Since we can sign i386 PE/COFF images, run the tests on both x86-64 and
i386 binaries.
We do this by moving test.pecoff to test-<arch>.pecoff, and using
automake's parallel-test option to add a wrapper to each test execution.
This wrapper calls each test once per arch (as defined in TEST_ARCHES),
and checks for failures in any invocation.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than setting ->sigbuf directly, add two functions to handle image
signature addition and removal:
image_add_signature(image, sig, sigsize);
image_remove_signature(image);
And warn when a signature is to be overwritten.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
sbattach --detach isn't working, as we're not properly setting sigbuf in
image_pecoff parse.
This change ensures we populate sigbuf when we find a valid cert table.
Also, add a test case for this.
Bug report & initial patch from from Steve Langasek.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a test to check the validity of the certificate table header,
ensuring that parsing the header gives us the valid certificate.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a test for the invalid PKCS7 signature attaching. This test
generates 1K of zero bytes as an invalid signature to attach.
Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a few tests for the sign, verify, attach and detach code. These
require some additional infrastructure to create a sample PE/COFF
executable, plus a key & cert for testing.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>