NemOS Project

Merge ~nemos-team/nemos/+git/nemos-dev-key:add-autopkgtest into ~nemos-team/nemos/+git/nemos-dev-key:ubuntu/devel

  1. Git
  2. lp:~nemos-team/nemos/+git/nemos-dev-key
  3. add-autopkgtest
  4. Merge into ubuntu/devel
Proposed by Isaac True
Status: Merged
Approved by: Laider Lai
Approved revision: 98d3f2599d9c4c34cfb03eee54a97a01bee0476e
Merged at revision: 98d3f2599d9c4c34cfb03eee54a97a01bee0476e
Proposed branch: ~nemos-team/nemos/+git/nemos-dev-key:add-autopkgtest
Merge into: ~nemos-team/nemos/+git/nemos-dev-key:ubuntu/devel
Diff against target: 50 lines (+30/-0)
3 files modified
debian/changelog (+7/-0)
debian/tests/control (+2/-0)
debian/tests/verify (+21/-0)
Reviewer Review Type Date Requested Status
Laider Lai Approve
Review via email: mp+456060@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Isaac True (itrue) wrote (last edit ):

$ autopkgtest . -- lxd images:ubuntu/24.04
autopkgtest [11:07:18]: starting date and time: 2023-11-22 11:07:18+0100
autopkgtest [11:07:18]: version 5.28ubuntu1
autopkgtest [11:07:18]: host Isaac-Laptop; command line: /usr/bin/autopkgtest . -- lxd images:ubuntu/24.04
autopkgtest [11:07:48]: testbed dpkg architecture: amd64
autopkgtest [11:07:51]: testbed running kernel: Linux 6.5.0-10-generic #10-Ubuntu SMP PREEMPT_DYNAMIC Fri Oct 13 13:49:38 UTC 2023
autopkgtest [11:07:51]: @@@@@@@@@@@@@@@@@@@@ built-tree .
autopkgtest [11:07:51]: testing package nemos-dev-key version 1.3
autopkgtest [11:07:51]: test verify: preparing testbed
Reading package lists...
Building dependency tree...
Reading state information...
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up autopkgtest-satdep (0) ...
(Reading database ... 15779 files and directories currently installed.)
Removing autopkgtest-satdep (0) ...
autopkgtest [11:07:59]: test verify: [-----------------------
Signature Verified Successfully
autopkgtest [11:07:59]: test verify: -----------------------]
autopkgtest [11:08:00]: test verify: - - - - - - - - - - results - - - - - - - - - -
verify PASS
autopkgtest [11:08:00]: @@@@@@@@@@@@@@@@@@@@ summary
verify PASS

Revision history for this message
Laider Lai (laiderlai) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 00c318e..64705fe 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+nemos-dev-key (1.3) noble; urgency=medium
7+
8+ * Add package test to ensure that the public key can be used to verify
9+ signatures generated using the private key.
10+
11+ -- Isaac True <isaac.true@canonical.com> Wed, 22 Nov 2023 11:04:15 +0100
12+
13 nemos-dev-key (1.2) lunar; urgency=medium
14
15 * Adjust u-boot-signature.dtsi to only contain the key node itself, rather
16diff --git a/debian/tests/control b/debian/tests/control
17new file mode 100644
18index 0000000..37bf989
19--- /dev/null
20+++ b/debian/tests/control
21@@ -0,0 +1,2 @@
22+Tests: verify
23+Depends: openssl
24diff --git a/debian/tests/verify b/debian/tests/verify
25new file mode 100644
26index 0000000..3fde748
27--- /dev/null
28+++ b/debian/tests/verify
29@@ -0,0 +1,21 @@
30+#!/bin/sh -e
31+# SPDX-License-Identifier: GPL-2.0-or-later
32+# Copyright 2023 Canonical Ltd.
33+# Ensure that the public key can verify files signed by the private key
34+
35+FILE=$(mktemp)
36+HASH=$(mktemp)
37+
38+# Create a file with random contents
39+dd if=/dev/random of="${FILE}" bs=4096 count=1024 status=none
40+
41+# Create a detached signature using the private key
42+openssl pkeyutl -sign -keyform PEM -rawin -inkey rsa2048_private.pem \
43+ -in "${FILE}" > "${HASH}"
44+
45+# Verify the signature with the public key
46+openssl pkeyutl -verify -pubin -keyform PEM -rawin -inkey rsa2048_public.pem \
47+ -sigfile "${HASH}" -in "${FILE}"
48+
49+# Clean up
50+rm -f "${FILE}" "${HASH}"

Subscribers

People subscribed via source and target branches

to all changes: