diff mbox series

[meta-security,1/2] oeqa: fix hash test to match new changes

Message ID 20230502110657.2496963-1-akuster808@gmail.com
State New
Headers show
Series [meta-security,1/2] oeqa: fix hash test to match new changes | expand

Commit Message

akuster808 May 2, 2023, 11:06 a.m. UTC
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-integrity/lib/oeqa/runtime/cases/ima.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

Comments

Stefan Berger May 2, 2023, 11:18 a.m. UTC | #1
On 5/2/23 07:06, Armin Kuster wrote:
> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>

> ---
>   meta-integrity/lib/oeqa/runtime/cases/ima.py | 10 ++++------
>   1 file changed, 4 insertions(+), 6 deletions(-)
> 
> diff --git a/meta-integrity/lib/oeqa/runtime/cases/ima.py b/meta-integrity/lib/oeqa/runtime/cases/ima.py
> index 0c8617a..6b361ca 100644
> --- a/meta-integrity/lib/oeqa/runtime/cases/ima.py
> +++ b/meta-integrity/lib/oeqa/runtime/cases/ima.py
> @@ -58,21 +58,19 @@ class IMACheck(OERuntimeTestCase):
>       @OETestDepends(['ima.IMACheck.test_ima_enabled'])
>       def test_ima_hash(self):
>           ''' Test if IMA stores correct file hash '''
> -        filename = "/etc/filetest"
> +        filename = "/etc/ld.so.cache"
>           ima_measure_file = "/sys/kernel/security/ima/ascii_runtime_measurements"
> -        status, output = self.target.run("echo test > %s" % filename)
> -        self.assertEqual(status, 0, "Cannot create file %s on target" % filename)
>   
>           # wait for the IMA system to update the entry
> -        maximum_tries = 30
> +        maximum_tries = 3
>           tries = 0
> -        status, output = self.target.run("sha1sum %s" %filename)
> +        status, output = self.target.run("sha256sum %s" %filename)
>           sleep(2)
>           current_hash = output.split()[0]
>           ima_hash = ""
>   
>           while tries < maximum_tries:
> -            status, output = self.target.run("cat %s | grep %s" \
> +            status, output = self.target.run("cat %s | grep -e '%s'" \
>                   % (ima_measure_file, filename))
>               # get last entry, 4th field
>               if status == 0:
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#59835): https://lists.yoctoproject.org/g/yocto/message/59835
> Mute This Topic: https://lists.yoctoproject.org/mt/98636143/1792208
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [stefanb@linux.ibm.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta-integrity/lib/oeqa/runtime/cases/ima.py b/meta-integrity/lib/oeqa/runtime/cases/ima.py
index 0c8617a..6b361ca 100644
--- a/meta-integrity/lib/oeqa/runtime/cases/ima.py
+++ b/meta-integrity/lib/oeqa/runtime/cases/ima.py
@@ -58,21 +58,19 @@  class IMACheck(OERuntimeTestCase):
     @OETestDepends(['ima.IMACheck.test_ima_enabled'])
     def test_ima_hash(self):
         ''' Test if IMA stores correct file hash '''
-        filename = "/etc/filetest"
+        filename = "/etc/ld.so.cache"
         ima_measure_file = "/sys/kernel/security/ima/ascii_runtime_measurements"
-        status, output = self.target.run("echo test > %s" % filename)
-        self.assertEqual(status, 0, "Cannot create file %s on target" % filename)
 
         # wait for the IMA system to update the entry
-        maximum_tries = 30
+        maximum_tries = 3 
         tries = 0
-        status, output = self.target.run("sha1sum %s" %filename)
+        status, output = self.target.run("sha256sum %s" %filename)
         sleep(2)
         current_hash = output.split()[0]
         ima_hash = ""
 
         while tries < maximum_tries:
-            status, output = self.target.run("cat %s | grep %s" \
+            status, output = self.target.run("cat %s | grep -e '%s'" \
                 % (ima_measure_file, filename))
             # get last entry, 4th field
             if status == 0: