| Message ID | 20230502110657.2496963-1-akuster808@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-security,1/2] oeqa: fix hash test to match new changes | expand |
On 5/2/23 07:06, Armin Kuster wrote: > Signed-off-by: Armin Kuster <akuster808@gmail.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> > --- > meta-integrity/lib/oeqa/runtime/cases/ima.py | 10 ++++------ > 1 file changed, 4 insertions(+), 6 deletions(-) > > diff --git a/meta-integrity/lib/oeqa/runtime/cases/ima.py b/meta-integrity/lib/oeqa/runtime/cases/ima.py > index 0c8617a..6b361ca 100644 > --- a/meta-integrity/lib/oeqa/runtime/cases/ima.py > +++ b/meta-integrity/lib/oeqa/runtime/cases/ima.py > @@ -58,21 +58,19 @@ class IMACheck(OERuntimeTestCase): > @OETestDepends(['ima.IMACheck.test_ima_enabled']) > def test_ima_hash(self): > ''' Test if IMA stores correct file hash ''' > - filename = "/etc/filetest" > + filename = "/etc/ld.so.cache" > ima_measure_file = "/sys/kernel/security/ima/ascii_runtime_measurements" > - status, output = self.target.run("echo test > %s" % filename) > - self.assertEqual(status, 0, "Cannot create file %s on target" % filename) > > # wait for the IMA system to update the entry > - maximum_tries = 30 > + maximum_tries = 3 > tries = 0 > - status, output = self.target.run("sha1sum %s" %filename) > + status, output = self.target.run("sha256sum %s" %filename) > sleep(2) > current_hash = output.split()[0] > ima_hash = "" > > while tries < maximum_tries: > - status, output = self.target.run("cat %s | grep %s" \ > + status, output = self.target.run("cat %s | grep -e '%s'" \ > % (ima_measure_file, filename)) > # get last entry, 4th field > if status == 0: > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#59835): https://lists.yoctoproject.org/g/yocto/message/59835 > Mute This Topic: https://lists.yoctoproject.org/mt/98636143/1792208 > Group Owner: yocto+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [stefanb@linux.ibm.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-integrity/lib/oeqa/runtime/cases/ima.py b/meta-integrity/lib/oeqa/runtime/cases/ima.py index 0c8617a..6b361ca 100644 --- a/meta-integrity/lib/oeqa/runtime/cases/ima.py +++ b/meta-integrity/lib/oeqa/runtime/cases/ima.py @@ -58,21 +58,19 @@ class IMACheck(OERuntimeTestCase): @OETestDepends(['ima.IMACheck.test_ima_enabled']) def test_ima_hash(self): ''' Test if IMA stores correct file hash ''' - filename = "/etc/filetest" + filename = "/etc/ld.so.cache" ima_measure_file = "/sys/kernel/security/ima/ascii_runtime_measurements" - status, output = self.target.run("echo test > %s" % filename) - self.assertEqual(status, 0, "Cannot create file %s on target" % filename) # wait for the IMA system to update the entry - maximum_tries = 30 + maximum_tries = 3 tries = 0 - status, output = self.target.run("sha1sum %s" %filename) + status, output = self.target.run("sha256sum %s" %filename) sleep(2) current_hash = output.split()[0] ima_hash = "" while tries < maximum_tries: - status, output = self.target.run("cat %s | grep %s" \ + status, output = self.target.run("cat %s | grep -e '%s'" \ % (ima_measure_file, filename)) # get last entry, 4th field if status == 0:
Signed-off-by: Armin Kuster <akuster808@gmail.com> --- meta-integrity/lib/oeqa/runtime/cases/ima.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-)