test: move check for verity kernel keyring support to util.sh

author Luca Boccassi <luca.boccassi@gmail.com>

Wed, 18 Feb 2026 16:11:34 +0000 (16:11 +0000)

committer Luca Boccassi <luca.boccassi@gmail.com>

Wed, 18 Feb 2026 16:11:34 +0000 (16:11 +0000)
author Luca Boccassi <luca.boccassi@gmail.com>
Wed, 18 Feb 2026 16:11:34 +0000 (16:11 +0000)
committer Luca Boccassi <luca.boccassi@gmail.com>
Wed, 18 Feb 2026 16:11:34 +0000 (16:11 +0000)
diff --git a/test/units/TEST-50-DISSECT.sh b/test/units/TEST-50-DISSECT.sh

index 14ff8ad250b332cf5f0a7ea83787ad1550c45918..99e4991402393a61996896016845c3b3c98eafd8 100755 (executable)
--- a/test/units/TEST-50-DISSECT.sh
+++ b/test/units/TEST-50-DISSECT.sh
@@ -37,13 +37,7 @@ trap at_exit EXIT
  # For unprivileged tests
  loginctl enable-linger testuser
  
-# Requires kernel built with certain kconfigs, as listed in README:
-# https://oracle.github.io/kconfigs/?config=UTS_RELEASE&config=DM_VERITY_VERIFY_ROOTHASH_SIG&config=DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING&config=DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING&config=IMA_ARCH_POLICY&config=INTEGRITY_MACHINE_KEYRING
-if grep -q "$(openssl x509 -noout -subject -in /usr/share/mkosi.crt | sed 's/^.*CN=//')" /proc/keys && \
-        ( . /etc/os-release; [ "$ID" != "centos" ] || systemd-analyze compare-versions "$VERSION_ID" ge 10 ) && \
-        ( . /etc/os-release; [ "$ID" != "debian" ] || [ -z "${VERSION_ID:-}" ] || systemd-analyze compare-versions "$VERSION_ID" ge 13 ) && \
-        ( . /etc/os-release; [ "$ID" != "ubuntu" ] || systemd-analyze compare-versions "$VERSION_ID" ge 24.04 ) && \
-        systemd-analyze compare-versions "$(cryptsetup --version | sed 's/^cryptsetup \([0-9]*\.[0-9]*\.[0-9]*\) .*/\1/')" ge 2.3.0; then
+if machine_supports_verity_keyring; then
      export VERITY_SIG_SUPPORTED=1
  else
      export VERITY_SIG_SUPPORTED=0
diff --git a/test/units/util.sh b/test/units/util.sh

index 372ce1c58d21eef76cd6b38849364621cb9cba9e..6f03f5e33996c2fd90ac05982728e173cd5ac84f 100755 (executable)
--- a/test/units/util.sh
+++ b/test/units/util.sh
@@ -285,6 +285,20 @@ kernel_supports_lsm() {
      return 1
  }
  
+machine_supports_verity_keyring() {
+    # Requires kernel built with certain kconfigs, as listed in README:
+    # https://oracle.github.io/kconfigs/?config=UTS_RELEASE&config=DM_VERITY_VERIFY_ROOTHASH_SIG&config=DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING&config=DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING&config=IMA_ARCH_POLICY&config=INTEGRITY_MACHINE_KEYRING
+    if grep -q "$(openssl x509 -noout -subject -in /usr/share/mkosi.crt | sed 's/^.*CN=//')" /proc/keys && \
+            ( . /etc/os-release; [ "$ID" != "centos" ] || systemd-analyze compare-versions "$VERSION_ID" ge 10 ) && \
+            ( . /etc/os-release; [ "$ID" != "debian" ] || [ -z "${VERSION_ID:-}" ] || systemd-analyze compare-versions "$VERSION_ID" ge 13 ) && \
+            ( . /etc/os-release; [ "$ID" != "ubuntu" ] || systemd-analyze compare-versions "$VERSION_ID" ge 24.04 ) && \
+            systemd-analyze compare-versions "$(cryptsetup --version | sed 's/^cryptsetup \([0-9]*\.[0-9]*\.[0-9]*\) .*/\1/')" ge 2.3.0; then
+        return 0
+    fi
+
+    return 1
+}
+
  install_extension_images() {
          local os_release
          os_release="$(test -e /etc/os-release && echo /etc/os-release || echo /usr/lib/os-release)"
author	Luca Boccassi <luca.boccassi@gmail.com>
	Wed, 18 Feb 2026 16:11:34 +0000 (16:11 +0000)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Wed, 18 Feb 2026 16:11:34 +0000 (16:11 +0000)
test/units/TEST-50-DISSECT.sh		patch \| blob \| blame \| history
test/units/util.sh		patch \| blob \| blame \| history