NUM_WORKERS = 'j',
>         ARG_DEBUG = -1,
> +       ARG_SIGN_FILE = 'S',
> +       ARG_KERNEL_PRIV_CERT = 'C',
>  };
>
>  static const struct argp_option opts[] = {
> @@ -732,6 +734,10 @@ static const struct argp_option opts[] = {
>           "Number of workers to run in parallel, default to number of cpus." },
>         { "debug", ARG_DEBUG, NULL, 0,
>           "print extra debug information for test_progs." },
> +       { "sign-file", ARG_SIGN_FILE, "PATH", 0,
> +         "sign-file path " },
> +       { "kernel-priv-cert", ARG_KERNEL_PRIV_CERT, "PATH", 0,
> +         "kernel private key and cert path " },
>         {},
>  };
>
> @@ -862,6 +868,12 @@ static error_t parse_arg(int key, char *arg, struct argp_state *state)
>         case ARG_DEBUG:
>                 env->debug = true;
>                 break;
> +       case ARG_SIGN_FILE:
> +               env->sign_file_path = arg;
> +               break;
> +       case ARG_KERNEL_PRIV_CERT:
> +               env->kernel_priv_cert_path = arg;
> +               break;

That's cumbersome approach to use to force CI and
users to pass these args on command line.
The test has to be self contained.
test_progs should execute it without any additional input.
For example by having test-only private/public key
that is used to sign and verify the signature.