Merge lp:~apw/launchpad/signing-sipl into lp:launchpad
- signing-sipl
- Merge into devel
Proposed by
Andy Whitcroft
Status: | Merged | ||||
---|---|---|---|---|---|
Merged at revision: | 18979 | ||||
Proposed branch: | lp:~apw/launchpad/signing-sipl | ||||
Merge into: | lp:launchpad | ||||
Diff against target: |
575 lines (+237/-23) 2 files modified
lib/lp/archivepublisher/signing.py (+39/-17) lib/lp/archivepublisher/tests/test_signing.py (+198/-6) |
||||
To merge this branch: | bzr merge lp:~apw/launchpad/signing-sipl | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Colin Watson (community) | Approve | ||
Review via email: mp+368275@code.launchpad.net |
Commit message
Add s390x Secure Initial Program Load signing support.
Description of the change
On newer s390x mainframes zipl implements signature verification for zipl stage 3 and for the loaded kernel binaries. These signatures are essentially kernel module signing signatures. Add support for performing SIPL signing against *.sipl files in the signing custom uploads.
To post a comment you must log in.
Revision history for this message
Andy Whitcroft (apw) wrote : | # |
Hopefully that is all of the nits addressed.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'lib/lp/archivepublisher/signing.py' | |||
2 | --- lib/lp/archivepublisher/signing.py 2018-08-03 16:10:41 +0000 | |||
3 | +++ lib/lp/archivepublisher/signing.py 2019-06-06 09:45:01 +0000 | |||
4 | @@ -95,6 +95,8 @@ | |||
5 | 95 | self.kmod_x509 = None | 95 | self.kmod_x509 = None |
6 | 96 | self.opal_pem = None | 96 | self.opal_pem = None |
7 | 97 | self.opal_x509 = None | 97 | self.opal_x509 = None |
8 | 98 | self.sipl_pem = None | ||
9 | 99 | self.sipl_x509 = None | ||
10 | 98 | self.autokey = False | 100 | self.autokey = False |
11 | 99 | else: | 101 | else: |
12 | 100 | self.uefi_key = os.path.join(pubconf.signingroot, "uefi.key") | 102 | self.uefi_key = os.path.join(pubconf.signingroot, "uefi.key") |
13 | @@ -103,6 +105,8 @@ | |||
14 | 103 | self.kmod_x509 = os.path.join(pubconf.signingroot, "kmod.x509") | 105 | self.kmod_x509 = os.path.join(pubconf.signingroot, "kmod.x509") |
15 | 104 | self.opal_pem = os.path.join(pubconf.signingroot, "opal.pem") | 106 | self.opal_pem = os.path.join(pubconf.signingroot, "opal.pem") |
16 | 105 | self.opal_x509 = os.path.join(pubconf.signingroot, "opal.x509") | 107 | self.opal_x509 = os.path.join(pubconf.signingroot, "opal.x509") |
17 | 108 | self.sipl_pem = os.path.join(pubconf.signingroot, "sipl.pem") | ||
18 | 109 | self.sipl_x509 = os.path.join(pubconf.signingroot, "sipl.x509") | ||
19 | 106 | self.autokey = pubconf.signingautokey | 110 | self.autokey = pubconf.signingautokey |
20 | 107 | 111 | ||
21 | 108 | self.setComponents(tarfile_path) | 112 | self.setComponents(tarfile_path) |
22 | @@ -176,6 +180,8 @@ | |||
23 | 176 | yield (os.path.join(dirpath, filename), self.signKmod) | 180 | yield (os.path.join(dirpath, filename), self.signKmod) |
24 | 177 | elif filename.endswith(".opal"): | 181 | elif filename.endswith(".opal"): |
25 | 178 | yield (os.path.join(dirpath, filename), self.signOpal) | 182 | yield (os.path.join(dirpath, filename), self.signOpal) |
26 | 183 | elif filename.endswith(".sipl"): | ||
27 | 184 | yield (os.path.join(dirpath, filename), self.signSipl) | ||
28 | 179 | 185 | ||
29 | 180 | def getKeys(self, which, generate, *keynames): | 186 | def getKeys(self, which, generate, *keynames): |
30 | 181 | """Validate and return the uefi key and cert for encryption.""" | 187 | """Validate and return the uefi key and cert for encryption.""" |
31 | @@ -242,7 +248,7 @@ | |||
32 | 242 | cmdl = ["sbsign", "--key", key, "--cert", cert, image] | 248 | cmdl = ["sbsign", "--key", key, "--cert", cert, image] |
33 | 243 | return self.callLog("UEFI signing", cmdl) | 249 | return self.callLog("UEFI signing", cmdl) |
34 | 244 | 250 | ||
36 | 245 | openssl_config_opal = textwrap.dedent(""" | 251 | openssl_config_base = textwrap.dedent("""\ |
37 | 246 | [ req ] | 252 | [ req ] |
38 | 247 | default_bits = 4096 | 253 | default_bits = 4096 |
39 | 248 | distinguished_name = req_distinguished_name | 254 | distinguished_name = req_distinguished_name |
40 | @@ -260,37 +266,35 @@ | |||
41 | 260 | authorityKeyIdentifier=keyid | 266 | authorityKeyIdentifier=keyid |
42 | 261 | """) | 267 | """) |
43 | 262 | 268 | ||
45 | 263 | openssl_config_kmod = openssl_config_opal + textwrap.dedent(""" | 269 | openssl_config_opal = "# OPAL OpenSSL config\n" + openssl_config_base |
46 | 270 | |||
47 | 271 | openssl_config_kmod = "# KMOD OpenSSL config\n" + openssl_config_base + \ | ||
48 | 272 | textwrap.dedent(""" | ||
49 | 264 | # codeSigning: specifies that this key is used to sign code. | 273 | # codeSigning: specifies that this key is used to sign code. |
50 | 265 | # 1.3.6.1.4.1.2312.16.1.2: defines this key as used for | 274 | # 1.3.6.1.4.1.2312.16.1.2: defines this key as used for |
51 | 266 | # module signing only. See https://lkml.org/lkml/2015/8/26/741. | 275 | # module signing only. See https://lkml.org/lkml/2015/8/26/741. |
52 | 267 | extendedKeyUsage = codeSigning,1.3.6.1.4.1.2312.16.1.2 | 276 | extendedKeyUsage = codeSigning,1.3.6.1.4.1.2312.16.1.2 |
53 | 268 | """) | 277 | """) |
54 | 269 | 278 | ||
62 | 270 | def generateOpensslConfig(self, key_type, common_name): | 279 | openssl_config_sipl = "# SIPL OpenSSL config\n" + openssl_config_base |
63 | 271 | if key_type == 'Kmod': | 280 | |
64 | 272 | genkey_tmpl = self.openssl_config_kmod | 281 | def generateOpensslConfig(self, key_type, genkey_tmpl): |
65 | 273 | elif key_type == 'Opal': | 282 | # Truncate name to 64 character maximum. |
66 | 274 | genkey_tmpl = self.openssl_config_opal | 283 | common_name = self.generateKeyCommonName( |
67 | 275 | else: | 284 | self.archive.owner.name, self.archive.name, key_type) |
61 | 276 | raise ValueError("unknown key_type " + key_type) | ||
68 | 277 | 285 | ||
69 | 278 | return genkey_tmpl.format(common_name=common_name) | 286 | return genkey_tmpl.format(common_name=common_name) |
70 | 279 | 287 | ||
72 | 280 | def generatePemX509Pair(self, key_type, pem_filename, x509_filename): | 288 | def generatePemX509Pair(self, key_type, genkey_text, pem_filename, |
73 | 289 | x509_filename): | ||
74 | 281 | """Generate new pem/x509 key pairs.""" | 290 | """Generate new pem/x509 key pairs.""" |
75 | 282 | directory = os.path.dirname(pem_filename) | 291 | directory = os.path.dirname(pem_filename) |
76 | 283 | if not os.path.exists(directory): | 292 | if not os.path.exists(directory): |
77 | 284 | os.makedirs(directory) | 293 | os.makedirs(directory) |
78 | 285 | 294 | ||
79 | 286 | # Truncate name to 64 character maximum. | ||
80 | 287 | common_name = self.generateKeyCommonName( | ||
81 | 288 | self.archive.owner.name, self.archive.name, key_type) | ||
82 | 289 | |||
83 | 290 | old_mask = os.umask(0o077) | 295 | old_mask = os.umask(0o077) |
84 | 291 | try: | 296 | try: |
85 | 292 | with tempfile.NamedTemporaryFile(suffix='.keygen') as tf: | 297 | with tempfile.NamedTemporaryFile(suffix='.keygen') as tf: |
86 | 293 | genkey_text = self.generateOpensslConfig(key_type, common_name) | ||
87 | 294 | print(genkey_text, file=tf) | 298 | print(genkey_text, file=tf) |
88 | 295 | 299 | ||
89 | 296 | # Close out the underlying file so we know it is complete. | 300 | # Close out the underlying file so we know it is complete. |
90 | @@ -318,7 +322,8 @@ | |||
91 | 318 | 322 | ||
92 | 319 | def generateKmodKeys(self): | 323 | def generateKmodKeys(self): |
93 | 320 | """Generate new Kernel Signing Keys for this archive.""" | 324 | """Generate new Kernel Signing Keys for this archive.""" |
95 | 321 | self.generatePemX509Pair("Kmod", self.kmod_pem, self.kmod_x509) | 325 | config = self.generateOpensslConfig("Kmod", self.openssl_config_kmod) |
96 | 326 | self.generatePemX509Pair("Kmod", config, self.kmod_pem, self.kmod_x509) | ||
97 | 322 | 327 | ||
98 | 323 | def signKmod(self, image): | 328 | def signKmod(self, image): |
99 | 324 | """Attempt to sign a kernel module.""" | 329 | """Attempt to sign a kernel module.""" |
100 | @@ -333,7 +338,8 @@ | |||
101 | 333 | 338 | ||
102 | 334 | def generateOpalKeys(self): | 339 | def generateOpalKeys(self): |
103 | 335 | """Generate new Opal Signing Keys for this archive.""" | 340 | """Generate new Opal Signing Keys for this archive.""" |
105 | 336 | self.generatePemX509Pair("Opal", self.opal_pem, self.opal_x509) | 341 | config = self.generateOpensslConfig("Opal", self.openssl_config_opal) |
106 | 342 | self.generatePemX509Pair("Opal", config, self.opal_pem, self.opal_x509) | ||
107 | 337 | 343 | ||
108 | 338 | def signOpal(self, image): | 344 | def signOpal(self, image): |
109 | 339 | """Attempt to sign a kernel image for Opal.""" | 345 | """Attempt to sign a kernel image for Opal.""" |
110 | @@ -346,6 +352,22 @@ | |||
111 | 346 | cmdl = ["kmodsign", "-D", "sha512", pem, cert, image, image + ".sig"] | 352 | cmdl = ["kmodsign", "-D", "sha512", pem, cert, image, image + ".sig"] |
112 | 347 | return self.callLog("Opal signing", cmdl) | 353 | return self.callLog("Opal signing", cmdl) |
113 | 348 | 354 | ||
114 | 355 | def generateSiplKeys(self): | ||
115 | 356 | """Generate new Sipl Signing Keys for this archive.""" | ||
116 | 357 | config = self.generateOpensslConfig("SIPL", self.openssl_config_sipl) | ||
117 | 358 | self.generatePemX509Pair("SIPL", config, self.sipl_pem, self.sipl_x509) | ||
118 | 359 | |||
119 | 360 | def signSipl(self, image): | ||
120 | 361 | """Attempt to sign a kernel image for Sipl.""" | ||
121 | 362 | remove_if_exists("%s.sig" % image) | ||
122 | 363 | (pem, cert) = self.getKeys('SIPL Kernel', self.generateSiplKeys, | ||
123 | 364 | self.sipl_pem, self.sipl_x509) | ||
124 | 365 | if not pem or not cert: | ||
125 | 366 | return | ||
126 | 367 | self.publishPublicKey(cert) | ||
127 | 368 | cmdl = ["kmodsign", "-D", "sha512", pem, cert, image, image + ".sig"] | ||
128 | 369 | return self.callLog("SIPL signing", cmdl) | ||
129 | 370 | |||
130 | 349 | def convertToTarball(self): | 371 | def convertToTarball(self): |
131 | 350 | """Convert unpacked output to signing tarball.""" | 372 | """Convert unpacked output to signing tarball.""" |
132 | 351 | tarfilename = os.path.join(self.tmpdir, "signed.tar.gz") | 373 | tarfilename = os.path.join(self.tmpdir, "signed.tar.gz") |
133 | 352 | 374 | ||
134 | === modified file 'lib/lp/archivepublisher/tests/test_signing.py' | |||
135 | --- lib/lp/archivepublisher/tests/test_signing.py 2019-05-24 11:10:38 +0000 | |||
136 | +++ lib/lp/archivepublisher/tests/test_signing.py 2019-06-06 09:45:01 +0000 | |||
137 | @@ -91,6 +91,9 @@ | |||
138 | 91 | "Opal signing": 0, | 91 | "Opal signing": 0, |
139 | 92 | "Opal keygen key": 0, | 92 | "Opal keygen key": 0, |
140 | 93 | "Opal keygen cert": 0, | 93 | "Opal keygen cert": 0, |
141 | 94 | "SIPL signing": 0, | ||
142 | 95 | "SIPL keygen key": 0, | ||
143 | 96 | "SIPL keygen cert": 0, | ||
144 | 94 | } | 97 | } |
145 | 95 | 98 | ||
146 | 96 | def __call__(self, *args, **kwargs): | 99 | def __call__(self, *args, **kwargs): |
147 | @@ -130,9 +133,20 @@ | |||
148 | 130 | elif description == "Opal keygen key": | 133 | elif description == "Opal keygen key": |
149 | 131 | write_file(self.upload.opal_pem, b"") | 134 | write_file(self.upload.opal_pem, b"") |
150 | 132 | 135 | ||
151 | 136 | elif description == "SIPL signing": | ||
152 | 137 | filename = cmdl[-1] | ||
153 | 138 | if filename.endswith(".sipl.sig"): | ||
154 | 139 | write_file(filename, b"") | ||
155 | 140 | |||
156 | 141 | elif description == "SIPL keygen cert": | ||
157 | 142 | write_file(self.upload.sipl_x509, b"") | ||
158 | 143 | |||
159 | 144 | elif description == "SIPL keygen key": | ||
160 | 145 | write_file(self.upload.sipl_pem, b"") | ||
161 | 146 | |||
162 | 133 | else: | 147 | else: |
165 | 134 | raise AssertionError("unknown command executed cmd=(%s)" % | 148 | raise AssertionError("unknown command executed description=(%s) " |
166 | 135 | " ".join(cmdl)) | 149 | "cmd=(%s)" % (description, " ".join(cmdl))) |
167 | 136 | 150 | ||
168 | 137 | return 0 | 151 | return 0 |
169 | 138 | 152 | ||
170 | @@ -211,6 +225,13 @@ | |||
171 | 211 | write_file(self.opal_pem, b"") | 225 | write_file(self.opal_pem, b"") |
172 | 212 | write_file(self.opal_x509, b"") | 226 | write_file(self.opal_x509, b"") |
173 | 213 | 227 | ||
174 | 228 | def setUpSiplKeys(self, create=True): | ||
175 | 229 | self.sipl_pem = os.path.join(self.signing_dir, "sipl.pem") | ||
176 | 230 | self.sipl_x509 = os.path.join(self.signing_dir, "sipl.x509") | ||
177 | 231 | if create: | ||
178 | 232 | write_file(self.sipl_pem, b"") | ||
179 | 233 | write_file(self.sipl_x509, b"") | ||
180 | 234 | |||
181 | 214 | def openArchive(self, loader_type, version, arch): | 235 | def openArchive(self, loader_type, version, arch): |
182 | 215 | self.path = os.path.join( | 236 | self.path = os.path.join( |
183 | 216 | self.temp_dir, "%s_%s_%s.tar.gz" % (loader_type, version, arch)) | 237 | self.temp_dir, "%s_%s_%s.tar.gz" % (loader_type, version, arch)) |
184 | @@ -247,6 +268,7 @@ | |||
185 | 247 | upload.signUefi = FakeMethod() | 268 | upload.signUefi = FakeMethod() |
186 | 248 | upload.signKmod = FakeMethod() | 269 | upload.signKmod = FakeMethod() |
187 | 249 | upload.signOpal = FakeMethod() | 270 | upload.signOpal = FakeMethod() |
188 | 271 | upload.signSipl = FakeMethod() | ||
189 | 250 | # Under no circumstances is it safe to execute actual commands. | 272 | # Under no circumstances is it safe to execute actual commands. |
190 | 251 | fake_call = FakeMethod(result=0) | 273 | fake_call = FakeMethod(result=0) |
191 | 252 | self.useFixture(MonkeyPatch("subprocess.call", fake_call)) | 274 | self.useFixture(MonkeyPatch("subprocess.call", fake_call)) |
192 | @@ -267,6 +289,7 @@ | |||
193 | 267 | self.tarfile.add_file("1.0/empty.efi", b"") | 289 | self.tarfile.add_file("1.0/empty.efi", b"") |
194 | 268 | self.tarfile.add_file("1.0/empty.ko", b"") | 290 | self.tarfile.add_file("1.0/empty.ko", b"") |
195 | 269 | self.tarfile.add_file("1.0/empty.opal", b"") | 291 | self.tarfile.add_file("1.0/empty.opal", b"") |
196 | 292 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
197 | 270 | upload = self.process_emulate() | 293 | upload = self.process_emulate() |
198 | 271 | self.assertContentEqual([], upload.callLog.caller_list()) | 294 | self.assertContentEqual([], upload.callLog.caller_list()) |
199 | 272 | 295 | ||
200 | @@ -277,6 +300,7 @@ | |||
201 | 277 | self.tarfile.add_file("1.0/empty.efi", b"") | 300 | self.tarfile.add_file("1.0/empty.efi", b"") |
202 | 278 | self.tarfile.add_file("1.0/empty.ko", b"") | 301 | self.tarfile.add_file("1.0/empty.ko", b"") |
203 | 279 | self.tarfile.add_file("1.0/empty.opal", b"") | 302 | self.tarfile.add_file("1.0/empty.opal", b"") |
204 | 303 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
205 | 280 | upload = self.process_emulate() | 304 | upload = self.process_emulate() |
206 | 281 | self.assertContentEqual([], upload.callLog.caller_list()) | 305 | self.assertContentEqual([], upload.callLog.caller_list()) |
207 | 282 | 306 | ||
208 | @@ -289,6 +313,7 @@ | |||
209 | 289 | self.tarfile.add_file("1.0/empty.efi", b"") | 313 | self.tarfile.add_file("1.0/empty.efi", b"") |
210 | 290 | self.tarfile.add_file("1.0/empty.ko", b"") | 314 | self.tarfile.add_file("1.0/empty.ko", b"") |
211 | 291 | self.tarfile.add_file("1.0/empty.opal", b"") | 315 | self.tarfile.add_file("1.0/empty.opal", b"") |
212 | 316 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
213 | 292 | upload = self.process_emulate() | 317 | upload = self.process_emulate() |
214 | 293 | expected_callers = [ | 318 | expected_callers = [ |
215 | 294 | ('UEFI signing', 1), | 319 | ('UEFI signing', 1), |
216 | @@ -304,6 +329,7 @@ | |||
217 | 304 | self.tarfile.add_file("1.0/empty.efi", b"") | 329 | self.tarfile.add_file("1.0/empty.efi", b"") |
218 | 305 | self.tarfile.add_file("1.0/empty.ko", b"") | 330 | self.tarfile.add_file("1.0/empty.ko", b"") |
219 | 306 | self.tarfile.add_file("1.0/empty.opal", b"") | 331 | self.tarfile.add_file("1.0/empty.opal", b"") |
220 | 332 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
221 | 307 | upload = self.process_emulate() | 333 | upload = self.process_emulate() |
222 | 308 | expected_callers = [ | 334 | expected_callers = [ |
223 | 309 | ('UEFI keygen', 1), | 335 | ('UEFI keygen', 1), |
224 | @@ -311,9 +337,12 @@ | |||
225 | 311 | ('Kmod keygen cert', 1), | 337 | ('Kmod keygen cert', 1), |
226 | 312 | ('Opal keygen key', 1), | 338 | ('Opal keygen key', 1), |
227 | 313 | ('Opal keygen cert', 1), | 339 | ('Opal keygen cert', 1), |
228 | 340 | ('SIPL keygen key', 1), | ||
229 | 341 | ('SIPL keygen cert', 1), | ||
230 | 314 | ('UEFI signing', 1), | 342 | ('UEFI signing', 1), |
231 | 315 | ('Kmod signing', 1), | 343 | ('Kmod signing', 1), |
232 | 316 | ('Opal signing', 1), | 344 | ('Opal signing', 1), |
233 | 345 | ('SIPL signing', 1), | ||
234 | 317 | ] | 346 | ] |
235 | 318 | self.assertContentEqual(expected_callers, upload.callLog.caller_list()) | 347 | self.assertContentEqual(expected_callers, upload.callLog.caller_list()) |
236 | 319 | 348 | ||
237 | @@ -387,16 +416,19 @@ | |||
238 | 387 | self.setUpUefiKeys() | 416 | self.setUpUefiKeys() |
239 | 388 | self.setUpKmodKeys() | 417 | self.setUpKmodKeys() |
240 | 389 | self.setUpOpalKeys() | 418 | self.setUpOpalKeys() |
241 | 419 | self.setUpSiplKeys() | ||
242 | 390 | self.openArchive("test", "1.0", "amd64") | 420 | self.openArchive("test", "1.0", "amd64") |
243 | 391 | self.tarfile.add_file("1.0/empty.efi", b"") | 421 | self.tarfile.add_file("1.0/empty.efi", b"") |
244 | 392 | self.tarfile.add_file("1.0/empty.ko", b"") | 422 | self.tarfile.add_file("1.0/empty.ko", b"") |
245 | 393 | self.tarfile.add_file("1.0/empty.opal", b"") | 423 | self.tarfile.add_file("1.0/empty.opal", b"") |
246 | 424 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
247 | 394 | self.process_emulate() | 425 | self.process_emulate() |
248 | 395 | self.assertThat(self.getSignedPath("test", "amd64"), SignedMatches([ | 426 | self.assertThat(self.getSignedPath("test", "amd64"), SignedMatches([ |
249 | 396 | "1.0/SHA256SUMS", | 427 | "1.0/SHA256SUMS", |
250 | 397 | "1.0/empty.efi", "1.0/empty.efi.signed", "1.0/control/uefi.crt", | 428 | "1.0/empty.efi", "1.0/empty.efi.signed", "1.0/control/uefi.crt", |
251 | 398 | "1.0/empty.ko", "1.0/empty.ko.sig", "1.0/control/kmod.x509", | 429 | "1.0/empty.ko", "1.0/empty.ko.sig", "1.0/control/kmod.x509", |
252 | 399 | "1.0/empty.opal", "1.0/empty.opal.sig", "1.0/control/opal.x509", | 430 | "1.0/empty.opal", "1.0/empty.opal.sig", "1.0/control/opal.x509", |
253 | 431 | "1.0/empty.sipl", "1.0/empty.sipl.sig", "1.0/control/sipl.x509", | ||
254 | 400 | ])) | 432 | ])) |
255 | 401 | 433 | ||
256 | 402 | def test_options_tarball(self): | 434 | def test_options_tarball(self): |
257 | @@ -405,11 +437,13 @@ | |||
258 | 405 | self.setUpUefiKeys() | 437 | self.setUpUefiKeys() |
259 | 406 | self.setUpKmodKeys() | 438 | self.setUpKmodKeys() |
260 | 407 | self.setUpOpalKeys() | 439 | self.setUpOpalKeys() |
261 | 440 | self.setUpSiplKeys() | ||
262 | 408 | self.openArchive("test", "1.0", "amd64") | 441 | self.openArchive("test", "1.0", "amd64") |
263 | 409 | self.tarfile.add_file("1.0/control/options", b"tarball") | 442 | self.tarfile.add_file("1.0/control/options", b"tarball") |
264 | 410 | self.tarfile.add_file("1.0/empty.efi", b"") | 443 | self.tarfile.add_file("1.0/empty.efi", b"") |
265 | 411 | self.tarfile.add_file("1.0/empty.ko", b"") | 444 | self.tarfile.add_file("1.0/empty.ko", b"") |
266 | 412 | self.tarfile.add_file("1.0/empty.opal", b"") | 445 | self.tarfile.add_file("1.0/empty.opal", b"") |
267 | 446 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
268 | 413 | self.process_emulate() | 447 | self.process_emulate() |
269 | 414 | self.assertThat(self.getSignedPath("test", "amd64"), SignedMatches([ | 448 | self.assertThat(self.getSignedPath("test", "amd64"), SignedMatches([ |
270 | 415 | "1.0/SHA256SUMS", | 449 | "1.0/SHA256SUMS", |
271 | @@ -425,6 +459,8 @@ | |||
272 | 425 | '1.0/empty.ko', '1.0/empty.ko.sig', '1.0/control/kmod.x509', | 459 | '1.0/empty.ko', '1.0/empty.ko.sig', '1.0/control/kmod.x509', |
273 | 426 | '1.0/empty.opal', '1.0/empty.opal.sig', | 460 | '1.0/empty.opal', '1.0/empty.opal.sig', |
274 | 427 | '1.0/control/opal.x509', | 461 | '1.0/control/opal.x509', |
275 | 462 | '1.0/empty.sipl', '1.0/empty.sipl.sig', | ||
276 | 463 | '1.0/control/sipl.x509', | ||
277 | 428 | ], tarball.getnames()) | 464 | ], tarball.getnames()) |
278 | 429 | 465 | ||
279 | 430 | def test_options_signed_only(self): | 466 | def test_options_signed_only(self): |
280 | @@ -433,17 +469,20 @@ | |||
281 | 433 | self.setUpUefiKeys() | 469 | self.setUpUefiKeys() |
282 | 434 | self.setUpKmodKeys() | 470 | self.setUpKmodKeys() |
283 | 435 | self.setUpOpalKeys() | 471 | self.setUpOpalKeys() |
284 | 472 | self.setUpSiplKeys() | ||
285 | 436 | self.openArchive("test", "1.0", "amd64") | 473 | self.openArchive("test", "1.0", "amd64") |
286 | 437 | self.tarfile.add_file("1.0/control/options", b"signed-only") | 474 | self.tarfile.add_file("1.0/control/options", b"signed-only") |
287 | 438 | self.tarfile.add_file("1.0/empty.efi", b"") | 475 | self.tarfile.add_file("1.0/empty.efi", b"") |
288 | 439 | self.tarfile.add_file("1.0/empty.ko", b"") | 476 | self.tarfile.add_file("1.0/empty.ko", b"") |
289 | 440 | self.tarfile.add_file("1.0/empty.opal", b"") | 477 | self.tarfile.add_file("1.0/empty.opal", b"") |
290 | 478 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
291 | 441 | self.process_emulate() | 479 | self.process_emulate() |
292 | 442 | self.assertThat(self.getSignedPath("test", "amd64"), SignedMatches([ | 480 | self.assertThat(self.getSignedPath("test", "amd64"), SignedMatches([ |
293 | 443 | "1.0/SHA256SUMS", "1.0/control/options", | 481 | "1.0/SHA256SUMS", "1.0/control/options", |
294 | 444 | "1.0/empty.efi.signed", "1.0/control/uefi.crt", | 482 | "1.0/empty.efi.signed", "1.0/control/uefi.crt", |
295 | 445 | "1.0/empty.ko.sig", "1.0/control/kmod.x509", | 483 | "1.0/empty.ko.sig", "1.0/control/kmod.x509", |
296 | 446 | "1.0/empty.opal.sig", "1.0/control/opal.x509", | 484 | "1.0/empty.opal.sig", "1.0/control/opal.x509", |
297 | 485 | "1.0/empty.sipl.sig", "1.0/control/sipl.x509", | ||
298 | 447 | ])) | 486 | ])) |
299 | 448 | 487 | ||
300 | 449 | def test_options_tarball_signed_only(self): | 488 | def test_options_tarball_signed_only(self): |
301 | @@ -453,11 +492,13 @@ | |||
302 | 453 | self.setUpUefiKeys() | 492 | self.setUpUefiKeys() |
303 | 454 | self.setUpKmodKeys() | 493 | self.setUpKmodKeys() |
304 | 455 | self.setUpOpalKeys() | 494 | self.setUpOpalKeys() |
305 | 495 | self.setUpSiplKeys() | ||
306 | 456 | self.openArchive("test", "1.0", "amd64") | 496 | self.openArchive("test", "1.0", "amd64") |
307 | 457 | self.tarfile.add_file("1.0/control/options", b"tarball\nsigned-only") | 497 | self.tarfile.add_file("1.0/control/options", b"tarball\nsigned-only") |
308 | 458 | self.tarfile.add_file("1.0/empty.efi", b"") | 498 | self.tarfile.add_file("1.0/empty.efi", b"") |
309 | 459 | self.tarfile.add_file("1.0/empty.ko", b"") | 499 | self.tarfile.add_file("1.0/empty.ko", b"") |
310 | 460 | self.tarfile.add_file("1.0/empty.opal", b"") | 500 | self.tarfile.add_file("1.0/empty.opal", b"") |
311 | 501 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
312 | 461 | self.process_emulate() | 502 | self.process_emulate() |
313 | 462 | self.assertThat(self.getSignedPath("test", "amd64"), SignedMatches([ | 503 | self.assertThat(self.getSignedPath("test", "amd64"), SignedMatches([ |
314 | 463 | "1.0/SHA256SUMS", | 504 | "1.0/SHA256SUMS", |
315 | @@ -471,6 +512,7 @@ | |||
316 | 471 | '1.0/empty.efi.signed', '1.0/control/uefi.crt', | 512 | '1.0/empty.efi.signed', '1.0/control/uefi.crt', |
317 | 472 | '1.0/empty.ko.sig', '1.0/control/kmod.x509', | 513 | '1.0/empty.ko.sig', '1.0/control/kmod.x509', |
318 | 473 | '1.0/empty.opal.sig', '1.0/control/opal.x509', | 514 | '1.0/empty.opal.sig', '1.0/control/opal.x509', |
319 | 515 | '1.0/empty.sipl.sig', '1.0/control/sipl.x509', | ||
320 | 474 | ], tarball.getnames()) | 516 | ], tarball.getnames()) |
321 | 475 | 517 | ||
322 | 476 | def test_no_signed_files(self): | 518 | def test_no_signed_files(self): |
323 | @@ -484,6 +526,8 @@ | |||
324 | 484 | self.getSignedPath("empty", "amd64"), "1.0", "hello"))) | 526 | self.getSignedPath("empty", "amd64"), "1.0", "hello"))) |
325 | 485 | self.assertEqual(0, upload.signUefi.call_count) | 527 | self.assertEqual(0, upload.signUefi.call_count) |
326 | 486 | self.assertEqual(0, upload.signKmod.call_count) | 528 | self.assertEqual(0, upload.signKmod.call_count) |
327 | 529 | self.assertEqual(0, upload.signOpal.call_count) | ||
328 | 530 | self.assertEqual(0, upload.signSipl.call_count) | ||
329 | 487 | 531 | ||
330 | 488 | def test_already_exists(self): | 532 | def test_already_exists(self): |
331 | 489 | # If the target directory already exists, processing fails. | 533 | # If the target directory already exists, processing fails. |
332 | @@ -559,15 +603,20 @@ | |||
333 | 559 | def test_correct_kmod_openssl_config(self): | 603 | def test_correct_kmod_openssl_config(self): |
334 | 560 | # Check that calling generateOpensslConfig() will return an appropriate | 604 | # Check that calling generateOpensslConfig() will return an appropriate |
335 | 561 | # openssl configuration. | 605 | # openssl configuration. |
336 | 606 | self.setUpPPA() | ||
337 | 562 | upload = SigningUpload() | 607 | upload = SigningUpload() |
339 | 563 | text = upload.generateOpensslConfig('Kmod', 'something-unique') | 608 | upload.setTargetDirectory( |
340 | 609 | self.archive, "test_1.0_amd64.tar.gz", "distroseries") | ||
341 | 610 | text = upload.generateOpensslConfig('Kmod', upload.openssl_config_kmod) | ||
342 | 564 | 611 | ||
344 | 565 | cn_re = re.compile(r'\bCN\s*=\s*something-unique\b') | 612 | id_re = re.compile(r'^# KMOD OpenSSL config\n') |
345 | 613 | cn_re = re.compile(r'\bCN\s*=\s*' + self.testcase_cn[4:-1] + '\s+Kmod') | ||
346 | 566 | eku_re = re.compile( | 614 | eku_re = re.compile( |
347 | 567 | r'\bextendedKeyUsage\s*=\s*' | 615 | r'\bextendedKeyUsage\s*=\s*' |
348 | 568 | r'codeSigning,1.3.6.1.4.1.2312.16.1.2\s*\b') | 616 | r'codeSigning,1.3.6.1.4.1.2312.16.1.2\s*\b') |
349 | 569 | 617 | ||
350 | 570 | self.assertIn('[ req ]', text) | 618 | self.assertIn('[ req ]', text) |
351 | 619 | self.assertIsNotNone(id_re.search(text)) | ||
352 | 571 | self.assertIsNotNone(cn_re.search(text)) | 620 | self.assertIsNotNone(cn_re.search(text)) |
353 | 572 | self.assertIsNotNone(eku_re.search(text)) | 621 | self.assertIsNotNone(eku_re.search(text)) |
354 | 573 | 622 | ||
355 | @@ -640,12 +689,17 @@ | |||
356 | 640 | def test_correct_opal_openssl_config(self): | 689 | def test_correct_opal_openssl_config(self): |
357 | 641 | # Check that calling generateOpensslConfig() will return an appropriate | 690 | # Check that calling generateOpensslConfig() will return an appropriate |
358 | 642 | # openssl configuration. | 691 | # openssl configuration. |
359 | 692 | self.setUpPPA() | ||
360 | 643 | upload = SigningUpload() | 693 | upload = SigningUpload() |
362 | 644 | text = upload.generateOpensslConfig('Opal', 'something-unique') | 694 | upload.setTargetDirectory( |
363 | 695 | self.archive, "test_1.0_amd64.tar.gz", "distroseries") | ||
364 | 696 | text = upload.generateOpensslConfig('Opal', upload.openssl_config_opal) | ||
365 | 645 | 697 | ||
367 | 646 | cn_re = re.compile(r'\bCN\s*=\s*something-unique\b') | 698 | id_re = re.compile(r'^# OPAL OpenSSL config\n') |
368 | 699 | cn_re = re.compile(r'\bCN\s*=\s*' + self.testcase_cn[4:-1] + '\s+Opal') | ||
369 | 647 | 700 | ||
370 | 648 | self.assertIn('[ req ]', text) | 701 | self.assertIn('[ req ]', text) |
371 | 702 | self.assertIsNotNone(id_re.search(text)) | ||
372 | 649 | self.assertIsNotNone(cn_re.search(text)) | 703 | self.assertIsNotNone(cn_re.search(text)) |
373 | 650 | self.assertNotIn('extendedKeyUsage', text) | 704 | self.assertNotIn('extendedKeyUsage', text) |
374 | 651 | 705 | ||
375 | @@ -715,6 +769,89 @@ | |||
376 | 715 | ] | 769 | ] |
377 | 716 | self.assertEqual(expected_cmd, args) | 770 | self.assertEqual(expected_cmd, args) |
378 | 717 | 771 | ||
379 | 772 | def test_correct_sipl_openssl_config(self): | ||
380 | 773 | # Check that calling generateOpensslConfig() will return an appropriate | ||
381 | 774 | # openssl configuration. | ||
382 | 775 | self.setUpPPA() | ||
383 | 776 | upload = SigningUpload() | ||
384 | 777 | upload.setTargetDirectory( | ||
385 | 778 | self.archive, "test_1.0_amd64.tar.gz", "distroseries") | ||
386 | 779 | text = upload.generateOpensslConfig('SIPL', upload.openssl_config_sipl) | ||
387 | 780 | |||
388 | 781 | id_re = re.compile(r'^# SIPL OpenSSL config\n') | ||
389 | 782 | cn_re = re.compile(r'\bCN\s*=\s*' + self.testcase_cn[4:-1] + '\s+SIPL') | ||
390 | 783 | |||
391 | 784 | self.assertIn('[ req ]', text) | ||
392 | 785 | self.assertIsNotNone(id_re.search(text)) | ||
393 | 786 | self.assertIsNotNone(cn_re.search(text)) | ||
394 | 787 | self.assertNotIn('extendedKeyUsage', text) | ||
395 | 788 | |||
396 | 789 | def test_correct_sipl_signing_command_executed(self): | ||
397 | 790 | # Check that calling signSipl() will generate the expected command | ||
398 | 791 | # when appropriate keys are present. | ||
399 | 792 | self.setUpSiplKeys() | ||
400 | 793 | fake_call = FakeMethod(result=0) | ||
401 | 794 | self.useFixture(MonkeyPatch("subprocess.call", fake_call)) | ||
402 | 795 | upload = SigningUpload() | ||
403 | 796 | upload.generateSiplKeys = FakeMethod() | ||
404 | 797 | upload.setTargetDirectory( | ||
405 | 798 | self.archive, "test_1.0_amd64.tar.gz", "distroseries") | ||
406 | 799 | upload.signSipl('t.sipl') | ||
407 | 800 | self.assertEqual(1, fake_call.call_count) | ||
408 | 801 | # Assert command form. | ||
409 | 802 | args = fake_call.calls[0][0][0] | ||
410 | 803 | expected_cmd = [ | ||
411 | 804 | 'kmodsign', '-D', 'sha512', self.sipl_pem, self.sipl_x509, | ||
412 | 805 | 't.sipl', 't.sipl.sig' | ||
413 | 806 | ] | ||
414 | 807 | self.assertEqual(expected_cmd, args) | ||
415 | 808 | self.assertEqual(0, upload.generateSiplKeys.call_count) | ||
416 | 809 | |||
417 | 810 | def test_correct_sipl_signing_command_executed_no_keys(self): | ||
418 | 811 | # Check that calling signSipl() will generate no commands when | ||
419 | 812 | # no keys are present. | ||
420 | 813 | self.setUpSiplKeys(create=False) | ||
421 | 814 | fake_call = FakeMethod(result=0) | ||
422 | 815 | self.useFixture(MonkeyPatch("subprocess.call", fake_call)) | ||
423 | 816 | upload = SigningUpload() | ||
424 | 817 | upload.generateSiplKeys = FakeMethod() | ||
425 | 818 | upload.setTargetDirectory( | ||
426 | 819 | self.archive, "test_1.0_amd64.tar.gz", "distroseries") | ||
427 | 820 | upload.signOpal('t.sipl') | ||
428 | 821 | self.assertEqual(0, fake_call.call_count) | ||
429 | 822 | self.assertEqual(0, upload.generateSiplKeys.call_count) | ||
430 | 823 | |||
431 | 824 | def test_correct_sipl_keygen_command_executed(self): | ||
432 | 825 | # Check that calling generateSiplKeys() will generate the | ||
433 | 826 | # expected command. | ||
434 | 827 | self.setUpPPA() | ||
435 | 828 | self.setUpSiplKeys(create=False) | ||
436 | 829 | fake_call = FakeMethod(result=0) | ||
437 | 830 | self.useFixture(MonkeyPatch("subprocess.call", fake_call)) | ||
438 | 831 | upload = SigningUpload() | ||
439 | 832 | upload.setTargetDirectory( | ||
440 | 833 | self.archive, "test_1.0_amd64.tar.gz", "distroseries") | ||
441 | 834 | upload.generateSiplKeys() | ||
442 | 835 | self.assertEqual(2, fake_call.call_count) | ||
443 | 836 | # Assert the actual command matches. | ||
444 | 837 | args = fake_call.calls[0][0][0] | ||
445 | 838 | # Sanitise the keygen tmp file. | ||
446 | 839 | if args[11].endswith('.keygen'): | ||
447 | 840 | args[11] = 'XXX.keygen' | ||
448 | 841 | expected_cmd = [ | ||
449 | 842 | 'openssl', 'req', '-new', '-nodes', '-utf8', '-sha512', | ||
450 | 843 | '-days', '3650', '-batch', '-x509', | ||
451 | 844 | '-config', 'XXX.keygen', '-outform', 'PEM', | ||
452 | 845 | '-out', self.sipl_pem, '-keyout', self.sipl_pem | ||
453 | 846 | ] | ||
454 | 847 | self.assertEqual(expected_cmd, args) | ||
455 | 848 | args = fake_call.calls[1][0][0] | ||
456 | 849 | expected_cmd = [ | ||
457 | 850 | 'openssl', 'x509', '-in', self.sipl_pem, '-outform', 'DER', | ||
458 | 851 | '-out', self.sipl_x509 | ||
459 | 852 | ] | ||
460 | 853 | self.assertEqual(expected_cmd, args) | ||
461 | 854 | |||
462 | 718 | def test_signs_uefi_image(self): | 855 | def test_signs_uefi_image(self): |
463 | 719 | # Each image in the tarball is signed. | 856 | # Each image in the tarball is signed. |
464 | 720 | self.setUpUefiKeys() | 857 | self.setUpUefiKeys() |
465 | @@ -739,6 +876,14 @@ | |||
466 | 739 | upload = self.process() | 876 | upload = self.process() |
467 | 740 | self.assertEqual(1, upload.signOpal.call_count) | 877 | self.assertEqual(1, upload.signOpal.call_count) |
468 | 741 | 878 | ||
469 | 879 | def test_signs_sipl_image(self): | ||
470 | 880 | # Each image in the tarball is signed. | ||
471 | 881 | self.setUpSiplKeys() | ||
472 | 882 | self.openArchive("test", "1.0", "amd64") | ||
473 | 883 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
474 | 884 | upload = self.process() | ||
475 | 885 | self.assertEqual(1, upload.signSipl.call_count) | ||
476 | 886 | |||
477 | 742 | def test_signs_combo_image(self): | 887 | def test_signs_combo_image(self): |
478 | 743 | # Each image in the tarball is signed. | 888 | # Each image in the tarball is signed. |
479 | 744 | self.setUpKmodKeys() | 889 | self.setUpKmodKeys() |
480 | @@ -749,10 +894,15 @@ | |||
481 | 749 | self.tarfile.add_file("1.0/empty.opal", b"") | 894 | self.tarfile.add_file("1.0/empty.opal", b"") |
482 | 750 | self.tarfile.add_file("1.0/empty2.opal", b"") | 895 | self.tarfile.add_file("1.0/empty2.opal", b"") |
483 | 751 | self.tarfile.add_file("1.0/empty3.opal", b"") | 896 | self.tarfile.add_file("1.0/empty3.opal", b"") |
484 | 897 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
485 | 898 | self.tarfile.add_file("1.0/empty2.sipl", b"") | ||
486 | 899 | self.tarfile.add_file("1.0/empty3.sipl", b"") | ||
487 | 900 | self.tarfile.add_file("1.0/empty4.sipl", b"") | ||
488 | 752 | upload = self.process() | 901 | upload = self.process() |
489 | 753 | self.assertEqual(1, upload.signUefi.call_count) | 902 | self.assertEqual(1, upload.signUefi.call_count) |
490 | 754 | self.assertEqual(2, upload.signKmod.call_count) | 903 | self.assertEqual(2, upload.signKmod.call_count) |
491 | 755 | self.assertEqual(3, upload.signOpal.call_count) | 904 | self.assertEqual(3, upload.signOpal.call_count) |
492 | 905 | self.assertEqual(4, upload.signSipl.call_count) | ||
493 | 756 | 906 | ||
494 | 757 | def test_installed(self): | 907 | def test_installed(self): |
495 | 758 | # Files in the tarball are installed correctly. | 908 | # Files in the tarball are installed correctly. |
496 | @@ -898,16 +1048,55 @@ | |||
497 | 898 | self.assertEqual(stat.S_IMODE(os.stat(self.opal_pem).st_mode), 0o600) | 1048 | self.assertEqual(stat.S_IMODE(os.stat(self.opal_pem).st_mode), 0o600) |
498 | 899 | self.assertEqual(stat.S_IMODE(os.stat(self.opal_x509).st_mode), 0o644) | 1049 | self.assertEqual(stat.S_IMODE(os.stat(self.opal_x509).st_mode), 0o644) |
499 | 900 | 1050 | ||
500 | 1051 | def test_create_sipl_keys_autokey_off(self): | ||
501 | 1052 | # Keys are not created. | ||
502 | 1053 | self.setUpSiplKeys(create=False) | ||
503 | 1054 | self.assertFalse(os.path.exists(self.sipl_pem)) | ||
504 | 1055 | self.assertFalse(os.path.exists(self.sipl_x509)) | ||
505 | 1056 | fake_call = FakeMethod(result=0) | ||
506 | 1057 | self.useFixture(MonkeyPatch("subprocess.call", fake_call)) | ||
507 | 1058 | upload = SigningUpload() | ||
508 | 1059 | upload.callLog = FakeMethodCallLog(upload=upload) | ||
509 | 1060 | upload.setTargetDirectory( | ||
510 | 1061 | self.archive, "test_1.0_amd64.tar.gz", "distroseries") | ||
511 | 1062 | upload.signOpal(os.path.join(self.makeTemporaryDirectory(), 't.sipl')) | ||
512 | 1063 | self.assertEqual(0, upload.callLog.caller_count('SIPL keygen key')) | ||
513 | 1064 | self.assertEqual(0, upload.callLog.caller_count('SIPL keygen cert')) | ||
514 | 1065 | self.assertFalse(os.path.exists(self.sipl_pem)) | ||
515 | 1066 | self.assertFalse(os.path.exists(self.sipl_x509)) | ||
516 | 1067 | |||
517 | 1068 | def test_create_sipl_keys_autokey_on(self): | ||
518 | 1069 | # Keys are created on demand. | ||
519 | 1070 | self.setUpPPA() | ||
520 | 1071 | self.setUpSiplKeys(create=False) | ||
521 | 1072 | self.assertFalse(os.path.exists(self.sipl_pem)) | ||
522 | 1073 | self.assertFalse(os.path.exists(self.sipl_x509)) | ||
523 | 1074 | fake_call = FakeMethod(result=0) | ||
524 | 1075 | self.useFixture(MonkeyPatch("subprocess.call", fake_call)) | ||
525 | 1076 | upload = SigningUpload() | ||
526 | 1077 | upload.callLog = FakeMethodCallLog(upload=upload) | ||
527 | 1078 | upload.setTargetDirectory( | ||
528 | 1079 | self.archive, "test_1.0_amd64.tar.gz", "distroseries") | ||
529 | 1080 | upload.signSipl(os.path.join(self.makeTemporaryDirectory(), 't.sipl')) | ||
530 | 1081 | self.assertEqual(1, upload.callLog.caller_count('SIPL keygen key')) | ||
531 | 1082 | self.assertEqual(1, upload.callLog.caller_count('SIPL keygen cert')) | ||
532 | 1083 | self.assertTrue(os.path.exists(self.sipl_pem)) | ||
533 | 1084 | self.assertTrue(os.path.exists(self.sipl_x509)) | ||
534 | 1085 | self.assertEqual(stat.S_IMODE(os.stat(self.sipl_pem).st_mode), 0o600) | ||
535 | 1086 | self.assertEqual(stat.S_IMODE(os.stat(self.sipl_x509).st_mode), 0o644) | ||
536 | 1087 | |||
537 | 901 | def test_checksumming_tree(self): | 1088 | def test_checksumming_tree(self): |
538 | 902 | # Specifying no options should leave us with an open tree, | 1089 | # Specifying no options should leave us with an open tree, |
539 | 903 | # confirm it is checksummed. | 1090 | # confirm it is checksummed. |
540 | 904 | self.setUpUefiKeys() | 1091 | self.setUpUefiKeys() |
541 | 905 | self.setUpKmodKeys() | 1092 | self.setUpKmodKeys() |
542 | 906 | self.setUpOpalKeys() | 1093 | self.setUpOpalKeys() |
543 | 1094 | self.setUpSiplKeys() | ||
544 | 907 | self.openArchive("test", "1.0", "amd64") | 1095 | self.openArchive("test", "1.0", "amd64") |
545 | 908 | self.tarfile.add_file("1.0/empty.efi", b"") | 1096 | self.tarfile.add_file("1.0/empty.efi", b"") |
546 | 909 | self.tarfile.add_file("1.0/empty.ko", b"") | 1097 | self.tarfile.add_file("1.0/empty.ko", b"") |
547 | 910 | self.tarfile.add_file("1.0/empty.opal", b"") | 1098 | self.tarfile.add_file("1.0/empty.opal", b"") |
548 | 1099 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
549 | 911 | self.process_emulate() | 1100 | self.process_emulate() |
550 | 912 | sha256file = os.path.join(self.getSignedPath("test", "amd64"), | 1101 | sha256file = os.path.join(self.getSignedPath("test", "amd64"), |
551 | 913 | "1.0", "SHA256SUMS") | 1102 | "1.0", "SHA256SUMS") |
552 | @@ -926,6 +1115,7 @@ | |||
553 | 926 | self.tarfile.add_file("1.0/empty.efi", b"") | 1115 | self.tarfile.add_file("1.0/empty.efi", b"") |
554 | 927 | self.tarfile.add_file("1.0/empty.ko", b"") | 1116 | self.tarfile.add_file("1.0/empty.ko", b"") |
555 | 928 | self.tarfile.add_file("1.0/empty.opal", b"") | 1117 | self.tarfile.add_file("1.0/empty.opal", b"") |
556 | 1118 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
557 | 929 | self.process_emulate() | 1119 | self.process_emulate() |
558 | 930 | sha256file = os.path.join(self.getSignedPath("test", "amd64"), | 1120 | sha256file = os.path.join(self.getSignedPath("test", "amd64"), |
559 | 931 | "1.0", "SHA256SUMS") | 1121 | "1.0", "SHA256SUMS") |
560 | @@ -949,6 +1139,7 @@ | |||
561 | 949 | self.tarfile.add_file("1.0/empty.efi", b"") | 1139 | self.tarfile.add_file("1.0/empty.efi", b"") |
562 | 950 | self.tarfile.add_file("1.0/empty.ko", b"") | 1140 | self.tarfile.add_file("1.0/empty.ko", b"") |
563 | 951 | self.tarfile.add_file("1.0/empty.opal", b"") | 1141 | self.tarfile.add_file("1.0/empty.opal", b"") |
564 | 1142 | self.tarfile.add_file("1.0/empty.sipl", b"") | ||
565 | 952 | self.process_emulate() | 1143 | self.process_emulate() |
566 | 953 | sha256file = os.path.join(self.getSignedPath("test", "amd64"), | 1144 | sha256file = os.path.join(self.getSignedPath("test", "amd64"), |
567 | 954 | "1.0", "SHA256SUMS") | 1145 | "1.0", "SHA256SUMS") |
568 | @@ -982,6 +1173,7 @@ | |||
569 | 982 | self.tarfile.add_file("1.0/empty.efi", "") | 1173 | self.tarfile.add_file("1.0/empty.efi", "") |
570 | 983 | self.tarfile.add_file("1.0/empty.ko", "") | 1174 | self.tarfile.add_file("1.0/empty.ko", "") |
571 | 984 | self.tarfile.add_file("1.0/empty.opal", "") | 1175 | self.tarfile.add_file("1.0/empty.opal", "") |
572 | 1176 | self.tarfile.add_file("1.0/empty.sipl", "") | ||
573 | 985 | self.process_emulate() | 1177 | self.process_emulate() |
574 | 986 | sha256file = os.path.join(self.getSignedPath("test", "amd64"), | 1178 | sha256file = os.path.join(self.getSignedPath("test", "amd64"), |
575 | 987 | "1.0", "SHA256SUMS") | 1179 | "1.0", "SHA256SUMS") |
Looks pretty much OK; just a few nits.