generic: handle fs.verity.require_signatures being enabled
authorEric Biggers <ebiggers@google.com>
Fri, 1 Nov 2019 23:22:19 +0000 (16:22 -0700)
committerEryu Guan <guaneryu@gmail.com>
Sat, 2 Nov 2019 06:28:35 +0000 (14:28 +0800)
commiteff343fb5d5fa893e4ab53f93f07766c58d83e90
tree1f1d148455d532eb98450f5a81934072d5f9af19
parent0f211f5bca402fabdbb526a5f5010dce956c7fd1
generic: handle fs.verity.require_signatures being enabled

Most of the fs-verity tests fail if the fs.verity.require_signatures
sysctl has been set to 1.  Update them to set this sysctl to 0 at the
beginning of the test and restore it to its previous value at the end.

generic/577 intentionally sets this sysctl to 1.  Make it restore the
previous value at the end of the test rather than assuming it was 0.

Also simplify _require_fsverity_builtin_signatures() to just check for
the presence of the file /proc/sys/fs/verity/require_signatures rather
than check whether the fs-verity keyring is listed in /proc/keys.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
common/verity
tests/generic/572
tests/generic/573
tests/generic/574
tests/generic/575
tests/generic/576
tests/generic/577
tests/generic/577.out
tests/generic/579