From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6147DC433E1 for ; Thu, 27 Aug 2020 14:52:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4BF5322BEB for ; Thu, 27 Aug 2020 14:52:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726093AbgH0OwZ (ORCPT ); Thu, 27 Aug 2020 10:52:25 -0400 Received: from mx2.suse.de ([195.135.220.15]:58236 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726262AbgH0NYJ (ORCPT ); Thu, 27 Aug 2020 09:24:09 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 9C5B1AC48; Thu, 27 Aug 2020 13:24:28 +0000 (UTC) Date: Thu, 27 Aug 2020 15:23:54 +0200 From: Petr Vorel To: Mimi Zohar Cc: ltp@lists.linux.it, Lachlan Sneff , Lakshmi Ramasubramanian , Mimi Zohar , linux-integrity@vger.kernel.org Subject: Re: [LTP v4 4/5] IMA: Add a test to verify measurement of certificate imported into a keyring Message-ID: <20200827132354.GA20439@dell5510> Reply-To: Petr Vorel References: <20200820090824.3033-1-pvorel@suse.cz> <20200820090824.3033-5-pvorel@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Hi Mimi, ... > > + if ! tst_is_num $KEYRING_ID; then > > + tst_brk TBROK "unable to parse the new keyring id ('$KEYRING_ID')" > > + fi > > + > Instead of using TST_DATAROOT, which is defined as > "$LTPROOT/datafiles", use LTPROOT directly to define the path to the > cert. Adding the following will allow the test to run from the build > directory. > if [ ! -f $cert_file ]; then > cert_file="$LTPROOT/../datafiles/ima_keys/x509_ima.der" > fi Yes, this will work if you set LTPROOT to /testcases/kernel/security/integrity/ima/tests/: $ cd /testcases/kernel/security/integrity/ima/tests/ $ LTPROOT=$PWD PATH="../../../../../lib/:.:$PATH" ./ima_keys.sh But, according to doc [1] $LTPROOT is "Prefix for installed LTP, the default is /opt/ltp.". Using it like this is confusing (if we want to misuse $LTPROOT, one would expect it's a cloned git root directory). Running from git root it'd have to be: $ cd $ LTPROOT=$PWD/testcases/kernel/security/integrity/ima/tests/ \ PATH="testcases/lib:testcases/kernel/security/integrity/ima/tests/:$PATH" ima_keys.sh TL;DR: I'd really prefer people run IMA from installed LTP (make && make install in both testcases/lib and testcases/kernel/security/integrity/ima/ is just enough), but I'll add this hack to make your testing easier :). But fixing this in tst_test.sh is really needed. > Mimi Kind regards, Petr [1] https://github.com/linux-test-project/ltp/wiki/User-Guidelines From mboxrd@z Thu Jan 1 00:00:00 1970 From: Petr Vorel Date: Thu, 27 Aug 2020 15:23:54 +0200 Subject: [LTP] [LTP v4 4/5] IMA: Add a test to verify measurement of certificate imported into a keyring In-Reply-To: References: <20200820090824.3033-1-pvorel@suse.cz> <20200820090824.3033-5-pvorel@suse.cz> Message-ID: <20200827132354.GA20439@dell5510> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: ltp@lists.linux.it Hi Mimi, ... > > + if ! tst_is_num $KEYRING_ID; then > > + tst_brk TBROK "unable to parse the new keyring id ('$KEYRING_ID')" > > + fi > > + > Instead of using TST_DATAROOT, which is defined as > "$LTPROOT/datafiles", use LTPROOT directly to define the path to the > cert. Adding the following will allow the test to run from the build > directory. > if [ ! -f $cert_file ]; then > cert_file="$LTPROOT/../datafiles/ima_keys/x509_ima.der" > fi Yes, this will work if you set LTPROOT to /testcases/kernel/security/integrity/ima/tests/: $ cd /testcases/kernel/security/integrity/ima/tests/ $ LTPROOT=$PWD PATH="../../../../../lib/:.:$PATH" ./ima_keys.sh But, according to doc [1] $LTPROOT is "Prefix for installed LTP, the default is /opt/ltp.". Using it like this is confusing (if we want to misuse $LTPROOT, one would expect it's a cloned git root directory). Running from git root it'd have to be: $ cd $ LTPROOT=$PWD/testcases/kernel/security/integrity/ima/tests/ \ PATH="testcases/lib:testcases/kernel/security/integrity/ima/tests/:$PATH" ima_keys.sh TL;DR: I'd really prefer people run IMA from installed LTP (make && make install in both testcases/lib and testcases/kernel/security/integrity/ima/ is just enough), but I'll add this hack to make your testing easier :). But fixing this in tst_test.sh is really needed. > Mimi Kind regards, Petr [1] https://github.com/linux-test-project/ltp/wiki/User-Guidelines