-
Notifications
You must be signed in to change notification settings - Fork 3
52 lines (44 loc) · 1.73 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: Run tests
on:
- push
- pull_request
jobs:
formatting:
name: Static code checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Check formatting
run: cargo fmt --all -- --check
- name: Check clippy
run: cargo clippy --all-targets --all-features -- -D clippy::all
tests:
name: Run tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install evmctl
run: sudo apt-get install ima-evm-utils
- name: Build
run: cargo build
- name: Create key
run: "openssl genrsa | openssl pkcs8 -topk8 -nocrypt -outform DER -out privatekey.der"
- name: Create public certificate
run: openssl req -x509 -key privatekey.der -out certificate.pem -days 365 -keyform DER -subj "/CN=Testkey"
- name: Encode certificate for verification
run: openssl x509 -in certificate.pem -inform PEM -out certificate.der -outform DER
- name: Load pkcs8 parser module
run: sudo modprobe pkcs8_key_parser
- name: Load key onto keyring
run: "keyctl padd asymmetric testkey @s <privatekey.der"
# sudo here is required to set the extended attribute on Cargo.lock
- name: Sign files
run: sudo ./target/debug/keyring-ima-signer testkey certificate.pem sha256 -- Cargo.toml --xattr Cargo.lock --sigfile LICENSE
- name: Move sigfile to xattr
run: sudo ./target/debug/keyring-ima-signer --presigned LICENSE
- name: Verify file - sigfile
run: evmctl ima_verify --sigfile --key certificate.der -vvvv Cargo.toml
- name: Verify file - xattr
run: evmctl ima_verify --key certificate.der -vvvv Cargo.lock
- name: Verify file - moved xattr
run: evmctl ima_verify --key certificate.der -vvvv LICENSE