sbsigntools/tests/detach-remove.sh

#!/bin/bash -ex

signed="test.signed"
unsigned="test.unsigned"

"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image"
cp "$signed" "$unsigned"
"$sbattach" --remove "$unsigned"

# ensure that there is no security directory
objdump -p $unsigned | grep -q '0\+ 0\+ Security Directory'

##
# somewhat tricky: i386 pecoff binaries can be too short, so we add padding
# when signing, so make sure the sizes match modulo the padding
##
# ensure that the unsigned file is the same size as our original binary
[ $(( ($(stat --format=%s "$image")+7)&~7)) -eq $(( ($(stat --format=%s "$unsigned")+7)&~7)) ]
image: Use size of image data when writing images When detaching a signature, we need to know the size of the non-signature data. So, add a data_size member to struct image, and populate it when we iterate through the section table. When writing the image, use data_size rather than size, so we don't unnecessarily add the (now unused) signature data. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com> 2012-08-13 05:49:40 +00:00			`#!/bin/bash -ex`

			`signed="test.signed"`
			`unsigned="test.unsigned"`

			`"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image"`
			`cp "$signed" "$unsigned"`
			`"$sbattach" --remove "$unsigned"`

			`# ensure that there is no security directory`
			`objdump -p $unsigned \| grep -q '0\+ 0\+ Security Directory'`

tests/detach-remove.sh: fix for i386 pecoff size problems pecoff for i386 can be too short, so it gets padded for an accurate signature. Make sure the size comparison takes this into account to avoid spurious failures. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> 2017-10-19 01:17:29 +00:00			`##`
			`# somewhat tricky: i386 pecoff binaries can be too short, so we add padding`
			`# when signing, so make sure the sizes match modulo the padding`
			`##`
image: Use size of image data when writing images When detaching a signature, we need to know the size of the non-signature data. So, add a data_size member to struct image, and populate it when we iterate through the section table. When writing the image, use data_size rather than size, so we don't unnecessarily add the (now unused) signature data. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com> 2012-08-13 05:49:40 +00:00			`# ensure that the unsigned file is the same size as our original binary`
tests/detach-remove.sh: fix for i386 pecoff size problems pecoff for i386 can be too short, so it gets padded for an accurate signature. Make sure the size comparison takes this into account to avoid spurious failures. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> 2017-10-19 01:17:29 +00:00			`[ $(( ($(stat --format=%s "$image")+7)&~7)) -eq $(( ($(stat --format=%s "$unsigned")+7)&~7)) ]`
image: Use size of image data when writing images When detaching a signature, we need to know the size of the non-signature data. So, add a data_size member to struct image, and populate it when we iterate through the section table. When writing the image, use data_size rather than size, so we don't unnecessarily add the (now unused) signature data. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com> 2012-08-13 05:49:40 +00:00