test_ukify: use Path-based fixtures

keszybz · bluca · commit f922e2a0e31e · 2023-12-22T13:07:51.000+01:00
Quoting https://docs.pytest.org/en/stable/how-to/tmp_path.html#the-default-base-temporary-directory: > The tmpdir and tmpdir_factory fixtures are similar to tmp_path and > tmp_path_factory, but use/return legacy py.path.local objects rather than > standard pathlib.Path objects. > > These days, it is preferred to use tmp_path and tmp_path_factory. (cherry picked from commit 6f1df1f) (cherry picked from commit 197ac7d)
diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py
@@ -411,11 +411,11 @@ def test_check_splash():
     with pytest.raises(OSError):
         ukify.check_splash(os.devnull)
 
-def test_basic_operation(kernel_initrd, tmpdir):
+def test_basic_operation(kernel_initrd, tmp_path):
     if kernel_initrd is None:
         pytest.skip('linux+initrd not found')
 
-    output = f'{tmpdir}/basic.efi'
+    output = f'{tmp_path}/basic.efi'
     opts = ukify.parse_args([
         'build',
         *kernel_initrd,
@@ -431,11 +431,11 @@ def test_basic_operation(kernel_initrd, tmpdir):
     # let's check that objdump likes the resulting file
     subprocess.check_output(['objdump', '-h', output])
 
-def test_sections(kernel_initrd, tmpdir):
+def test_sections(kernel_initrd, tmp_path):
     if kernel_initrd is None:
         pytest.skip('linux+initrd not found')
 
-    output = f'{tmpdir}/basic.efi'
+    output = f'{tmp_path}/basic.efi'
     opts = ukify.parse_args([
         'build',
         *kernel_initrd,
@@ -459,8 +459,8 @@ def test_sections(kernel_initrd, tmpdir):
     for sect in 'text osrel cmdline linux initrd uname test'.split():
         assert re.search(fr'^\s*\d+\s+.{sect}\s+0', dump, re.MULTILINE)
 
-def test_addon(tmpdir):
-    output = f'{tmpdir}/addon.efi'
+def test_addon(tmp_path):
+    output = f'{tmp_path}/addon.efi'
     args = [
         'build',
         f'--output={output}',
@@ -522,7 +522,7 @@ def test_uname_scraping(kernel_initrd):
     uname = ukify.Uname.scrape(kernel_initrd[1])
     assert re.match(r'\d+\.\d+\.\d+', uname)
 
-def test_efi_signing_sbsign(kernel_initrd, tmpdir):
+def test_efi_signing_sbsign(kernel_initrd, tmp_path):
     if kernel_initrd is None:
         pytest.skip('linux+initrd not found')
     if not shutil.which('sbsign'):
@@ -532,7 +532,7 @@ def test_efi_signing_sbsign(kernel_initrd, tmpdir):
     cert = unbase64(ourdir / 'example.signing.crt.base64')
     key = unbase64(ourdir / 'example.signing.key.base64')
 
-    output = f'{tmpdir}/signed.efi'
+    output = f'{tmp_path}/signed.efi'
     opts = ukify.parse_args([
         'build',
         *kernel_initrd,
@@ -560,13 +560,13 @@ def test_efi_signing_sbsign(kernel_initrd, tmpdir):
 
         assert 'Signature verification OK' in dump
 
-def test_efi_signing_pesign(kernel_initrd, tmpdir):
+def test_efi_signing_pesign(kernel_initrd, tmp_path):
     if kernel_initrd is None:
         pytest.skip('linux+initrd not found')
     if not shutil.which('pesign'):
         pytest.skip('pesign not found')
 
-    nss_db = f'{tmpdir}/nss_db'
+    nss_db = f'{tmp_path}/nss_db'
     name = 'Test_Secureboot'
     author = 'systemd'
 
@@ -576,7 +576,7 @@ def test_efi_signing_pesign(kernel_initrd, tmpdir):
     cmd = f'efikeygen -d {nss_db} -S -k -c CN={author} -n {name}'.split(' ')
     subprocess.check_call(cmd)
 
-    output = f'{tmpdir}/signed.efi'
+    output = f'{tmp_path}/signed.efi'
     opts = ukify.parse_args([
         'build',
         *kernel_initrd,
@@ -603,7 +603,7 @@ def test_efi_signing_pesign(kernel_initrd, tmpdir):
 
     assert f"The signer's common name is {author}" in dump
 
-def test_pcr_signing(kernel_initrd, tmpdir):
+def test_pcr_signing(kernel_initrd, tmp_path):
     if kernel_initrd is None:
         pytest.skip('linux+initrd not found')
     if systemd_measure() is None:
@@ -613,7 +613,7 @@ def test_pcr_signing(kernel_initrd, tmpdir):
     pub = unbase64(ourdir / 'example.tpm2-pcr-public.pem.base64')
     priv = unbase64(ourdir / 'example.tpm2-pcr-private.pem.base64')
 
-    output = f'{tmpdir}/signed.efi'
+    output = f'{tmp_path}/signed.efi'
     args = [
         'build',
         *kernel_initrd,
@@ -650,23 +650,23 @@ def test_pcr_signing(kernel_initrd, tmpdir):
         # So let's just call it with a dummy output argument.
         subprocess.check_call([
             'objcopy',
-            *(f'--dump-section=.{n}={tmpdir}/out.{n}' for n in (
+            *(f'--dump-section=.{n}={tmp_path}/out.{n}' for n in (
                 'pcrpkey', 'pcrsig', 'osrel', 'uname', 'cmdline')),
             output,
-            tmpdir / 'dummy',
+            tmp_path / 'dummy',
         ],
             text=True)
 
-        assert open(tmpdir / 'out.pcrpkey').read() == open(pub.name).read()
-        assert open(tmpdir / 'out.osrel').read() == 'ID=foobar\n'
-        assert open(tmpdir / 'out.uname').read() == '1.2.3'
-        assert open(tmpdir / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
-        sig = open(tmpdir / 'out.pcrsig').read()
+        assert open(tmp_path / 'out.pcrpkey').read() == open(pub.name).read()
+        assert open(tmp_path / 'out.osrel').read() == 'ID=foobar\n'
+        assert open(tmp_path / 'out.uname').read() == '1.2.3'
+        assert open(tmp_path / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
+        sig = open(tmp_path / 'out.pcrsig').read()
         sig = json.loads(sig)
         assert list(sig.keys()) == ['sha1']
         assert len(sig['sha1']) == 4   # four items for four phases
 
-def test_pcr_signing2(kernel_initrd, tmpdir):
+def test_pcr_signing2(kernel_initrd, tmp_path):
     if kernel_initrd is None:
         pytest.skip('linux+initrd not found')
     if systemd_measure() is None:
@@ -679,10 +679,10 @@ def test_pcr_signing2(kernel_initrd, tmpdir):
     priv2 = unbase64(ourdir / 'example.tpm2-pcr-private2.pem.base64')
 
     # simulate a microcode file
-    with open(f'{tmpdir}/microcode', 'wb') as microcode:
+    with open(f'{tmp_path}/microcode', 'wb') as microcode:
         microcode.write(b'1234567890')
 
-    output = f'{tmpdir}/signed.efi'
+    output = f'{tmp_path}/signed.efi'
     assert kernel_initrd[0] == '--linux'
     opts = ukify.parse_args([
         'build',
@@ -718,35 +718,35 @@ def test_pcr_signing2(kernel_initrd, tmpdir):
 
     subprocess.check_call([
         'objcopy',
-        *(f'--dump-section=.{n}={tmpdir}/out.{n}' for n in (
+        *(f'--dump-section=.{n}={tmp_path}/out.{n}' for n in (
             'pcrpkey', 'pcrsig', 'osrel', 'uname', 'cmdline', 'initrd')),
         output,
-        tmpdir / 'dummy',
+        tmp_path / 'dummy',
     ],
         text=True)
 
-    assert open(tmpdir / 'out.pcrpkey').read() == open(pub2.name).read()
-    assert open(tmpdir / 'out.osrel').read() == 'ID=foobar\n'
-    assert open(tmpdir / 'out.uname').read() == '1.2.3'
-    assert open(tmpdir / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
-    assert open(tmpdir / 'out.initrd', 'rb').read(10) == b'1234567890'
+    assert open(tmp_path / 'out.pcrpkey').read() == open(pub2.name).read()
+    assert open(tmp_path / 'out.osrel').read() == 'ID=foobar\n'
+    assert open(tmp_path / 'out.uname').read() == '1.2.3'
+    assert open(tmp_path / 'out.cmdline').read() == 'ARG1 ARG2 ARG3'
+    assert open(tmp_path / 'out.initrd', 'rb').read(10) == b'1234567890'
 
-    sig = open(tmpdir / 'out.pcrsig').read()
+    sig = open(tmp_path / 'out.pcrsig').read()
     sig = json.loads(sig)
     assert list(sig.keys()) == ['sha1']
     assert len(sig['sha1']) == 6   # six items for six phases paths
 
-def test_key_cert_generation(tmpdir):
+def test_key_cert_generation(tmp_path):
     opts = ukify.parse_args([
         'genkey',
-        f"--pcr-public-key={tmpdir / 'pcr1.pub.pem'}",
-        f"--pcr-private-key={tmpdir / 'pcr1.priv.pem'}",
+        f"--pcr-public-key={tmp_path / 'pcr1.pub.pem'}",
+        f"--pcr-private-key={tmp_path / 'pcr1.priv.pem'}",
         '--phases=enter-initrd enter-initrd:leave-initrd',
-        f"--pcr-public-key={tmpdir / 'pcr2.pub.pem'}",
-        f"--pcr-private-key={tmpdir / 'pcr2.priv.pem'}",
+        f"--pcr-public-key={tmp_path / 'pcr2.pub.pem'}",
+        f"--pcr-private-key={tmp_path / 'pcr2.priv.pem'}",
         '--phases=sysinit ready',
-        f"--secureboot-private-key={tmpdir / 'sb.priv.pem'}",
-        f"--secureboot-certificate={tmpdir / 'sb.cert.pem'}",
+        f"--secureboot-private-key={tmp_path / 'sb.priv.pem'}",
+        f"--secureboot-certificate={tmp_path / 'sb.cert.pem'}",
     ])
     assert opts.verb == 'genkey'
     ukify.check_cert_and_keys_nonexistent(opts)
@@ -758,9 +758,9 @@ def test_key_cert_generation(tmpdir):
     if not shutil.which('openssl'):
         return
 
-    for key in (tmpdir / 'pcr1.priv.pem',
-                tmpdir / 'pcr2.priv.pem',
-                tmpdir / 'sb.priv.pem'):
+    for key in (tmp_path / 'pcr1.priv.pem',
+                tmp_path / 'pcr2.priv.pem',
+                tmp_path / 'sb.priv.pem'):
         out = subprocess.check_output([
             'openssl', 'rsa',
             '-in', key,
@@ -770,8 +770,8 @@ def test_key_cert_generation(tmpdir):
         assert 'Private-Key' in out
         assert '2048 bit' in out
 
-    for pub in (tmpdir / 'pcr1.pub.pem',
-                tmpdir / 'pcr2.pub.pem'):
+    for pub in (tmp_path / 'pcr1.pub.pem',
+                tmp_path / 'pcr2.pub.pem'):
         out = subprocess.check_output([
             'openssl', 'rsa',
             '-pubin',
@@ -784,7 +784,7 @@ def test_key_cert_generation(tmpdir):
 
     out = subprocess.check_output([
         'openssl', 'x509',
-        '-in', tmpdir / 'sb.cert.pem',
+        '-in', tmp_path / 'sb.cert.pem',
         '-text',
         '-noout',
     ], text = True)
