diff options
Diffstat (limited to 'test/units/testsuite-58.sh')
| -rwxr-xr-x | test/units/testsuite-58.sh | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/test/units/testsuite-58.sh b/test/units/testsuite-58.sh index 313580f862..f41069ee04 100755 --- a/test/units/testsuite-58.sh +++ b/test/units/testsuite-58.sh @@ -726,17 +726,47 @@ Verity=hash VerityMatchKey=root EOF + cat >"$defs/verity-sig.conf" <<EOF +[Partition] +Type=root-${architecture}-verity-sig +Verity=signature +VerityMatchKey=root +EOF + + # Unfortunately OpenSSL insists on reading some config file, hence provide one with mostly placeholder contents + cat >> "$defs/verity.openssl.cnf" <<EOF +[ req ] +prompt = no +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] +C = DE +ST = Test State +L = Test Locality +O = Org Name +OU = Org Unit Name +CN = Common Name +emailAddress = test@email.com +EOF + + openssl req -config "$defs/verity.openssl.cnf" -new -x509 -newkey rsa:1024 -keyout "$defs/verity.key" -out "$defs/verity.crt" -days 365 -nodes + + mkdir -p /run/verity.d + ln -s "$defs/verity.crt" /run/verity.d/ok.crt + output=$(systemd-repart --definitions="$defs" \ --seed="$seed" \ --dry-run=no \ --empty=create \ --size=auto \ --json=pretty \ + --private-key="$defs/verity.key" \ + --certificate="$defs/verity.crt" \ "$imgs/verity") roothash=$(jq -r ".[] | select(.type == \"root-${architecture}-verity\") | .roothash" <<< "$output") - # Check that we can dissect, mount and unmount a repart verity image. + # Check that we can dissect, mount and unmount a repart verity image. systemd-dissect "$imgs/verity" --root-hash "$roothash" systemd-dissect "$imgs/verity" --root-hash "$roothash" -M "$imgs/mnt" |