cbbafe244b
pecoff for i386 can be too short, so it gets padded for an accurate signature. Make sure the size comparison takes this into account to avoid spurious failures. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
19 lines
609 B
Bash
Executable file
19 lines
609 B
Bash
Executable file
#!/bin/bash -ex
|
|
|
|
signed="test.signed"
|
|
unsigned="test.unsigned"
|
|
|
|
"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image"
|
|
cp "$signed" "$unsigned"
|
|
"$sbattach" --remove "$unsigned"
|
|
|
|
# ensure that there is no security directory
|
|
objdump -p $unsigned | grep -q '0\+ 0\+ Security Directory'
|
|
|
|
##
|
|
# somewhat tricky: i386 pecoff binaries can be too short, so we add padding
|
|
# when signing, so make sure the sizes match modulo the padding
|
|
##
|
|
# ensure that the unsigned file is the same size as our original binary
|
|
[ $(( ($(stat --format=%s "$image")+7)&~7)) -eq $(( ($(stat --format=%s "$unsigned")+7)&~7)) ]
|
|
|