Using --with-mem-uservars causes a mismatch with the precomputed MD5 checksum. To support this use case, first verify the CRC32, resize the configuration to match the default expected by the precomputed MD5 checksum, then recompute a matching CRC32.
Signed-off-by: Earl Chew <[email protected]> --- .github/workflows/main.yaml | 7 +++- tests/bg_setenv.bats | 73 +++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 38c2b66..4b34ebe 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -114,6 +114,11 @@ jobs: sudo apt-get update sudo apt-get install --no-install-recommends cppcheck + - name: Install test dependencies + run: | + sudo apt-get update + sudo apt-get install --no-install-recommends libarchive-zip-perl + - name: Prepare build run: | autoreconf -fi @@ -126,8 +131,8 @@ jobs: ../configure make check -j $(nproc) sudo make install + time bats --tap ../tests popd >/dev/null - time bats --tap tests - name: Build i386 if: ${{ matrix.target == 'i386' }} run: | diff --git a/tests/bg_setenv.bats b/tests/bg_setenv.bats index 6d0249b..5802ea5 100755 --- a/tests/bg_setenv.bats +++ b/tests/bg_setenv.bats @@ -34,6 +34,71 @@ create_sample_bgenv() { --revision=1 } +verify_envfile() { + local envfile=$1 ; shift + + local envsize + envsize=$(wc -c < "$envfile") + + local stored + stored=$(od -tx4 -j $((envsize - 4)) < "$envfile" | awk 'NF>1 {print $2}') + + local computed + computed=$(crc32 <(head -c $((envsize - 4)) < "$envfile")) + + [ -n "$stored$computed" -a "$stored" = "$computed" ] +} + +resize_envfile() { + local envfile=$1 ; shift + local targetsize=$1 ; shift + + # Before resizing, verify that the contents are uncorrupted to + # avoid truncating the mismatching checksum. + + verify_envfile "$envfile" || return $? + + # Only resize if the target size matches the default size + # named in the configuration. This is primarily a sanity check + # because the default size is also encoded in the MD5 checksum + # validation. + + grep -qF "ENV_MEM_USERVARS=$targetsize" "$BATS_TEST_DIRNAME"/../configure.ac || return $? + + local envsize + envsize=$(awk '/ ENV_MEM_USERVARS / { print $3 }' config.h) + + # Compute the difference between the actual size, and the target + # size. This will be used to expand or contract the payload to match. + + local deltasize=$((targetsize - envsize)) + [[ $deltasize -lt 0 ]] || deltasize=+$deltasize + + # Remove the existing checksum, and then adjust the length + # to reach the target sizes. + + truncate -s -4 "$envfile" && truncate -s "$deltasize" "$envfile" + + ls -l "$envfile" >&2 + + # Install a checksum that matches the content included or + # excluded to meet the target size. + + local computed + computed=$(( 0x$(crc32 <(cat "$envfile") ) )) + echo "$computed" >&2 + + local byte0=$(printf %02x $(( (computed >> 0) & 0xff)) ) + local byte1=$(printf %02x $(( (computed >> 8) & 0xff)) ) + local byte2=$(printf %02x $(( (computed >> 16) & 0xff)) ) + local byte3=$(printf %02x $(( (computed >> 24) & 0xff)) ) + + printf "%s" "\x$byte0\x$byte1\x$byte2\x$byte3" >&2 + printf "%b" "\x$byte0\x$byte1\x$byte2\x$byte3" >> "$envfile" + + verify_envfile "$envfile" +} + @test "ensure BGENV.DAT backwards compatbility" { local envfile envfile="$BATS_TEST_TMPDIR/BGENV.DAT" @@ -51,6 +116,8 @@ ustate: 0 (OK) user variables: foo = bar" ]] + resize_envfile "$envfile" 131072 + run md5sum "$envfile" [[ "$output" =~ ^6ad1dd1d98209a03d7b4fc2d2f16f9ec\s*.* ]] } @@ -62,6 +129,8 @@ foo = bar" ]] run bg_setenv -f "$envfile" [[ "$output" = "Output written to $envfile." ]] + resize_envfile "$envfile" 131072 + run md5sum "$envfile" [[ "$output" =~ ^441b49e907a117d2fe1dc1d69d8ea1b0\s*.* ]] @@ -95,6 +164,8 @@ ustate: 0 (OK) user variables:" ]] + resize_envfile "$envfile" 131072 + run md5sum "$envfile" [[ "$output" =~ ^15bc40c9feae99cc879cfc55e0132caa\s*.* ]] } @@ -118,6 +189,8 @@ ustate: 0 (OK) user variables: foo = bar" ]] + resize_envfile "$envfile" 131072 + run md5sum "$envfile" [[ "$output" =~ ^a24b154a48e1f33b79b87e0fa5eff8a1\s*.* ]] } -- 2.39.1 -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/20230814061849.2193005-1-earl_chew%40yahoo.com.
