sys.path.append(os.path.dirname(__file__) + '/..')
import ukify
+build_root = os.getenv('PROJECT_BUILD_ROOT')
+arg_tools = ['--tools', build_root] if build_root else []
+
+def systemd_measure():
+ opts = ukify.create_parser().parse_args(arg_tools)
+ return ukify.find_tool('systemd-measure', opts=opts)
def test_guess_efi_arch():
arch = ukify.guess_efi_arch()
@pytest.fixture(scope='session')
def kernel_initrd():
+ opts = ukify.create_parser().parse_args(arg_tools)
+ bootctl = ukify.find_tool('bootctl', opts=opts)
+ if bootctl is None:
+ return None
+
try:
- text = subprocess.check_output(['bootctl', 'list', '--json=short'],
+ text = subprocess.check_output([bootctl, 'list', '--json=short'],
text=True)
except subprocess.CalledProcessError:
return None
def test_pcr_signing(kernel_initrd, tmpdir):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
+ if systemd_measure() is None:
+ pytest.skip('systemd-measure not found')
ourdir = pathlib.Path(__file__).parent
pub = unbase64(ourdir / 'example.tpm2-pcr-public.pem.base64')
'--os-release=ID=foobar\n',
'--pcr-banks=sha1', # use sha1 because it doesn't really matter
f'--pcr-private-key={priv.name}',
- ]
+ ] + arg_tools
# If the public key is not explicitly specified, it is derived automatically. Let's make sure everything
# works as expected both when the public keys is specified explicitly and when it is derived from the
def test_pcr_signing2(kernel_initrd, tmpdir):
if kernel_initrd is None:
pytest.skip('linux+initrd not found')
+ if systemd_measure() is None:
+ pytest.skip('systemd-measure not found')
ourdir = pathlib.Path(__file__).parent
pub = unbase64(ourdir / 'example.tpm2-pcr-public.pem.base64')
f'--pcr-public-key={pub2.name}',
f'--pcr-private-key={priv2.name}',
'--phases=sysinit ready shutdown final', # yes, those phase paths are not reachable
- ])
+ ] + arg_tools)
try:
ukify.check_inputs(opts)
projects / thirdparty / systemd.git / commitdiff
