#!/usr/share/ucs-test/runner python
## desc: check for the correct settings for signed kernel modules
## exposure: safe
## bugs: [36383]
## versions:
##  4.3-0: skip

from os import uname
import univention.testing.utils as utils

MINIMUM_CONFIG = [
	"CONFIG_MODULE_SIG=y",
	"CONFIG_MODULE_SIG_SHA512=y",
	"CONFIG_MODULE_SIG_HASH=\"sha512\"",
	"CONFIG_MODULE_SIG_ALL=y",
	"# CONFIG_MODULE_SIG_FORCE is not set"
]


def main():

	# determine the kernel release name, to get the name of the config-file
	# file name is /boot/config-$(uname -r)
	(_sysname, _nodename, release, _version, _machine) = uname()
	config_file = "/boot/config-{0}".format(release)

	# check if all lines that appear in the above MINIMUM_CONFIG are also
	# set in the config file.

	missing_config_lines = set(MINIMUM_CONFIG)
	with open(config_file, 'r') as cfg:
		for line in cfg:
			missing_config_lines.discard(line.strip())

	if missing_config_lines:
		msg = "The following lines are missing in {0}:\n {1}".format(
			config_file,
			'\n '.join(missing_config_lines)
		)
		utils.fail(msg)


if __name__ == "__main__":
	main()
