keylime-policy: rename policy tool to keylime-policy

Upstream has been working on consistency within regard the policy tool
and its arguments, and the actual policy tool itself, which changed its
name from keylime_policy to keylime-policy.

This commit updates the tests to use the new name.

Signed-off-by: Sergio Correia <[email protected]>

Library/test-helpers/lib.sh

@@ -1623,7 +1623,7 @@ limeCreateTestPolicy() {
     $LISTS_ONLY && return
 
     # create policy.json and create signed policies and keys
-    keylime_policy create runtime --allowlist allowlist.txt --excludelist excludelist.txt --output policy.json && \
+    keylime-policy create runtime --allowlist allowlist.txt --excludelist excludelist.txt --output policy.json && \
     keylime_sign_runtime_policy -r policy.json -p dsse-ecdsa-privkey.key -b ecdsa -o policy-dsse-ecdsa.json && \
     keylime_sign_runtime_policy -r policy.json -p dsse-x509-privkey.key -b x509 -o policy-dsse-x509.json && \
     openssl ec -in dsse-ecdsa-privkey.key -pubout -out dsse-ecdsa-pubkey.pub && \

functional/keylime_policy-commands/main.fmf → functional/keylime-policy-commands/main.fmf

@@ -1,6 +1,6 @@
-summary: Runs keylime_policy commands
+summary: Runs keylime-policy commands
 description: |
- Runs multiple keylime_policy commands to confirm they are functional (basic sanity test).
+ Runs multiple keylime-policy commands to confirm they are functional (basic sanity test).
 contact: Anderson Sasaki <[email protected]>
 component:
   - keylime

functional/keylime_policy-commands/test.sh → functional/keylime-policy-commands/test.sh

@@ -15,8 +15,8 @@ rlJournalStart
         rlAssertRpm keylime
         rlAssertRpm openssl
         limeBackupConfig
-        # Make sure keylime_policy is installed
-        rlRun 'which keylime_policy'
+        # Make sure keylime-policy is installed
+        rlRun 'which keylime-policy'
         rlRun "TMPDIR=\$(mktemp -d)"
         # Copy files
         rlRun "cp ${ALLOW_LIST} ${TMPDIR}"
@@ -44,77 +44,77 @@ rlJournalStart
     rlPhaseEnd
 
     rlPhaseStartTest "Test printing help with --help/-h"
-        rlRun "keylime_policy -h"
-        rlRun "keylime_policy --help"
-        rlRun "keylime_policy create -h"
-        rlRun "keylime_policy create --help"
-        rlRun "keylime_policy create runtime -h"
-        rlRun "keylime_policy create runtime --help"
+        rlRun "keylime-policy -h"
+        rlRun "keylime-policy --help"
+        rlRun "keylime-policy create -h"
+        rlRun "keylime-policy create --help"
+        rlRun "keylime-policy create runtime -h"
+        rlRun "keylime-policy create runtime --help"
     rlPhaseEnd
 
     # Generate runtime policy from filesystem
 
     rlPhaseStartTest "Include the IMA log with --ima-measurement-list"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime --ima-measurement-list | jq '.digests'"
-        rlRun "keylime_policy create runtime --ima-measurement-list -o policy.json"
+        # rlRun -s "keylime-policy create runtime --ima-measurement-list | jq '.digests'"
+        rlRun "keylime-policy create runtime --ima-measurement-list -o policy.json"
         rlRun -s "jq '.digests' policy.json"
         rlAssertGrep "boot_aggregate" "$rlRun_LOG"
     rlPhaseEnd
 
     rlPhaseStartTest "Test creating a policy by extending a base policy with --base-policy"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime --ima-measurement-list --base-policy ${BASE_POLICY} | jq '.digests.test'"
-        rlRun "keylime_policy create runtime --ima-measurement-list --base-policy ${BASE_POLICY} -o policy.json"
+        # rlRun -s "keylime-policy create runtime --ima-measurement-list --base-policy ${BASE_POLICY} | jq '.digests.test'"
+        rlRun "keylime-policy create runtime --ima-measurement-list --base-policy ${BASE_POLICY} -o policy.json"
         rlRun -s "jq '.digests.test' policy.json"
         rlAssertGrep "f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2" "$rlRun_LOG"
     rlPhaseEnd
 
     rlPhaseStartTest "Test creating a policy by converting an allowlist with --allowlist"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime --allowlist ${ALLOW_LIST} | jq '.digests.test'"
-        rlRun "keylime_policy create runtime --allowlist ${ALLOW_LIST} -o policy.json"
+        # rlRun -s "keylime-policy create runtime --allowlist ${ALLOW_LIST} | jq '.digests.test'"
+        rlRun "keylime-policy create runtime --allowlist ${ALLOW_LIST} -o policy.json"
         rlRun -s "jq '.digests.test' policy.json"
         rlAssertGrep "f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2" "$rlRun_LOG"
     rlPhaseEnd
 
     rlPhaseStartTest "Test creating a policy by converting an exclude list with --excludelist"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime --excludelist ${EXCLUDE_LIST} | jq '.excludes'"
-        rlRun "keylime_policy create runtime --excludelist ${EXCLUDE_LIST} -o policy.json"
+        # rlRun -s "keylime-policy create runtime --excludelist ${EXCLUDE_LIST} | jq '.excludes'"
+        rlRun "keylime-policy create runtime --excludelist ${EXCLUDE_LIST} -o policy.json"
         rlRun -s "jq '.excludes' policy.json"
         rlAssertGrep "test" "$rlRun_LOG"
     rlPhaseEnd
 
     rlPhaseStartTest "Set IMA log file with -m IMA_MEASUREMENT_LIST"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime -m ${IMA_LOG} | jq '.digests'"
-        rlRun "keylime_policy create runtime -m ${IMA_LOG} -o policy.json"
+        # rlRun -s "keylime-policy create runtime -m ${IMA_LOG} | jq '.digests'"
+        rlRun "keylime-policy create runtime -m ${IMA_LOG} -o policy.json"
         rlRun -s "jq '.digests' policy.json"
         rlAssertGrep "test" "$rlRun_LOG"
     rlPhaseEnd
 
     rlPhaseStartTest "Output legacy format with --show-legacy-allowlist"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime --show-legacy-allowlist --allowlist ${ALLOW_LIST}"
-        rlRun -s "keylime_policy create runtime --show-legacy-allowlist --allowlist ${ALLOW_LIST}"
+        # rlRun -s "keylime-policy create runtime --show-legacy-allowlist --allowlist ${ALLOW_LIST}"
+        rlRun -s "keylime-policy create runtime --show-legacy-allowlist --allowlist ${ALLOW_LIST}"
         rlAssertGrep "f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2  test" "$rlRun_LOG"
     rlPhaseEnd
 
     rlPhaseStartTest "Add signature verification key with --add-ima-signature-verification-key"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime --add-ima-signature-verification-key $(x509Cert cert) --add-ima-signature-verification-key $(x509Key pem) --add-ima-signature-verification-key $(x509Key --der der) | jq '.\"verification-keys\"'"
+        # rlRun -s "keylime-policy create runtime --add-ima-signature-verification-key $(x509Cert cert) --add-ima-signature-verification-key $(x509Key pem) --add-ima-signature-verification-key $(x509Key --der der) | jq '.\"verification-keys\"'"
         rlAssertExists "$(x509Cert cert)"
         rlAssertExists "$(x509Key pem)"
         rlAssertExists "$(x509Key --der der)"
-        rlRun "keylime_policy create runtime --add-ima-signature-verification-key $(x509Cert cert) --add-ima-signature-verification-key $(x509Key pem) --add-ima-signature-verification-key $(x509Key --der der) -o policy.json"
+        rlRun "keylime-policy create runtime --add-ima-signature-verification-key $(x509Cert cert) --add-ima-signature-verification-key $(x509Key pem) --add-ima-signature-verification-key $(x509Key --der der) -o policy.json"
         rlRun -s "jq '.\"verification-keys\"' policy.json"
         for key in cert pem der; do
             rlRun "PUBKEY=$(openssl pkey -in "$(x509Key "${key}")" -pubout | sed 's/----.*//g' | tr -d '\n')"
@@ -126,8 +126,8 @@ rlJournalStart
     rlPhaseStartTest "Include files from a rootfs using --rootfs ROOTFS"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime --rootfs rootfs | jq '.digests'"
-        rlRun "keylime_policy create runtime --rootfs rootfs -o policy.json"
+        # rlRun -s "keylime-policy create runtime --rootfs rootfs | jq '.digests'"
+        rlRun "keylime-policy create runtime --rootfs rootfs -o policy.json"
         rlRun -s "jq '.digests' policy.json"
         rlAssertGrep "test" "$rlRun_LOG"
         rlAssertGrep "nested/nested" "$rlRun_LOG"
@@ -137,7 +137,7 @@ rlJournalStart
         for algo in sha1 sha256 sha384 sha512; do
             rlRun "${algo}sum rootfs/test | awk '{print \$1}' > test.${algo}"
             rlRun "${algo}sum rootfs/nested/nested | awk '{print \$1}' > nested.${algo}"
-            rlRun -s "keylime_policy create runtime --rootfs rootfs --algo ${algo}"
+            rlRun -s "keylime-policy create runtime --rootfs rootfs --algo ${algo}"
             rlAssertGrep "$(cat test.${algo})" "$rlRun_LOG"
             rlAssertGrep "$(cat nested.${algo})" "$rlRun_LOG"
         done
@@ -146,25 +146,25 @@ rlJournalStart
     rlPhaseStartTest "Include files from initrd ramdisks with --ramdisk-dir RAMDISK_DIR"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime --ramdisk-dir \"boot/initrd\" | jq '.digests'"
-        rlRun "keylime_policy create runtime --ramdisk-dir \"boot/initrd\" -o policy.json"
+        # rlRun -s "keylime-policy create runtime --ramdisk-dir \"boot/initrd\" | jq '.digests'"
+        rlRun "keylime-policy create runtime --ramdisk-dir \"boot/initrd\" -o policy.json"
         rlRun -s "jq '.digests' policy.json"
         rlAssertGrep "18eb0ba043d6fc5b06b6f785b4a411fa0d6d695c4a08d2497e8b07c4043048f7" "$rlRun_LOG"
     rlPhaseEnd
 
     rlPhaseStartTest "Include ima-buf entries with --ima-buf"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime --ima-buf -m \"${IMA_LOG}\" | jq '.ima-buf'"
-        rlRun -s "keylime_policy create runtime --ima-buf -m \"${IMA_LOG}\""
+        # rlRun -s "keylime-policy create runtime --ima-buf -m \"${IMA_LOG}\" | jq '.ima-buf'"
+        rlRun -s "keylime-policy create runtime --ima-buf -m \"${IMA_LOG}\""
         rlAssertGrep "571016c9f57363c80e08dd4346391c4e70227e41b0247b8a3aa2240a178d3d14" "$rlRun_LOG"
     rlPhaseEnd
 
     rlPhaseStartTest "Get keyrings from IMA measurement list with --keyrings"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime -m \"${IMA_LOG}\" --keyrings | jq '.keyrings'"
-        rlRun "keylime_policy create runtime -m \"${IMA_LOG}\" --keyrings -o policy.json"
+        # rlRun -s "keylime-policy create runtime -m \"${IMA_LOG}\" --keyrings | jq '.keyrings'"
+        rlRun "keylime-policy create runtime -m \"${IMA_LOG}\" --keyrings -o policy.json"
         rlRun -s "jq '.keyrings' policy.json"
         rlAssertGrep "\.ima" "$rlRun_LOG"
         rlAssertGrep "a7d52aaa18c23d2d9bb2abb4308c0eeee67387a42259f4a6b1a42257065f3d5a" "$rlRun_LOG"
@@ -175,8 +175,8 @@ rlJournalStart
     rlPhaseStartTest "Ignore keyrings from IMA measurement list with --ignored-keyrings"
         # TODO: Currently, the output is not parseable as JSON directly with a pipe.
         # Possibly related to https://github.com/keylime/keylime/issues/1613
-        # rlRun -s "keylime_policy create runtime -m \"${IMA_LOG}\" --keyrings | jq '.keyrings'"
-        rlRun "keylime_policy create runtime -m \"${IMA_LOG}\" --keyrings --ignored-keyrings \".ima\" -o policy.json"
+        # rlRun -s "keylime-policy create runtime -m \"${IMA_LOG}\" --keyrings | jq '.keyrings'"
+        rlRun "keylime-policy create runtime -m \"${IMA_LOG}\" --keyrings --ignored-keyrings \".ima\" -o policy.json"
         rlRun -s "jq '.ima.ignored_keyrings' policy.json"
         rlAssertGrep "\.ima" "$rlRun_LOG"
         rlRun -s "jq '.keyrings' policy.json"
@@ -192,8 +192,8 @@ rlJournalStart
         for repo in signed-rsa signed-ecc; do
             # TODO: Currently, the output is not parseable as JSON directly with a pipe.
             # Possibly related to https://github.com/keylime/keylime/issues/1613
-            # rlRun -s "keylime_policy create runtime --local-rpm-repo \"rpm/repo/${repo}\" | jq '.digests.\"/etc/dummy-foobar.conf\"'"
-            rlRun "keylime_policy create runtime --local-rpm-repo \"rpm/repo/${repo}\" -o policy.json"
+            # rlRun -s "keylime-policy create runtime --local-rpm-repo \"rpm/repo/${repo}\" | jq '.digests.\"/etc/dummy-foobar.conf\"'"
+            rlRun "keylime-policy create runtime --local-rpm-repo \"rpm/repo/${repo}\" -o policy.json"
             rlRun -s "jq '.digests.\"/etc/dummy-foobar.conf\"' policy.json"
             rlAssertGrep "fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" "$rlRun_LOG"
         done
@@ -203,7 +203,7 @@ rlJournalStart
         for repo in signed-rsa signed-ecc; do
             rlRun "python3 -m http.server -b 127.0.0.1 -d \"rpm/repo/${repo}\" 8080 &"
             SERVER_PID=$!
-            rlRun "keylime_policy create runtime --remote-rpm-repo http://localhost:8080"
+            rlRun "keylime-policy create runtime --remote-rpm-repo http://localhost:8080"
             rlAssertGrep "fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" "$rlRun_LOG"
             rlRun "kill ${SERVER_PID}"
         done