test: make OpenSSL checks optional in TEST-50-DISSECT

author Luca Boccassi <luca.boccassi@microsoft.com>

Wed, 6 Oct 2021 23:26:26 +0000 (00:26 +0100)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Thu, 7 Oct 2021 06:41:33 +0000 (08:41 +0200)
author Luca Boccassi <luca.boccassi@microsoft.com>
Wed, 6 Oct 2021 23:26:26 +0000 (00:26 +0100)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Thu, 7 Oct 2021 06:41:33 +0000 (08:41 +0200)
diff --git a/test/TEST-50-DISSECT/test.sh b/test/TEST-50-DISSECT/test.sh

index 178300f5e4a4233681281f395201dfbc8cd0d8a1..1475659e6ecfc0a88f8716b4bd3fced9e3e2df7f 100755 (executable)
--- a/test/TEST-50-DISSECT/test.sh
+++ b/test/TEST-50-DISSECT/test.sh
@@ -14,7 +14,6 @@ TEST_INSTALL_VERITY_MINIMAL=1
  command -v mksquashfs >/dev/null 2>&1 || exit 0
  command -v veritysetup >/dev/null 2>&1 || exit 0
  command -v sfdisk >/dev/null 2>&1 || exit 0
-command -v openssl >/dev/null 2>&1 || exit 0
  
  # Need loop devices for systemd-dissect
  test_append_files() {
@@ -27,7 +26,9 @@ test_append_files() {
          generate_module_dependencies
          inst_binary losetup
          inst_binary wc
-        inst_binary openssl
+        if command -v openssl >/dev/null 2>&1; then
+            inst_binary openssl
+        fi
          install_verity_minimal
      )
  }
diff --git a/test/units/testsuite-50.sh b/test/units/testsuite-50.sh

index 04abd9a09e3468072514b1fac32681c512f80580..a8024b32e3beea288ce3b6bdd91fc0bad3e1d305 100755 (executable)
--- a/test/units/testsuite-50.sh
+++ b/test/units/testsuite-50.sh
@@ -120,8 +120,11 @@ fi
  verity_size="$((verity_size * 2))KiB"
  signature_size="$((signature_size * 2))KiB"
  
-# Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents
-cat >> "${image}.openssl.cnf" <<EOF
+HAVE_OPENSSL=0
+if systemctl --version | grep -q -- +OPENSSL ; then
+    HAVE_OPENSSL=1
+    # Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents
+    cat >> "${image}.openssl.cnf" <<EOF
  [ req ]
  prompt = no
  distinguished_name = req_distinguished_name
@@ -136,17 +139,18 @@ CN = Common Name
  emailAddress = test@email.com
  EOF
  
-# Create key pair
-openssl req -config "${image}.openssl.cnf" -new -x509 -newkey rsa:1024 -keyout "${image}.key" -out "${image}.crt" -days 365 -nodes
-# Sign Verity root hash with it
-openssl smime -sign -nocerts -noattr -binary -in "${image}.roothash" -inkey "${image}.key" -signer "${image}.crt" -outform der -out "${image}.roothash.p7s"
-# Generate signature partition JSON data
-echo '{"rootHash":"'"${roothash}"'","signature":"'"$(base64 -w 0 < "${image}.roothash.p7s")"'"}' > "${image}.verity-sig"
-# Pad it
-truncate -s "${signature_size}" "${image}.verity-sig"
-# Register certificate in the (userspace) verity key ring
-mkdir -p /run/verity.d
-ln -s "${image}.crt" /run/verity.d/ok.crt
+    # Create key pair
+    openssl req -config "${image}.openssl.cnf" -new -x509 -newkey rsa:1024 -keyout "${image}.key" -out "${image}.crt" -days 365 -nodes
+    # Sign Verity root hash with it
+    openssl smime -sign -nocerts -noattr -binary -in "${image}.roothash" -inkey "${image}.key" -signer "${image}.crt" -outform der -out "${image}.roothash.p7s"
+    # Generate signature partition JSON data
+    echo '{"rootHash":"'"${roothash}"'","signature":"'"$(base64 -w 0 < "${image}.roothash.p7s")"'"}' > "${image}.verity-sig"
+    # Pad it
+    truncate -s "${signature_size}" "${image}.verity-sig"
+    # Register certificate in the (userspace) verity key ring
+    mkdir -p /run/verity.d
+    ln -s "${image}.crt" /run/verity.d/ok.crt
+fi
  
  # Construct a UUID from hash
  # input:  11111111222233334444555566667777
@@ -155,14 +159,20 @@ uuid="$(head -c 32 "${image}.roothash" | sed -r 's/(.{8})(.{4})(.{4})(.{4})(.+)/
  echo -e "label: gpt\nsize=${root_size}, type=${root_guid}, uuid=${uuid}" | sfdisk "${image}.gpt"
  uuid="$(tail -c 32 "${image}.roothash" | sed -r 's/(.{8})(.{4})(.{4})(.{4})(.+)/\1-\2-\3-\4-\5/')"
  echo -e "size=${verity_size}, type=${verity_guid}, uuid=${uuid}" | sfdisk "${image}.gpt" --append
-echo -e "size=${signature_size}, type=${signature_guid}" | sfdisk "${image}.gpt" --append
+if [ "${HAVE_OPENSSL}" -eq 1 ]; then
+    echo -e "size=${signature_size}, type=${signature_guid}" | sfdisk "${image}.gpt" --append
+fi
  sfdisk --part-label "${image}.gpt" 1 "Root Partition"
  sfdisk --part-label "${image}.gpt" 2 "Verity Partition"
-sfdisk --part-label "${image}.gpt" 3 "Signature Partition"
+if [ "${HAVE_OPENSSL}" -eq 1 ]; then
+    sfdisk --part-label "${image}.gpt" 3 "Signature Partition"
+fi
  loop="$(losetup --show -P -f "${image}.gpt")"
  dd if="${image}.raw" of="${loop}p1"
  dd if="${image}.verity" of="${loop}p2"
-dd if="${image}.verity-sig" of="${loop}p3"
+if [ "${HAVE_OPENSSL}" -eq 1 ]; then
+    dd if="${image}.verity-sig" of="${loop}p3"
+fi
  losetup -d "${loop}"
  
  # Derive partition UUIDs from root hash, in UUID syntax
author	Luca Boccassi <luca.boccassi@microsoft.com>
	Wed, 6 Oct 2021 23:26:26 +0000 (00:26 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Thu, 7 Oct 2021 06:41:33 +0000 (08:41 +0200)
test/TEST-50-DISSECT/test.sh		patch \| blob \| blame \| history
test/units/testsuite-50.sh		patch \| blob \| blame \| history