From 54b1c21bbfcb62389ac547daca02bc87d3f75376 Mon Sep 17 00:00:00 2001 From: Joy Latten Date: Fri, 18 Aug 2023 10:55:23 -0500 Subject: [PATCH] Fix testcase for policygen.bats This commit does several things: 1. Fix testcase that tests using defaults when generating policy. 2. The expected luks policy differed from the one in the snakeoil pcr7data dir. Changed it to use the one from snakeoil pcr7data dir to test against. 3. The perms for policy files in snakeoil pcr7data were 644, so changed to that when creating policy output files with "trust tpm-policy-gen" Signed-off-by: Joy Latten --- Makefile | 1 + cmd/trust/policygen.go | 4 ++-- tests/policygen.bats | 26 ++++++++++++++++++++------ tests/sample1/luks.policy | Bin 32 -> 32 bytes 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 2256670..61cc63b 100644 --- a/Makefile +++ b/Makefile @@ -11,3 +11,4 @@ test: trust bats tests/keyset.bats bats tests/project.bats bats tests/sudi.bats + bats tests/policygen.bats diff --git a/cmd/trust/policygen.go b/cmd/trust/policygen.go index 6fa15ea..0f56d51 100644 --- a/cmd/trust/policygen.go +++ b/cmd/trust/policygen.go @@ -79,7 +79,7 @@ func doTpmPolicygen(ctx *cli.Context) error { if err != nil { return err } - err = os.WriteFile(passwdOutFile, passwdPolDigest, 0400) + err = os.WriteFile(passwdOutFile, passwdPolDigest, 0644) if err != nil { return err } @@ -95,7 +95,7 @@ func doTpmPolicygen(ctx *cli.Context) error { if err != nil { return err } - err = os.WriteFile(luksOutFile, luksPolDigest, 0400) + err = os.WriteFile(luksOutFile, luksPolDigest, 0644) if err != nil { return err } diff --git a/tests/policygen.bats b/tests/policygen.bats index f70a9be..8048f7a 100644 --- a/tests/policygen.bats +++ b/tests/policygen.bats @@ -2,17 +2,31 @@ load helpers function setup() { common_setup + rm -rf "${BATS_TMPDIR}/passwd.out" "${BATS_TMPDIR}/luks.out" + rm -rf "${BATS_TMPDIR}/luks_policy.out" "${BATS_TMPDIR}/passwd_policy.out" } function teardown() { common_teardown + rm -rf "${BATS_TMPDIR}/passwd.out" "${BATS_TMPDIR}/luks.out" + rm -rf "${BATS_TMPDIR}/luks_policy.out" "${BATS_TMPDIR}/passwd_policy.out" } @test "Generate a policy" { - trust tpm-policy-gen --passwd-pcr7-file sample1/pcr7-tpm.bin \ - --production-pcr7-file sample1/pcr7-prod.bin \ - --passwd-policy-file sample1/passwd.out \ - --luks-policy-file sample1/luks.out - diff sample1/passwd.out sample1/passwd.policy - diff sample1/luks.out sample1/luks.policy + trust tpm-policy-gen --pcr7-tpm "${BATS_TEST_DIRNAME}/sample1/pcr7-tpm.bin" \ + --pcr7-production "${BATS_TEST_DIRNAME}/sample1/pcr7-prod.bin" \ + --passwd-policy-file "${BATS_TMPDIR}/passwd.out" \ + --luks-policy-file "${BATS_TMPDIR}/luks.out" \ + --policy-version 0001 + diff "${BATS_TMPDIR}/passwd.out" "${BATS_TEST_DIRNAME}/sample1/passwd.policy" + diff "${BATS_TMPDIR}/luks.out" "${BATS_TEST_DIRNAME}/sample1/luks.policy" +} + +@test "Generate a policy using defaults" { + current_dir=${PWD}; cd "${BATS_TMPDIR}" + trust tpm-policy-gen --pcr7-tpm "${BATS_TEST_DIRNAME}/sample1/pcr7-tpm.bin" \ + --pcr7-production "${BATS_TEST_DIRNAME}/sample1/pcr7-prod.bin" + cd $current_dir + diff "${BATS_TMPDIR}/passwd_policy.out" "${BATS_TEST_DIRNAME}/sample1/passwd.policy" + diff "${BATS_TMPDIR}/luks_policy.out" "${BATS_TEST_DIRNAME}/sample1/luks.policy" } diff --git a/tests/sample1/luks.policy b/tests/sample1/luks.policy index f274c8664c5024bc25ce64fa4d5eccef96efbdc1..5376d22409b5ae76d87996033d168e320899afab 100644 GIT binary patch literal 32 qcmV+*0N?)%(arO-kO$A70BVkSdj!oz95L3NUkbvmyW8#Y*A&bQ01+Di literal 32 ocmb<7H}=&27x0=*|LgV_7c}#x{xETi`FB`Cd1u4N+