Compare commits
2 Commits
677f5ab8e3
...
27bca5408e
Author | SHA1 | Date |
---|---|---|
Zoltan Fridrich | 27bca5408e | |
Zoltan Fridrich | af03cdd6b2 |
|
@ -0,0 +1,3 @@
|
||||||
|
6fecd5be3ee12d07f6f61a65e18523ee03e0f925 p11-kit-release-keyring.gpg
|
||||||
|
796f3b69cad054a52e04f520459beaaab936b99f p11-kit-0.25.3.tar.xz
|
||||||
|
4133131840ef3f9609403fe391ce414878bcb9f1 p11-kit-0.25.3.tar.xz.sig
|
|
@ -0,0 +1,298 @@
|
||||||
|
From 58cd1c05e001a4fe250c15f3599e79974bc509e3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zoltan Fridrich <zfridric@redhat.com>
|
||||||
|
Date: Thu, 16 Nov 2023 10:12:14 +0100
|
||||||
|
Subject: [PATCH] Fix issues found by static analysis
|
||||||
|
|
||||||
|
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
||||||
|
---
|
||||||
|
common/frob-getprogname.c | 4 ++--
|
||||||
|
common/test.c | 4 +---
|
||||||
|
p11-kit/generate-keypair.c | 25 +++++++++----------------
|
||||||
|
p11-kit/import-object.c | 22 +++++-----------------
|
||||||
|
p11-kit/lists.c | 1 +
|
||||||
|
p11-kit/print-config.c | 4 +++-
|
||||||
|
p11-kit/rpc-client.c | 6 ++++--
|
||||||
|
p11-kit/test-uri.c | 4 ++--
|
||||||
|
trust/test-trust.c | 2 +-
|
||||||
|
9 files changed, 28 insertions(+), 44 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/common/frob-getprogname.c b/common/frob-getprogname.c
|
||||||
|
index ead658cc8..46e3b7fd3 100644
|
||||||
|
--- a/common/frob-getprogname.c
|
||||||
|
+++ b/common/frob-getprogname.c
|
||||||
|
@@ -76,14 +76,14 @@ main (int argc,
|
||||||
|
execv (BUILDDIR "/common/frob-getprogname" EXEEXT, args);
|
||||||
|
} else {
|
||||||
|
int status;
|
||||||
|
- char buffer[1024];
|
||||||
|
+ char buffer[1024] = { 0 };
|
||||||
|
size_t offset = 0;
|
||||||
|
ssize_t nread;
|
||||||
|
char *p;
|
||||||
|
|
||||||
|
close (pfds[1]);
|
||||||
|
while (1) {
|
||||||
|
- nread = read (pfds[0], buffer + offset, sizeof(buffer) - offset);
|
||||||
|
+ nread = read (pfds[0], buffer + offset, sizeof(buffer) - offset - 1);
|
||||||
|
if (nread < 0) {
|
||||||
|
perror ("read");
|
||||||
|
exit (EXIT_FAILURE);
|
||||||
|
diff --git a/common/test.c b/common/test.c
|
||||||
|
index 3ed98da01..6cdbd1fa2 100644
|
||||||
|
--- a/common/test.c
|
||||||
|
+++ b/common/test.c
|
||||||
|
@@ -272,7 +272,6 @@ p11_testx (void (* function) (void *),
|
||||||
|
test_item item = { TEST, };
|
||||||
|
va_list va;
|
||||||
|
|
||||||
|
- item.type = TEST;
|
||||||
|
item.x.test.func = function;
|
||||||
|
item.x.test.argument = argument;
|
||||||
|
|
||||||
|
@@ -287,9 +286,8 @@ void
|
||||||
|
p11_fixture (void (* setup) (void *),
|
||||||
|
void (* teardown) (void *))
|
||||||
|
{
|
||||||
|
- test_item item;
|
||||||
|
+ test_item item = { FIXTURE, };
|
||||||
|
|
||||||
|
- item.type = FIXTURE;
|
||||||
|
item.x.fix.setup = setup;
|
||||||
|
item.x.fix.teardown = teardown;
|
||||||
|
|
||||||
|
diff --git a/p11-kit/generate-keypair.c b/p11-kit/generate-keypair.c
|
||||||
|
index 49dc11830..695103d1d 100644
|
||||||
|
--- a/p11-kit/generate-keypair.c
|
||||||
|
+++ b/p11-kit/generate-keypair.c
|
||||||
|
@@ -351,7 +351,7 @@ int
|
||||||
|
p11_kit_generate_keypair (int argc,
|
||||||
|
char *argv[])
|
||||||
|
{
|
||||||
|
- int opt, ret = 2;
|
||||||
|
+ int opt, ret;
|
||||||
|
char *label = NULL;
|
||||||
|
CK_ULONG bits = 0;
|
||||||
|
const uint8_t *ec_params = NULL;
|
||||||
|
@@ -396,31 +396,27 @@ p11_kit_generate_keypair (int argc,
|
||||||
|
while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
|
||||||
|
switch (opt) {
|
||||||
|
case opt_label:
|
||||||
|
- label = strdup (optarg);
|
||||||
|
- if (label == NULL) {
|
||||||
|
- p11_message (_("failed to allocate memory"));
|
||||||
|
- goto cleanup;
|
||||||
|
- }
|
||||||
|
+ label = optarg;
|
||||||
|
break;
|
||||||
|
case opt_type:
|
||||||
|
mechanism = get_mechanism (optarg);
|
||||||
|
if (mechanism.mechanism == CKA_INVALID) {
|
||||||
|
p11_message (_("unknown mechanism type: %s"), optarg);
|
||||||
|
- goto cleanup;
|
||||||
|
+ return 2;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case opt_bits:
|
||||||
|
bits = strtol (optarg, NULL, 10);
|
||||||
|
if (bits == 0) {
|
||||||
|
p11_message (_("failed to parse bits value: %s"), optarg);
|
||||||
|
- goto cleanup;
|
||||||
|
+ return 2;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case opt_curve:
|
||||||
|
ec_params = get_ec_params (optarg, &ec_params_len);
|
||||||
|
if (ec_params == NULL) {
|
||||||
|
p11_message (_("unknown curve name: %s"), optarg);
|
||||||
|
- goto cleanup;
|
||||||
|
+ return 2;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case opt_login:
|
||||||
|
@@ -434,10 +430,9 @@ p11_kit_generate_keypair (int argc,
|
||||||
|
break;
|
||||||
|
case opt_help:
|
||||||
|
p11_tool_usage (usages, options);
|
||||||
|
- ret = 0;
|
||||||
|
- goto cleanup;
|
||||||
|
+ return 0;
|
||||||
|
case '?':
|
||||||
|
- goto cleanup;
|
||||||
|
+ return 2;
|
||||||
|
default:
|
||||||
|
assert_not_reached ();
|
||||||
|
break;
|
||||||
|
@@ -449,11 +444,11 @@ p11_kit_generate_keypair (int argc,
|
||||||
|
|
||||||
|
if (argc != 1) {
|
||||||
|
p11_tool_usage (usages, options);
|
||||||
|
- goto cleanup;
|
||||||
|
+ return 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!check_args (mechanism.mechanism, bits, ec_params))
|
||||||
|
- goto cleanup;
|
||||||
|
+ return 2;
|
||||||
|
|
||||||
|
#ifdef OS_UNIX
|
||||||
|
/* Register a fallback PIN callback that reads from terminal.
|
||||||
|
@@ -464,11 +459,9 @@ p11_kit_generate_keypair (int argc,
|
||||||
|
|
||||||
|
ret = generate_keypair (*argv, label, mechanism, bits, ec_params, ec_params_len, login);
|
||||||
|
|
||||||
|
-cleanup:
|
||||||
|
#ifdef OS_UNIX
|
||||||
|
p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL);
|
||||||
|
#endif
|
||||||
|
- free (label);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
diff --git a/p11-kit/import-object.c b/p11-kit/import-object.c
|
||||||
|
index 270a0e027..feee07659 100644
|
||||||
|
--- a/p11-kit/import-object.c
|
||||||
|
+++ b/p11-kit/import-object.c
|
||||||
|
@@ -500,7 +500,7 @@ int
|
||||||
|
p11_kit_import_object (int argc,
|
||||||
|
char *argv[])
|
||||||
|
{
|
||||||
|
- int opt, ret = 2;
|
||||||
|
+ int opt, ret;
|
||||||
|
char *label = NULL;
|
||||||
|
char *file = NULL;
|
||||||
|
bool login = false;
|
||||||
|
@@ -536,18 +536,10 @@ p11_kit_import_object (int argc,
|
||||||
|
while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
|
||||||
|
switch (opt) {
|
||||||
|
case opt_label:
|
||||||
|
- label = strdup (optarg);
|
||||||
|
- if (label == NULL) {
|
||||||
|
- p11_message (_("failed to allocate memory"));
|
||||||
|
- goto cleanup;
|
||||||
|
- }
|
||||||
|
+ label = optarg;
|
||||||
|
break;
|
||||||
|
case opt_file:
|
||||||
|
- file = strdup (optarg);
|
||||||
|
- if (file == NULL) {
|
||||||
|
- p11_message (_("failed to allocate memory"));
|
||||||
|
- goto cleanup;
|
||||||
|
- }
|
||||||
|
+ file = optarg;
|
||||||
|
break;
|
||||||
|
case opt_login:
|
||||||
|
login = true;
|
||||||
|
@@ -574,12 +566,12 @@ p11_kit_import_object (int argc,
|
||||||
|
|
||||||
|
if (argc != 1) {
|
||||||
|
p11_tool_usage (usages, options);
|
||||||
|
- goto cleanup;
|
||||||
|
+ return 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (file == NULL) {
|
||||||
|
p11_message (_("no file specified"));
|
||||||
|
- goto cleanup;
|
||||||
|
+ return 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef OS_UNIX
|
||||||
|
@@ -595,10 +587,6 @@ p11_kit_import_object (int argc,
|
||||||
|
p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-cleanup:
|
||||||
|
- free (label);
|
||||||
|
- free (file);
|
||||||
|
-
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/p11-kit/lists.c b/p11-kit/lists.c
|
||||||
|
index df58beb3f..007bb0f12 100644
|
||||||
|
--- a/p11-kit/lists.c
|
||||||
|
+++ b/p11-kit/lists.c
|
||||||
|
@@ -295,6 +295,7 @@ print_modules (void)
|
||||||
|
if (rv != CKR_OK) {
|
||||||
|
p11_message (_("couldn't load module info: %s"),
|
||||||
|
p11_kit_strerror (rv));
|
||||||
|
+ p11_kit_modules_finalize_and_release (module_list);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/p11-kit/print-config.c b/p11-kit/print-config.c
|
||||||
|
index 173b55feb..29daf3871 100644
|
||||||
|
--- a/p11-kit/print-config.c
|
||||||
|
+++ b/p11-kit/print-config.c
|
||||||
|
@@ -74,8 +74,10 @@ print_config (void)
|
||||||
|
P11_PACKAGE_CONFIG_MODULES,
|
||||||
|
P11_SYSTEM_CONFIG_MODULES,
|
||||||
|
P11_USER_CONFIG_MODULES);
|
||||||
|
- if (modules_conf == NULL)
|
||||||
|
+ if (modules_conf == NULL) {
|
||||||
|
+ p11_dict_free (global_conf);
|
||||||
|
return 1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
printf ("[global]\n");
|
||||||
|
p11_dict_iterate (global_conf, &i);
|
||||||
|
diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c
|
||||||
|
index fb39103eb..19b628b1a 100644
|
||||||
|
--- a/p11-kit/rpc-client.c
|
||||||
|
+++ b/p11-kit/rpc-client.c
|
||||||
|
@@ -173,6 +173,8 @@ call_done (rpc_client *module,
|
||||||
|
p11_rpc_message *msg,
|
||||||
|
CK_RV ret)
|
||||||
|
{
|
||||||
|
+ p11_buffer *buf;
|
||||||
|
+
|
||||||
|
assert (module != NULL);
|
||||||
|
assert (msg != NULL);
|
||||||
|
|
||||||
|
@@ -189,9 +191,9 @@ call_done (rpc_client *module,
|
||||||
|
|
||||||
|
/* We used the same buffer for input/output, so this frees both */
|
||||||
|
assert (msg->input == msg->output);
|
||||||
|
- p11_rpc_buffer_free (msg->input);
|
||||||
|
-
|
||||||
|
+ buf = msg->input;
|
||||||
|
p11_rpc_message_clear (msg);
|
||||||
|
+ p11_rpc_buffer_free (buf);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
diff --git a/p11-kit/test-uri.c b/p11-kit/test-uri.c
|
||||||
|
index 32e8da703..18b7a108a 100644
|
||||||
|
--- a/p11-kit/test-uri.c
|
||||||
|
+++ b/p11-kit/test-uri.c
|
||||||
|
@@ -1019,7 +1019,7 @@ test_uri_get_set_unrecognized (void)
|
||||||
|
static void
|
||||||
|
test_uri_match_token (void)
|
||||||
|
{
|
||||||
|
- CK_TOKEN_INFO token;
|
||||||
|
+ CK_TOKEN_INFO token = { 0 };
|
||||||
|
P11KitUri *uri;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
@@ -1056,7 +1056,7 @@ test_uri_match_token (void)
|
||||||
|
static void
|
||||||
|
test_uri_match_module (void)
|
||||||
|
{
|
||||||
|
- CK_INFO info;
|
||||||
|
+ CK_INFO info = { 0 };
|
||||||
|
P11KitUri *uri;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
diff --git a/trust/test-trust.c b/trust/test-trust.c
|
||||||
|
index 29b2797b5..3b27a1f31 100644
|
||||||
|
--- a/trust/test-trust.c
|
||||||
|
+++ b/trust/test-trust.c
|
||||||
|
@@ -258,7 +258,7 @@ test_check_symlink_msg (const char *file,
|
||||||
|
if (asprintf (&filename, "%s/%s", directory, name) < 0)
|
||||||
|
assert_not_reached ();
|
||||||
|
|
||||||
|
- if (readlink (filename, buf, sizeof (buf)) < 0)
|
||||||
|
+ if (readlink (filename, buf, sizeof (buf) - 1) < 0)
|
||||||
|
p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename);
|
||||||
|
|
||||||
|
if (strcmp (destination, buf) != 0)
|
|
@ -3,6 +3,5 @@ product_versions:
|
||||||
- rhel-9
|
- rhel-9
|
||||||
decision_context: osci_compose_gate
|
decision_context: osci_compose_gate
|
||||||
rules:
|
rules:
|
||||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
|
||||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
|
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# This spec file has been automatically updated
|
# This spec file has been automatically updated
|
||||||
Version: 0.25.3
|
Version: 0.25.3
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Name: p11-kit
|
Name: p11-kit
|
||||||
Summary: Library for loading and sharing PKCS#11 modules
|
Summary: Library for loading and sharing PKCS#11 modules
|
||||||
|
|
||||||
|
@ -12,6 +12,8 @@ Source2: https://p11-glue.github.io/p11-glue/p11-kit/p11-kit-release-keyr
|
||||||
Source3: trust-extract-compat
|
Source3: trust-extract-compat
|
||||||
Source4: p11-kit-client.service
|
Source4: p11-kit-client.service
|
||||||
|
|
||||||
|
Patch0: 001-static-analysis.patch
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: libtasn1-devel >= 2.3
|
BuildRequires: libtasn1-devel >= 2.3
|
||||||
BuildRequires: libffi-devel
|
BuildRequires: libffi-devel
|
||||||
|
@ -152,6 +154,10 @@ fi
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 23 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-2
|
||||||
|
- Fix issues found by static analysis
|
||||||
|
Related: RHEL-14834
|
||||||
|
|
||||||
* Wed Nov 15 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-1
|
* Wed Nov 15 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-1
|
||||||
- Update to new upstream release 0.25.3
|
- Update to new upstream release 0.25.3
|
||||||
Resolves: RHEL-14834
|
Resolves: RHEL-14834
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
*.retry
|
|
||||||
artifacts/
|
|
|
@ -1,14 +0,0 @@
|
||||||
---
|
|
||||||
# This first play always runs on the local staging system
|
|
||||||
- hosts: localhost
|
|
||||||
roles:
|
|
||||||
- role: standard-test-beakerlib
|
|
||||||
tags:
|
|
||||||
- classic
|
|
||||||
- atomic
|
|
||||||
- container
|
|
||||||
tests:
|
|
||||||
- trust-anchor-complains-about-invalid-attribute-and
|
|
||||||
required_packages:
|
|
||||||
- openssl
|
|
||||||
- p11-kit
|
|
|
@ -1,64 +0,0 @@
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
#
|
|
||||||
# Makefile of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
|
|
||||||
# Description: Test for trust anchor complains about invalid attribute and
|
|
||||||
# Author: Hubert Kario <hkario@redhat.com>
|
|
||||||
#
|
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
#
|
|
||||||
# Copyright (c) 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# This copyrighted material is made available to anyone wishing
|
|
||||||
# to use, modify, copy, or redistribute it subject to the terms
|
|
||||||
# and conditions of the GNU General Public License version 2.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be
|
|
||||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
||||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
||||||
# PURPOSE. See the GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public
|
|
||||||
# License along with this program; if not, write to the Free
|
|
||||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
||||||
# Boston, MA 02110-1301, USA.
|
|
||||||
#
|
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
export TEST=/CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
|
|
||||||
export TESTVERSION=1.0
|
|
||||||
|
|
||||||
BUILT_FILES=
|
|
||||||
|
|
||||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
|
||||||
|
|
||||||
.PHONY: all install download clean
|
|
||||||
|
|
||||||
run: $(FILES) build
|
|
||||||
./runtest.sh
|
|
||||||
|
|
||||||
build: $(BUILT_FILES)
|
|
||||||
test -x runtest.sh || chmod a+x runtest.sh
|
|
||||||
|
|
||||||
clean:
|
|
||||||
rm -f *~ $(BUILT_FILES)
|
|
||||||
|
|
||||||
|
|
||||||
include /usr/share/rhts/lib/rhts-make.include
|
|
||||||
|
|
||||||
$(METADATA): Makefile
|
|
||||||
@echo "Owner: Hubert Kario <hkario@redhat.com>" > $(METADATA)
|
|
||||||
@echo "Name: $(TEST)" >> $(METADATA)
|
|
||||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
|
||||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
|
||||||
@echo "Description: Test for trust anchor complains about invalid attribute and" >> $(METADATA)
|
|
||||||
@echo "Type: Regression" >> $(METADATA)
|
|
||||||
@echo "TestTime: 2m" >> $(METADATA)
|
|
||||||
@echo "RunFor: p11-kit" >> $(METADATA)
|
|
||||||
@echo "Requires: openssl p11-kit" >> $(METADATA)
|
|
||||||
@echo "Priority: Normal" >> $(METADATA)
|
|
||||||
@echo "License: GPLv2" >> $(METADATA)
|
|
||||||
@echo "Confidential: no" >> $(METADATA)
|
|
||||||
@echo "Destructive: no" >> $(METADATA)
|
|
||||||
@echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
|
|
||||||
|
|
||||||
rhts-lint $(METADATA)
|
|
|
@ -1,17 +0,0 @@
|
||||||
PURPOSE of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
|
|
||||||
Description: Test for trust anchor complains about invalid attribute and
|
|
||||||
Author: Hubert Kario <hkario@redhat.com>
|
|
||||||
Bug summary: trust anchor complains about invalid attribute and fails when a new certificate tries to store into trust place
|
|
||||||
|
|
||||||
Steps to Reproduce:
|
|
||||||
1. /etc/pki/tls/certs/make-dummy-cert mycert-tmp.pem
|
|
||||||
2. openssl x509 -in mycert-tmp.pem -addtrust clientAuth -addtrust serverAuth -addtrust emailProtection -out mycert.pem
|
|
||||||
3. trust anchor --store mycert.pem
|
|
||||||
|
|
||||||
Actual results:
|
|
||||||
p11-kit: the CKA_TRUSTED attribute is not valid for the object
|
|
||||||
p11-kit: couldn't create object: Certain fields have invalid values
|
|
||||||
|
|
||||||
|
|
||||||
Expected results:
|
|
||||||
Certificate is stored in trust place.
|
|
|
@ -1,59 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
#
|
|
||||||
# runtest.sh of /CoreOS/p11-kit/trust-anchor-complains-about-invalid-attribute-and
|
|
||||||
# Description: Test for trust anchor complains about invalid attribute and
|
|
||||||
# Author: Hubert Kario <hkario@redhat.com>
|
|
||||||
#
|
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
#
|
|
||||||
# Copyright (c) 2017 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# This copyrighted material is made available to anyone wishing
|
|
||||||
# to use, modify, copy, or redistribute it subject to the terms
|
|
||||||
# and conditions of the GNU General Public License version 2.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be
|
|
||||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
||||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
||||||
# PURPOSE. See the GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public
|
|
||||||
# License along with this program; if not, write to the Free
|
|
||||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
||||||
# Boston, MA 02110-1301, USA.
|
|
||||||
#
|
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
# Include Beaker environment
|
|
||||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
|
||||||
|
|
||||||
PACKAGE="p11-kit"
|
|
||||||
|
|
||||||
rlJournalStart
|
|
||||||
rlPhaseStartSetup
|
|
||||||
rlAssertRpm $PACKAGE
|
|
||||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
|
||||||
rlRun "pushd $TmpDir"
|
|
||||||
rlRun "rlFileBackup --clean /etc/pki"
|
|
||||||
rlPhaseEnd
|
|
||||||
|
|
||||||
rlPhaseStartTest
|
|
||||||
DUMMY_MAKER_BIN="/etc/pki/tls/certs/make-dummy-cert"
|
|
||||||
[ -x /usr/bin/make-dummy-cert ] && DUMMY_MAKER_BIN="/usr/bin/make-dummy-cert"
|
|
||||||
rlRun "$DUMMY_MAKER_BIN mycert-tmp.pem"
|
|
||||||
rlRun "openssl x509 -in mycert-tmp.pem -addtrust clientAuth -addtrust serverAuth -addtrust emailProtection -out mycert.pem"
|
|
||||||
rlAssertNotExists "/etc/pki/ca-trust/source/localhost.localdomain.p11-kit"
|
|
||||||
rlRun -s "trust anchor --store mycert.pem"
|
|
||||||
rlAssertNotGrep "p11-kit:" $rlRun_LOG
|
|
||||||
rlAssertExists "/etc/pki/ca-trust/source/localhost.localdomain.p11-kit"
|
|
||||||
rlPhaseEnd
|
|
||||||
|
|
||||||
rlPhaseStartCleanup
|
|
||||||
rlRun "popd"
|
|
||||||
rlRun "rlFileRestore"
|
|
||||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
|
||||||
rlPhaseEnd
|
|
||||||
rlJournalPrintText
|
|
||||||
rlJournalEnd
|
|
Loading…
Reference in New Issue