OSX/codesign_tests/SignatureEditing.sh

   1 #!/bin/sh
   2
   3 v=${v:-:}
   4
   5 fails=0
   6 t=$(mktemp -d /tmp/cs-edit-XXXXXX)
   7
   8 runTest () {
   9     test=$1
  10     shift
  11
  12     echo "[BEGIN] ${test}"
  13
  14     ${v} echo "> $@"
  15     "$@" > $t/outfile.txt 2>&1
  16     res=$?
  17     [ $res != 0 ] && res=1 #normalize
  18
  19     if expr "$test" : "fail"  > /dev/null; then
  20         exp=1
  21     else
  22         exp=0
  23     fi
  24
  25     ${v} cat $t/outfile.txt
  26     if [ $res -eq $exp ]; then
  27         echo "[PASS] ${test}"
  28         echo
  29         rm -f $t/outfile.txt
  30     else
  31         echo
  32         cat $t/outfile.txt
  33         echo
  34         echo "[FAIL] ${test}"
  35         echo
  36         fails=$(($fails+1))
  37     fi
  38 }
  39
  40 codesign=${codesign:-codesign}
  41
  42 editTest () {
  43     name="$1"
  44     shift
  45     target="$1"
  46     shift
  47
  48     rm -f $t/cms
  49
  50     runTest validate-$name $codesign -v -R="anchor apple" -v "$target"
  51     runTest dump-cms-$name $codesign -d --dump-cms=$t/cms "$target"
  52     runTest edit-nonsense-into-cms-$name $codesign -e "$target" --edit-cms /etc/hosts
  53     runTest fail-nonsense-validation-$name $codesign -v -R="anchor apple" -v "$target"
  54     runTest edit-original-into-cms-$name $codesign -e "$target" --edit-cms $t/cms
  55     runTest success-cms-validation-$name $codesign -v -R="anchor apple" -v "$target"
  56     runTest edit-cat-cms-into-cms-$name $codesign -e "$target" --edit-cms $t/cat.cms
  57     runTest fail-cat-cms-validation-$name $codesign -v -R="anchor apple" -v "$target"
  58     runTest edit-original-again-into-cms-$name $codesign -e "$target" --edit-cms $t/cms
  59     runTest success-cms-validation-again-$name $codesign -v -R="anchor apple" -v "$target"
  60 }
  61
  62 runTest dump-cat-cms $codesign -d --dump-cms=$t/cat.cms /bin/cat
  63
  64 runTest prepare-ls cp -R /bin/ls $t/ls
  65 editTest ls $t/ls
  66 runTest prepare-TextEdit cp -R /Applications/TextEdit.app $t/TextEdit.app
  67 editTest TextEdit $t/TextEdit.app
  68
  69 runTest prepare-codeless cp -R /var/db/gke.bundle $t/gke.bundle
  70 editTest codeless $t/gke.bundle
  71
  72 runTest codesign-remove-signature $codesign --remove $t/ls
  73 runTest codesign-omit-adhoc $codesign -s - -f --omit-adhoc-flag $t/ls
  74 runTest adhoc-omitted sh -c "$codesign -d -v $t/ls 2>&1| grep -F 'flags=0x0(none)'"
  75
  76 # cleanup
  77
  78 if [ $fails != 0 ] ; then
  79     echo "$fails signature edit tests failed"
  80     exit 1
  81 else
  82     echo "all signature edit tests passed"
  83     rm -rf $t
  84 fi
  85
  86 exit 0