Merge pull request #2064 from cgwalters/dummy-only-when-testing

Only enable "dummy" signature type with opt-in env variable
2020-04-15 12:28:52 +03:00 · 2020-04-15 12:28:52 +03:00 · 73d527dee3
parent 8baee5cd04 b6040143e5
commit 73d527dee3
4 changed files with 32 additions and 2 deletions
--- a/src/libostree/ostree-sign-dummy.c
+++ b/src/libostree/ostree-sign-dummy.c
@ -53,6 +53,14 @@ ostree_sign_dummy_iface_init (OstreeSignInterface *self);
 G_DEFINE_TYPE_WITH_CODE (OstreeSignDummy, _ostree_sign_dummy, G_TYPE_OBJECT,
        G_IMPLEMENT_INTERFACE (OSTREE_TYPE_SIGN, ostree_sign_dummy_iface_init));

+static gboolean
+check_dummy_sign_enabled (GError **error)
+{
+  if (g_strcmp0 (g_getenv ("OSTREE_DUMMY_SIGN_ENABLED"), "1") != 0)
+    return glnx_throw (error, "dummy signature type is only for ostree testing");
+  return TRUE;
+}
+
 static void
 ostree_sign_dummy_iface_init (OstreeSignInterface *self)
 {
@ -83,6 +91,8 @@ _ostree_sign_dummy_init (OstreeSignDummy *self)

 gboolean ostree_sign_dummy_set_sk (OstreeSign *self, GVariant *key, GError **error)
 {
+  if (!check_dummy_sign_enabled (error))
+    return FALSE;

  OstreeSignDummy *sign =  _ostree_sign_dummy_get_instance_private(OSTREE_SIGN_DUMMY(self));

@ -95,7 +105,6 @@ gboolean ostree_sign_dummy_set_sk (OstreeSign *self, GVariant *key, GError **err

 gboolean ostree_sign_dummy_set_pk (OstreeSign *self, GVariant *key, GError **error)
 {
-
  OstreeSignDummy *sign =  _ostree_sign_dummy_get_instance_private(OSTREE_SIGN_DUMMY(self));

  g_free(sign->pk_ascii);
@ -111,6 +120,8 @@ gboolean ostree_sign_dummy_data (OstreeSign *self,
                                 GCancellable *cancellable,
                                 GError **error)
 {
+  if (!check_dummy_sign_enabled (error))
+    return FALSE;

  g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);

@ -145,6 +156,9 @@ gboolean ostree_sign_dummy_data_verify (OstreeSign *self,
                                            GVariant   *signatures,
                                            GError     **error)
 {
+  if (!check_dummy_sign_enabled (error))
+    return FALSE;
+
  g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
  g_return_val_if_fail (data != NULL, FALSE);

--- a/tests/test-signed-commit.sh
+++ b/tests/test-signed-commit.sh
@ -23,7 +23,10 @@ set -euo pipefail

 . $(dirname $0)/libtest.sh

-echo "1..10"
+echo "1..11"
+
+# This is explicitly opt in for testing
+export OSTREE_DUMMY_SIGN_ENABLED=1

 mkdir ${test_tmpdir}/repo
 ostree_repo_init repo --mode="archive"
@ -51,6 +54,14 @@ COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)"
 ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN}
 echo "ok commit with dummy signing"

+if ${CMD_PREFIX} env -u OSTREE_DUMMY_SIGN_ENABLED ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} 2>err.txt; then
+    fatal "verified dummy signature without env"
+fi
+# FIXME the error message here is broken
+#assert_file_has_content_literal err.txt 'dummy signature type is only for ostree testing'
+assert_file_has_content_literal err.txt ' No valid signatures found'
+echo "ok dummy sig requires env"
+
 # tests below require libsodium support
 if ! has_libsodium; then
    echo "ok Detached ed25519 signature # SKIP due libsodium unavailability"
--- a/tests/test-signed-pull-summary.sh
+++ b/tests/test-signed-pull-summary.sh
@ -27,6 +27,9 @@ set -euo pipefail

 echo "1..14"

+# This is explicitly opt in for testing
+export OSTREE_DUMMY_SIGN_ENABLED=1
+
 repo_reinit () {
    ARGS="$*"
    cd ${test_tmpdir}
--- a/tests/test-signed-pull.sh
+++ b/tests/test-signed-pull.sh
@ -25,6 +25,8 @@ set -euo pipefail

 echo "1..11"

+# This is explicitly opt in for testing
+export OSTREE_DUMMY_SIGN_ENABLED=1
 setup_fake_remote_repo1 "archive"

 repo_mode="archive"