Skip to content

Commit

Permalink
Add tests for IMA signature deletion too
Browse files Browse the repository at this point in the history 
Normally IMA signatures should only be deleted with an explicit
rpmsign --delfilesign, but in case the are misplaced outside the
immutable region they get thrown out by rpmsign. This is expected
and desired behavior, it's simply the wrong place to place to put
them and not something we want to encourage in any way.
  • Loading branch information
@pmatilai
pmatilai committed Nov 29, 2024
1 parent 6cc04a7 commit dc1695d
Showing 1 changed file with 36 additions and 0 deletions.
36 changes: 36 additions & 0 deletions tests/rpmsigdig.at
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1842,6 +1842,28 @@ rpm -qp --qf "[%{filenames}:%{filesignatures}\n]" /data/RPMS/imatest-1.0-1.fc34.
/usr/share/example2:030204a598255400473045022100c10943795bff5d9c0db53dd4f8e4b845615fd08a2be295c30a80f5bdb4e6a41302203038840cc6abaab92acb56cb3e3ce520b17f22ff7444a8d5d0f703a44d5307a3
],
[ignore])

RPMTEST_CHECK([[
cp /data/RPMS/imatest-1.0-1.fc34.noarch.rpm .
rpmsign --delsign imatest-1.0-1.fc34.noarch.rpm
rpm -qp --qf "[%{filenames}:%{filesignatures}\n]" imatest-1.0-1.fc34.noarch.rpm
]],
[0],
[/usr/share/example1:030204a598255400483046022100e5117bdafa73baaeb1f1dc46ecaa46981a62d417745a33532572b63dc6d95d16022100c789107ac5b91e2d915e1df3c7b78414f6b3f50899d44c1de381d0e938dfc82b
/usr/share/example2:030204a598255400473045022100c10943795bff5d9c0db53dd4f8e4b845615fd08a2be295c30a80f5bdb4e6a41302203038840cc6abaab92acb56cb3e3ce520b17f22ff7444a8d5d0f703a44d5307a3
],
[])

RPMTEST_CHECK([[
cp /data/RPMS/imatest-1.0-1.fc34.noarch.rpm .
rpmsign --delfilesign imatest-1.0-1.fc34.noarch.rpm
rpm -qp --qf "[%{filenames}:%{filesignatures}\n]" imatest-1.0-1.fc34.noarch.rpm
]],
[0],
[/usr/share/example1:(none)
/usr/share/example2:(none)
],
[])
RPMTEST_CLEANUP


Expand All @@ -1862,4 +1884,18 @@ rpm -qp hello-2.0-1.x86_64-badima.rpm
[hello-2.0-1.x86_64
],
[])

# NORMALLY --delsign shouldn't delete file signatures, but when they are
# misplaced outside the immutable region, this is EXPECTED behavior.
RPMTEST_CHECK([[
rpm -qp --qf "[%{filenames}:%{filesignatures}\n]" hello-2.0-1.x86_64-badima.rpm
]],
[0],
[/usr/bin/hello:(none)
/usr/share/doc/hello-2.0:(none)
/usr/share/doc/hello-2.0/COPYING:(none)
/usr/share/doc/hello-2.0/FAQ:(none)
/usr/share/doc/hello-2.0/README:(none)
],
[])
RPMTEST_CLEANUP

0 comments on commit dc1695d

Please sign in to comment.