mirror of
https://github.com/linux-apfs/apfstests.git
synced 2026-05-01 15:01:44 -07:00
Eric Biggers
eff343fb5d
Most of the fs-verity tests fail if the fs.verity.require_signatures sysctl has been set to 1. Update them to set this sysctl to 0 at the beginning of the test and restore it to its previous value at the end. generic/577 intentionally sets this sysctl to 1. Make it restore the previous value at the end of the test rather than assuming it was 0. Also simplify _require_fsverity_builtin_signatures() to just check for the presence of the file /proc/sys/fs/verity/require_signatures rather than check whether the fs-verity keyring is listed in /proc/keys. Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Eryu Guan <guaneryu@gmail.com> Signed-off-by: Eryu Guan <guaneryu@gmail.com>
42 lines
1.6 KiB
Plaintext
42 lines
1.6 KiB
Plaintext
QA output created by 577
|
|
|
|
# Generating certificates and private keys
|
|
|
|
# Clearing fs-verity keyring
|
|
|
|
# Loading first certificate into fs-verity keyring
|
|
|
|
# Enabling fs.verity.require_signatures
|
|
|
|
# Generating file and signing it for fs-verity
|
|
Signed file 'SCRATCH_MNT/file' (sha256:ecabbfca4efd69a721be824965da10d27900b109549f96687b35a4d91d810dac)
|
|
Signed file 'SCRATCH_MNT/file' (sha256:ecabbfca4efd69a721be824965da10d27900b109549f96687b35a4d91d810dac)
|
|
|
|
# Signing a different file for fs-verity
|
|
Signed file 'SCRATCH_MNT/otherfile' (sha256:b2a419c5a8c767a78c6275d6729794bf51e52ddf8713e31d12a93d61d961f49f)
|
|
|
|
# Enabling verity with valid signature (should succeed)
|
|
|
|
# Enabling verity without signature (should fail)
|
|
ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Operation not permitted
|
|
|
|
# Opening verity file without signature (should fail)
|
|
md5sum: SCRATCH_MNT/file.fsv: Operation not permitted
|
|
|
|
# Enabling verity with untrusted signature (should fail)
|
|
ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Required key not available
|
|
|
|
# Enabling verity with wrong file's signature (should fail)
|
|
ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Key was rejected by service
|
|
|
|
# Enabling verity with malformed signature (should fail)
|
|
ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Bad message
|
|
|
|
# Testing salt
|
|
Signed file 'SCRATCH_MNT/file' (sha256:1cb173bcd199133eb80e9ea4f0f741001b9e73227aa8812685156f2bc8ff45f5)
|
|
|
|
# Testing non-default hash algorithm
|
|
|
|
# Testing empty file
|
|
Signed file 'SCRATCH_MNT/file.fsv' (sha256:3d248ca542a24fc62d1c43b916eae5016878e2533c88238480b26128a1f1af95)
|