From a69948259f799950b67e95ed64e5eb37791bfa1e Mon Sep 17 00:00:00 2001 From: Sergio Correia Date: Tue, 24 Sep 2024 11:03:30 +0100 Subject: [PATCH] keylime-policy: rename policy tool to keylime-policy Upstream has been working on consistency within regard the policy tool and its arguments, and the actual policy tool itself, which changed its name from keylime_policy to keylime-policy. This commit updates the tests to use the new name. Signed-off-by: Sergio Correia --- Library/test-helpers/lib.sh | 2 +- .../allowlist.txt | 0 .../base_policy.json | 0 .../excludelist.txt | 0 .../ima_log.txt | 0 .../main.fmf | 4 +- .../rootfs/nested/nested | 0 .../rootfs/test | 0 .../test.sh | 72 +++++++++---------- 9 files changed, 39 insertions(+), 39 deletions(-) rename functional/{keylime_policy-commands => keylime-policy-commands}/allowlist.txt (100%) rename functional/{keylime_policy-commands => keylime-policy-commands}/base_policy.json (100%) rename functional/{keylime_policy-commands => keylime-policy-commands}/excludelist.txt (100%) rename functional/{keylime_policy-commands => keylime-policy-commands}/ima_log.txt (100%) rename functional/{keylime_policy-commands => keylime-policy-commands}/main.fmf (74%) rename functional/{keylime_policy-commands => keylime-policy-commands}/rootfs/nested/nested (100%) rename functional/{keylime_policy-commands => keylime-policy-commands}/rootfs/test (100%) rename functional/{keylime_policy-commands => keylime-policy-commands}/test.sh (82%) diff --git a/Library/test-helpers/lib.sh b/Library/test-helpers/lib.sh index 1cecafb5..4a33cc77 100644 --- a/Library/test-helpers/lib.sh +++ b/Library/test-helpers/lib.sh @@ -1623,7 +1623,7 @@ limeCreateTestPolicy() { $LISTS_ONLY && return # create policy.json and create signed policies and keys - keylime_policy create runtime --allowlist allowlist.txt --excludelist excludelist.txt --output policy.json && \ + keylime-policy create runtime --allowlist allowlist.txt --excludelist excludelist.txt --output policy.json && \ keylime_sign_runtime_policy -r policy.json -p dsse-ecdsa-privkey.key -b ecdsa -o policy-dsse-ecdsa.json && \ keylime_sign_runtime_policy -r policy.json -p dsse-x509-privkey.key -b x509 -o policy-dsse-x509.json && \ openssl ec -in dsse-ecdsa-privkey.key -pubout -out dsse-ecdsa-pubkey.pub && \ diff --git a/functional/keylime_policy-commands/allowlist.txt b/functional/keylime-policy-commands/allowlist.txt similarity index 100% rename from functional/keylime_policy-commands/allowlist.txt rename to functional/keylime-policy-commands/allowlist.txt diff --git a/functional/keylime_policy-commands/base_policy.json b/functional/keylime-policy-commands/base_policy.json similarity index 100% rename from functional/keylime_policy-commands/base_policy.json rename to functional/keylime-policy-commands/base_policy.json diff --git a/functional/keylime_policy-commands/excludelist.txt b/functional/keylime-policy-commands/excludelist.txt similarity index 100% rename from functional/keylime_policy-commands/excludelist.txt rename to functional/keylime-policy-commands/excludelist.txt diff --git a/functional/keylime_policy-commands/ima_log.txt b/functional/keylime-policy-commands/ima_log.txt similarity index 100% rename from functional/keylime_policy-commands/ima_log.txt rename to functional/keylime-policy-commands/ima_log.txt diff --git a/functional/keylime_policy-commands/main.fmf b/functional/keylime-policy-commands/main.fmf similarity index 74% rename from functional/keylime_policy-commands/main.fmf rename to functional/keylime-policy-commands/main.fmf index 9d8c042c..c2374e6d 100644 --- a/functional/keylime_policy-commands/main.fmf +++ b/functional/keylime-policy-commands/main.fmf @@ -1,6 +1,6 @@ -summary: Runs keylime_policy commands +summary: Runs keylime-policy commands description: | - Runs multiple keylime_policy commands to confirm they are functional (basic sanity test). + Runs multiple keylime-policy commands to confirm they are functional (basic sanity test). contact: Anderson Sasaki component: - keylime diff --git a/functional/keylime_policy-commands/rootfs/nested/nested b/functional/keylime-policy-commands/rootfs/nested/nested similarity index 100% rename from functional/keylime_policy-commands/rootfs/nested/nested rename to functional/keylime-policy-commands/rootfs/nested/nested diff --git a/functional/keylime_policy-commands/rootfs/test b/functional/keylime-policy-commands/rootfs/test similarity index 100% rename from functional/keylime_policy-commands/rootfs/test rename to functional/keylime-policy-commands/rootfs/test diff --git a/functional/keylime_policy-commands/test.sh b/functional/keylime-policy-commands/test.sh similarity index 82% rename from functional/keylime_policy-commands/test.sh rename to functional/keylime-policy-commands/test.sh index 8f995187..fb265413 100755 --- a/functional/keylime_policy-commands/test.sh +++ b/functional/keylime-policy-commands/test.sh @@ -15,8 +15,8 @@ rlJournalStart rlAssertRpm keylime rlAssertRpm openssl limeBackupConfig - # Make sure keylime_policy is installed - rlRun 'which keylime_policy' + # Make sure keylime-policy is installed + rlRun 'which keylime-policy' rlRun "TMPDIR=\$(mktemp -d)" # Copy files rlRun "cp ${ALLOW_LIST} ${TMPDIR}" @@ -44,12 +44,12 @@ rlJournalStart rlPhaseEnd rlPhaseStartTest "Test printing help with --help/-h" - rlRun "keylime_policy -h" - rlRun "keylime_policy --help" - rlRun "keylime_policy create -h" - rlRun "keylime_policy create --help" - rlRun "keylime_policy create runtime -h" - rlRun "keylime_policy create runtime --help" + rlRun "keylime-policy -h" + rlRun "keylime-policy --help" + rlRun "keylime-policy create -h" + rlRun "keylime-policy create --help" + rlRun "keylime-policy create runtime -h" + rlRun "keylime-policy create runtime --help" rlPhaseEnd # Generate runtime policy from filesystem @@ -57,8 +57,8 @@ rlJournalStart rlPhaseStartTest "Include the IMA log with --ima-measurement-list" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime --ima-measurement-list | jq '.digests'" - rlRun "keylime_policy create runtime --ima-measurement-list -o policy.json" + # rlRun -s "keylime-policy create runtime --ima-measurement-list | jq '.digests'" + rlRun "keylime-policy create runtime --ima-measurement-list -o policy.json" rlRun -s "jq '.digests' policy.json" rlAssertGrep "boot_aggregate" "$rlRun_LOG" rlPhaseEnd @@ -66,8 +66,8 @@ rlJournalStart rlPhaseStartTest "Test creating a policy by extending a base policy with --base-policy" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime --ima-measurement-list --base-policy ${BASE_POLICY} | jq '.digests.test'" - rlRun "keylime_policy create runtime --ima-measurement-list --base-policy ${BASE_POLICY} -o policy.json" + # rlRun -s "keylime-policy create runtime --ima-measurement-list --base-policy ${BASE_POLICY} | jq '.digests.test'" + rlRun "keylime-policy create runtime --ima-measurement-list --base-policy ${BASE_POLICY} -o policy.json" rlRun -s "jq '.digests.test' policy.json" rlAssertGrep "f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2" "$rlRun_LOG" rlPhaseEnd @@ -75,8 +75,8 @@ rlJournalStart rlPhaseStartTest "Test creating a policy by converting an allowlist with --allowlist" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime --allowlist ${ALLOW_LIST} | jq '.digests.test'" - rlRun "keylime_policy create runtime --allowlist ${ALLOW_LIST} -o policy.json" + # rlRun -s "keylime-policy create runtime --allowlist ${ALLOW_LIST} | jq '.digests.test'" + rlRun "keylime-policy create runtime --allowlist ${ALLOW_LIST} -o policy.json" rlRun -s "jq '.digests.test' policy.json" rlAssertGrep "f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2" "$rlRun_LOG" rlPhaseEnd @@ -84,8 +84,8 @@ rlJournalStart rlPhaseStartTest "Test creating a policy by converting an exclude list with --excludelist" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime --excludelist ${EXCLUDE_LIST} | jq '.excludes'" - rlRun "keylime_policy create runtime --excludelist ${EXCLUDE_LIST} -o policy.json" + # rlRun -s "keylime-policy create runtime --excludelist ${EXCLUDE_LIST} | jq '.excludes'" + rlRun "keylime-policy create runtime --excludelist ${EXCLUDE_LIST} -o policy.json" rlRun -s "jq '.excludes' policy.json" rlAssertGrep "test" "$rlRun_LOG" rlPhaseEnd @@ -93,8 +93,8 @@ rlJournalStart rlPhaseStartTest "Set IMA log file with -m IMA_MEASUREMENT_LIST" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime -m ${IMA_LOG} | jq '.digests'" - rlRun "keylime_policy create runtime -m ${IMA_LOG} -o policy.json" + # rlRun -s "keylime-policy create runtime -m ${IMA_LOG} | jq '.digests'" + rlRun "keylime-policy create runtime -m ${IMA_LOG} -o policy.json" rlRun -s "jq '.digests' policy.json" rlAssertGrep "test" "$rlRun_LOG" rlPhaseEnd @@ -102,19 +102,19 @@ rlJournalStart rlPhaseStartTest "Output legacy format with --show-legacy-allowlist" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime --show-legacy-allowlist --allowlist ${ALLOW_LIST}" - rlRun -s "keylime_policy create runtime --show-legacy-allowlist --allowlist ${ALLOW_LIST}" + # rlRun -s "keylime-policy create runtime --show-legacy-allowlist --allowlist ${ALLOW_LIST}" + rlRun -s "keylime-policy create runtime --show-legacy-allowlist --allowlist ${ALLOW_LIST}" rlAssertGrep "f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2 test" "$rlRun_LOG" rlPhaseEnd rlPhaseStartTest "Add signature verification key with --add-ima-signature-verification-key" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime --add-ima-signature-verification-key $(x509Cert cert) --add-ima-signature-verification-key $(x509Key pem) --add-ima-signature-verification-key $(x509Key --der der) | jq '.\"verification-keys\"'" + # rlRun -s "keylime-policy create runtime --add-ima-signature-verification-key $(x509Cert cert) --add-ima-signature-verification-key $(x509Key pem) --add-ima-signature-verification-key $(x509Key --der der) | jq '.\"verification-keys\"'" rlAssertExists "$(x509Cert cert)" rlAssertExists "$(x509Key pem)" rlAssertExists "$(x509Key --der der)" - rlRun "keylime_policy create runtime --add-ima-signature-verification-key $(x509Cert cert) --add-ima-signature-verification-key $(x509Key pem) --add-ima-signature-verification-key $(x509Key --der der) -o policy.json" + rlRun "keylime-policy create runtime --add-ima-signature-verification-key $(x509Cert cert) --add-ima-signature-verification-key $(x509Key pem) --add-ima-signature-verification-key $(x509Key --der der) -o policy.json" rlRun -s "jq '.\"verification-keys\"' policy.json" for key in cert pem der; do rlRun "PUBKEY=$(openssl pkey -in "$(x509Key "${key}")" -pubout | sed 's/----.*//g' | tr -d '\n')" @@ -126,8 +126,8 @@ rlJournalStart rlPhaseStartTest "Include files from a rootfs using --rootfs ROOTFS" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime --rootfs rootfs | jq '.digests'" - rlRun "keylime_policy create runtime --rootfs rootfs -o policy.json" + # rlRun -s "keylime-policy create runtime --rootfs rootfs | jq '.digests'" + rlRun "keylime-policy create runtime --rootfs rootfs -o policy.json" rlRun -s "jq '.digests' policy.json" rlAssertGrep "test" "$rlRun_LOG" rlAssertGrep "nested/nested" "$rlRun_LOG" @@ -137,7 +137,7 @@ rlJournalStart for algo in sha1 sha256 sha384 sha512; do rlRun "${algo}sum rootfs/test | awk '{print \$1}' > test.${algo}" rlRun "${algo}sum rootfs/nested/nested | awk '{print \$1}' > nested.${algo}" - rlRun -s "keylime_policy create runtime --rootfs rootfs --algo ${algo}" + rlRun -s "keylime-policy create runtime --rootfs rootfs --algo ${algo}" rlAssertGrep "$(cat test.${algo})" "$rlRun_LOG" rlAssertGrep "$(cat nested.${algo})" "$rlRun_LOG" done @@ -146,8 +146,8 @@ rlJournalStart rlPhaseStartTest "Include files from initrd ramdisks with --ramdisk-dir RAMDISK_DIR" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime --ramdisk-dir \"boot/initrd\" | jq '.digests'" - rlRun "keylime_policy create runtime --ramdisk-dir \"boot/initrd\" -o policy.json" + # rlRun -s "keylime-policy create runtime --ramdisk-dir \"boot/initrd\" | jq '.digests'" + rlRun "keylime-policy create runtime --ramdisk-dir \"boot/initrd\" -o policy.json" rlRun -s "jq '.digests' policy.json" rlAssertGrep "18eb0ba043d6fc5b06b6f785b4a411fa0d6d695c4a08d2497e8b07c4043048f7" "$rlRun_LOG" rlPhaseEnd @@ -155,16 +155,16 @@ rlJournalStart rlPhaseStartTest "Include ima-buf entries with --ima-buf" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime --ima-buf -m \"${IMA_LOG}\" | jq '.ima-buf'" - rlRun -s "keylime_policy create runtime --ima-buf -m \"${IMA_LOG}\"" + # rlRun -s "keylime-policy create runtime --ima-buf -m \"${IMA_LOG}\" | jq '.ima-buf'" + rlRun -s "keylime-policy create runtime --ima-buf -m \"${IMA_LOG}\"" rlAssertGrep "571016c9f57363c80e08dd4346391c4e70227e41b0247b8a3aa2240a178d3d14" "$rlRun_LOG" rlPhaseEnd rlPhaseStartTest "Get keyrings from IMA measurement list with --keyrings" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime -m \"${IMA_LOG}\" --keyrings | jq '.keyrings'" - rlRun "keylime_policy create runtime -m \"${IMA_LOG}\" --keyrings -o policy.json" + # rlRun -s "keylime-policy create runtime -m \"${IMA_LOG}\" --keyrings | jq '.keyrings'" + rlRun "keylime-policy create runtime -m \"${IMA_LOG}\" --keyrings -o policy.json" rlRun -s "jq '.keyrings' policy.json" rlAssertGrep "\.ima" "$rlRun_LOG" rlAssertGrep "a7d52aaa18c23d2d9bb2abb4308c0eeee67387a42259f4a6b1a42257065f3d5a" "$rlRun_LOG" @@ -175,8 +175,8 @@ rlJournalStart rlPhaseStartTest "Ignore keyrings from IMA measurement list with --ignored-keyrings" # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime -m \"${IMA_LOG}\" --keyrings | jq '.keyrings'" - rlRun "keylime_policy create runtime -m \"${IMA_LOG}\" --keyrings --ignored-keyrings \".ima\" -o policy.json" + # rlRun -s "keylime-policy create runtime -m \"${IMA_LOG}\" --keyrings | jq '.keyrings'" + rlRun "keylime-policy create runtime -m \"${IMA_LOG}\" --keyrings --ignored-keyrings \".ima\" -o policy.json" rlRun -s "jq '.ima.ignored_keyrings' policy.json" rlAssertGrep "\.ima" "$rlRun_LOG" rlRun -s "jq '.keyrings' policy.json" @@ -192,8 +192,8 @@ rlJournalStart for repo in signed-rsa signed-ecc; do # TODO: Currently, the output is not parseable as JSON directly with a pipe. # Possibly related to https://github.com/keylime/keylime/issues/1613 - # rlRun -s "keylime_policy create runtime --local-rpm-repo \"rpm/repo/${repo}\" | jq '.digests.\"/etc/dummy-foobar.conf\"'" - rlRun "keylime_policy create runtime --local-rpm-repo \"rpm/repo/${repo}\" -o policy.json" + # rlRun -s "keylime-policy create runtime --local-rpm-repo \"rpm/repo/${repo}\" | jq '.digests.\"/etc/dummy-foobar.conf\"'" + rlRun "keylime-policy create runtime --local-rpm-repo \"rpm/repo/${repo}\" -o policy.json" rlRun -s "jq '.digests.\"/etc/dummy-foobar.conf\"' policy.json" rlAssertGrep "fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" "$rlRun_LOG" done @@ -203,7 +203,7 @@ rlJournalStart for repo in signed-rsa signed-ecc; do rlRun "python3 -m http.server -b 127.0.0.1 -d \"rpm/repo/${repo}\" 8080 &" SERVER_PID=$! - rlRun "keylime_policy create runtime --remote-rpm-repo http://localhost:8080" + rlRun "keylime-policy create runtime --remote-rpm-repo http://localhost:8080" rlAssertGrep "fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" "$rlRun_LOG" rlRun "kill ${SERVER_PID}" done