lanzaboote/rust/tool/systemd/tests/systemd_boot.rs

use std::fs;
use std::path::PathBuf;

use anyhow::Result;
use lanzaboote_tool::architecture::Architecture;
use lzbt_systemd::architecture::SystemdArchitectureExt;
use tempfile::tempdir;

mod common;

use common::{hash_file, mtime, remove_signature, verify_signature, TARGET_SYSTEM_DOUBLE};

#[test]
fn keep_systemd_boot_binaries() -> Result<()> {
    let esp = tempdir()?;
    let tmpdir = tempdir()?;
    let profiles = tempdir()?;
    let generation_link = common::setup_generation_link(tmpdir.path(), profiles.path(), 1)
        .expect("Failed to setup generation link");

    let systemd_boot_path = systemd_boot_path(&esp);
    let systemd_boot_fallback_path = systemd_boot_fallback_path(&esp);

    let output0 = common::lanzaboote_install(0, esp.path(), vec![&generation_link])?;
    assert!(output0.status.success());

    // Use the modification time instead of a hash because the hash would be the same even if the
    // file was overwritten.
    let systemd_boot_mtime0 = mtime(&systemd_boot_path);
    let systemd_boot_fallback_mtime0 = mtime(&systemd_boot_fallback_path);

    let output1 = common::lanzaboote_install(0, esp.path(), vec![generation_link])?;
    assert!(output1.status.success());

    let systemd_boot_mtime1 = mtime(&systemd_boot_path);
    let systemd_boot_fallback_mtime1 = mtime(&systemd_boot_fallback_path);

    assert_eq!(
        systemd_boot_mtime0, systemd_boot_mtime1,
        "systemd-boot binary was modified on second install."
    );
    assert_eq!(
        systemd_boot_fallback_mtime0, systemd_boot_fallback_mtime1,
        "systemd-boot fallback binary was moidified on second install."
    );

    Ok(())
}

#[test]
fn overwrite_malformed_systemd_boot_binaries() -> Result<()> {
    let esp = tempdir()?;
    let tmpdir = tempdir()?;
    let profiles = tempdir()?;
    let generation_link = common::setup_generation_link(tmpdir.path(), profiles.path(), 1)
        .expect("Failed to setup generation link");

    let systemd_boot_path = systemd_boot_path(&esp);
    let systemd_boot_fallback_path = systemd_boot_fallback_path(&esp);

    let output0 = common::lanzaboote_install(0, esp.path(), vec![&generation_link])?;
    assert!(output0.status.success());

    // Make systemd-boot binaries malformed by truncating them.
    fs::File::create(&systemd_boot_path)?;
    fs::File::create(&systemd_boot_fallback_path)?;

    let malformed_systemd_boot_hash = hash_file(&systemd_boot_path);
    let malformed_systemd_boot_fallback_hash = hash_file(&systemd_boot_fallback_path);

    let output1 = common::lanzaboote_install(0, esp.path(), vec![generation_link])?;
    assert!(output1.status.success());

    let systemd_boot_hash = hash_file(&systemd_boot_path);
    let systemd_boot_fallback_hash = hash_file(&systemd_boot_fallback_path);

    assert_ne!(
        malformed_systemd_boot_hash, systemd_boot_hash,
        "Malformed systemd-boot binaries were not replaced."
    );
    assert_ne!(
        malformed_systemd_boot_fallback_hash, systemd_boot_fallback_hash,
        "Maformed systemd-boot fallback binaries were not replaced."
    );

    Ok(())
}

#[test]
fn overwrite_unsigned_systemd_boot_binaries() -> Result<()> {
    let esp = tempdir()?;
    let tmpdir = tempdir()?;
    let profiles = tempdir()?;
    let generation_link = common::setup_generation_link(tmpdir.path(), profiles.path(), 1)
        .expect("Failed to setup generation link");

    let systemd_boot_path = systemd_boot_path(&esp);
    let systemd_boot_fallback_path = systemd_boot_fallback_path(&esp);

    let output0 = common::lanzaboote_install(0, esp.path(), vec![&generation_link])?;
    assert!(output0.status.success());

    remove_signature(&systemd_boot_path)?;
    remove_signature(&systemd_boot_fallback_path)?;
    assert!(!verify_signature(&systemd_boot_path)?);
    assert!(!verify_signature(&systemd_boot_fallback_path)?);

    let output1 = common::lanzaboote_install(0, esp.path(), vec![generation_link])?;
    assert!(output1.status.success());

    assert!(verify_signature(&systemd_boot_path)?);
    assert!(verify_signature(&systemd_boot_fallback_path)?);

    Ok(())
}

fn systemd_boot_path(esp: &tempfile::TempDir) -> PathBuf {
    let arch = Architecture::from_nixos_system(TARGET_SYSTEM_DOUBLE).unwrap();
    esp.path()
        .join("EFI/systemd/")
        .join(arch.systemd_filename())
}

fn systemd_boot_fallback_path(esp: &tempfile::TempDir) -> PathBuf {
    let arch = Architecture::from_nixos_system(TARGET_SYSTEM_DOUBLE).unwrap();
    esp.path()
        .join("EFI/BOOT/")
        .join(arch.efi_fallback_filename())
}
tool: make some utility test functions reusable Make them reusable by moving them to the common module. 2023-02-15 16:09:24 -06:00			`use std::fs;`
			`use std::path::PathBuf;`
tool: smarter systemd-boot install The process of installing systemd-boot is "smarter" because it now considers a a few conditions instead of doing nothing if there is a file at the deistination path. systemd-boot is now forcibly installed (i.e. overwriting any file at the destination) if (1) there is no file at the destination, OR (2) a newer version of systemd-boot is available, OR (3) the signature of the file at the destination could not be verified. 2023-01-17 18:58:45 -06:00
			`use anyhow::Result;`
tool(systemd-boot): install it once instead of checking for each generation systemd-boot is now installed once for many generations rather than multiple times. This means it is not really possible to manage different system in the same "machine", which is a very obscure usecase, theoretically possible, but not yet encountered. 2023-06-16 09:42:19 -05:00			`use lanzaboote_tool::architecture::Architecture;`
			`use lzbt_systemd::architecture::SystemdArchitectureExt;`
tool: smarter systemd-boot install The process of installing systemd-boot is "smarter" because it now considers a a few conditions instead of doing nothing if there is a file at the deistination path. systemd-boot is now forcibly installed (i.e. overwriting any file at the destination) if (1) there is no file at the destination, OR (2) a newer version of systemd-boot is available, OR (3) the signature of the file at the destination could not be verified. 2023-01-17 18:58:45 -06:00			`use tempfile::tempdir;`

			`mod common;`

tool(tests): use library to use the "target architecture" properly in tests 2023-04-25 10:26:40 -05:00			`use common::{hash_file, mtime, remove_signature, verify_signature, TARGET_SYSTEM_DOUBLE};`
tool: make some utility test functions reusable Make them reusable by moving them to the common module. 2023-02-15 16:09:24 -06:00
tool: smarter systemd-boot install The process of installing systemd-boot is "smarter" because it now considers a a few conditions instead of doing nothing if there is a file at the deistination path. systemd-boot is now forcibly installed (i.e. overwriting any file at the destination) if (1) there is no file at the destination, OR (2) a newer version of systemd-boot is available, OR (3) the signature of the file at the destination could not be verified. 2023-01-17 18:58:45 -06:00			`#[test]`
			`fn keep_systemd_boot_binaries() -> Result<()> {`
			`let esp = tempdir()?;`
			`let tmpdir = tempdir()?;`
			`let profiles = tempdir()?;`
			`let generation_link = common::setup_generation_link(tmpdir.path(), profiles.path(), 1)`
			`.expect("Failed to setup generation link");`

			`let systemd_boot_path = systemd_boot_path(&esp);`
			`let systemd_boot_fallback_path = systemd_boot_fallback_path(&esp);`

			`let output0 = common::lanzaboote_install(0, esp.path(), vec![&generation_link])?;`
			`assert!(output0.status.success());`

			`// Use the modification time instead of a hash because the hash would be the same even if the`
			`// file was overwritten.`
			`let systemd_boot_mtime0 = mtime(&systemd_boot_path);`
			`let systemd_boot_fallback_mtime0 = mtime(&systemd_boot_fallback_path);`

			`let output1 = common::lanzaboote_install(0, esp.path(), vec![generation_link])?;`
			`assert!(output1.status.success());`

			`let systemd_boot_mtime1 = mtime(&systemd_boot_path);`
			`let systemd_boot_fallback_mtime1 = mtime(&systemd_boot_fallback_path);`

			`assert_eq!(`
			`systemd_boot_mtime0, systemd_boot_mtime1,`
			`"systemd-boot binary was modified on second install."`
			`);`
			`assert_eq!(`
			`systemd_boot_fallback_mtime0, systemd_boot_fallback_mtime1,`
			`"systemd-boot fallback binary was moidified on second install."`
			`);`

			`Ok(())`
			`}`

			`#[test]`
			`fn overwrite_malformed_systemd_boot_binaries() -> Result<()> {`
			`let esp = tempdir()?;`
			`let tmpdir = tempdir()?;`
			`let profiles = tempdir()?;`
			`let generation_link = common::setup_generation_link(tmpdir.path(), profiles.path(), 1)`
			`.expect("Failed to setup generation link");`

			`let systemd_boot_path = systemd_boot_path(&esp);`
			`let systemd_boot_fallback_path = systemd_boot_fallback_path(&esp);`

			`let output0 = common::lanzaboote_install(0, esp.path(), vec![&generation_link])?;`
			`assert!(output0.status.success());`

			`// Make systemd-boot binaries malformed by truncating them.`
			`fs::File::create(&systemd_boot_path)?;`
			`fs::File::create(&systemd_boot_fallback_path)?;`

			`let malformed_systemd_boot_hash = hash_file(&systemd_boot_path);`
			`let malformed_systemd_boot_fallback_hash = hash_file(&systemd_boot_fallback_path);`

			`let output1 = common::lanzaboote_install(0, esp.path(), vec![generation_link])?;`
			`assert!(output1.status.success());`

			`let systemd_boot_hash = hash_file(&systemd_boot_path);`
			`let systemd_boot_fallback_hash = hash_file(&systemd_boot_fallback_path);`

			`assert_ne!(`
			`malformed_systemd_boot_hash, systemd_boot_hash,`
			`"Malformed systemd-boot binaries were not replaced."`
			`);`
			`assert_ne!(`
			`malformed_systemd_boot_fallback_hash, systemd_boot_fallback_hash,`
			`"Maformed systemd-boot fallback binaries were not replaced."`
			`);`

			`Ok(())`
			`}`

			`#[test]`
			`fn overwrite_unsigned_systemd_boot_binaries() -> Result<()> {`
			`let esp = tempdir()?;`
			`let tmpdir = tempdir()?;`
			`let profiles = tempdir()?;`
			`let generation_link = common::setup_generation_link(tmpdir.path(), profiles.path(), 1)`
			`.expect("Failed to setup generation link");`

			`let systemd_boot_path = systemd_boot_path(&esp);`
			`let systemd_boot_fallback_path = systemd_boot_fallback_path(&esp);`

			`let output0 = common::lanzaboote_install(0, esp.path(), vec![&generation_link])?;`
			`assert!(output0.status.success());`

			`remove_signature(&systemd_boot_path)?;`
			`remove_signature(&systemd_boot_fallback_path)?;`
			`assert!(!verify_signature(&systemd_boot_path)?);`
			`assert!(!verify_signature(&systemd_boot_fallback_path)?);`

			`let output1 = common::lanzaboote_install(0, esp.path(), vec![generation_link])?;`
			`assert!(output1.status.success());`

			`assert!(verify_signature(&systemd_boot_path)?);`
			`assert!(verify_signature(&systemd_boot_fallback_path)?);`

			`Ok(())`
			`}`

			`fn systemd_boot_path(esp: &tempfile::TempDir) -> PathBuf {`
tool(systemd-boot): install it once instead of checking for each generation systemd-boot is now installed once for many generations rather than multiple times. This means it is not really possible to manage different system in the same "machine", which is a very obscure usecase, theoretically possible, but not yet encountered. 2023-06-16 09:42:19 -05:00			`let arch = Architecture::from_nixos_system(TARGET_SYSTEM_DOUBLE).unwrap();`
			`esp.path()`
			`.join("EFI/systemd/")`
			`.join(arch.systemd_filename())`
tool: smarter systemd-boot install The process of installing systemd-boot is "smarter" because it now considers a a few conditions instead of doing nothing if there is a file at the deistination path. systemd-boot is now forcibly installed (i.e. overwriting any file at the destination) if (1) there is no file at the destination, OR (2) a newer version of systemd-boot is available, OR (3) the signature of the file at the destination could not be verified. 2023-01-17 18:58:45 -06:00			`}`

			`fn systemd_boot_fallback_path(esp: &tempfile::TempDir) -> PathBuf {`
tool(systemd-boot): install it once instead of checking for each generation systemd-boot is now installed once for many generations rather than multiple times. This means it is not really possible to manage different system in the same "machine", which is a very obscure usecase, theoretically possible, but not yet encountered. 2023-06-16 09:42:19 -05:00			`let arch = Architecture::from_nixos_system(TARGET_SYSTEM_DOUBLE).unwrap();`
			`esp.path()`
			`.join("EFI/BOOT/")`
			`.join(arch.efi_fallback_filename())`
tool: smarter systemd-boot install The process of installing systemd-boot is "smarter" because it now considers a a few conditions instead of doing nothing if there is a file at the deistination path. systemd-boot is now forcibly installed (i.e. overwriting any file at the destination) if (1) there is no file at the destination, OR (2) a newer version of systemd-boot is available, OR (3) the signature of the file at the destination could not be verified. 2023-01-17 18:58:45 -06:00			`}`