mirror of
https://github.com/kairos-io/kairos-sdk.git
synced 2025-04-27 11:11:29 +00:00
Export signature method
Signed-off-by: Itxaka <itxaka@kairos.io>
This commit is contained in:
Itxaka
parent
894416b953
commit
1cb58b5408
@ -148,9 +148,9 @@ func isValidSignature(sign util.EFIGUID) bool {
|
||||
return sign == signature.CERT_X509_GUID
|
||||
}
|
||||
|
||||
// checkArtifactSignatureIsValid checks that a given efi artifact is signed properly with a signature that would allow it to
|
||||
// CheckArtifactSignatureIsValid checks that a given efi artifact is signed properly with a signature that would allow it to
|
||||
// boot correctly in the current node if secureboot is enabled
|
||||
func checkArtifactSignatureIsValid(fs types.KairosFS, artifact string, logger types.KairosLogger) error {
|
||||
func CheckArtifactSignatureIsValid(fs types.KairosFS, artifact string, logger types.KairosLogger) error {
|
||||
var err error
|
||||
logger.Logger.Info().Str("what", artifact).Msg("Checking artifact for valid signature")
|
||||
info, err := fs.Stat(artifact)
|
||||
|
||||
@ -66,7 +66,7 @@ var _ = Describe("Uki utils", Label("uki", "utils"), func() {
|
||||
cleanup()
|
||||
})
|
||||
It("Fails if it cant find the file to check", func() {
|
||||
err := checkArtifactSignatureIsValid(fs, "/notexists.efi", logger)
|
||||
err := CheckArtifactSignatureIsValid(fs, "/notexists.efi", logger)
|
||||
Expect(err).To(HaveOccurred())
|
||||
Expect(err.Error()).To(ContainSubstring("does not exist"))
|
||||
})
|
||||
@ -75,7 +75,7 @@ var _ = Describe("Uki utils", Label("uki", "utils"), func() {
|
||||
// File needs to not be empty for the parser to try to parse it
|
||||
err := fs.WriteFile("/nonefi.file", []byte(""), os.ModePerm)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = checkArtifactSignatureIsValid(fs, "/nonefi.file", logger)
|
||||
err = CheckArtifactSignatureIsValid(fs, "/nonefi.file", logger)
|
||||
Expect(err).To(HaveOccurred())
|
||||
Expect(err.Error()).To(ContainSubstring("has zero size"))
|
||||
})
|
||||
@ -84,7 +84,7 @@ var _ = Describe("Uki utils", Label("uki", "utils"), func() {
|
||||
// File needs to not be empty for the parser to try to parse it
|
||||
err := fs.WriteFile("/nonefi.file", []byte("asdkljhfjklahsdfjk,hbasdfjkhas"), os.ModePerm)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = checkArtifactSignatureIsValid(fs, "/nonefi.file", logger)
|
||||
err = CheckArtifactSignatureIsValid(fs, "/nonefi.file", logger)
|
||||
Expect(err).To(HaveOccurred())
|
||||
Expect(err.Error()).To(ContainSubstring("not a PE file"))
|
||||
})
|
||||
@ -95,7 +95,7 @@ var _ = Describe("Uki utils", Label("uki", "utils"), func() {
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = fs.WriteFile(filepath.Join("/sys/firmware/efi/efivars", dbFile), file, os.ModePerm)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = checkArtifactSignatureIsValid(fs, "/efitest.efi", logger)
|
||||
err = CheckArtifactSignatureIsValid(fs, "/efitest.efi", logger)
|
||||
Expect(err).To(HaveOccurred())
|
||||
Expect(err.Error()).To(ContainSubstring("no signatures in the file"))
|
||||
})
|
||||
@ -106,7 +106,7 @@ var _ = Describe("Uki utils", Label("uki", "utils"), func() {
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = fs.WriteFile(filepath.Join("/sys/firmware/efi/efivars", dbFile), file, os.ModePerm)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = checkArtifactSignatureIsValid(fs, "/efitest.signed.efi", logger)
|
||||
err = CheckArtifactSignatureIsValid(fs, "/efitest.signed.efi", logger)
|
||||
Expect(err).To(HaveOccurred())
|
||||
Expect(err.Error()).To(ContainSubstring("could not find a signature in EFIVars DB that matches the artifact"))
|
||||
})
|
||||
@ -117,7 +117,7 @@ var _ = Describe("Uki utils", Label("uki", "utils"), func() {
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = fs.WriteFile(filepath.Join("/sys/firmware/efi/efivars", dbFile), file, os.ModePerm)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = checkArtifactSignatureIsValid(fs, "/efitest.signed.efi", logger)
|
||||
err = CheckArtifactSignatureIsValid(fs, "/efitest.signed.efi", logger)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
})
|
||||
|
||||
@ -132,7 +132,7 @@ var _ = Describe("Uki utils", Label("uki", "utils"), func() {
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = fs.WriteFile(filepath.Join("/sys/firmware/efi/efivars", dbxFile), file, os.ModePerm)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = checkArtifactSignatureIsValid(fs, "/efitest.signed.efi", logger)
|
||||
err = CheckArtifactSignatureIsValid(fs, "/efitest.signed.efi", logger)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
})
|
||||
|
||||
@ -147,7 +147,7 @@ var _ = Describe("Uki utils", Label("uki", "utils"), func() {
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = fs.WriteFile(filepath.Join("/sys/firmware/efi/efivars", dbxFile), file, os.ModePerm)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
err = checkArtifactSignatureIsValid(fs, "/efitest.signed.efi", logger)
|
||||
err = CheckArtifactSignatureIsValid(fs, "/efitest.signed.efi", logger)
|
||||
Expect(err).To(HaveOccurred())
|
||||
Expect(err.Error()).To(ContainSubstring("hash appears on DBX"))
|
||||
})
|
||||
|
||||
Loading…
Reference in New Issue
Block a user