with pytest.raises(OSError):
ukify.check_splash(os.devnull)
-def test_basic_operation(kernel_initrd, tmpdir):
+def test_basic_operation(kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
- output = f'{tmpdir}/basic.efi'
+ output = f'{tmp_path}/basic.efi'
opts = ukify.parse_args([
'build',
*kernel_initrd,
# let's check that objdump likes the resulting file
subprocess.check_output(['objdump', '-h', output])
-def test_sections(kernel_initrd, tmpdir):
+def test_sections(kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
- output = f'{tmpdir}/basic.efi'
+ output = f'{tmp_path}/basic.efi'
opts = ukify.parse_args([
'build',
*kernel_initrd,
for sect in 'text osrel cmdline linux initrd uname test'.split():
assert re.search(fr'^\s*\d+\s+\.{sect}\s+[0-9a-f]+', dump, re.MULTILINE)
-def test_addon(tmpdir):
- output = f'{tmpdir}/addon.efi'
+def test_addon(tmp_path):
+ output = f'{tmp_path}/addon.efi'
args = [
'build',
f'--output={output}',
assert re.match(r'\d+\.\d+\.\d+', uname)
@pytest.mark.parametrize("days", [365*10, None])
-def test_efi_signing_sbsign(days, kernel_initrd, tmpdir):
+def test_efi_signing_sbsign(days, kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
if not shutil.which('sbsign'):
cert = unbase64(ourdir / 'example.signing.crt.base64')
key = unbase64(ourdir / 'example.signing.key.base64')
- output = f'{tmpdir}/signed.efi'
+ output = f'{tmp_path}/signed.efi'
args = [
'build',
*kernel_initrd,
assert 'Signature verification OK' in dump
-def test_efi_signing_pesign(kernel_initrd, tmpdir):
+def test_efi_signing_pesign(kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
if not shutil.which('pesign'):
pytest.skip('pesign not found')
- nss_db = f'{tmpdir}/nss_db'
+ nss_db = f'{tmp_path}/nss_db'
name = 'Test_Secureboot'
author = 'systemd'
cmd = f'efikeygen -d {nss_db} -S -k -c CN={author} -n {name}'.split(' ')
subprocess.check_call(cmd)
- output = f'{tmpdir}/signed.efi'
+ output = f'{tmp_path}/signed.efi'
opts = ukify.parse_args([
'build',
*kernel_initrd,
assert f"The signer's common name is {author}" in dump
-def test_inspect(kernel_initrd, tmpdir, capsys):
+def test_inspect(kernel_initrd, tmp_path, capsys):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
if not shutil.which('sbsign'):
cert = unbase64(ourdir / 'example.signing.crt.base64')
key = unbase64(ourdir / 'example.signing.key.base64')
- output = f'{tmpdir}/signed2.efi'
+ output = f'{tmp_path}/signed2.efi'
uname_arg='1.2.3'
osrel_arg='Linux'
cmdline_arg='ARG1 ARG2 ARG3'
assert expected_linux in text
-def test_pcr_signing(kernel_initrd, tmpdir):
+def test_pcr_signing(kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
if systemd_measure() is None:
pub = unbase64(ourdir / 'example.tpm2-pcr-public.pem.base64')
priv = unbase64(ourdir / 'example.tpm2-pcr-private.pem.base64')
- output = f'{tmpdir}/signed.efi'
+ output = f'{tmp_path}/signed.efi'
args = [
'build',
*kernel_initrd,
# So let's just call it with a dummy output argument.
subprocess.check_call([
'objcopy',
- *(f'--dump-section=.{n}={tmpdir}/out.{n}' for n in (
+ *(f'--dump-section=.{n}={tmp_path}/out.{n}' for n in (
'pcrpkey', 'pcrsig', 'osrel', 'uname', 'cmdline')),
output,
- tmpdir / 'dummy',
+ tmp_path / 'dummy',
],
text=True)
- assert open(tmpdir / 'out.pcrpkey').read() == open(pub.name).read()
- assert open(tmpdir / 'out.osrel').read() == 'ID=foobar\n'
- assert open(tmpdir / 'out.uname').read() == '1.2.3'
- assert open(tmpdir / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
- sig = open(tmpdir / 'out.pcrsig').read()
+ assert open(tmp_path / 'out.pcrpkey').read() == open(pub.name).read()
+ assert open(tmp_path / 'out.osrel').read() == 'ID=foobar\n'
+ assert open(tmp_path / 'out.uname').read() == '1.2.3'
+ assert open(tmp_path / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
+ sig = open(tmp_path / 'out.pcrsig').read()
sig = json.loads(sig)
assert list(sig.keys()) == ['sha1']
assert len(sig['sha1']) == 4 # four items for four phases
-def test_pcr_signing2(kernel_initrd, tmpdir):
+def test_pcr_signing2(kernel_initrd, tmp_path):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
if systemd_measure() is None:
priv2 = unbase64(ourdir / 'example.tpm2-pcr-private2.pem.base64')
# simulate a microcode file
- with open(f'{tmpdir}/microcode', 'wb') as microcode:
+ with open(f'{tmp_path}/microcode', 'wb') as microcode:
microcode.write(b'1234567890')
- output = f'{tmpdir}/signed.efi'
+ output = f'{tmp_path}/signed.efi'
assert kernel_initrd[0] == '--linux'
opts = ukify.parse_args([
'build',
subprocess.check_call([
'objcopy',
- *(f'--dump-section=.{n}={tmpdir}/out.{n}' for n in (
+ *(f'--dump-section=.{n}={tmp_path}/out.{n}' for n in (
'pcrpkey', 'pcrsig', 'osrel', 'uname', 'cmdline', 'initrd')),
output,
- tmpdir / 'dummy',
+ tmp_path / 'dummy',
],
text=True)
- assert open(tmpdir / 'out.pcrpkey').read() == open(pub2.name).read()
- assert open(tmpdir / 'out.osrel').read() == 'ID=foobar\n'
- assert open(tmpdir / 'out.uname').read() == '1.2.3'
- assert open(tmpdir / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
- assert open(tmpdir / 'out.initrd', 'rb').read(10) == b'1234567890'
+ assert open(tmp_path / 'out.pcrpkey').read() == open(pub2.name).read()
+ assert open(tmp_path / 'out.osrel').read() == 'ID=foobar\n'
+ assert open(tmp_path / 'out.uname').read() == '1.2.3'
+ assert open(tmp_path / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
+ assert open(tmp_path / 'out.initrd', 'rb').read(10) == b'1234567890'
- sig = open(tmpdir / 'out.pcrsig').read()
+ sig = open(tmp_path / 'out.pcrsig').read()
sig = json.loads(sig)
assert list(sig.keys()) == ['sha1']
assert len(sig['sha1']) == 6 # six items for six phases paths
-def test_key_cert_generation(tmpdir):
+def test_key_cert_generation(tmp_path):
opts = ukify.parse_args([
'genkey',
- f"--pcr-public-key={tmpdir / 'pcr1.pub.pem'}",
- f"--pcr-private-key={tmpdir / 'pcr1.priv.pem'}",
+ f"--pcr-public-key={tmp_path / 'pcr1.pub.pem'}",
+ f"--pcr-private-key={tmp_path / 'pcr1.priv.pem'}",
'--phases=enter-initrd enter-initrd:leave-initrd',
- f"--pcr-public-key={tmpdir / 'pcr2.pub.pem'}",
- f"--pcr-private-key={tmpdir / 'pcr2.priv.pem'}",
+ f"--pcr-public-key={tmp_path / 'pcr2.pub.pem'}",
+ f"--pcr-private-key={tmp_path / 'pcr2.priv.pem'}",
'--phases=sysinit ready',
- f"--secureboot-private-key={tmpdir / 'sb.priv.pem'}",
- f"--secureboot-certificate={tmpdir / 'sb.cert.pem'}",
+ f"--secureboot-private-key={tmp_path / 'sb.priv.pem'}",
+ f"--secureboot-certificate={tmp_path / 'sb.cert.pem'}",
])
assert opts.verb == 'genkey'
ukify.check_cert_and_keys_nonexistent(opts)
if not shutil.which('openssl'):
return
- for key in (tmpdir / 'pcr1.priv.pem',
- tmpdir / 'pcr2.priv.pem',
- tmpdir / 'sb.priv.pem'):
+ for key in (tmp_path / 'pcr1.priv.pem',
+ tmp_path / 'pcr2.priv.pem',
+ tmp_path / 'sb.priv.pem'):
out = subprocess.check_output([
'openssl', 'rsa',
'-in', key,
assert 'Private-Key' in out
assert '2048 bit' in out
- for pub in (tmpdir / 'pcr1.pub.pem',
- tmpdir / 'pcr2.pub.pem'):
+ for pub in (tmp_path / 'pcr1.pub.pem',
+ tmp_path / 'pcr2.pub.pem'):
out = subprocess.check_output([
'openssl', 'rsa',
'-pubin',
out = subprocess.check_output([
'openssl', 'x509',
- '-in', tmpdir / 'sb.cert.pem',
+ '-in', tmp_path / 'sb.cert.pem',
'-text',
'-noout',
], text = True)
projects / thirdparty / systemd.git / commitdiff
