def test_correct_opal_keygen_command_executed(self):
# Check that calling generateOpalKeys() will generate the
# expected command.
self.setUpPPA()
self.setUpOpalKeys(create=False)
fake_call = FakeMethod(result=0)
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
upload = SigningUpload()
upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
"distroseries")
upload.generateOpalKeys()
self.assertEqual(2, fake_call.call_count)
# Assert the actual command matches.
args = fake_call.calls[0][0][0]
# Sanitise the keygen tmp file.
if args[11].endswith('.keygen'):
args[11] = 'XXX.keygen'
expected_cmd = [
'openssl', 'req', '-new', '-nodes', '-utf8', '-sha512', '-days',
'3650', '-batch', '-x509', '-config', 'XXX.keygen', '-outform',
'PEM', '-out', self.opal_pem, '-keyout', self.opal_pem
]
self.assertEqual(expected_cmd, args)
args = fake_call.calls[1][0][0]
expected_cmd = [
'openssl', 'x509', '-in', self.opal_pem, '-outform', 'DER', '-out',
self.opal_x509
]
self.assertEqual(expected_cmd, args)
def test_correct_uefi_keygen_command_executed(self):
# Check that calling generateUefiKeys() will generate the
# expected command.
self.setUpPPA()
self.setUpUefiKeys(create=False)
fake_call = FakeMethod(result=0)
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
upload = SigningUpload()
upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
"distroseries")
upload.generateUefiKeys()
self.assertEqual(1, fake_call.call_count)
# Assert the actual command matches.
args = fake_call.calls[0][0][0]
expected_cmd = [
'openssl',
'req',
'-new',
'-x509',
'-newkey',
'rsa:2048',
'-subj',
self.testcase_cn,
'-keyout',
self.key,
'-out',
self.cert,
'-days',
'3650',
'-nodes',
'-sha256',
]
self.assertEqual(expected_cmd, args)
def test_correct_opal_signing_command_executed_no_keys(self):
# Check that calling signOpal() will generate no commands when
# no keys are present.
self.setUpOpalKeys(create=False)
fake_call = FakeMethod(result=0)
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
upload = SigningUpload()
upload.generateOpalKeys = FakeMethod()
upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
"distroseries")
upload.signOpal('t.opal')
self.assertEqual(0, fake_call.call_count)
self.assertEqual(0, upload.generateOpalKeys.call_count)
def test_create_uefi_keys_autokey_off(self):
# Keys are not created.
self.setUpUefiKeys(create=False)
self.assertFalse(os.path.exists(self.key))
self.assertFalse(os.path.exists(self.cert))
fake_call = FakeMethod(result=0)
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
upload = SigningUpload()
upload.callLog = FakeMethodCallLog(upload=upload)
upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
"distroseries")
upload.signUefi(os.path.join(self.makeTemporaryDirectory(), 't.efi'))
self.assertEqual(0, upload.callLog.caller_count('UEFI keygen'))
self.assertFalse(os.path.exists(self.key))
self.assertFalse(os.path.exists(self.cert))
def test_create_opal_keys_autokey_on(self):
# Keys are created on demand.
self.setUpPPA()
self.setUpOpalKeys(create=False)
self.assertFalse(os.path.exists(self.opal_pem))
self.assertFalse(os.path.exists(self.opal_x509))
fake_call = FakeMethod(result=0)
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
upload = SigningUpload()
upload.callLog = FakeMethodCallLog(upload=upload)
upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
"distroseries")
upload.signOpal(os.path.join(self.makeTemporaryDirectory(), 't.opal'))
self.assertEqual(1, upload.callLog.caller_count('Opal keygen key'))
self.assertEqual(1, upload.callLog.caller_count('Opal keygen cert'))
self.assertTrue(os.path.exists(self.opal_pem))
self.assertTrue(os.path.exists(self.opal_x509))
self.assertEqual(stat.S_IMODE(os.stat(self.opal_pem).st_mode), 0o600)
self.assertEqual(stat.S_IMODE(os.stat(self.opal_x509).st_mode), 0o644)
def test_correct_opal_signing_command_executed(self):
# Check that calling signOpal() will generate the expected command
# when appropriate keys are present.
self.setUpOpalKeys()
fake_call = FakeMethod(result=0)
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
upload = SigningUpload()
upload.generateOpalKeys = FakeMethod()
upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
"distroseries")
upload.signOpal('t.opal')
self.assertEqual(1, fake_call.call_count)
# Assert command form.
args = fake_call.calls[0][0][0]
expected_cmd = [
'kmodsign', '-D', 'sha512', self.opal_pem, self.opal_x509,
't.opal', 't.opal.sig'
]
self.assertEqual(expected_cmd, args)
self.assertEqual(0, upload.generateOpalKeys.call_count)
def test_correct_uefi_signing_command_executed(self):
# Check that calling signUefi() will generate the expected command
# when appropriate keys are present.
self.setUpUefiKeys()
fake_call = FakeMethod(result=0)
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
upload = SigningUpload()
upload.generateUefiKeys = FakeMethod()
upload.setTargetDirectory(self.archive, "test_1.0_amd64.tar.gz",
"distroseries")
upload.signUefi('t.efi')
self.assertEqual(1, fake_call.call_count)
# Assert command form.
args = fake_call.calls[0][0][0]
expected_cmd = [
'sbsign',
'--key',
self.key,
'--cert',
self.cert,
't.efi',
]
self.assertEqual(expected_cmd, args)
self.assertEqual(0, upload.generateUefiKeys.call_count)
