~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/bpf/verify_sig_setup.sh

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /tools/testing/selftests/bpf/verify_sig_setup.sh (Architecture i386) and /tools/testing/selftests/bpf/verify_sig_setup.sh (Architecture alpha)


  1 #!/bin/bash                                         1 #!/bin/bash
  2 # SPDX-License-Identifier: GPL-2.0                  2 # SPDX-License-Identifier: GPL-2.0
  3                                                     3 
  4 set -e                                              4 set -e
  5 set -u                                              5 set -u
  6 set -o pipefail                                     6 set -o pipefail
  7                                                     7 
  8 VERBOSE="${SELFTESTS_VERBOSE:=0}"                   8 VERBOSE="${SELFTESTS_VERBOSE:=0}"
  9 LOG_FILE="$(mktemp /tmp/verify_sig_setup.log.X      9 LOG_FILE="$(mktemp /tmp/verify_sig_setup.log.XXXXXX)"
 10                                                    10 
 11 x509_genkey_content="\                             11 x509_genkey_content="\
 12 [ req ]                                            12 [ req ]
 13 default_bits = 2048                                13 default_bits = 2048
 14 distinguished_name = req_distinguished_name        14 distinguished_name = req_distinguished_name
 15 prompt = no                                        15 prompt = no
 16 string_mask = utf8only                             16 string_mask = utf8only
 17 x509_extensions = myexts                           17 x509_extensions = myexts
 18                                                    18 
 19 [ req_distinguished_name ]                         19 [ req_distinguished_name ]
 20 CN = eBPF Signature Verification Testing Key       20 CN = eBPF Signature Verification Testing Key
 21                                                    21 
 22 [ myexts ]                                         22 [ myexts ]
 23 basicConstraints=critical,CA:FALSE                 23 basicConstraints=critical,CA:FALSE
 24 keyUsage=digitalSignature                          24 keyUsage=digitalSignature
 25 subjectKeyIdentifier=hash                          25 subjectKeyIdentifier=hash
 26 authorityKeyIdentifier=keyid                       26 authorityKeyIdentifier=keyid
 27 "                                                  27 "
 28                                                    28 
 29 usage()                                            29 usage()
 30 {                                                  30 {
 31         echo "Usage: $0 <setup|cleanup <existi     31         echo "Usage: $0 <setup|cleanup <existing_tmp_dir>"
 32         exit 1                                     32         exit 1
 33 }                                                  33 }
 34                                                    34 
 35 setup()                                            35 setup()
 36 {                                                  36 {
 37         local tmp_dir="$1"                         37         local tmp_dir="$1"
 38                                                    38 
 39         echo "${x509_genkey_content}" > ${tmp_     39         echo "${x509_genkey_content}" > ${tmp_dir}/x509.genkey
 40                                                    40 
 41         openssl req -new -nodes -utf8 -sha256      41         openssl req -new -nodes -utf8 -sha256 -days 36500 \
 42                         -batch -x509 -config $     42                         -batch -x509 -config ${tmp_dir}/x509.genkey \
 43                         -outform PEM -out ${tm     43                         -outform PEM -out ${tmp_dir}/signing_key.pem \
 44                         -keyout ${tmp_dir}/sig     44                         -keyout ${tmp_dir}/signing_key.pem 2>&1
 45                                                    45 
 46         openssl x509 -in ${tmp_dir}/signing_ke     46         openssl x509 -in ${tmp_dir}/signing_key.pem -out \
 47                 ${tmp_dir}/signing_key.der -ou     47                 ${tmp_dir}/signing_key.der -outform der
 48                                                    48 
 49         key_id=$(cat ${tmp_dir}/signing_key.de     49         key_id=$(cat ${tmp_dir}/signing_key.der | keyctl padd asymmetric ebpf_testing_key @s)
 50                                                    50 
 51         keyring_id=$(keyctl newring ebpf_testi     51         keyring_id=$(keyctl newring ebpf_testing_keyring @s)
 52         keyctl link $key_id $keyring_id            52         keyctl link $key_id $keyring_id
 53 }                                                  53 }
 54                                                    54 
 55 cleanup() {                                        55 cleanup() {
 56         local tmp_dir="$1"                         56         local tmp_dir="$1"
 57                                                    57 
 58         keyctl unlink $(keyctl search @s asymm     58         keyctl unlink $(keyctl search @s asymmetric ebpf_testing_key) @s
 59         keyctl unlink $(keyctl search @s keyri     59         keyctl unlink $(keyctl search @s keyring ebpf_testing_keyring) @s
 60         rm -rf ${tmp_dir}                          60         rm -rf ${tmp_dir}
 61 }                                                  61 }
 62                                                    62 
 63 fsverity_create_sign_file() {                      63 fsverity_create_sign_file() {
 64         local tmp_dir="$1"                         64         local tmp_dir="$1"
 65                                                    65 
 66         data_file=${tmp_dir}/data-file             66         data_file=${tmp_dir}/data-file
 67         sig_file=${tmp_dir}/sig-file               67         sig_file=${tmp_dir}/sig-file
 68         dd if=/dev/urandom of=$data_file bs=1      68         dd if=/dev/urandom of=$data_file bs=1 count=12345 2> /dev/null
 69         fsverity sign --key ${tmp_dir}/signing     69         fsverity sign --key ${tmp_dir}/signing_key.pem $data_file $sig_file
 70                                                    70 
 71         # We do not want to enable fsverity on     71         # We do not want to enable fsverity on $data_file yet. Try whether
 72         # the file system support fsverity on      72         # the file system support fsverity on a different file.
 73         touch ${tmp_dir}/tmp-file                  73         touch ${tmp_dir}/tmp-file
 74         fsverity enable ${tmp_dir}/tmp-file        74         fsverity enable ${tmp_dir}/tmp-file
 75 }                                                  75 }
 76                                                    76 
 77 fsverity_enable_file() {                           77 fsverity_enable_file() {
 78         local tmp_dir="$1"                         78         local tmp_dir="$1"
 79                                                    79 
 80         data_file=${tmp_dir}/data-file             80         data_file=${tmp_dir}/data-file
 81         fsverity enable $data_file                 81         fsverity enable $data_file
 82 }                                                  82 }
 83                                                    83 
 84 catch()                                            84 catch()
 85 {                                                  85 {
 86         local exit_code="$1"                       86         local exit_code="$1"
 87         local log_file="$2"                        87         local log_file="$2"
 88                                                    88 
 89         if [[ "${exit_code}" -ne 0 ]]; then        89         if [[ "${exit_code}" -ne 0 ]]; then
 90                 cat "${log_file}" >&3              90                 cat "${log_file}" >&3
 91         fi                                         91         fi
 92                                                    92 
 93         rm -f "${log_file}"                        93         rm -f "${log_file}"
 94         exit ${exit_code}                          94         exit ${exit_code}
 95 }                                                  95 }
 96                                                    96 
 97 main()                                             97 main()
 98 {                                                  98 {
 99         [[ $# -ne 2 ]] && usage                    99         [[ $# -ne 2 ]] && usage
100                                                   100 
101         local action="$1"                         101         local action="$1"
102         local tmp_dir="$2"                        102         local tmp_dir="$2"
103                                                   103 
104         [[ ! -d "${tmp_dir}" ]] && echo "Direc    104         [[ ! -d "${tmp_dir}" ]] && echo "Directory ${tmp_dir} doesn't exist" && exit 1
105                                                   105 
106         if [[ "${action}" == "setup" ]]; then     106         if [[ "${action}" == "setup" ]]; then
107                 setup "${tmp_dir}"                107                 setup "${tmp_dir}"
108         elif [[ "${action}" == "cleanup" ]]; t    108         elif [[ "${action}" == "cleanup" ]]; then
109                 cleanup "${tmp_dir}"              109                 cleanup "${tmp_dir}"
110         elif [[ "${action}" == "fsverity-creat    110         elif [[ "${action}" == "fsverity-create-sign" ]]; then
111                 fsverity_create_sign_file "${t    111                 fsverity_create_sign_file "${tmp_dir}"
112         elif [[ "${action}" == "fsverity-enabl    112         elif [[ "${action}" == "fsverity-enable" ]]; then
113                 fsverity_enable_file "${tmp_di    113                 fsverity_enable_file "${tmp_dir}"
114         else                                      114         else
115                 echo "Unknown action: ${action    115                 echo "Unknown action: ${action}"
116                 exit 1                            116                 exit 1
117         fi                                        117         fi
118 }                                                 118 }
119                                                   119 
120 trap 'catch "$?" "${LOG_FILE}"' EXIT              120 trap 'catch "$?" "${LOG_FILE}"' EXIT
121                                                   121 
122 if [[ "${VERBOSE}" -eq 0 ]]; then                 122 if [[ "${VERBOSE}" -eq 0 ]]; then
123         # Save the stderr to 3 so that we can     123         # Save the stderr to 3 so that we can output back to
124         # it incase of an error.                  124         # it incase of an error.
125         exec 3>&2 1>"${LOG_FILE}" 2>&1            125         exec 3>&2 1>"${LOG_FILE}" 2>&1
126 fi                                                126 fi
127                                                   127 
128 main "$@"                                         128 main "$@"
129 rm -f "${LOG_FILE}"                               129 rm -f "${LOG_FILE}"
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php