Remove unit test, add integration test for unsupported imports

ego/cli/elf_test.go

@@ -8,10 +8,6 @@ package cli
 
 import (
 	"encoding/json"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
 	"testing"
 
 	"ego/config"
@@ -108,93 +104,3 @@ func TestEmbedConfigAsPayload(t *testing.T) {
 	assert.NotEqualValues(jsonData, reconstructedJSON)
 	assert.EqualValues(jsonNewData, reconstructedJSON)
 }
-
-func TestCheckUnsupportedImports(t *testing.T) {
-	// create an unsigned EGo executable
-	elfBadImport := func() []byte {
-		const outFile = "bad-import"
-		const srcFile = outFile + ".go"
-
-		goroot, err := filepath.Abs(filepath.Join("..", "..", "_ertgo"))
-		if err != nil {
-			panic(err)
-		}
-
-		dir, err := ioutil.TempDir("", "")
-		if err != nil {
-			panic(err)
-		}
-		defer os.RemoveAll(dir)
-
-		// Create go.mod & go.sum
-		const goMod = `module example.com/bad-import
-
-	go 1.18
-
-	require github.com/edgelesssys/ego v1.0.1
-
-	require (
-		golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
-		gopkg.in/square/go-jose.v2 v2.6.0 // indirect
-	)
-	`
-		if err := ioutil.WriteFile(filepath.Join(dir, "go.mod"), []byte(goMod), 0o400); err != nil {
-			panic(err)
-		}
-
-		const goSum = `github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-	github.com/edgelesssys/ego v1.0.1 h1:EZMW7ppQr1Iliv18DIxGIBUmBOWqUmq/RWQ61HW16zE=
-	github.com/edgelesssys/ego v1.0.1/go.mod h1:iO7G4U9XISd1XqeqzlzKYvGlFDMLJau+mBvJDjq45x8=
-	github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-	github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-	github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
-	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-	gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
-	gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-	gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-`
-
-		if err := ioutil.WriteFile(filepath.Join(dir, "go.sum"), []byte(goSum), 0o400); err != nil {
-			panic(err)
-		}
-
-		// write minimal source file
-		const src = `package main;import "github.com/edgelesssys/ego/eclient";func main(){eclient.VerifyRemoteReport([]byte{})}`
-
-		if err := ioutil.WriteFile(filepath.Join(dir, srcFile), []byte(src), 0o400); err != nil {
-			panic(err)
-		}
-
-		// compile
-		cmd := exec.Command(filepath.Join(goroot, "bin", "go"), "build", srcFile)
-		cmd.Dir = dir
-		cmd.Env = append(os.Environ(), "GOROOT="+goroot)
-		cmd.Stdout = os.Stdout
-		cmd.Stderr = os.Stderr
-		if err := cmd.Run(); err != nil {
-			panic(err)
-		}
-
-		// read resulting executable
-		data, err := ioutil.ReadFile(filepath.Join(dir, outFile))
-		if err != nil {
-			panic(err)
-		}
-
-		return data
-	}()
-
-	assert := assert.New(t)
-	require := require.New(t)
-
-	fs := afero.Afero{Fs: afero.NewMemMapFs()}
-	runner := signRunner{fs: fs}
-	cli := NewCli(&runner, fs)
-
-	require.NoError(afero.WriteFile(fs, "hello", elfUnsigned, 0o755))
-	require.NoError(afero.WriteFile(fs, "badImport", elfBadImport, 0o755))
-
-	assert.NoError(cli.checkUnsupportedImports("hello"))
-	assert.ErrorContains(cli.checkUnsupportedImports("badImport"), "unsupported import")
-}

ego/cmd/unsupported-import-test/go.mod

@@ -0,0 +1,10 @@
+module example.com/bad-import
+
+go 1.18
+
+require github.com/edgelesssys/ego v1.0.1
+
+require (
+	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
+)

ego/cmd/unsupported-import-test/go.sum

@@ -0,0 +1,11 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/edgelesssys/ego v1.0.1 h1:EZMW7ppQr1Iliv18DIxGIBUmBOWqUmq/RWQ61HW16zE=
+github.com/edgelesssys/ego v1.0.1/go.mod h1:iO7G4U9XISd1XqeqzlzKYvGlFDMLJau+mBvJDjq45x8=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
+gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

ego/cmd/unsupported-import-test/main.go

@@ -0,0 +1,13 @@
+// Copyright (c) Edgeless Systems GmbH.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package main
+
+import "github.com/edgelesssys/ego/eclient"
+
+func main() {
+	eclient.VerifyRemoteReport([]byte{})
+}

src/integration_test.sh

@@ -10,6 +10,7 @@ onexit()
     fi
     rm -r $tPath
     rm -r /tmp/ego-integration-test
+    rm -r /tmp/ego-unsupported-import-test
 }
 
 trap onexit EXIT
@@ -47,3 +48,11 @@ run ego-go build -o /tmp/ego-integration-test/integration-test
 cd /tmp/ego-integration-test
 run ego sign
 run ego run integration-test
+
+# Test unsupported import detection on sign & run
+mkdir -p /tmp/ego-unsupported-import-test
+cd $egoPath/ego/cmd/unsupported-import-test
+run ego-go build -o /tmp/ego-unsupported-import-test/unsupported-import
+cd /tmp/ego-unsupported-import-test
+run ego sign unsupported-import |& grep "unsupported import"
+run ego run unsupported-import |& grep "unsupported import"