tests/sign-attach-verify.sh - pub/scm/linux/kernel/git/jejb/sbsigntools - Git at Google

 #!/bin/bash -e

 sig="test.sig"
 signed="test.signed"

 "$sbsign" --cert "$cert" --key "$key" --detached --output "$sig" "$image" || exit 1
 cp "$image" "$signed" || exit 1
 "$sbattach" --attach "$sig" "$signed" || exit 1
 "$sbverify" --cert "$cert" "$signed" || exit 1
 "$sbverify" --cert "$intcert" "$signed" || exit 1
 # there's no intermediate cert in the image so it can't chain to the ca which
 # is why this should fail
 "$sbverify" --cert "$cacert" "$signed" && exit 1

 # now add intermediates
 "$sbsign" --cert "$cert" --key "$key" --addcert "$intcert" --detached --output "$sig" "$image" || exit 1
 cp "$image" "$signed" || exit 1
 "$sbattach" --attach "$sig" "$signed" || exit 1
 "$sbverify" --cert "$cert" "$signed" || exit 1
 "$sbverify" --cert "$intcert" "$signed" || exit 1
 "$sbverify" --cert "$cacert" "$signed" || exit 1
	#!/bin/bash -e

	sig="test.sig"
	signed="test.signed"

	"$sbsign" --cert "$cert" --key "$key" --detached --output "$sig" "$image" \|\| exit 1
	cp "$image" "$signed" \|\| exit 1
	"$sbattach" --attach "$sig" "$signed" \|\| exit 1
	"$sbverify" --cert "$cert" "$signed" \|\| exit 1
	"$sbverify" --cert "$intcert" "$signed" \|\| exit 1
	# there's no intermediate cert in the image so it can't chain to the ca which
	# is why this should fail
	"$sbverify" --cert "$cacert" "$signed" && exit 1

	# now add intermediates
	"$sbsign" --cert "$cert" --key "$key" --addcert "$intcert" --detached --output "$sig" "$image" \|\| exit 1
	cp "$image" "$signed" \|\| exit 1
	"$sbattach" --attach "$sig" "$signed" \|\| exit 1
	"$sbverify" --cert "$cert" "$signed" \|\| exit 1
	"$sbverify" --cert "$intcert" "$signed" \|\| exit 1
	"$sbverify" --cert "$cacert" "$signed" \|\| exit 1