packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1878 from d4s/wip/d4s/no_gpg 

Alternative signing system
This commit is contained in:
OpenShift Merge Robot 2020-04-04 19:46:12 +02:00 committed by GitHub
parent 08ebf5ae5a e2c601687b
commit a16fe86b36
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
42 changed files with 3717 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile-libostree-defines.am
View File

@ -46,6 +46,8 @@ libostree_public_headers = \
src/libostree/ostree-repo-finder-mount.h \
src/libostree/ostree-repo-finder-override.h \
src/libostree/ostree-kernel-args.h \
src/libostree/ostree-sign.h \
src/libostree/ostree-sign-ed25519.h \
$(NULL)
# This one is generated via configure.ac, and the gtk-doc

14
Makefile-libostree.am
View File

@ -262,6 +262,20 @@ libostree_1_la_CFLAGS += $(OT_DEP_SELINUX_CFLAGS)
libostree_1_la_LIBADD += $(OT_DEP_SELINUX_LIBS)
endif
libostree_1_la_SOURCES += \
src/libostree/ostree-sign.c \
src/libostree/ostree-sign.h \
src/libostree/ostree-sign-dummy.c \
src/libostree/ostree-sign-dummy.h \
src/libostree/ostree-sign-ed25519.c \
src/libostree/ostree-sign-ed25519.h \
$(NULL)
if USE_LIBSODIUM
libostree_1_la_CFLAGS += $(OT_DEP_LIBSODIUM_CFLAGS)
libostree_1_la_LIBADD += $(OT_DEP_LIBSODIUM_LIBS)
endif # USE_LIBSODIUM
# XXX: work around clang being passed -fstack-clash-protection which it doesn't understand
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1672012
INTROSPECTION_SCANNER_ENV = CC=gcc

2
Makefile-man.am
View File

@ -32,7 +32,7 @@ ostree-commit.1 ostree-create-usb.1 ostree-export.1 \
ostree-config.1 ostree-diff.1 ostree-find-remotes.1 ostree-fsck.1 \
ostree-init.1 ostree-log.1 ostree-ls.1 ostree-prune.1 ostree-pull-local.1 \
ostree-pull.1 ostree-refs.1 ostree-remote.1 ostree-reset.1 \
ostree-rev-parse.1 ostree-show.1 ostree-summary.1 \
ostree-rev-parse.1 ostree-show.1 ostree-sign.1 ostree-summary.1 \
ostree-static-delta.1
if USE_LIBSOUP
man1_files += ostree-trivial-httpd.1

7
Makefile-ostree.am
View File

@ -43,6 +43,7 @@ ostree_SOURCES = src/ostree/main.c \
src/ostree/ot-builtin-remote.c \
src/ostree/ot-builtin-reset.c \
src/ostree/ot-builtin-rev-parse.c \
src/ostree/ot-builtin-sign.c \
src/ostree/ot-builtin-summary.c \
src/ostree/ot-builtin-show.c \
src/ostree/ot-builtin-static-delta.c \
@ -112,7 +113,6 @@ ostree_SOURCES += \
$(NULL)
endif
if USE_CURL_OR_SOUP
ostree_SOURCES += src/ostree/ot-remote-builtin-add-cookie.c \
src/ostree/ot-remote-builtin-delete-cookie.c \
@ -162,3 +162,8 @@ if USE_LIBARCHIVE
ostree_CFLAGS += $(OT_DEP_LIBARCHIVE_CFLAGS)
ostree_LDADD += $(OT_DEP_LIBARCHIVE_LIBS)
endif
if USE_LIBSODIUM
ostree_CFLAGS += $(OT_DEP_LIBSODIUM_CFLAGS)
ostree_LDADD += $(OT_DEP_LIBSODIUM_LIBS)
endif # USE_LIBSODIUM

3
Makefile-tests.am
View File

@ -137,6 +137,9 @@ _installed_or_uninstalled_test_scripts = \
tests/test-summary-collections.sh \
tests/test-pull-collections.sh \
tests/test-config.sh \
tests/test-signed-commit.sh \
tests/test-signed-pull.sh \
tests/test-signed-pull-summary.sh \
$(NULL)
if USE_GPGME

1
apidoc/ostree-docs.xml
View File

@ -21,6 +21,7 @@
<xi:include href="xml/ostree-sepolicy.xml"/>
<xi:include href="xml/ostree-sysroot-upgrader.xml"/>
<xi:include href="xml/ostree-gpg-verify-result.xml"/>
<xi:include href="xml/ostree-sign.xml"/>
<xi:include href="xml/ostree-bootconfig-parser.xml"/>
<xi:include href="xml/ostree-chain-input-stream.xml"/>
<xi:include href="xml/ostree-checksum-input-stream.xml"/>

20
apidoc/ostree-sections.txt
View File

@ -705,3 +705,23 @@ ostree_kernel_args_from_string
ostree_kernel_args_to_strv
ostree_kernel_args_to_string
</SECTION>
<SECTION>
<FILE>ostree-sign</FILE>
OstreeSign
ostree_sign_list_names
ostree_sign_commit
ostree_sign_commit_verify
ostree_sign_data
ostree_sign_data_verify
ostree_sign_get_by_name
ostree_sign_get_name
ostree_sign_add_pk
ostree_sign_clear_keys
ostree_sign_load_pk
ostree_sign_set_pk
ostree_sign_set_sk
ostree_sign_summary
<SUBSECTION Standard>
ostree_sign_get_type
</SECTION>

43
bash/ostree
View File

@ -1484,6 +1484,48 @@ _ostree_show() {
return 0
}
_ostree_sign() {
local boolean_options="
$main_boolean_options
--delete -d
--verify -v
"
local options_with_args="
--sign-type
--keys-file
--keys-dir
--repo
"
local options_with_args_glob=$( __ostree_to_extglob "$options_with_args" )
case "$prev" in
--keys-file|--keys-dir|--repo)
__ostree_compreply_dirs_only
return 0
;;
$options_with_args_glob )
return 0
;;
esac
case "$cur" in
-*)
local all_options="$boolean_options $options_with_args"
__ostree_compreply_all_options
;;
*)
local argpos=$( __ostree_pos_first_nonflag $( __ostree_to_alternatives "$options_with_args" ) )
if [ $cword -eq $argpos ]; then
__ostree_compreply_commits
fi
esac
return 0
}
_ostree_static_delta_apply_offline() {
local boolean_options="
$main_boolean_options
@ -1747,6 +1789,7 @@ _ostree() {
reset
rev-parse
show
sign
static-delta
summary
"

16
configure.ac
View File

@ -242,6 +242,21 @@ dnl to link to it directly.
)
AM_CONDITIONAL(USE_GPGME, test "x$have_gpgme" = xyes)
LIBSODIUM_DEPENDENCY="1.0.14"
AC_ARG_WITH(libsodium,
AS_HELP_STRING([--with-libsodium], [Use libsodium @<:@default=no@:>@]),
[], [with_libsodium=no])
AS_IF([test x$with_libsodium != xno], [
AC_DEFINE([HAVE_LIBSODIUM], 1, [Define if using libsodium])
PKG_CHECK_MODULES(OT_DEP_LIBSODIUM, libsodium >= $LIBSODIUM_DEPENDENCY, have_libsodium=yes, have_libsodium=no)
AS_IF([ test x$have_libsodium = xno ], [
AC_MSG_ERROR([Need LIBSODIUM version $LIBSODIUM_DEPENDENCY or later])
])
OSTREE_FEATURES="$OSTREE_FEATURES libsodium"
], with_libsodium=no )
AM_CONDITIONAL(USE_LIBSODIUM, test "x$have_libsodium" = xyes)
LIBARCHIVE_DEPENDENCY="libarchive >= 2.8.0"
# What's in RHEL7.2.
FUSE_DEPENDENCY="fuse >= 2.9.2"
@ -626,6 +641,7 @@ echo "
cryptographic checksums: $with_crypto
systemd: $with_libsystemd
libmount: $with_libmount
libsodium (ed25519 signatures): $with_libsodium
libarchive (parse tar files directly): $with_libarchive
static deltas: yes (always enabled now)
O_TMPFILE: $enable_otmpfile

33
man/ostree-commit.xml
View File

@ -251,6 +251,39 @@ Boston, MA 02111-1307, USA.
POLICY is a boolean which specifies whether fsync should be used or not. Default to true.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-s, --sign-type</option></term>
<listitem><para>
Use particular signature engine. Currently
available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
signature types.
The default is <arg choice="plain">ed25519</arg>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--sign</option>="KEY-ID"</term>
<listitem><para>
There <literal>KEY-ID</literal> is:
<variablelist>
<varlistentry>
<term><option>for ed25519:</option></term>
<listitem><para>
<literal>base64</literal>-encoded secret key for commit signing.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>for dummy:</option></term>
<listitem><para>
ASCII-string used as secret key.
</para></listitem>
</varlistentry>
</variablelist>
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>

152
man/ostree-sign.xml Normal file
View File

@ -0,0 +1,152 @@
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
Copyright 2019 Denis Pynkin <denis.pynkin@collabora.com>
SPDX-License-Identifier: LGPL-2.0+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the
Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
-->
<refentry id="ostree">
<refentryinfo>
<title>ostree sign</title>
<productname>OSTree</productname>
<authorgroup>
<author>
<contrib>Developer</contrib>
<firstname>Colin</firstname>
<surname>Walters</surname>
<email>walters@verbum.org</email>
</author>
</authorgroup>
</refentryinfo>
<refmeta>
<refentrytitle>ostree sign</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>ostree-sign</refname>
<refpurpose>Sign a commit</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ostree sign</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="req">COMMIT</arg> <arg choice="req" rep="repeat">KEY-ID</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>
Add a new signature to a commit.
Note that currently, this will append a new signature even if
the commit is already signed with a given key.
</para>
<para>
There are several "well-known" system places for `ed25519` trusted and revoked public keys -- expected single <literal>base64</literal>-encoded key per line.
</para>
<para>Files:
<itemizedlist>
<listitem><para><filename>/etc/ostree/trusted.ed25519</filename></para></listitem>
<listitem><para><filename>/etc/ostree/revoked.ed25519</filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/trusted.ed25519</filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/revoked.ed25519</filename></para></listitem>
</itemizedlist>
</para>
<para>Directories containing files with keys:
<itemizedlist>
<listitem><para><filename>/etc/ostree/trusted.ed25519.d</filename></para></listitem>
<listitem><para><filename>/etc/ostree/revoked.ed25519.d</filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/trusted.ed25519.d</filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/rvokeded.ed25519.d</filename></para></listitem>
</itemizedlist>
</para>
</refsect1>
<refsect1>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>KEY-ID</option></term>
<listitem><para>
<variablelist>
<varlistentry>
<term><option>for ed25519:</option></term>
<listitem><para>
<literal>base64</literal>-encoded secret (for signing) or public key (for verifying).
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>for dummy:</option></term>
<listitem><para>
ASCII-string used as secret key and public key.
</para></listitem>
</varlistentry>
</variablelist>
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--verify</option></term>
<listitem><para>
Verify signatures
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-s, --sign-type</option></term>
<listitem><para>
Use particular signature mechanism. Currently
available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
signature types.
The default is <arg choice="plain">ed25519</arg>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--keys-file</option></term>
<listitem><para>
Read key(s) from file <filename>filename</filename>.
</para></listitem>
<listitem><para>
Valid for <literal>ed25519</literal> signature type.
For <literal>ed25519</literal> this file must contain <literal>base64</literal>-encoded
secret key(s) (for signing) or public key(s) (for verifying) per line.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--keys-dir</option></term>
<listitem><para>
Redefine the system path, where to search files and subdirectories with
well-known and revoked keys.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
</refentry>

35
man/ostree-summary.xml
View File

@ -51,7 +51,7 @@ Boston, MA 02111-1307, USA.
<refsynopsisdiv>
<cmdsynopsis>
<command>ostree summary</command> <arg choice="opt">--gpg-sign=KEYID</arg> <arg choice="opt">--gpg-homedir=HOMEDIR</arg> <arg choice="req">--update</arg> <arg choice="opt" rep="repeat">--add-metadata=<replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable></arg>
<command>ostree summary</command> <arg choice="opt">--gpg-sign=KEYID</arg> <arg choice="opt">--gpg-homedir=HOMEDIR</arg> <arg choice="opt">--sign=KEYID</arg> <arg choice="opt">--sign-type=ENGINE</arg> <arg choice="req">--update</arg> <arg choice="opt" rep="repeat">--add-metadata=<replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -139,6 +139,39 @@ Boston, MA 02111-1307, USA.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--sign-type</option>=ENGINE</term>
<listitem><para>
Use particular signature engine. Currently
available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
signature types.
The default is <arg choice="plain">ed25519</arg>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--sign</option>="KEY-ID"</term>
<listitem><para>
There <literal>KEY-ID</literal> is:
<variablelist>
<varlistentry>
<term><option>for ed25519:</option></term>
<listitem><para>
<literal>base64</literal>-encoded secret key for commit signing.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>for dummy:</option></term>
<listitem><para>
ASCII-string used as secret key.
</para></listitem>
</varlistentry>
</variablelist>
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>

15
src/libostree/libostree-devel.sym
View File

@ -21,6 +21,21 @@
LIBOSTREE_2020.2 {
global:
ostree_repo_commit_modifier_set_sepolicy_from_commit;
someostree_symbol_deleteme;
ostree_sign_get_type;
ostree_sign_list_names;
ostree_sign_commit;
ostree_sign_commit_verify;
ostree_sign_data;
ostree_sign_data_verify;
ostree_sign_get_by_name;
ostree_sign_get_name;
ostree_sign_clear_keys;
ostree_sign_load_pk;
ostree_sign_set_pk;
ostree_sign_add_pk;
ostree_sign_set_sk;
ostree_sign_summary;
} LIBOSTREE_2020.1;
/* Stub section for the stable release *after* this development one; don't

1
src/libostree/ostree-autocleanups.h
View File

@ -73,6 +73,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC (OstreeRepoFinderOverride, g_object_unref)
G_DEFINE_AUTOPTR_CLEANUP_FUNC (OstreeRepoFinderResult, ostree_repo_finder_result_free)
G_DEFINE_AUTO_CLEANUP_FREE_FUNC (OstreeRepoFinderResultv, ostree_repo_finder_result_freev, NULL)
G_DEFINE_AUTOPTR_CLEANUP_FUNC (OstreeSign, g_object_unref)
#endif
G_END_DECLS

382
src/libostree/ostree-repo-pull.c
View File

@ -54,6 +54,8 @@
#include <systemd/sd-journal.h>
#endif
#include "ostree-sign.h"
#define OSTREE_MESSAGE_FETCH_COMPLETE_ID SD_ID128_MAKE(75,ba,3d,eb,0a,f0,41,a9,a4,62,72,ff,85,d9,e7,3e)
#define OSTREE_REPO_PULL_CONTENT_PRIORITY (OSTREE_FETCHER_DEFAULT_PRIORITY)
@ -105,6 +107,8 @@ typedef struct {
gboolean gpg_verify;
gboolean gpg_verify_summary;
gboolean sign_verify;
gboolean sign_verify_summary;
gboolean require_static_deltas;
gboolean disable_static_deltas;
gboolean has_tombstone_commits;
@ -1466,6 +1470,163 @@ process_verify_result (OtPullData *pull_data,
}
#endif /* OSTREE_DISABLE_GPGME */
/* _load_public_keys:
*
* Load public keys according remote's configuration:
* inlined key passed via config option `verification-key` or
* file name with public keys via `verification-file` option.
*
* If both options are set then load all all public keys
* both from file and inlined in config.
*
* Returns: %FALSE if any source is configured but nothing has been loaded.
* Returns: %TRUE if no configuration or any key loaded.
* */
static gboolean
_load_public_keys (OstreeSign *sign,
OstreeRepo *repo,
const gchar *remote_name,
GError **error)
{
g_autofree gchar *pk_ascii = NULL;
g_autofree gchar *pk_file = NULL;
gboolean loaded_from_file = TRUE;
gboolean loaded_inlined = TRUE;
g_autoptr (GError) verification_error = NULL;
glnx_throw (&verification_error, "no public keys loaded");
ostree_repo_get_remote_option (repo,
remote_name,
"verification-file", NULL,
&pk_file, NULL);
ostree_repo_get_remote_option (repo,
remote_name,
"verification-key", NULL,
&pk_ascii, NULL);
/* return TRUE if there is no configuration for remote */
if ((pk_file == NULL) &&(pk_ascii == NULL))
{
/* It is expected what remote may have verification file as
* a part of configuration. Hence there is not a lot of sense
* for automatic resolve of per-remote keystore file as it
* used in find_keyring () for GPG.
* If it is needed to add the similar mechanism, it is preferable
* to pass the path to ostree_sign_load_pk () via GVariant options
* and call it here for loading with method and file structure
* specific for signature type.
*/
return TRUE;
}
if (pk_file != NULL)
{
g_autoptr (GError) local_error = NULL;
g_autoptr (GVariantBuilder) builder = NULL;
g_autoptr (GVariant) options = NULL;
builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
g_variant_builder_add (builder, "{sv}", "filename", g_variant_new_string (pk_file));
options = g_variant_builder_end (builder);
if (ostree_sign_load_pk (sign, options, &local_error))
loaded_from_file = TRUE;
else
{
g_debug("Unable to load public keys for '%s' from file '%s': %s",
ostree_sign_get_name(sign), pk_file, local_error->message);
/* Save error message for better reason detection later if needed */
glnx_prefix_error (&verification_error, "%s", local_error->message);
}
}
if (pk_ascii != NULL)
{
g_autoptr (GError) local_error = NULL;
g_autoptr (GVariant) pk = g_variant_new_string(pk_ascii);
/* Add inlined public key */
if (loaded_from_file)
loaded_inlined = ostree_sign_add_pk (sign, pk, &local_error);
else
loaded_inlined = ostree_sign_set_pk (sign, pk, &local_error);
if (!loaded_inlined)
{
g_debug("Unable to load public key '%s' for '%s': %s",
pk_ascii, ostree_sign_get_name (sign), local_error->message);
/* Save error message for better reason detection later if needed */
glnx_prefix_error (&verification_error, "%s", local_error->message);
}
}
/* Return true if able to load from any source */
if (loaded_from_file || loaded_inlined)
return TRUE;
return glnx_throw (error, "%s", verification_error->message);
}
static gboolean
_ostree_repo_sign_verify (OstreeRepo *repo,
const gchar *remote_name,
GBytes *signed_data,
GVariant *metadata,
GError **error)
{
/* list all signature types in detached metadata and check if signed by any? */
g_auto (GStrv) names = ostree_sign_list_names();
g_autoptr (GError) verification_error = NULL;
glnx_throw (&verification_error, "signed with unknown key");
for (char **iter=names; iter && *iter; iter++)
{
g_autoptr (OstreeSign) sign = NULL;
g_autoptr (GVariant) signatures = NULL;
const gchar *signature_key = NULL;
GVariantType *signature_format = NULL;
g_autoptr (GError) local_error = NULL;
if ((sign = ostree_sign_get_by_name (*iter, &local_error)) == NULL)
continue;
signature_key = ostree_sign_metadata_key (sign);
signature_format = (GVariantType *) ostree_sign_metadata_format (sign);
signatures = g_variant_lookup_value (metadata,
signature_key,
signature_format);
/* If not found signatures for requested signature subsystem */
if (!signatures)
continue;
/* Try to load public key(s) according remote's configuration */
if (_load_public_keys (sign, repo, remote_name, &local_error))
{
/* Return true if any signature fit to pre-loaded public keys.
* If no keys configured -- then system configuration will be used */
if (ostree_sign_data_verify (sign,
signed_data,
signatures,
&local_error))
return TRUE;
}
/* Save error message for better reason detection later if needed */
glnx_prefix_error (&verification_error, "%s", local_error->message);
}
/* In case if there were no signatures of known type
* or metadata contains invalid data */
return glnx_throw (error, "%s", verification_error->message);
}
static gboolean
ostree_verify_unwritten_commit (OtPullData *pull_data,
const char *checksum,
@ -1475,21 +1636,24 @@ ostree_verify_unwritten_commit (OtPullData *pull_data,
GCancellable *cancellable,
GError **error)
{
if (pull_data->gpg_verify || pull_data->sign_verify)
/* Shouldn't happen, but see comment in process_verify_result() */
if (g_hash_table_contains (pull_data->verified_commits, checksum))
return TRUE;
g_autoptr(GBytes) signed_data = g_variant_get_data_as_bytes (commit);
#ifndef OSTREE_DISABLE_GPGME
if (pull_data->gpg_verify)
{
const char *keyring_remote = NULL;
/* Shouldn't happen, but see comment in process_verify_result() */
if (g_hash_table_contains (pull_data->verified_commits, checksum))
return TRUE;
if (ref != NULL)
keyring_remote = g_hash_table_lookup (pull_data->ref_keyring_map, ref);
if (keyring_remote == NULL)
keyring_remote = pull_data->remote_name;
g_autoptr(GBytes) signed_data = g_variant_get_data_as_bytes (commit);
g_autoptr(OstreeGpgVerifyResult) result =
_ostree_repo_gpg_verify_with_metadata (pull_data->repo, signed_data,
detached_metadata,
@ -1500,6 +1664,20 @@ ostree_verify_unwritten_commit (OtPullData *pull_data,
}
#endif /* OSTREE_DISABLE_GPGME */
if (pull_data->sign_verify)
{
/* Nothing to check if detached metadata is absent */
if (detached_metadata == NULL)
return glnx_throw (error, "Can't verify commit without detached metadata");
if (!_ostree_repo_sign_verify (pull_data->repo, pull_data->remote_name, signed_data, detached_metadata, error))
return glnx_prefix_error (error, "Can't verify commit");
/* Mark the commit as verified to avoid double verification
* see process_verify_result () for rationale */
g_hash_table_add (pull_data->verified_commits, g_strdup (checksum));
}
return TRUE;
}
@ -1829,6 +2007,44 @@ scan_commit_object (OtPullData *pull_data,
}
#endif /* OSTREE_DISABLE_GPGME */
if (pull_data->sign_verify &&
!g_hash_table_contains (pull_data->verified_commits, checksum))
{
gboolean ret = FALSE;
g_autoptr (GError) verification_error = NULL;
/* list all signature types in detached metadata and check if signed by any? */
g_auto (GStrv) names = ostree_sign_list_names();
for (char **iter=names; !ret && iter && *iter; iter++)
{
g_autoptr (OstreeSign) sign = NULL;
g_autoptr (GError) local_error = NULL;
if ((sign = ostree_sign_get_by_name (*iter, &local_error)) == NULL)
continue;
/* Try to load public key(s) according remote's configuration */
if (_load_public_keys (sign, pull_data->repo, pull_data->remote_name, &local_error))
{
/* Set return to true if any sign fit */
if (ostree_sign_commit_verify (sign,
pull_data->repo,
checksum,
cancellable,
&local_error))
ret = TRUE;
}
/* Save error message for better reason detection later if needed */
if (!ret)
glnx_prefix_error (&verification_error, "%s", local_error->message);
}
if (!ret)
return glnx_throw (error, "Can't verify commit %s: %s", checksum, verification_error->message);
}
/* If we found a legacy transaction flag, assume we have to scan.
* We always do a scan of dirtree objects; see
* https://github.com/ostreedev/ostree/issues/543
@ -3576,6 +3792,8 @@ ostree_repo_pull_with_options (OstreeRepo *self,
g_autoptr(GSource) update_timeout = NULL;
gboolean opt_gpg_verify_set = FALSE;
gboolean opt_gpg_verify_summary_set = FALSE;
gboolean opt_sign_verify_set = FALSE;
gboolean opt_sign_verify_summary_set = FALSE;
gboolean opt_collection_refs_set = FALSE;
gboolean opt_n_network_retries_set = FALSE;
gboolean opt_ref_keyring_map_set = FALSE;
@ -3610,6 +3828,10 @@ ostree_repo_pull_with_options (OstreeRepo *self,
g_variant_lookup (options, "gpg-verify", "b", &pull_data->gpg_verify);
opt_gpg_verify_summary_set =
g_variant_lookup (options, "gpg-verify-summary", "b", &pull_data->gpg_verify_summary);
opt_sign_verify_set =
g_variant_lookup (options, "sign-verify", "b", &pull_data->sign_verify);
opt_sign_verify_summary_set =
g_variant_lookup (options, "sign-verify-summary", "b", &pull_data->sign_verify_summary);
(void) g_variant_lookup (options, "depth", "i", &pull_data->maxdepth);
(void) g_variant_lookup (options, "disable-static-deltas", "b", &pull_data->disable_static_deltas);
(void) g_variant_lookup (options, "require-static-deltas", "b", &pull_data->require_static_deltas);
@ -3759,7 +3981,10 @@ ostree_repo_pull_with_options (OstreeRepo *self,
/* For compatibility with pull-local, don't gpg verify local
* pulls by default.
*/
if ((pull_data->gpg_verify || pull_data->gpg_verify_summary) &&
if ((pull_data->gpg_verify ||
pull_data->gpg_verify_summary ||
pull_data->sign_verify
) &&
pull_data->remote_name == NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
@ -3774,7 +3999,6 @@ ostree_repo_pull_with_options (OstreeRepo *self,
g_free (pull_data->remote_name);
pull_data->remote_name = g_strdup (remote_name_or_baseurl);
#ifndef OSTREE_DISABLE_GPGME
/* Fetch GPG verification settings from remote if it wasn't already
* explicitly set in the options. */
if (!opt_gpg_verify_set)
@ -3786,7 +4010,18 @@ ostree_repo_pull_with_options (OstreeRepo *self,
if (!ostree_repo_remote_get_gpg_verify_summary (self, pull_data->remote_name,
&pull_data->gpg_verify_summary, error))
goto out;
#endif /* OSTREE_DISABLE_GPGME */
/* Fetch verification settings from remote if it wasn't already
* explicitly set in the options. */
if (!opt_sign_verify_set)
if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
"sign-verify", FALSE,
&pull_data->sign_verify, error))
goto out;
if (!opt_sign_verify_summary_set)
if (!ostree_repo_get_remote_boolean_option (self, pull_data->remote_name,
"sign-verify-summary", FALSE,
&pull_data->sign_verify_summary, error))
goto out;
/* NOTE: If changing this, see the matching implementation in
* ostree-sysroot-upgrader.c
@ -4168,6 +4403,64 @@ ostree_repo_pull_with_options (OstreeRepo *self,
}
#endif /* OSTREE_DISABLE_GPGME */
if (pull_data->sign_verify_summary)
{
if (!bytes_sig && pull_data->sign_verify_summary)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Signatures verification enabled, but no summary.sig found (use sign-verify-summary=false in remote config to disable)");
goto out;
}
if (bytes_summary && bytes_sig)
{
g_autoptr(GVariant) signatures = NULL;
g_autoptr(GError) temp_error = NULL;
signatures = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT,
bytes_sig, FALSE);
if (!_ostree_repo_sign_verify (pull_data->repo, pull_data->remote_name, bytes_summary, signatures, &temp_error))
{
if (summary_from_cache)
{
/* The cached summary doesn't match, fetch a new one and verify again */
if ((self->test_error_flags & OSTREE_REPO_TEST_ERROR_INVALID_CACHE) > 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Remote %s cached summary invalid and "
"OSTREE_REPO_TEST_ERROR_INVALID_CACHE specified",
pull_data->remote_name);
goto out;
}
else
g_debug ("Remote %s cached summary invalid, pulling new version",
pull_data->remote_name);
summary_from_cache = FALSE;
g_clear_pointer (&bytes_summary, (GDestroyNotify)g_bytes_unref);
if (!_ostree_fetcher_mirrored_request_to_membuf (pull_data->fetcher,
pull_data->meta_mirrorlist,
"summary",
OSTREE_FETCHER_REQUEST_OPTIONAL_CONTENT,
pull_data->n_network_retries,
&bytes_summary,
OSTREE_MAX_METADATA_SIZE,
cancellable, error))
goto out;
if (!_ostree_repo_sign_verify (pull_data->repo, pull_data->remote_name, bytes_summary, signatures, error))
goto out;
}
else
{
g_propagate_error (error, g_steal_pointer (&temp_error));
goto out;
}
}
}
}
if (bytes_summary)
{
pull_data->summary_data = g_bytes_ref (bytes_summary);
@ -4648,22 +4941,26 @@ ostree_repo_pull_with_options (OstreeRepo *self,
g_string_append_printf (msg, "libostree pull from '%s' for %u refs complete",
pull_data->remote_name, g_hash_table_size (requested_refs_to_fetch));
const char *verify_state;
const char *gpg_verify_state;
#ifndef OSTREE_DISABLE_GPGME
if (pull_data->gpg_verify_summary)
{
if (pull_data->gpg_verify)
verify_state = "summary+commit";
gpg_verify_state = "summary+commit";
else
verify_state = "summary-only";
gpg_verify_state = "summary-only";
}
else
verify_state = (pull_data->gpg_verify ? "commit" : "disabled");
g_string_append_printf (msg, "\nsecurity: GPG: %s ", verify_state);
gpg_verify_state = (pull_data->gpg_verify ? "commit" : "disabled");
#else
verify_state = "disabled";
g_string_append_printf (msg, "\nsecurity: %s ", verify_state);
gpg_verify_state = "disabled";
#endif /* OSTREE_DISABLE_GPGME */
g_string_append_printf (msg, "\nsecurity: GPG: %s ", gpg_verify_state);
const char *sign_verify_state;
sign_verify_state = (pull_data->sign_verify ? "commit" : "disabled");
g_string_append_printf (msg, "\nsecurity: SIGN: %s ", sign_verify_state);
OstreeFetcherURI *first_uri = pull_data->meta_mirrorlist->pdata[0];
g_autofree char *first_scheme = _ostree_fetcher_uri_get_scheme (first_uri);
@ -4699,7 +4996,8 @@ ostree_repo_pull_with_options (OstreeRepo *self,
ot_journal_send ("MESSAGE=%s", msg->str,
"MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(OSTREE_MESSAGE_FETCH_COMPLETE_ID),
"OSTREE_REMOTE=%s", pull_data->remote_name,
"OSTREE_GPG=%s", verify_state,
"OSTREE_SIGN=%s", sign_verify_state,
"OSTREE_GPG=%s", gpg_verify_state,
"OSTREE_SECONDS=%u", n_seconds,
"OSTREE_XFER_SIZE=%s", formatted_xferred,
NULL);
@ -6024,6 +6322,8 @@ ostree_repo_pull_from_remotes_async (OstreeRepo *self,
g_variant_dict_insert (&local_options_dict, "gpg-verify", "b", FALSE);
#endif /* OSTREE_DISABLE_GPGME */
g_variant_dict_insert (&local_options_dict, "gpg-verify-summary", "b", FALSE);
g_variant_dict_insert (&local_options_dict, "sign-verify", "b", FALSE);
g_variant_dict_insert (&local_options_dict, "sign-verify-summary", "b", FALSE);
g_variant_dict_insert (&local_options_dict, "inherit-transaction", "b", TRUE);
if (result->remote->refspec_name != NULL)
g_variant_dict_insert (&local_options_dict, "override-remote-name", "s", result->remote->refspec_name);
@ -6170,9 +6470,8 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo *self,
g_autofree char *metalink_url_string = NULL;
g_autoptr(GBytes) summary = NULL;
g_autoptr(GBytes) signatures = NULL;
#ifndef OSTREE_DISABLE_GPGME
gboolean gpg_verify_summary;
#endif
gboolean sign_verify_summary;
gboolean ret = FALSE;
gboolean summary_is_from_cache;
@ -6194,18 +6493,19 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo *self,
error))
goto out;
#ifndef OSTREE_DISABLE_GPGME
if (!ostree_repo_remote_get_gpg_verify_summary (self, name, &gpg_verify_summary, error))
goto out;
if (gpg_verify_summary && summary == NULL)
if (gpg_verify_summary)
{
if (summary == NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
"GPG verification enabled, but no summary found (check that the configured URL in remote config is correct)");
goto out;
}
if (gpg_verify_summary && signatures == NULL)
if (signatures == NULL)
{
g_set_error (error, OSTREE_GPG_ERROR, OSTREE_GPG_ERROR_NO_SIGNATURE,
"GPG verification enabled, but no summary signatures found (use gpg-verify-summary=false in remote config to disable)");
@ -6213,7 +6513,7 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo *self,
}
/* Verify any summary signatures. */
if (gpg_verify_summary && summary != NULL && signatures != NULL)
if (summary != NULL && signatures != NULL)
{
g_autoptr(OstreeGpgVerifyResult) result = NULL;
@ -6226,6 +6526,40 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo *self,
if (!ostree_gpg_verify_result_require_valid_signature (result, error))
goto out;
}
}
if (!ostree_repo_get_remote_boolean_option (self, name, "sign-verify-summary",
FALSE, &sign_verify_summary, error))
goto out;
if (sign_verify_summary)
{
if (summary == NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
"Signature verification enabled, but no summary found (check that the configured URL in remote config is correct)");
goto out;
}
if (signatures == NULL)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
"Signature verification enabled, but no summary signatures found (use sign-verify-summary=false in remote config to disable)");
goto out;
}
/* Verify any summary signatures. */
if (summary != NULL && signatures != NULL)
{
g_autoptr(GVariant) sig_variant = NULL;
sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT,
signatures, FALSE);
if (!_ostree_repo_sign_verify (self, name, summary, sig_variant, error))
goto out;
}
}
if (!summary_is_from_cache && summary && signatures)
{
@ -6248,10 +6582,6 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo *self,
}
}
#else
g_message ("%s: GPG feature is disabled in a build time", __FUNCTION__);
#endif /* OSTREE_DISABLE_GPGME */
if (out_summary != NULL)
*out_summary = g_steal_pointer (&summary);

56
src/libostree/ostree-repo.c
View File

@ -2028,17 +2028,8 @@ ostree_repo_remote_get_gpg_verify (OstreeRepo *self,
return TRUE;
}
#ifndef OSTREE_DISABLE_GPGME
return ostree_repo_get_remote_boolean_option (self, name, "gpg-verify",
TRUE, out_gpg_verify, error);
#else
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"'%s': GPG feature is disabled in a build time",
__FUNCTION__);
if (out_gpg_verify != NULL)
*out_gpg_verify = FALSE;
return FALSE;
#endif /* OSTREE_DISABLE_GPGME */
}
/**
@ -2060,17 +2051,8 @@ ostree_repo_remote_get_gpg_verify_summary (OstreeRepo *self,
gboolean *out_gpg_verify_summary,
GError **error)
{
#ifndef OSTREE_DISABLE_GPGME
return ostree_repo_get_remote_boolean_option (self, name, "gpg-verify-summary",
FALSE, out_gpg_verify_summary, error);
#else
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"'%s': GPG feature is disabled in a build time",
__FUNCTION__);
if (out_gpg_verify_summary != NULL)
*out_gpg_verify_summary = FALSE;
return FALSE;
#endif /* OSTREE_DISABLE_GPGME */
}
/**
@ -2344,10 +2326,7 @@ out:
return ret;
#else /* OSTREE_DISABLE_GPGME */
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"'%s': GPG feature is disabled in a build time",
__FUNCTION__);
return FALSE;
return glnx_throw (error, "GPG feature is disabled in a build time");
#endif /* OSTREE_DISABLE_GPGME */
}
@ -4991,10 +4970,7 @@ ostree_repo_append_gpg_signature (OstreeRepo *self,
return TRUE;
#else
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"'%s': GPG feature is disabled in a build time",
__FUNCTION__);
return FALSE;
return glnx_throw (error, "GPG feature is disabled in a build time");
#endif /* OSTREE_DISABLE_GPGME */
}
@ -5146,7 +5122,7 @@ ostree_repo_sign_commit (OstreeRepo *self,
return TRUE;
#else
/* FIXME: Return false until refactoring */
return FALSE;
return glnx_throw (error, "GPG feature is disabled in a build time");
#endif /* OSTREE_DISABLE_GPGME */
}
@ -5238,10 +5214,7 @@ ostree_repo_add_gpg_signature_summary (OstreeRepo *self,
return TRUE;
#else
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"'%s': GPG feature is disabled in a build time",
__FUNCTION__);
return FALSE;
return glnx_throw (error, "GPG feature is disabled in a build time");
#endif /* OSTREE_DISABLE_GPGME */
}
@ -5515,10 +5488,7 @@ ostree_repo_verify_commit (OstreeRepo *self,
return TRUE;
#else
/* FIXME: Return false until refactoring */
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"'%s': GPG feature is disabled in a build time",
__FUNCTION__);
return FALSE;
return glnx_throw (error, "GPG feature is disabled in a build time");
#endif /* OSTREE_DISABLE_GPGME */
}
@ -5553,9 +5523,7 @@ ostree_repo_verify_commit_ext (OstreeRepo *self,
cancellable,
error);
#else
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"'%s': GPG feature is disabled in a build time",
__FUNCTION__);
glnx_throw (error, "GPG feature is disabled in a build time");
return NULL;
#endif /* OSTREE_DISABLE_GPGME */
}
@ -5592,9 +5560,7 @@ ostree_repo_verify_commit_for_remote (OstreeRepo *self,
cancellable,
error);
#else
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"'%s': GPG feature is disabled in a build time",
__FUNCTION__);
glnx_throw (error, "GPG feature is disabled in a build time");
return NULL;
#endif /* OSTREE_DISABLE_GPGME */
}
@ -5644,9 +5610,7 @@ ostree_repo_gpg_verify_data (OstreeRepo *self,
cancellable,
error);
#else
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"'%s': GPG feature is disabled in a build time",
__FUNCTION__);
glnx_throw (error, "GPG feature is disabled in a build time");
return NULL;
#endif /* OSTREE_DISABLE_GPGME */
}
@ -5692,9 +5656,7 @@ ostree_repo_verify_summary (OstreeRepo *self,
cancellable,
error);
#else
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
"'%s': GPG feature is disabled in a build time",
__FUNCTION__);
glnx_throw (error, "GPG feature is disabled in a build time");
return NULL;
#endif /* OSTREE_DISABLE_GPGME */
}

177
src/libostree/ostree-sign-dummy.c Normal file
View File

@ -0,0 +1,177 @@
/* vim:set et sw=2 cin cino=t0,f0,(0,{s,>2s,n-s,^-s,e2s: */
/*
* Copyright © 2019 Collabora Ltd.
*
* SPDX-License-Identifier: LGPL-2.0+
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
*/
#include "config.h"
#include <libglnx.h>
#include "ostree-sign-dummy.h"
#include <string.h>
#undef G_LOG_DOMAIN
#define G_LOG_DOMAIN "OSTreeSign"
#define OSTREE_SIGN_DUMMY_NAME "dummy"
#define OSTREE_SIGN_METADATA_DUMMY_KEY "ostree.sign.dummy"
#define OSTREE_SIGN_METADATA_DUMMY_TYPE "aay"
struct _OstreeSignDummy
{
GObject parent;
gchar *sk_ascii;
gchar *pk_ascii;
};
#ifdef G_DEFINE_AUTOPTR_CLEANUP_FUNC
G_DEFINE_AUTOPTR_CLEANUP_FUNC (OstreeSignDummy, g_object_unref)
#endif
static void
ostree_sign_dummy_iface_init (OstreeSignInterface *self);
G_DEFINE_TYPE_WITH_CODE (OstreeSignDummy, _ostree_sign_dummy, G_TYPE_OBJECT,
G_IMPLEMENT_INTERFACE (OSTREE_TYPE_SIGN, ostree_sign_dummy_iface_init));
static void
ostree_sign_dummy_iface_init (OstreeSignInterface *self)
{
self->get_name = ostree_sign_dummy_get_name;
self->data = ostree_sign_dummy_data;
self->data_verify = ostree_sign_dummy_data_verify;
self->metadata_key = ostree_sign_dummy_metadata_key;
self->metadata_format = ostree_sign_dummy_metadata_format;
self->set_sk = ostree_sign_dummy_set_sk;
self->set_pk = ostree_sign_dummy_set_pk;
/* Implementation for dummy engine just load the single public key */
self->add_pk = ostree_sign_dummy_set_pk;
}
static void
_ostree_sign_dummy_class_init (OstreeSignDummyClass *self)
{
}
static void
_ostree_sign_dummy_init (OstreeSignDummy *self)
{
self->sk_ascii = NULL;
self->pk_ascii = NULL;
}
gboolean ostree_sign_dummy_set_sk (OstreeSign *self, GVariant *key, GError **error)
{
OstreeSignDummy *sign = _ostree_sign_dummy_get_instance_private(OSTREE_SIGN_DUMMY(self));
g_free(sign->sk_ascii);
sign->sk_ascii = g_variant_dup_string (key, 0);
return TRUE;
}
gboolean ostree_sign_dummy_set_pk (OstreeSign *self, GVariant *key, GError **error)
{
OstreeSignDummy *sign = _ostree_sign_dummy_get_instance_private(OSTREE_SIGN_DUMMY(self));
g_free(sign->pk_ascii);
sign->pk_ascii = g_variant_dup_string (key, 0);
return TRUE;
}
gboolean ostree_sign_dummy_data (OstreeSign *self,
GBytes *data,
GBytes **signature,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
OstreeSignDummy *sign = _ostree_sign_dummy_get_instance_private(OSTREE_SIGN_DUMMY(self));
*signature = g_bytes_new (sign->sk_ascii, strlen(sign->sk_ascii));
return TRUE;
}
const gchar * ostree_sign_dummy_get_name (OstreeSign *self)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
return OSTREE_SIGN_DUMMY_NAME;
}
const gchar * ostree_sign_dummy_metadata_key (OstreeSign *self)
{
return OSTREE_SIGN_METADATA_DUMMY_KEY;
}
const gchar * ostree_sign_dummy_metadata_format (OstreeSign *self)
{
return OSTREE_SIGN_METADATA_DUMMY_TYPE;
}
gboolean ostree_sign_dummy_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
g_return_val_if_fail (data != NULL, FALSE);
OstreeSignDummy *sign = _ostree_sign_dummy_get_instance_private(OSTREE_SIGN_DUMMY(self));
if (signatures == NULL)
return glnx_throw (error, "signature: dummy: commit have no signatures of my type");
if (!g_variant_is_of_type (signatures, (GVariantType *) OSTREE_SIGN_METADATA_DUMMY_TYPE))
return glnx_throw (error, "signature: dummy: wrong type passed for verification");
for (gsize i = 0; i < g_variant_n_children(signatures); i++)
{
g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i);
g_autoptr (GBytes) signature = g_variant_get_data_as_bytes(child);
gsize sign_size = 0;
g_bytes_get_data (signature, &sign_size);
g_autofree gchar *sign_ascii = g_strndup(g_bytes_get_data (signature, NULL), sign_size);
g_debug("Read signature %d: %s", (gint)i, sign_ascii);
g_debug("Stored signature %d: %s", (gint)i, sign->pk_ascii);
if (!g_strcmp0(sign_ascii, sign->pk_ascii))
return TRUE;
else
return glnx_throw (error, "signature: dummy: incorrect signature %" G_GSIZE_FORMAT, i);
}
return glnx_throw (error, "signature: dummy: no signatures");
}

76
src/libostree/ostree-sign-dummy.h Normal file
View File

@ -0,0 +1,76 @@
/* vim:set et sw=2 cin cino=t0,f0,(0,{s,>2s,n-s,^-s,e2s: */
/*
* Copyright © 2019 Collabora Ltd.
*
* SPDX-License-Identifier: LGPL-2.0+
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
* Authors:
* - Denis Pynkin (d4s) <denis.pynkin@collabora.com>
*/
#pragma once
#include "ostree-sign.h"
G_BEGIN_DECLS
#define OSTREE_TYPE_SIGN_DUMMY (_ostree_sign_dummy_get_type ())
GType _ostree_sign_dummy_get_type (void);
G_GNUC_BEGIN_IGNORE_DEPRECATIONS
typedef struct _OstreeSignDummy OstreeSignDummy;
typedef struct { GObjectClass parent_class; } OstreeSignDummyClass;
static inline OstreeSignDummy *OSTREE_SIGN_DUMMY (gpointer ptr) { return G_TYPE_CHECK_INSTANCE_CAST (ptr, _ostree_sign_dummy_get_type (), OstreeSignDummy); }
static inline gboolean OSTREE_IS_SIGN_DUMMY (gpointer ptr) { return G_TYPE_CHECK_INSTANCE_TYPE (ptr, _ostree_sign_dummy_get_type ()); }
G_GNUC_END_IGNORE_DEPRECATIONS
/* Have to use glib-2.44 for this
_OSTREE_PUBLIC
G_DECLARE_FINAL_TYPE (OstreeSignDummy,
ostree_sign_dummy,
OSTREE,
SIGN_DUMMY,
GObject)
*/
const gchar * ostree_sign_dummy_get_name (OstreeSign *self);
gboolean ostree_sign_dummy_data (OstreeSign *self,
GBytes *data,
GBytes **signature,
GCancellable *cancellable,
GError **error);
gboolean ostree_sign_dummy_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
GError **error);
const gchar * ostree_sign_dummy_metadata_key (OstreeSign *self);
const gchar * ostree_sign_dummy_metadata_format (OstreeSign *self);
gboolean ostree_sign_dummy_set_sk (OstreeSign *self, GVariant *key, GError **error);
gboolean ostree_sign_dummy_set_pk (OstreeSign *self, GVariant *key, GError **error);
gboolean ostree_sign_dummy_add_pk (OstreeSign *self, GVariant *key, GError **error);
G_END_DECLS

647
src/libostree/ostree-sign-ed25519.c Normal file
View File

@ -0,0 +1,647 @@
/* vim:set et sw=2 cin cino=t0,f0,(0,{s,>2s,n-s,^-s,e2s: */
/*
* Copyright © 2019 Collabora Ltd.
*
* SPDX-License-Identifier: LGPL-2.0+
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
* Authors:
* - Denis Pynkin (d4s) <denis.pynkin@collabora.com>
*/
#include "config.h"
#include <libglnx.h>
#include "ostree-sign-ed25519.h"
#ifdef HAVE_LIBSODIUM
#include <sodium.h>
#endif
#undef G_LOG_DOMAIN
#define G_LOG_DOMAIN "OSTreeSign"
#define OSTREE_SIGN_ED25519_NAME "ed25519"
#define OSTREE_SIGN_METADATA_ED25519_KEY "ostree.sign.ed25519"
#define OSTREE_SIGN_METADATA_ED25519_TYPE "aay"
typedef enum
{
ED25519_OK,
ED25519_NOT_SUPPORTED,
ED25519_FAILED_INITIALIZATION
} ed25519_state;
struct _OstreeSignEd25519
{
GObject parent;
ed25519_state state;
guchar *secret_key;
GList *public_keys;
GList *revoked_keys;
};
#ifdef G_DEFINE_AUTOPTR_CLEANUP_FUNC
G_DEFINE_AUTOPTR_CLEANUP_FUNC (OstreeSignEd25519, g_object_unref)
#endif
static void
ostree_sign_ed25519_iface_init (OstreeSignInterface *self);
G_DEFINE_TYPE_WITH_CODE (OstreeSignEd25519, _ostree_sign_ed25519, G_TYPE_OBJECT,
G_IMPLEMENT_INTERFACE (OSTREE_TYPE_SIGN, ostree_sign_ed25519_iface_init));
static void
ostree_sign_ed25519_iface_init (OstreeSignInterface *self)
{
self->data = ostree_sign_ed25519_data;
self->data_verify = ostree_sign_ed25519_data_verify;
self->get_name = ostree_sign_ed25519_get_name;
self->metadata_key = ostree_sign_ed25519_metadata_key;
self->metadata_format = ostree_sign_ed25519_metadata_format;
self->clear_keys = ostree_sign_ed25519_clear_keys;
self->set_sk = ostree_sign_ed25519_set_sk;
self->set_pk = ostree_sign_ed25519_set_pk;
self->add_pk = ostree_sign_ed25519_add_pk;
self->load_pk = ostree_sign_ed25519_load_pk;
}
static void
_ostree_sign_ed25519_class_init (OstreeSignEd25519Class *self)
{
}
static void
_ostree_sign_ed25519_init (OstreeSignEd25519 *self)
{
self->state = ED25519_OK;
self->secret_key = NULL;
self->public_keys = NULL;
self->revoked_keys = NULL;
#ifdef HAVE_LIBSODIUM
if (sodium_init() < 0)
self->state = ED25519_FAILED_INITIALIZATION;
#else
self->state = ED25519_NOT_SUPPORTED;
#endif /* HAVE_LIBSODIUM */
}
static gboolean
_ostree_sign_ed25519_is_initialized (OstreeSignEd25519 *self, GError **error)
{
switch (self->state)
{
case ED25519_OK:
break;
case ED25519_NOT_SUPPORTED:
return glnx_throw(error, "ed25519: engine is not supported");
case ED25519_FAILED_INITIALIZATION:
return glnx_throw(error, "ed25519: libsodium library isn't initialized properly");
}
return TRUE;
}
gboolean ostree_sign_ed25519_data (OstreeSign *self,
GBytes *data,
GBytes **signature,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
#ifdef HAVE_LIBSODIUM
guchar *sig = NULL;
#endif
if (!_ostree_sign_ed25519_is_initialized (sign, error))
return FALSE;
if (sign->secret_key == NULL)
return glnx_throw (error, "Not able to sign: secret key is not set");
#ifdef HAVE_LIBSODIUM
unsigned long long sig_size = 0;
sig = g_malloc0(crypto_sign_BYTES);
if (crypto_sign_detached (sig,
&sig_size,
g_bytes_get_data (data, NULL),
g_bytes_get_size (data),
sign->secret_key))
{
return glnx_throw (error, "Not able to sign: fail to sign the object");
}
*signature = g_bytes_new_take (sig, sig_size);
return TRUE;
#endif /* HAVE_LIBSODIUM */
return FALSE;
}
#ifdef HAVE_LIBSODIUM
static gint
_compare_ed25519_keys(gconstpointer a, gconstpointer b) {
return memcmp (a, b, crypto_sign_PUBLICKEYBYTES);
}
#endif
gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
g_return_val_if_fail (data != NULL, FALSE);
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
if (!_ostree_sign_ed25519_is_initialized (sign, error))
return FALSE;
if (signatures == NULL)
return glnx_throw (error, "ed25519: commit have no signatures of my type");
if (!g_variant_is_of_type (signatures, (GVariantType *) OSTREE_SIGN_METADATA_ED25519_TYPE))
return glnx_throw (error, "ed25519: wrong type passed for verification");
#ifdef HAVE_LIBSODIUM
/* If no keys pre-loaded then,
* try to load public keys from storage(s) */
if (sign->public_keys == NULL)
{
g_autoptr (GVariantBuilder) builder = NULL;
g_autoptr (GVariant) options = NULL;
builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
options = g_variant_builder_end (builder);
if (!ostree_sign_ed25519_load_pk (self, options, error))
return FALSE;
}
g_debug ("verify: data hash = 0x%x", g_bytes_hash(data));
for (gsize i = 0; i < g_variant_n_children(signatures); i++)
{
g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i);
g_autoptr (GBytes) signature = g_variant_get_data_as_bytes(child);
g_autofree char * hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1);
g_debug("Read signature %d: %s", (gint)i, g_variant_print(child, TRUE));
for (GList *public_key = sign->public_keys;
public_key != NULL;
public_key = public_key->next)
{
/* TODO: use non-list for tons of revoked keys? */
if (g_list_find_custom (sign->revoked_keys, public_key->data, _compare_ed25519_keys) != NULL)
{
g_debug("Skip revoked key '%s'",
sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES));
continue;
}
if (crypto_sign_verify_detached ((guchar *) g_variant_get_data (child),
g_bytes_get_data (data, NULL),
g_bytes_get_size (data),
public_key->data) != 0)
{
/* Incorrect signature! */
g_debug("Signature couldn't be verified with key '%s'",
sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES));
}
else
{
g_debug ("Signature verified successfully with key '%s'",
sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES));
return TRUE;
}
}
}
return glnx_throw (error, "Not able to verify: no valid signatures found");
#endif /* HAVE_LIBSODIUM */
return FALSE;
}
const gchar * ostree_sign_ed25519_get_name (OstreeSign *self)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
return OSTREE_SIGN_ED25519_NAME;
}
const gchar * ostree_sign_ed25519_metadata_key (OstreeSign *self)
{
return OSTREE_SIGN_METADATA_ED25519_KEY;
}
const gchar * ostree_sign_ed25519_metadata_format (OstreeSign *self)
{
return OSTREE_SIGN_METADATA_ED25519_TYPE;
}
gboolean ostree_sign_ed25519_clear_keys (OstreeSign *self,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
if (!_ostree_sign_ed25519_is_initialized (sign, error))
return FALSE;
#ifdef HAVE_LIBSODIUM
/* Clear secret key */
if (sign->secret_key != NULL)
{
memset (sign->secret_key, 0, crypto_sign_SECRETKEYBYTES);
g_free (sign->secret_key);
sign->secret_key = NULL;
}
/* Clear already loaded trusted keys */
if (sign->public_keys != NULL)
{
g_list_free_full (sign->public_keys, g_free);
sign->public_keys = NULL;
}
/* Clear already loaded revoked keys */
if (sign->revoked_keys != NULL)
{
g_list_free_full (sign->revoked_keys, g_free);
sign->revoked_keys = NULL;
}
return TRUE;
#endif /* HAVE_LIBSODIUM */
return FALSE;
}
/* Support 2 representations:
* base64 ascii -- secret key is passed as string
* raw key -- key is passed as bytes array
* */
gboolean ostree_sign_ed25519_set_sk (OstreeSign *self,
GVariant *secret_key,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (!ostree_sign_ed25519_clear_keys (self, error))
return FALSE;
#ifdef HAVE_LIBSODIUM
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
gsize n_elements = 0;
if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_STRING))
{
const gchar *sk_ascii = g_variant_get_string (secret_key, NULL);
sign->secret_key = g_base64_decode (sk_ascii, &n_elements);
}
else if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_BYTESTRING))
{
sign->secret_key = (guchar *) g_variant_get_fixed_array (secret_key, &n_elements, sizeof(guchar));
}
else
{
return glnx_throw (error, "Unknown ed25519 secret key type");
}
if (n_elements != crypto_sign_SECRETKEYBYTES)
return glnx_throw (error, "Incorrect ed25519 secret key");
return TRUE;
#endif /* HAVE_LIBSODIUM */
return FALSE;
}
/* Support 2 representations:
* base64 ascii -- public key is passed as string
* raw key -- key is passed as bytes array
* */
gboolean ostree_sign_ed25519_set_pk (OstreeSign *self,
GVariant *public_key,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (!ostree_sign_ed25519_clear_keys (self, error))
return FALSE;
return ostree_sign_ed25519_add_pk (self, public_key, error);
}
/* Support 2 representations:
* base64 ascii -- public key is passed as string
* raw key -- key is passed as bytes array
* */
gboolean ostree_sign_ed25519_add_pk (OstreeSign *self,
GVariant *public_key,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
if (!_ostree_sign_ed25519_is_initialized (sign, error))
return FALSE;
#ifdef HAVE_LIBSODIUM
gpointer key = NULL;
gsize n_elements = 0;
if (g_variant_is_of_type (public_key, G_VARIANT_TYPE_STRING))
{
const gchar *pk_ascii = g_variant_get_string (public_key, NULL);
key = g_base64_decode (pk_ascii, &n_elements);
}
else if (g_variant_is_of_type (public_key, G_VARIANT_TYPE_BYTESTRING))
{
key = (gpointer) g_variant_get_fixed_array (public_key, &n_elements, sizeof(guchar));
}
else
{
return glnx_throw (error, "Unknown ed25519 public key type");
}
g_autofree char *hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1);
g_debug ("Read ed25519 public key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements));
if (n_elements != crypto_sign_PUBLICKEYBYTES)
return glnx_throw (error, "Incorrect ed25519 public key");
if (g_list_find_custom (sign->public_keys, key, _compare_ed25519_keys) == NULL)
{
gpointer newkey = g_memdup (key, n_elements);
sign->public_keys = g_list_prepend (sign->public_keys, newkey);
}
#endif /* HAVE_LIBSODIUM */
return TRUE;
}
#ifdef HAVE_LIBSODIUM
/* Add revoked public key */
static gboolean
_ed25519_add_revoked (OstreeSign *self,
GVariant *revoked_key,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (!g_variant_is_of_type (revoked_key, G_VARIANT_TYPE_STRING))
return glnx_throw (error, "Unknown ed25519 revoked key type");
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
const gchar *rk_ascii = g_variant_get_string (revoked_key, NULL);
gsize n_elements = 0;
gpointer key = g_base64_decode (rk_ascii, &n_elements);
g_autofree char * hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1);
g_debug ("Read ed25519 revoked key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements));
if (n_elements != crypto_sign_PUBLICKEYBYTES)
{
return glnx_throw (error, "Incorrect ed25519 revoked key");
}
if (g_list_find_custom (sign->revoked_keys, key, _compare_ed25519_keys) == NULL)
{
gpointer newkey = g_memdup (key, n_elements);
sign->revoked_keys = g_list_prepend (sign->revoked_keys, newkey);
}
return TRUE;
}
#endif /* HAVE_LIBSODIUM */
static gboolean
_load_pk_from_stream (OstreeSign *self,
GDataInputStream *key_data_in,
gboolean trusted,
GError **error)
{
g_return_val_if_fail (key_data_in, FALSE);
#ifdef HAVE_LIBSODIUM
gboolean ret = FALSE;
/* Use simple file format with just a list of base64 public keys per line */
while (TRUE)
{
gsize len = 0;
g_autofree char *line = g_data_input_stream_read_line (key_data_in, &len, NULL, error);
g_autoptr (GVariant) pk = NULL;
gboolean added = FALSE;
if (*error != NULL)
return FALSE;
if (line == NULL)
return ret;
/* Read the key itself */
/* base64 encoded key */
pk = g_variant_new_string (line);
if (trusted)
added = ostree_sign_ed25519_add_pk (self, pk, error);
else
added = _ed25519_add_revoked (self, pk, error);
g_debug ("%s %s key: %s",
added ? "Added" : "Invalid",
trusted ? "public" : "revoked",
line);
/* Mark what we load at least one key */
if (added)
ret = TRUE;
}
#endif /* HAVE_LIBSODIUM */
return FALSE;
}
static gboolean
_load_pk_from_file (OstreeSign *self,
const gchar *filename,
gboolean trusted,
GError **error)
{
g_debug ("Processing file '%s'", filename);
g_autoptr (GFile) keyfile = NULL;
g_autoptr (GFileInputStream) key_stream_in = NULL;
g_autoptr (GDataInputStream) key_data_in = NULL;
if (!g_file_test (filename, G_FILE_TEST_IS_REGULAR))
{
g_debug ("Can't open file '%s' with public keys", filename);
return glnx_throw (error, "File object '%s' is not a regular file", filename);
}
keyfile = g_file_new_for_path (filename);
key_stream_in = g_file_read (keyfile, NULL, error);
if (key_stream_in == NULL)
return FALSE;
key_data_in = g_data_input_stream_new (G_INPUT_STREAM(key_stream_in));
g_assert (key_data_in != NULL);
if (!_load_pk_from_stream (self, key_data_in, trusted, error))
{
if (error == NULL || *error == NULL)
return glnx_throw (error,
"signature: ed25519: no valid keys in file '%s'",
filename);
}
return TRUE;
}
static gboolean
_ed25519_load_pk (OstreeSign *self,
GVariant *options,
gboolean trusted,
GError **error)
{
gboolean ret = FALSE;
const gchar *custom_dir = NULL;
g_autoptr (GPtrArray) base_dirs = g_ptr_array_new_with_free_func (g_free);
g_autoptr (GPtrArray) ed25519_files = g_ptr_array_new_with_free_func (g_free);
if (g_variant_lookup (options, "basedir", "&s", &custom_dir))
{
/* Add custom directory */
g_ptr_array_add (base_dirs, g_strdup (custom_dir));
}
else
{
/* Default paths where to find files with public keys */
g_ptr_array_add (base_dirs, g_strdup ("/etc/ostree"));
g_ptr_array_add (base_dirs, g_strdup (DATADIR "/ostree"));
}
/* Scan all well-known directories and construct the list with file names to scan keys */
for (gint i=0; i < base_dirs->len; i++)
{
gchar *base_name = NULL;
g_autofree gchar *base_dir = NULL;
g_autoptr (GDir) dir = NULL;
base_name = g_build_filename ((gchar *)g_ptr_array_index (base_dirs, i),
trusted ? "trusted.ed25519" : "revoked.ed25519",
NULL);
g_debug ("Check ed25519 keys from file: %s", base_name);
g_ptr_array_add (ed25519_files, base_name);
base_dir = g_strconcat (base_name, ".d", NULL);
dir = g_dir_open (base_dir, 0, error);
if (dir == NULL)
{
g_clear_error (error);
continue;
}
const gchar *entry = NULL;
while ((entry = g_dir_read_name (dir)) != NULL)
{
gchar *filename = g_build_filename (base_dir, entry, NULL);
g_debug ("Check ed25519 keys from file: %s", filename);
g_ptr_array_add (ed25519_files, filename);
}
}
/* Scan all well-known files */
for (gint i=0; i < ed25519_files->len; i++)
{
if (!_load_pk_from_file (self, (gchar *)g_ptr_array_index (ed25519_files, i), trusted, error))
{
g_debug ("Problem with loading ed25519 %s keys from `%s`",
trusted ? "public" : "revoked",
(gchar *)g_ptr_array_index (ed25519_files, i));
g_clear_error(error);
}
else
ret = TRUE;
}
if (!ret && (error == NULL || *error == NULL))
return glnx_throw (error, "signature: ed25519: no keys loaded");
return ret;
}
/*
* options argument should be a{sv}:
* - filename -- single file to use to load keys from;
* - basedir -- directory containing subdirectories
* 'trusted.ed25519.d' and 'revoked.ed25519.d' with appropriate
* public keys. Used for testing and re-definition of system-wide
* directories if defaults are not suitable for any reason.
*/
gboolean
ostree_sign_ed25519_load_pk (OstreeSign *self,
GVariant *options,
GError **error)
{
const gchar *filename = NULL;
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
if (!_ostree_sign_ed25519_is_initialized (sign, error))
return FALSE;
/* Read keys only from single file provided */
if (g_variant_lookup (options, "filename", "&s", &filename))
return _load_pk_from_file (self, filename, TRUE, error);
/* Load public keys from well-known directories and files */
if (!_ed25519_load_pk (self, options, TRUE, error))
return FALSE;
/* Load untrusted keys from well-known directories and files
* Ignore the failure from this function -- it is expected to have
* empty list of revoked keys.
* */
if (!_ed25519_load_pk (self, options, FALSE, error))
g_clear_error(error);
return TRUE;
}

90
src/libostree/ostree-sign-ed25519.h Normal file
View File

@ -0,0 +1,90 @@
/* vim:set et sw=2 cin cino=t0,f0,(0,{s,>2s,n-s,^-s,e2s: */
/*
* Copyright © 2019 Collabora Ltd.
*
* SPDX-License-Identifier: LGPL-2.0+
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
* Authors:
* - Denis Pynkin (d4s) <denis.pynkin@collabora.com>
*/
#pragma once
#include "ostree-sign.h"
G_BEGIN_DECLS
#define OSTREE_TYPE_SIGN_ED25519 (_ostree_sign_ed25519_get_type ())
GType _ostree_sign_ed25519_get_type (void);
G_GNUC_BEGIN_IGNORE_DEPRECATIONS
typedef struct _OstreeSignEd25519 OstreeSignEd25519;
typedef struct { GObjectClass parent_class; } OstreeSignEd25519Class;
static inline OstreeSignEd25519 *OSTREE_SIGN_ED25519 (gpointer ptr) { return G_TYPE_CHECK_INSTANCE_CAST (ptr, _ostree_sign_ed25519_get_type (), OstreeSignEd25519); }
static inline gboolean OSTREE_IS_SIGN_ED25519 (gpointer ptr) { return G_TYPE_CHECK_INSTANCE_TYPE (ptr, _ostree_sign_ed25519_get_type ()); }
G_GNUC_END_IGNORE_DEPRECATIONS
/* Have to use glib-2.44 for this
_OSTREE_PUBLIC
G_DECLARE_FINAL_TYPE (OstreeSignEd25519,
ostree_sign_ed25519,
OSTREE,
SIGN_ED25519,
GObject)
*/
gboolean ostree_sign_ed25519_data (OstreeSign *self,
GBytes *data,
GBytes **signature,
GCancellable *cancellable,
GError **error);
gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
GError **error);
const gchar * ostree_sign_ed25519_get_name (OstreeSign *self);
const gchar * ostree_sign_ed25519_metadata_key (OstreeSign *self);
const gchar * ostree_sign_ed25519_metadata_format (OstreeSign *self);
gboolean ostree_sign_ed25519_clear_keys (OstreeSign *self,
GError **error);
gboolean ostree_sign_ed25519_set_sk (OstreeSign *self,
GVariant *secret_key,
GError **error);
gboolean ostree_sign_ed25519_set_pk (OstreeSign *self,
GVariant *public_key,
GError **error);
gboolean ostree_sign_ed25519_add_pk (OstreeSign *self,
GVariant *public_key,
GError **error);
gboolean ostree_sign_ed25519_load_pk (OstreeSign *self,
GVariant *options,
GError **error);
G_END_DECLS

670
src/libostree/ostree-sign.c Normal file
View File

@ -0,0 +1,670 @@
/* vim:set et sw=2 cin cino=t0,f0,(0,{s,>2s,n-s,^-s,e2s: */
/*
* Copyright © 2019 Collabora Ltd.
*
* SPDX-License-Identifier: LGPL-2.0+
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
*/
/**
* SECTION:ostree-sign
* @title: Signature management
* @short_description: Sign and verify commits
*
* An #OstreeSign interface allows to select and use any available engine
* for signing or verifying the commit object or summary file.
*/
#include "config.h"
#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include "libglnx.h"
#include "otutil.h"
#include "ostree-autocleanups.h"
#include "ostree-core.h"
#include "ostree-sign.h"
#include "ostree-sign-dummy.h"
#ifdef HAVE_LIBSODIUM
#include "ostree-sign-ed25519.h"
#endif
#include "ostree-autocleanups.h"
#include "ostree-repo-private.h"
#undef G_LOG_DOMAIN
#define G_LOG_DOMAIN "OSTreeSign"
typedef struct
{
gchar *name;
GType type;
} _sign_type;
_sign_type sign_types[] =
{
#if defined(HAVE_LIBSODIUM)
{"ed25519", 0},
#endif
{"dummy", 0}
};
enum
{
#if defined(HAVE_LIBSODIUM)
SIGN_ED25519,
#endif
SIGN_DUMMY
};
G_DEFINE_INTERFACE (OstreeSign, ostree_sign, G_TYPE_OBJECT)
static void
ostree_sign_default_init (OstreeSignInterface *iface)
{
g_debug ("OstreeSign initialization");
}
/**
* ostree_sign_metadata_key:
* @self: an #OstreeSign object
*
* Return the pointer to the name of the key used in (detached) metadata for
* current signing engine.
*
* Returns: (transfer none): pointer to the metadata key name,
* @NULL in case of error (unlikely).
*
* Since: 2020.2
*/
const gchar *
ostree_sign_metadata_key (OstreeSign *self)
{
g_return_val_if_fail (OSTREE_SIGN_GET_IFACE (self)->metadata_key != NULL, NULL);
return OSTREE_SIGN_GET_IFACE (self)->metadata_key (self);
}
/**
* ostree_sign_metadata_format:
* @self: an #OstreeSign object
*
* Return the pointer to the string with format used in (detached) metadata for
* current signing engine.
*
* Returns: (transfer none): pointer to the metadata format,
* @NULL in case of error (unlikely).
*
* Since: 2020.2
*/
const gchar *
ostree_sign_metadata_format (OstreeSign *self)
{
g_return_val_if_fail (OSTREE_SIGN_GET_IFACE (self)->metadata_format != NULL, NULL);
return OSTREE_SIGN_GET_IFACE (self)->metadata_format (self);
}
/**
* ostree_sign_clear_keys:
* @self: an #OstreeSign object
* @error: a #GError
*
* Clear all previously preloaded secret and public keys.
*
* Returns: @TRUE in case if no errors, @FALSE in case of error
*
* Since: 2020.2
*/
gboolean
ostree_sign_clear_keys (OstreeSign *self,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (OSTREE_SIGN_GET_IFACE (self)->clear_keys == NULL)
return glnx_throw (error, "not implemented");
return OSTREE_SIGN_GET_IFACE (self)->clear_keys (self, error);
}
/**
* ostree_sign_set_sk:
* @self: an #OstreeSign object
* @secret_key: secret key to be added
* @error: a #GError
*
* Set the secret key to be used for signing data, commits and summary.
*
* The @secret_key argument depends of the particular engine implementation.
*
* Returns: @TRUE in case if the key could be set successfully,
* @FALSE in case of error (@error will contain the reason).
*
* Since: 2020.2
*/
gboolean
ostree_sign_set_sk (OstreeSign *self,
GVariant *secret_key,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (OSTREE_SIGN_GET_IFACE (self)->set_sk == NULL)
return glnx_throw (error, "not implemented");
return OSTREE_SIGN_GET_IFACE (self)->set_sk (self, secret_key, error);
}
/**
* ostree_sign_set_pk:
* @self: an #OstreeSign object
* @public_key: single public key to be added
* @error: a #GError
*
* Set the public key for verification. It is expected what all
* previously pre-loaded public keys will be dropped.
*
* The @public_key argument depends of the particular engine implementation.
*
* Returns: @TRUE in case if the key could be set successfully,
* @FALSE in case of error (@error will contain the reason).
*
* Since: 2020.2
*/
gboolean
ostree_sign_set_pk (OstreeSign *self,
GVariant *public_key,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (OSTREE_SIGN_GET_IFACE (self)->set_pk == NULL)
return glnx_throw (error, "not implemented");
return OSTREE_SIGN_GET_IFACE (self)->set_pk (self, public_key, error);
}
/**
* ostree_sign_add_pk:
* @self: an #OstreeSign object
* @public_key: single public key to be added
* @error: a #GError
*
* Add the public key for verification. Could be called multiple times for
* adding all needed keys to be used for verification.
*
* The @public_key argument depends of the particular engine implementation.
*
* Returns: @TRUE in case if the key could be added successfully,
* @FALSE in case of error (@error will contain the reason).
*
* Since: 2020.2
*/
gboolean
ostree_sign_add_pk (OstreeSign *self,
GVariant *public_key,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (OSTREE_SIGN_GET_IFACE (self)->add_pk == NULL)
return glnx_throw (error, "not implemented");
return OSTREE_SIGN_GET_IFACE (self)->add_pk (self, public_key, error);
}
/**
* ostree_sign_load_pk:
* @self: an #OstreeSign object
* @options: any options
* @error: a #GError
*
* Load public keys for verification from anywhere.
* It is expected that all keys would be added to already pre-loaded keys.
*
* The @options argument depends of the particular engine implementation.
*
* For example, @ed25515 engine could use following string-formatted options:
* - @filename -- single file to use to load keys from
* - @basedir -- directory containing subdirectories
* 'trusted.ed25519.d' and 'revoked.ed25519.d' with appropriate
* public keys. Used for testing and re-definition of system-wide
* directories if defaults are not suitable for any reason.
*
* Returns: @TRUE in case if at least one key could be load successfully,
* @FALSE in case of error (@error will contain the reason).
*
* Since: 2020.2
*/
/*
* No need to have similar function for secret keys load -- it is expected
* what the signing software will load the secret key in it's own way.
*/
gboolean
ostree_sign_load_pk (OstreeSign *self,
GVariant *options,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (OSTREE_SIGN_GET_IFACE (self)->load_pk == NULL)
return glnx_throw (error, "not implemented");
return OSTREE_SIGN_GET_IFACE (self)->load_pk (self, options, error);
}
/**
* ostree_sign_data:
* @self: an #OstreeSign object
* @data: the raw data to be signed with pre-loaded secret key
* @signature: in case of success will contain signature
* @cancellable: A #GCancellable
* @error: a #GError
*
* Sign the given @data with pre-loaded secret key.
*
* Depending of the signing engine used you will need to load
* the secret key with #ostree_sign_set_sk.
*
* Returns: @TRUE if @data has been signed successfully,
* @FALSE in case of error (@error will contain the reason).
*
* Since: 2020.2
*/
gboolean
ostree_sign_data (OstreeSign *self,
GBytes *data,
GBytes **signature,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (OSTREE_SIGN_GET_IFACE (self)->data == NULL)
return glnx_throw (error, "not implemented");
return OSTREE_SIGN_GET_IFACE (self)->data (self, data, signature, cancellable, error);
}
/**
* ostree_sign_data_verify:
* @self: an #OstreeSign object
* @data: the raw data to check
* @signatures: the signatures to be checked
* @error: a #GError
*
* Verify given data against signatures with pre-loaded public keys.
*
* Depending of the signing engine used you will need to load
* the public key(s) with #ostree_sign_set_pk, #ostree_sign_add_pk
* or #ostree_sign_load_pk.
*
* Returns: @TRUE if @data has been signed at least with any single valid key,
* @FALSE in case of error or no valid keys are available (@error will contain the reason).
*
* Since: 2020.2
*/
gboolean
ostree_sign_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
if (OSTREE_SIGN_GET_IFACE (self)->data_verify == NULL)
return glnx_throw (error, "not implemented");
return OSTREE_SIGN_GET_IFACE (self)->data_verify(self, data, signatures, error);
}
/*
* Adopted version of _ostree_detached_metadata_append_gpg_sig ()
*/
static GVariant *
_sign_detached_metadata_append (OstreeSign *self,
GVariant *existing_metadata,
GBytes *signature_bytes)
{
g_return_val_if_fail (signature_bytes != NULL, FALSE);
GVariantDict metadata_dict;
g_autoptr(GVariant) signature_data = NULL;
g_autoptr(GVariantBuilder) signature_builder = NULL;
g_variant_dict_init (&metadata_dict, existing_metadata);
const gchar *signature_key = ostree_sign_metadata_key(self);
GVariantType *signature_format = (GVariantType *) ostree_sign_metadata_format(self);
signature_data = g_variant_dict_lookup_value (&metadata_dict,
signature_key,
(GVariantType*)signature_format);
/* signature_data may be NULL */
signature_builder = ot_util_variant_builder_from_variant (signature_data, signature_format);
g_variant_builder_add (signature_builder, "@ay", ot_gvariant_new_ay_bytes (signature_bytes));
g_variant_dict_insert_value (&metadata_dict,
signature_key,
g_variant_builder_end (signature_builder));
return g_variant_dict_end (&metadata_dict);
}
/**
* ostree_sign_commit_verify:
* @self: an #OstreeSign object
* @repo: an #OsreeRepo object
* @commit_checksum: SHA256 of given commit to verify
* @cancellable: A #GCancellable
* @error: a #GError
*
* Verify if commit is signed with known key.
*
* Depending of the signing engine used you will need to load
* the public key(s) for verification with #ostree_sign_set_pk,
* #ostree_sign_add_pk and/or #ostree_sign_load_pk.
*
* Returns: @TRUE if commit has been verified successfully,
* @FALSE in case of error or no valid keys are available (@error will contain the reason).
*
* Since: 2020.2
*/
gboolean
ostree_sign_commit_verify (OstreeSign *self,
OstreeRepo *repo,
const gchar *commit_checksum,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
g_autoptr(GVariant) commit_variant = NULL;
/* Load the commit */
if (!ostree_repo_load_variant (repo, OSTREE_OBJECT_TYPE_COMMIT,
commit_checksum, &commit_variant,
error))
return glnx_prefix_error (error, "Failed to read commit");
/* Load the metadata */
g_autoptr(GVariant) metadata = NULL;
if (!ostree_repo_read_commit_detached_metadata (repo,
commit_checksum,
&metadata,
cancellable,
error))
return glnx_prefix_error (error, "Failed to read detached metadata");
g_autoptr(GBytes) signed_data = g_variant_get_data_as_bytes (commit_variant);
g_autoptr(GVariant) signatures = NULL;
const gchar *signature_key = ostree_sign_metadata_key(self);
GVariantType *signature_format = (GVariantType *) ostree_sign_metadata_format(self);
if (metadata)
signatures = g_variant_lookup_value (metadata,
signature_key,
signature_format);
return ostree_sign_data_verify (self,
signed_data,
signatures,
error);
}
/**
* ostree_sign_get_name:
* @self: an #OstreeSign object
*
* Return the pointer to the name of currently used/selected signing engine.
*
* The list of available engines could be acquired with #ostree_sign_list_names.
*
* Returns: (transfer none): pointer to the name
* @NULL in case of error (unlikely).
*
* Since: 2020.2
*/
const gchar *
ostree_sign_get_name (OstreeSign *self)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), NULL);
g_return_val_if_fail (OSTREE_SIGN_GET_IFACE (self)->get_name != NULL, NULL);
return OSTREE_SIGN_GET_IFACE (self)->get_name (self);
}
/**
* ostree_sign_commit:
* @self: an #OstreeSign object
* @repo: an #OsreeRepo object
* @commit_checksum: SHA256 of given commit to sign
* @cancellable: A #GCancellable
* @error: a #GError
*
* Add a signature to a commit.
*
* Depending of the signing engine used you will need to load
* the secret key with #ostree_sign_set_sk.
*
* Returns: @TRUE if commit has been signed successfully,
* @FALSE in case of error (@error will contain the reason).
*
* Since: 2020.2
*/
gboolean
ostree_sign_commit (OstreeSign *self,
OstreeRepo *repo,
const gchar *commit_checksum,
GCancellable *cancellable,
GError **error)
{
g_autoptr(GBytes) commit_data = NULL;
g_autoptr(GBytes) signature = NULL;
g_autoptr(GVariant) commit_variant = NULL;
g_autoptr(GVariant) old_metadata = NULL;
g_autoptr(GVariant) new_metadata = NULL;
if (!ostree_repo_load_variant (repo, OSTREE_OBJECT_TYPE_COMMIT,
commit_checksum, &commit_variant, error))
return glnx_prefix_error (error, "Failed to read commit");
if (!ostree_repo_read_commit_detached_metadata (repo,
commit_checksum,
&old_metadata,
cancellable,
error))
return glnx_prefix_error (error, "Failed to read detached metadata");
commit_data = g_variant_get_data_as_bytes (commit_variant);
if (!ostree_sign_data (self, commit_data, &signature,
cancellable, error))
return glnx_prefix_error (error, "Not able to sign the cobject");
new_metadata =
_sign_detached_metadata_append (self, old_metadata, signature);
if (!ostree_repo_write_commit_detached_metadata (repo,
commit_checksum,
new_metadata,
cancellable,
error))
return FALSE;
return TRUE;
}
/**
* ostree_sign_list_names:
*
* Return an array with all available sign engines names.
*
* Returns: (transfer full): an array of strings, free when you used it
*
* Since: 2020.2
*/
GStrv
ostree_sign_list_names(void)
{
GStrv names = g_new0 (char *, G_N_ELEMENTS(sign_types) + 1);
gint i = 0;
for (i=0; i < G_N_ELEMENTS(sign_types); i++)
{
names[i] = g_strdup(sign_types[i].name);
g_debug ("Found '%s' signing engine", names[i]);
}
return names;
}
/**
* ostree_sign_get_by_name:
* @name: the name of desired signature engine
* @error: return location for a #GError
*
* Tries to find and return proper signing engine by it's name.
*
* The list of available engines could be acquired with #ostree_sign_list_names.
*
* Returns: (transfer full): a constant, free when you used it
*
* Since: 2020.2
*/
OstreeSign *
ostree_sign_get_by_name (const gchar *name, GError **error)
{
OstreeSign *sign = NULL;
/* Get types if not initialized yet */
#if defined(HAVE_LIBSODIUM)
if (sign_types[SIGN_ED25519].type == 0)
sign_types[SIGN_ED25519].type = OSTREE_TYPE_SIGN_ED25519;
#endif
if (sign_types[SIGN_DUMMY].type == 0)
sign_types[SIGN_DUMMY].type = OSTREE_TYPE_SIGN_DUMMY;
for (gint i=0; i < G_N_ELEMENTS(sign_types); i++)
{
if (g_strcmp0 (name, sign_types[i].name) == 0)
{
g_debug ("Using '%s' signing engine", sign_types[i].name);
sign = g_object_new (sign_types[i].type, NULL);
break;
}
}
if (sign == NULL)
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Requested signature type is not implemented");
return sign;
}
/**
* ostree_sign_summary:
* @self: Self
* @repo: ostree repository
* @keys: keys -- GVariant containing keys as GVarints specific to signature type.
* @cancellable: A #GCancellable
* @error: a #GError
*
* Add a signature to a summary file.
* Based on ostree_repo_add_gpg_signature_summary implementation.
*
* Returns: @TRUE if summary file has been signed with all provided keys
*/
gboolean
ostree_sign_summary (OstreeSign *self,
OstreeRepo *repo,
GVariant *keys,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
g_return_val_if_fail (OSTREE_IS_REPO (repo), FALSE);
g_autoptr(GVariant) normalized = NULL;
g_autoptr(GBytes) summary_data = NULL;
g_autoptr(GVariant) metadata = NULL;
glnx_autofd int fd = -1;
if (!glnx_openat_rdonly (repo->repo_dir_fd, "summary", TRUE, &fd, error))
return FALSE;
summary_data = ot_fd_readall_or_mmap (fd, 0, error);
if (!summary_data)
return FALSE;
/* Note that fd is reused below */
glnx_close_fd (&fd);
if (!ot_openat_ignore_enoent (repo->repo_dir_fd, "summary.sig", &fd, error))
return FALSE;
if (fd >= 0)
{
if (!ot_variant_read_fd (fd, 0, OSTREE_SUMMARY_SIG_GVARIANT_FORMAT,
FALSE, &metadata, error))
return FALSE;
}
if (g_variant_n_children(keys) == 0)
return glnx_throw (error, "No keys passed for signing summary");
GVariantIter *iter;
GVariant *key;
g_variant_get (keys, "av", &iter);
while (g_variant_iter_loop (iter, "v", &key))
{
g_autoptr (GBytes) signature = NULL;
if (!ostree_sign_set_sk (self, key, error))
return FALSE;
if (!ostree_sign_data (self,
summary_data,
&signature,
cancellable,
error))
return FALSE;
g_autoptr(GVariant) old_metadata = g_steal_pointer (&metadata);
metadata =
_sign_detached_metadata_append (self, old_metadata, signature);
}
g_variant_iter_free (iter);
normalized = g_variant_get_normal_form (metadata);
if (!_ostree_repo_file_replace_contents (repo,
repo->repo_dir_fd,
"summary.sig",
g_variant_get_data (normalized),
g_variant_get_size (normalized),
cancellable, error))
return FALSE;
return TRUE;
}

162
src/libostree/ostree-sign.h Normal file
View File

@ -0,0 +1,162 @@
/* vim:set et sw=2 cin cino=t0,f0,(0,{s,>2s,n-s,^-s,e2s: */
/*
* Copyright © 2019 Collabora Ltd.
*
* SPDX-License-Identifier: LGPL-2.0+
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
* Authors:
* - Denis Pynkin (d4s) <denis.pynkin@collabora.com>
*/
#pragma once
#include <glib.h>
#include <glib-object.h>
#include "ostree-ref.h"
#include "ostree-remote.h"
#include "ostree-types.h"
G_BEGIN_DECLS
#define OSTREE_TYPE_SIGN (ostree_sign_get_type ())
_OSTREE_PUBLIC
GType ostree_sign_get_type (void);
G_GNUC_BEGIN_IGNORE_DEPRECATIONS
typedef struct _OstreeSign OstreeSign;
typedef struct _OstreeSignInterface OstreeSignInterface;
static inline OstreeSign *OSTREE_SIGN (gpointer ptr) { return G_TYPE_CHECK_INSTANCE_CAST (ptr, ostree_sign_get_type (), OstreeSign); }
static inline gboolean OSTREE_IS_SIGN (gpointer ptr) { return G_TYPE_CHECK_INSTANCE_TYPE (ptr, ostree_sign_get_type ()); }
static inline OstreeSignInterface *OSTREE_SIGN_GET_IFACE (gpointer ptr) { return G_TYPE_INSTANCE_GET_INTERFACE (ptr, ostree_sign_get_type (), OstreeSignInterface); }
G_GNUC_END_IGNORE_DEPRECATIONS
/* Have to use glib-2.44 for this
_OSTREE_PUBLIC
G_DECLARE_INTERFACE (OstreeSign, ostree_sign, OSTREE, SIGN, GObject)
*/
struct _OstreeSignInterface
{
GTypeInterface g_iface;
const gchar *(* get_name) (OstreeSign *self);
gboolean (* data) (OstreeSign *self,
GBytes *data,
GBytes **signature,
GCancellable *cancellable,
GError **error);
gboolean (* data_verify) (OstreeSign *self,
GBytes *data,
GVariant *signatures,
GError **error);
const gchar *(* metadata_key) (OstreeSign *self);
const gchar *(* metadata_format) (OstreeSign *self);
gboolean (* clear_keys) (OstreeSign *self,
GError **error);
gboolean (* set_sk) (OstreeSign *self,
GVariant *secret_key,
GError **error);
gboolean (* set_pk) (OstreeSign *self,
GVariant *public_key,
GError **error);
gboolean (* add_pk) (OstreeSign *self,
GVariant *public_key,
GError **error);
gboolean (* load_pk) (OstreeSign *self,
GVariant *options,
GError **error);
};
_OSTREE_PUBLIC
const gchar * ostree_sign_get_name (OstreeSign *self);
_OSTREE_PUBLIC
gboolean ostree_sign_data (OstreeSign *self,
GBytes *data,
GBytes **signature,
GCancellable *cancellable,
GError **error);
_OSTREE_PUBLIC
gboolean ostree_sign_data_verify (OstreeSign *self,
GBytes *data,
GVariant *signatures,
GError **error);
_OSTREE_PUBLIC
const gchar * ostree_sign_metadata_key (OstreeSign *self);
_OSTREE_PUBLIC
const gchar * ostree_sign_metadata_format (OstreeSign *self);
_OSTREE_PUBLIC
gboolean ostree_sign_commit (OstreeSign *self,
OstreeRepo *repo,
const gchar *commit_checksum,
GCancellable *cancellable,
GError **error);
_OSTREE_PUBLIC
gboolean ostree_sign_commit_verify (OstreeSign *self,
OstreeRepo *repo,
const gchar *commit_checksum,
GCancellable *cancellable,
GError **error);
_OSTREE_PUBLIC
gboolean ostree_sign_clear_keys (OstreeSign *self,
GError **error);
_OSTREE_PUBLIC
gboolean ostree_sign_set_sk (OstreeSign *self,
GVariant *secret_key,
GError **error);
_OSTREE_PUBLIC
gboolean ostree_sign_set_pk (OstreeSign *self,
GVariant *public_key,
GError **error);
_OSTREE_PUBLIC
gboolean ostree_sign_add_pk (OstreeSign *self,
GVariant *public_key,
GError **error);
_OSTREE_PUBLIC
gboolean ostree_sign_load_pk (OstreeSign *self,
GVariant *options,
GError **error);
_OSTREE_PUBLIC
GStrv ostree_sign_list_names(void);
_OSTREE_PUBLIC
OstreeSign * ostree_sign_get_by_name (const gchar *name, GError **error);
_OSTREE_PUBLIC
gboolean ostree_sign_summary (OstreeSign *self,
OstreeRepo *repo,
GVariant *keys,
GCancellable *cancellable,
GError **error);
G_END_DECLS

1
src/libostree/ostree.h
View File

@ -40,5 +40,6 @@
#include <ostree-repo-finder-mount.h>
#include <ostree-repo-finder-override.h>
#include <ostree-kernel-args.h>
#include <ostree-sign.h>
#include <ostree-autocleanups.h>
#include <ostree-version.h>

3
src/ostree/main.c
View File

@ -109,6 +109,9 @@ static OstreeCommand commands[] = {
{ "rev-parse", OSTREE_BUILTIN_FLAG_NONE,
ostree_builtin_rev_parse,
"Output the target of a rev" },
{ "sign", OSTREE_BUILTIN_FLAG_NONE,
ostree_builtin_sign,
"Sign a commit" },
{ "show", OSTREE_BUILTIN_FLAG_NONE,
ostree_builtin_show,
"Output a metadata object" },

42
src/ostree/ot-builtin-commit.c
View File

@ -31,6 +31,7 @@
#include "parse-datetime.h"
#include "ostree-repo-private.h"
#include "ostree-libarchive-private.h"
#include "ostree-sign.h"
static char *opt_subject;
static char *opt_body;
@ -62,9 +63,11 @@ static gint opt_owner_uid = -1;
static gint opt_owner_gid = -1;
static gboolean opt_table_output;
#ifndef OSTREE_DISABLE_GPGME
static char **opt_key_ids;
static char **opt_gpg_key_ids;
static char *opt_gpg_homedir;
#endif
static char **opt_key_ids;
static char *opt_sign_name;
static gboolean opt_generate_sizes;
static gboolean opt_disable_fsync;
static char *opt_timestamp;
@ -119,9 +122,11 @@ static GOptionEntry options[] = {
{ "consume", 0, 0, G_OPTION_ARG_NONE, &opt_consume, "Consume (delete) content after commit (for local directories)", NULL },
{ "table-output", 0, 0, G_OPTION_ARG_NONE, &opt_table_output, "Output more information in a KEY: VALUE format", NULL },
#ifndef OSTREE_DISABLE_GPGME
{ "gpg-sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_key_ids, "GPG Key ID to sign the commit with", "KEY-ID"},
{ "gpg-sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_gpg_key_ids, "GPG Key ID to sign the commit with", "KEY-ID"},
{ "gpg-homedir", 0, 0, G_OPTION_ARG_FILENAME, &opt_gpg_homedir, "GPG Homedir to use when looking for keyrings", "HOMEDIR"},
#endif
{ "sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_key_ids, "Sign the commit with", "KEY_ID"},
{ "sign-type", 0, 0, G_OPTION_ARG_STRING, &opt_sign_name, "Signature type to use (defaults to 'ed25519')", "NAME"},
{ "generate-sizes", 0, 0, G_OPTION_ARG_NONE, &opt_generate_sizes, "Generate size information along with commit metadata", NULL },
{ "disable-fsync", 0, G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_NONE, &opt_disable_fsync, "Do not invoke fsync()", NULL },
{ "fsync", 0, 0, G_OPTION_ARG_CALLBACK, parse_fsync_cb, "Specify how to invoke fsync()", "POLICY" },
@ -419,6 +424,7 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio
OstreeRepoTransactionStats stats;
struct CommitFilterData filter_data = { 0, };
g_autofree char *commit_body = NULL;
g_autoptr (OstreeSign) sign = NULL;
context = g_option_context_new ("[PATH]");
@ -832,12 +838,42 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio
goto out;
}
#ifndef OSTREE_DISABLE_GPGME
if (opt_key_ids)
{
/* Initialize crypto system */
if (!opt_sign_name)
opt_sign_name = "ed25519";
sign = ostree_sign_get_by_name (opt_sign_name, error);
if (sign == NULL)
goto out;
char **iter;
for (iter = opt_key_ids; iter && *iter; iter++)
{
const char *keyid = *iter;
g_autoptr (GVariant) secret_key = NULL;
secret_key = g_variant_new_string (keyid);
if (!ostree_sign_set_sk (sign, secret_key, error))
goto out;
if (!ostree_sign_commit (sign,
repo,
commit_checksum,
cancellable,
error))
goto out;
}
}
#ifndef OSTREE_DISABLE_GPGME
if (opt_gpg_key_ids)
{
char **iter;
for (iter = opt_gpg_key_ids; iter && *iter; iter++)
{
const char *keyid = *iter;

11
src/ostree/ot-builtin-pull-local.c
View File

@ -39,6 +39,8 @@ static gboolean opt_bareuseronly_files;
static gboolean opt_require_static_deltas;
static gboolean opt_gpg_verify;
static gboolean opt_gpg_verify_summary;
static gboolean opt_sign_verify;
static gboolean opt_sign_verify_summary;
static int opt_depth = 0;
/* ATTENTION:
@ -55,6 +57,8 @@ static GOptionEntry options[] = {
{ "require-static-deltas", 0, 0, G_OPTION_ARG_NONE, &opt_require_static_deltas, "Require static deltas", NULL },
{ "gpg-verify", 0, 0, G_OPTION_ARG_NONE, &opt_gpg_verify, "GPG verify commits (must specify --remote)", NULL },
{ "gpg-verify-summary", 0, 0, G_OPTION_ARG_NONE, &opt_gpg_verify_summary, "GPG verify summary (must specify --remote)", NULL },
{ "sign-verify", 0, 0, G_OPTION_ARG_NONE, &opt_sign_verify, "Verify commits signature (must specify --remote)", NULL },
{ "sign-verify-summary", 0, 0, G_OPTION_ARG_NONE, &opt_sign_verify, "Verify summary signature (must specify --remote)", NULL },
{ "depth", 0, 0, G_OPTION_ARG_INT, &opt_depth, "Traverse DEPTH parents (-1=infinite) (default: 0)", "DEPTH" },
{ NULL }
};
@ -182,6 +186,13 @@ ostree_builtin_pull_local (int argc, char **argv, OstreeCommandInvocation *invoc
g_variant_builder_add (&builder, "{s@v}", "depth",
g_variant_new_variant (g_variant_new_int32 (opt_depth)));
if (opt_sign_verify)
g_variant_builder_add (&builder, "{s@v}", "sign-verify",
g_variant_new_variant (g_variant_new_boolean (TRUE)));
if (opt_sign_verify_summary)
g_variant_builder_add (&builder, "{s@v}", "sign-verify-summary",
g_variant_new_variant (g_variant_new_boolean (TRUE)));
if (console.is_tty)
progress = ostree_async_progress_new_and_connect (ostree_repo_pull_default_console_progress_changed, &console);
else

257
src/ostree/ot-builtin-sign.c Normal file
View File

@ -0,0 +1,257 @@
/* vim:set et sw=2 cin cino=t0,f0,(0,{s,>2s,n-s,^-s,e2s: */
/*
* Copyright (C) 2015 Colin Walters <walters@verbum.org>
* Copyright (C) 2019 Denis Pynkin (d4s) <denis.pynkin@collabora.com>
*
* SPDX-License-Identifier: LGPL-2.0+
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*
* Author: Colin Walters <walters@verbum.org>
*/
#include "config.h"
#include "ot-main.h"
#include "ot-builtins.h"
#include "ostree.h"
#include "otutil.h"
#include "ostree-core-private.h"
#include "ostree-sign.h"
static gboolean opt_delete;
static gboolean opt_verify;
static char *opt_sign_name;
static char *opt_filename;
static char *opt_keysdir;
/* ATTENTION:
* Please remember to update the bash-completion script (bash/ostree) and
* man page (man/ostree-sign.xml) when changing the option list.
*/
static GOptionEntry options[] = {
{ "delete", 'd', 0, G_OPTION_ARG_NONE, &opt_delete, "Delete signatures having any of the KEY-IDs", NULL},
{ "verify", 0, 0, G_OPTION_ARG_NONE, &opt_verify, "Verify signatures", NULL},
{ "sign-type", 's', 0, G_OPTION_ARG_STRING, &opt_sign_name, "Signature type to use (defaults to 'ed25519')", "NAME"},
#if defined(HAVE_LIBSODIUM)
{ "keys-file", 0, 0, G_OPTION_ARG_STRING, &opt_filename, "Read key(s) from file", "NAME"},
{ "keys-dir", 0, 0, G_OPTION_ARG_STRING, &opt_keysdir, "Redefine system-wide directories with public and revoked keys for verification", "NAME"},
#endif
{ NULL }
};
static void
usage_error (GOptionContext *context, const char *message, GError **error)
{
g_autofree char *help = g_option_context_get_help (context, TRUE, NULL);
g_printerr ("%s", help);
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, message);
}
gboolean
ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error)
{
g_autoptr (GOptionContext) context = NULL;
g_autoptr (OstreeRepo) repo = NULL;
g_autoptr (OstreeSign) sign = NULL;
g_autofree char *resolved_commit = NULL;
const char *commit;
char **key_ids;
int n_key_ids, ii;
gboolean ret = FALSE;
context = g_option_context_new ("COMMIT KEY-ID...");
if (!ostree_option_context_parse (context, options, &argc, &argv, invocation, &repo, cancellable, error))
goto out;
if (argc < 2)
{
usage_error (context, "Need a COMMIT to sign or verify", error);
goto out;
}
commit = argv[1];
/* Verification could be done via system files with public keys */
if (!opt_verify &&
!opt_filename &&
argc < 3)
{
usage_error (context, "Need at least one KEY-ID to sign with", error);
goto out;
}
key_ids = argv + 2;
n_key_ids = argc - 2;
if (!ostree_repo_resolve_rev (repo, commit, FALSE, &resolved_commit, error))
goto out;
/* Initialize crypto system */
if (!opt_sign_name)
opt_sign_name = "ed25519";
sign = ostree_sign_get_by_name (opt_sign_name, error);
if (sign == NULL)
goto out;
for (ii = 0; ii < n_key_ids; ii++)
{
g_autoptr (GVariant) sk = NULL;
g_autoptr (GVariant) pk = NULL;
if (opt_verify)
{
g_autoptr (GError) local_error = NULL;
// Pass the key as a string
pk = g_variant_new_string(key_ids[ii]);
if (!ostree_sign_set_pk (sign, pk, &local_error))
continue;
if (ostree_sign_commit_verify (sign,
repo,
resolved_commit,
cancellable,
&local_error))
{
ret = TRUE;
goto out;
}
}
else
{
// Pass the key as a string
sk = g_variant_new_string(key_ids[ii]);
if (!ostree_sign_set_sk (sign, sk, error))
{
ret = FALSE;
goto out;
}
ret = ostree_sign_commit (sign,
repo,
resolved_commit,
cancellable,
error);
if (ret != TRUE)
goto out;
}
}
/* Try to verify with user-provided file or system configuration */
if (opt_verify)
{
if ((n_key_ids == 0) || opt_filename)
{
g_autoptr (GVariantBuilder) builder = NULL;
g_autoptr (GVariant) options = NULL;
builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
/* Use custom directory with public and revoked keys instead of system-wide directories */
if (opt_keysdir)
g_variant_builder_add (builder, "{sv}", "basedir", g_variant_new_string (opt_keysdir));
/* The last chance for verification source -- system files */
if (opt_filename)
g_variant_builder_add (builder, "{sv}", "filename", g_variant_new_string (opt_filename));
options = g_variant_builder_end (builder);
if (!ostree_sign_load_pk (sign, options, error))
goto out;
if (ostree_sign_commit_verify (sign,
repo,
resolved_commit,
cancellable,
error))
ret = TRUE;
} /* Check via file */
}
else
{
/* Sign with keys from provided file */
if (opt_filename)
{
g_autoptr (GFile) keyfile = NULL;
g_autoptr (GFileInputStream) key_stream_in = NULL;
g_autoptr (GDataInputStream) key_data_in = NULL;
if (!g_file_test (opt_filename, G_FILE_TEST_IS_REGULAR))
{
g_warning ("Can't open file '%s' with keys", opt_filename);
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"File object '%s' is not a regular file", opt_filename);
goto out;
}
keyfile = g_file_new_for_path (opt_filename);
key_stream_in = g_file_read (keyfile, NULL, error);
if (key_stream_in == NULL)
goto out;
key_data_in = g_data_input_stream_new (G_INPUT_STREAM(key_stream_in));
g_assert (key_data_in != NULL);
/* Use simple file format with just a list of base64 public keys per line */
while (TRUE)
{
gsize len = 0;
g_autofree char *line = g_data_input_stream_read_line (key_data_in, &len, NULL, error);
g_autoptr (GVariant) sk = NULL;
if (*error != NULL)
goto out;
if (line == NULL)
break;
// Pass the key as a string
sk = g_variant_new_string(line);
if (!ostree_sign_set_sk (sign, sk, error))
{
ret = FALSE;
goto out;
}
ret = ostree_sign_commit (sign,
repo,
resolved_commit,
cancellable,
error);
if (ret != TRUE)
goto out;
}
}
}
// No valid signature found
if (opt_verify && (ret != TRUE) && (*error == NULL))
g_set_error_literal (error,
G_IO_ERROR, G_IO_ERROR_FAILED,
"No valid signatures found");
out:
/* It is possible to have an error due multiple signatures check */
if (ret == TRUE)
g_clear_error (error);
return ret;
}

80
src/ostree/ot-builtin-summary.c
View File

@ -27,10 +27,13 @@
#include "ot-builtins.h"
#include "ostree.h"
#include "otutil.h"
#include "ostree-sign.h"
static gboolean opt_update, opt_view, opt_raw;
static char **opt_key_ids;
static char **opt_gpg_key_ids;
static char *opt_gpg_homedir;
static char **opt_key_ids;
static char *opt_sign_name;
static char **opt_metadata;
/* ATTENTION:
@ -42,8 +45,10 @@ static GOptionEntry options[] = {
{ "update", 'u', 0, G_OPTION_ARG_NONE, &opt_update, "Update the summary", NULL },
{ "view", 'v', 0, G_OPTION_ARG_NONE, &opt_view, "View the local summary file", NULL },
{ "raw", 0, 0, G_OPTION_ARG_NONE, &opt_raw, "View the raw bytes of the summary file", NULL },
{ "gpg-sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_key_ids, "GPG Key ID to sign the summary with", "KEY-ID"},
{ "gpg-sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_gpg_key_ids, "GPG Key ID to sign the summary with", "KEY-ID"},
{ "gpg-homedir", 0, 0, G_OPTION_ARG_FILENAME, &opt_gpg_homedir, "GPG Homedir to use when looking for keyrings", "HOMEDIR"},
{ "sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_key_ids, "Key ID to sign the summary with", "KEY-ID"},
{ "sign-type", 0, 0, G_OPTION_ARG_STRING, &opt_sign_name, "Signature type to use (defaults to 'ed25519')", "NAME"},
{ "add-metadata", 'm', 0, G_OPTION_ARG_STRING_ARRAY, &opt_metadata, "Additional metadata field to add to the summary", "KEY=VALUE" },
{ NULL }
};
@ -87,6 +92,7 @@ ostree_builtin_summary (int argc, char **argv, OstreeCommandInvocation *invocati
{
g_autoptr(GOptionContext) context = NULL;
g_autoptr(OstreeRepo) repo = NULL;
g_autoptr (OstreeSign) sign = NULL;
OstreeDumpFlags flags = OSTREE_DUMP_NONE;
context = g_option_context_new ("");
@ -94,6 +100,17 @@ ostree_builtin_summary (int argc, char **argv, OstreeCommandInvocation *invocati
if (!ostree_option_context_parse (context, options, &argc, &argv, invocation, &repo, cancellable, error))
return FALSE;
/* Initialize crypto system */
if (opt_key_ids)
{
if (!opt_sign_name)
opt_sign_name = "ed25519";
sign = ostree_sign_get_by_name (opt_sign_name, error);
if (sign == NULL)
return FALSE;
}
if (opt_update)
{
g_autoptr(GVariant) additional_metadata = NULL;
@ -164,10 +181,9 @@ ostree_builtin_summary (int argc, char **argv, OstreeCommandInvocation *invocati
new_summary_commit, repo_file, &new_ostree_metadata_checksum,
NULL, error))
return FALSE;
if (opt_key_ids != NULL)
if (opt_gpg_key_ids != NULL)
{
for (const char * const *iter = (const char * const *) opt_key_ids;
for (const char * const *iter = (const char * const *) opt_gpg_key_ids;
iter != NULL && *iter != NULL; iter++)
{
const char *key_id = *iter;
@ -182,6 +198,27 @@ ostree_builtin_summary (int argc, char **argv, OstreeCommandInvocation *invocati
}
}
if (opt_key_ids)
{
char **iter;
for (iter = opt_key_ids; iter && *iter; iter++)
{
const char *keyid = *iter;
g_autoptr (GVariant) secret_key = NULL;
secret_key = g_variant_new_string (keyid);
if (!ostree_sign_set_sk (sign, secret_key, error))
return FALSE;
if (!ostree_sign_commit (sign,
repo,
new_ostree_metadata_checksum,
cancellable,
error))
return FALSE;
}
}
ostree_repo_transaction_set_collection_ref (repo, &collection_ref,
new_ostree_metadata_checksum);
@ -194,16 +231,45 @@ ostree_builtin_summary (int argc, char **argv, OstreeCommandInvocation *invocati
return FALSE;
#ifndef OSTREE_DISABLE_GPGME
if (opt_key_ids)
if (opt_gpg_key_ids)
{
if (!ostree_repo_add_gpg_signature_summary (repo,
(const gchar **) opt_key_ids,
(const gchar **) opt_gpg_key_ids,
opt_gpg_homedir,
cancellable,
error))
return FALSE;
}
#endif
if (opt_key_ids)
{
g_autoptr (GVariant) secret_keys = NULL;
g_autoptr (GVariantBuilder) sk_builder = NULL;
sk_builder = g_variant_builder_new (G_VARIANT_TYPE_ARRAY);
char **iter;
for (iter = opt_key_ids; iter && *iter; iter++)
{
const char *keyid = *iter;
GVariant *secret_key = NULL;
/* Currently only strings are used as keys
* for supported signature types */
secret_key = g_variant_new_string (keyid);
g_variant_builder_add (sk_builder, "v", secret_key);
}
secret_keys = g_variant_builder_end (sk_builder);
if (! ostree_sign_summary (sign,
repo,
secret_keys,
cancellable,
error))
return FALSE;
}
}
else if (opt_view || opt_raw)
{

1
src/ostree/ot-builtins.h
View File

@ -53,6 +53,7 @@ BUILTINPROTO(prune);
BUILTINPROTO(refs);
BUILTINPROTO(reset);
BUILTINPROTO(fsck);
BUILTINPROTO(sign);
BUILTINPROTO(show);
BUILTINPROTO(static_delta);
BUILTINPROTO(summary);

10
src/ostree/ot-remote-builtin-add.c
View File

@ -28,6 +28,7 @@
static char **opt_set;
static gboolean opt_no_gpg_verify;
static gboolean opt_no_sign_verify;
static gboolean opt_if_not_exists;
static gboolean opt_force;
static char *opt_gpg_import;
@ -44,6 +45,7 @@ static char *opt_repo;
static GOptionEntry option_entries[] = {
{ "set", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_set, "Set config option KEY=VALUE for remote", "KEY=VALUE" },
{ "no-gpg-verify", 0, 0, G_OPTION_ARG_NONE, &opt_no_gpg_verify, "Disable GPG verification", NULL },
{ "no-sign-verify", 0, 0, G_OPTION_ARG_NONE, &opt_no_sign_verify, "Disable signature verification", NULL },
{ "if-not-exists", 0, 0, G_OPTION_ARG_NONE, &opt_if_not_exists, "Do nothing if the provided remote exists", NULL },
{ "force", 0, 0, G_OPTION_ARG_NONE, &opt_force, "Replace the provided remote if it exists", NULL },
{ "gpg-import", 0, 0, G_OPTION_ARG_FILENAME, &opt_gpg_import, "Import GPG key from FILE", "FILE" },
@ -134,12 +136,18 @@ ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocatio
}
#ifndef OSTREE_DISABLE_GPGME
if (opt_no_gpg_verify)
/* No signature verification implies no verification for GPG signature as well */
if (opt_no_gpg_verify || opt_no_sign_verify)
g_variant_builder_add (optbuilder, "{s@v}",
"gpg-verify",
g_variant_new_variant (g_variant_new_boolean (FALSE)));
#endif /* OSTREE_DISABLE_GPGME */
if (opt_no_sign_verify)
g_variant_builder_add (optbuilder, "{s@v}",
"sign-verify",
g_variant_new_variant (g_variant_new_boolean (FALSE)));
if (opt_collection_id != NULL)
g_variant_builder_add (optbuilder, "{s@v}", "collection-id",
g_variant_new_variant (g_variant_new_take_string (g_steal_pointer (&opt_collection_id))));

37
tests/libtest.sh
View File

@ -679,6 +679,43 @@ libtest_cleanup_gpg () {
}
libtest_exit_cmds+=(libtest_cleanup_gpg)
has_libsodium () {
local ret
${CMD_PREFIX} ostree --version > version.txt
grep -q -e '- libsodium' version.txt
ret=$?
rm -f version.txt
return ${ret}
}
# Keys for ed25519 signing tests
ED25519PUBLIC=
ED25519SEED=
ED25519SECRET=
gen_ed25519_keys ()
{
# Generate private key in PEM format
pemfile="$(mktemp -p ${test_tmpdir} ed25519_XXXXXX.pem)"
openssl genpkey -algorithm ed25519 -outform PEM -out "${pemfile}"
# Based on: http://openssl.6102.n7.nabble.com/ed25519-key-generation-td73907.html
# Extract the private and public parts from generated key.
ED25519PUBLIC="$(openssl pkey -outform DER -pubout -in ${pemfile} | tail -c 32 | base64)"
ED25519SEED="$(openssl pkey -outform DER -in ${pemfile} | tail -c 32 | base64)"
# Secret key is concantination of SEED and PUBLIC
ED25519SECRET="$(echo ${ED25519SEED}${ED25519PUBLIC} | base64 -d | base64 -w 0)"
echo "Generated ed25519 keys:"
echo "public: ${ED25519PUBLIC}"
echo " seed: ${ED25519SEED}"
}
gen_ed25519_random_public()
{
openssl genpkey -algorithm ED25519 | openssl pkey -outform DER | tail -c 32 | base64
}
is_bare_user_only_repo () {
grep -q 'mode=bare-user-only' $1/config
}

32
tests/pull-test.sh
View File

@ -29,7 +29,7 @@ function repo_init() {
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo "$@"
}
repo_init --no-gpg-verify
repo_init --no-sign-verify
# See also the copy of this in basic-test.sh
COMMIT_ARGS=""
@ -62,7 +62,7 @@ else
fi
# Try both syntaxes
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo pull origin main >out.txt
assert_file_has_content out.txt "[1-9][0-9]* metadata, [1-9][0-9]* content objects fetched"
${CMD_PREFIX} ostree --repo=repo pull origin:main > out.txt
@ -164,7 +164,7 @@ echo "ok pull (bareuseronly mirror)"
# Corruption tests <https://github.com/ostreedev/ostree/issues/1211>
cd ${test_tmpdir}
repo_init --no-gpg-verify
repo_init --no-sign-verify
if ! is_bare_user_only_repo repo; then
if ! skip_one_without_user_xattrs; then
if is_bare_user_only_repo repo; then
@ -216,7 +216,7 @@ if ! skip_one_without_user_xattrs; then
done
# And ensure the repo is reinitialized
repo_init --no-gpg-verify
repo_init --no-sign-verify
echo "ok corruption"
fi
else
@ -320,7 +320,7 @@ echo "ok pull specific commit"
# test pull -T
cd ${test_tmpdir}
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo pull origin main
origrev=$(${CMD_PREFIX} ostree --repo=repo rev-parse main)
# Check we can pull the same commit with timestamp checking enabled
@ -350,7 +350,7 @@ ${CMD_PREFIX} ostree --repo=repo pull origin main
echo "ok pull timestamp checking"
cd ${test_tmpdir}
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo pull origin main
${CMD_PREFIX} ostree --repo=repo fsck
# Generate a delta from old to current, even though we aren't going to
@ -375,7 +375,7 @@ ${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo summary -u
# Explicitly test delta fetches via ref name as well as commit hash
for delta_target in main ${new_rev}; do
cd ${test_tmpdir}
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo pull origin main@${prev_rev}
${CMD_PREFIX} ostree --repo=repo pull --dry-run --require-static-deltas origin ${delta_target} >dry-run-pull.txt
# Compression can vary, so we support 400-699
@ -388,7 +388,7 @@ done
# Test pull via file:/// - this should still use the deltas path for testing
cd ${test_tmpdir}
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo remote delete origin
${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin file://$(pwd)/ostree-srv/gnomerepo
${CMD_PREFIX} ostree --repo=repo pull origin main@${prev_rev}
@ -400,7 +400,7 @@ echo "ok pull file:// + deltas required"
# Explicitly test delta fetches via ref name as well as commit hash
for delta_target in main ${new_rev}; do
cd ${test_tmpdir}
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo pull origin main@${prev_rev}
${CMD_PREFIX} ostree --repo=repo pull --require-static-deltas origin ${delta_target}
if test ${delta_target} = main; then
@ -414,12 +414,12 @@ done
# Test no-op with deltas: https://github.com/ostreedev/ostree/issues/1321
cd ${test_tmpdir}
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo pull origin main
${CMD_PREFIX} ostree --repo=repo pull --require-static-deltas origin main
cd ${test_tmpdir}
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo pull origin main@${prev_rev}
${CMD_PREFIX} ostree --repo=repo pull --disable-static-deltas origin main
${CMD_PREFIX} ostree --repo=repo fsck
@ -437,7 +437,7 @@ cd ${test_tmpdir}
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo static-delta generate --swap-endianness main
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo summary -u
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo pull origin main@${prev_rev}
${CMD_PREFIX} ostree --repo=repo pull --require-static-deltas --dry-run origin main >byteswapped-dry-run-pull.txt
${CMD_PREFIX} ostree --repo=repo fsck
@ -451,7 +451,7 @@ echo "ok pull byteswapped delta"
cd ${test_tmpdir}
rm ostree-srv/gnomerepo/deltas -rf
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo summary -u
repo_init --no-gpg-verify
repo_init --no-sign-verify
if ${CMD_PREFIX} ostree --repo=repo pull --require-static-deltas origin main 2>err.txt; then
assert_not_reached "--require-static-deltas unexpectedly succeeded"
fi
@ -459,7 +459,7 @@ assert_file_has_content err.txt "deltas required, but none found"
${CMD_PREFIX} ostree --repo=repo fsck
# Now test with a partial commit
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo pull --commit-metadata-only origin main@${prev_rev}
if ${CMD_PREFIX} ostree --repo=repo pull --require-static-deltas origin main 2>err.txt; then
assert_not_reached "--require-static-deltas unexpectedly succeeded"
@ -467,7 +467,7 @@ fi
assert_file_has_content err.txt "deltas required, but none found"
echo "ok delta required but don't exist"
repo_init --no-gpg-verify
repo_init --no-sign-verify
${CMD_PREFIX} ostree --repo=repo pull origin main@${prev_rev}
if ${CMD_PREFIX} ostree --repo=repo pull --require-static-deltas origin ${new_rev} 2>err.txt; then
assert_not_reached "--require-static-deltas unexpectedly succeeded"
@ -595,7 +595,7 @@ if has_gpgme; then
fi
cd ${test_tmpdir}
repo_init --no-gpg-verify
repo_init --no-sign-verify
mv ostree-srv/gnomerepo/refs/heads/main{,.orig}
rm ostree-srv/gnomerepo/summary
(for x in $(seq 20); do echo "lots of html here "; done) > ostree-srv/gnomerepo/refs/heads/main

4
tests/pull-test2.sh
View File

@ -29,7 +29,7 @@ function repo_init() {
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo "$@"
}
repo_init --no-gpg-verify
repo_init --no-sign-verify
# See also the copy of this in basic-test.sh
COMMIT_ARGS=""
@ -48,7 +48,7 @@ fi
echo "1..1"
cd ${test_tmpdir}
repo_init --no-gpg-verify
repo_init --no-sign-verify
prev_rev=$(ostree --repo=ostree-srv/repo rev-parse ${remote_ref}^)
rev=$(ostree --repo=ostree-srv/repo rev-parse ${remote_ref})
${CMD_PREFIX} ostree --repo=ostree-srv/repo static-delta generate ${remote_ref}

73
tests/test-local-pull.sh
View File

@ -28,12 +28,7 @@ unset OSTREE_GPG_HOME
skip_without_user_xattrs
if has_gpgme; then
echo "1..8"
else
# Only some tests doesn't need GPG support
echo "1..5"
fi
echo "1..11"
setup_test_repository "archive"
echo "ok setup"
@ -68,23 +63,12 @@ cmp checkout1.files checkout2.files
cmp checkout1.files checkout3.files
echo "ok checkouts same"
mkdir repo7
ostree_repo_init repo7 --mode="archive"
${CMD_PREFIX} ostree --repo=repo7 pull-local repo
${CMD_PREFIX} ostree --repo=repo7 fsck
for src_object in `find repo/objects -name '*.filez'`; do
dst_object=${src_object/repo/repo7}
assert_files_hardlinked "$src_object" "$dst_object"
done
echo "ok pull-local z2 to z2 default hardlink"
if ! has_gpgme; then
exit 0
fi
if has_gpgme; then
# These tests are needed GPG support
mkdir repo4
ostree_repo_init repo4 --mode="archive"
${CMD_PREFIX} ostree --repo=repo4 remote add --gpg-import ${test_tmpdir}/gpghome/key1.asc origin repo
if ${CMD_PREFIX} ostree --repo=repo4 pull-local --remote=origin --gpg-verify repo test2 2>&1; then
assert_not_reached "GPG verification unexpectedly succeeded"
fi
@ -116,3 +100,52 @@ ${OSTREE} summary --update --gpg-sign=${TEST_GPG_KEYID_1} --gpg-homedir=${TEST_G
${CMD_PREFIX} ostree --repo=repo6 pull-local --remote=origin --gpg-verify-summary repo test2 2>&1
echo "ok --gpg-verify-summary"
else
echo "ok --gpg-verify with no signature | # SKIP due GPG unavailability"
echo "ok --gpg-verify | # SKIP due GPG unavailability"
echo "ok --gpg-verify-summary | # SKIP due GPG unavailability"
fi
mkdir repo7
ostree_repo_init repo7 --mode="archive"
${CMD_PREFIX} ostree --repo=repo7 pull-local repo
${CMD_PREFIX} ostree --repo=repo7 fsck
for src_object in `find repo/objects -name '*.filez'`; do
dst_object=${src_object/repo/repo7}
assert_files_hardlinked "$src_object" "$dst_object"
done
echo "ok pull-local z2 to z2 default hardlink"
if has_libsodium; then
gen_ed25519_keys
mkdir repo8
ostree_repo_init repo8 --mode="archive"
${CMD_PREFIX} ostree --repo=repo8 remote add --set=verification-key="${ED25519PUBLIC}" origin repo
cat repo8/config
if ${CMD_PREFIX} ostree --repo=repo8 pull-local --remote=origin --sign-verify repo test2 2>&1; then
assert_not_reached "Ed25519 signature verification unexpectedly succeeded"
fi
echo "ok --sign-verify with no signature"
${OSTREE} sign test2 ${ED25519SECRET}
mkdir repo9
ostree_repo_init repo9 --mode="archive"
${CMD_PREFIX} ostree --repo=repo9 remote add --set=verification-key="$(gen_ed25519_random_public)" origin repo
if ${CMD_PREFIX} ostree --repo=repo9 pull-local --remote=origin --sign-verify repo test2 2>&1; then
assert_not_reached "Ed25519 signature verification unexpectedly succeeded"
fi
echo "ok --sign-verify with wrong signature"
mkdir repo10
ostree_repo_init repo10 --mode="archive"
${CMD_PREFIX} ostree --repo=repo10 remote add --set=verification-key="${ED25519PUBLIC}" origin repo
${CMD_PREFIX} ostree --repo=repo10 pull-local --remote=origin --sign-verify repo test2
echo "ok --sign-verify"
else
echo "ok --sign-verify with no signature | # SKIP due libsodium unavailability"
echo "ok --sign-verify with wrong signature | # SKIP due libsodium unavailability"
echo "ok --sign-verify | # SKIP libsodium unavailability"
fi

6
tests/test-pull-mirrorlist.sh
View File

@ -75,7 +75,7 @@ EOF
cd ${test_tmpdir}
mkdir repo
ostree_repo_init repo
${CMD_PREFIX} ostree --repo=repo remote add origin --no-gpg-verify \
${CMD_PREFIX} ostree --repo=repo remote add origin --no-sign-verify \
mirrorlist=$(cat httpd-address)/ostree/mirrorlist
${CMD_PREFIX} ostree --repo=repo pull origin:main
@ -87,7 +87,7 @@ cd ${test_tmpdir}
rm -rf repo
mkdir repo
ostree_repo_init repo
${CMD_PREFIX} ostree --repo=repo remote add origin --no-gpg-verify \
${CMD_PREFIX} ostree --repo=repo remote add origin --no-sign-verify \
--contenturl=mirrorlist=$(cat httpd-address)/ostree/mirrorlist \
$(cat httpd-address)/ostree/gnomerepo
${CMD_PREFIX} ostree --repo=repo pull origin:main
@ -100,7 +100,7 @@ cd ${test_tmpdir}
rm -rf repo
mkdir repo
ostree_repo_init repo
${CMD_PREFIX} ostree --repo=repo remote add origin --no-gpg-verify \
${CMD_PREFIX} ostree --repo=repo remote add origin --no-sign-verify \
--contenturl=mirrorlist=$(cat httpd-address)/ostree/mirrorlist \
mirrorlist=$(cat httpd-address)/ostree/mirrorlist
${CMD_PREFIX} ostree --repo=repo pull origin:main

4
tests/test-refs-collections.sh
View File

@ -112,7 +112,7 @@ mkdir collection-repo
ostree_repo_init collection-repo --collection-id org.example.RemoteCollection
mkdir -p adir
${CMD_PREFIX} ostree --repo=collection-repo commit --branch=rcommit -m rcommit -s rcommit adir
${CMD_PREFIX} ostree --repo=repo remote add --no-gpg-verify --collection-id org.example.RemoteCollection collection-repo-remote "file://${test_tmpdir}/collection-repo"
${CMD_PREFIX} ostree --repo=repo remote add --no-sign-verify --collection-id org.example.RemoteCollection collection-repo-remote "file://${test_tmpdir}/collection-repo"
${CMD_PREFIX} ostree --repo=repo pull collection-repo-remote rcommit
${CMD_PREFIX} ostree --repo=repo refs --collections > refs
@ -129,7 +129,7 @@ mkdir no-collection-repo
ostree_repo_init no-collection-repo
mkdir -p adir2
${CMD_PREFIX} ostree --repo=no-collection-repo commit --branch=rcommit2 -m rcommit2 -s rcommit2 adir2
${CMD_PREFIX} ostree --repo=repo remote add --no-gpg-verify no-collection-repo-remote "file://${test_tmpdir}/no-collection-repo"
${CMD_PREFIX} ostree --repo=repo remote add --no-sign-verify no-collection-repo-remote "file://${test_tmpdir}/no-collection-repo"
${CMD_PREFIX} ostree --repo=repo pull no-collection-repo-remote rcommit2
${CMD_PREFIX} ostree --repo=repo refs --collections > refs
assert_not_file_has_content refs "rcommit2"

10
tests/test-remote-add.sh
View File

@ -30,20 +30,20 @@ $OSTREE remote add origin http://example.com/ostree/gnome
$OSTREE remote show-url origin >/dev/null
echo "ok config"
$OSTREE remote add --no-gpg-verify another http://another.com/repo
$OSTREE remote add --no-sign-verify another http://another.com/repo
$OSTREE remote show-url another >/dev/null
echo "ok remote no gpg-verify"
if $OSTREE remote add --no-gpg-verify another http://another.example.com/anotherrepo 2>err.txt; then
if $OSTREE remote add --no-sign-verify another http://another.example.com/anotherrepo 2>err.txt; then
assert_not_reached "Adding duplicate remote unexpectedly succeeded"
fi
echo "ok"
$OSTREE remote add --if-not-exists --no-gpg-verify another http://another.example.com/anotherrepo
$OSTREE remote add --if-not-exists --no-sign-verify another http://another.example.com/anotherrepo
$OSTREE remote show-url another >/dev/null
echo "ok"
$OSTREE remote add --if-not-exists --no-gpg-verify another-noexist http://another-noexist.example.com/anotherrepo
$OSTREE remote add --if-not-exists --no-sign-verify another-noexist http://another-noexist.example.com/anotherrepo
$OSTREE remote show-url another-noexist >/dev/null
echo "ok"
@ -69,7 +69,7 @@ cd ${test_tmpdir}
rm -rf parent-repo
ostree_repo_init parent-repo
$OSTREE config set core.parent ${test_tmpdir}/parent-repo
${CMD_PREFIX} ostree --repo=parent-repo remote add --no-gpg-verify parent-remote http://parent-remote.example.com/parent-remote
${CMD_PREFIX} ostree --repo=parent-repo remote add --no-sign-verify parent-remote http://parent-remote.example.com/parent-remote
$OSTREE remote list > list.txt
assert_file_has_content list.txt "origin"
assert_file_has_content list.txt "another"

8
tests/test-remotes-config-dir.js
View File

@ -94,6 +94,7 @@ print("ok add-in-remotes-config-dir");
// Trying to set a remote config option via write_config() for a remote
// defined in the config file should succeed
try {
let [, gpg_verify] = repo.remote_get_gpg_verify('bar');
assertEquals(gpg_verify, true);
repoConfig = repo.copy_config();
@ -102,8 +103,13 @@ repo.write_config(repoConfig);
repo.reload_config(null);
[, gpg_verify] = repo.remote_get_gpg_verify('bar');
assertEquals(gpg_verify, false);
print("ok config-remote-in-config-file-succeeds");
} catch (e) {
// Skip this test if GPG is not supported
if (!(e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.NOT_SUPPORTED)))
throw e;
print("ok config-remote-in-config-file-succeeds # SKIP due build without GPG support");
}
// Trying to set a remote config option via write_config() for a remote
// defined in the config dir should fail with G_IO_ERROR_EXISTS

193
tests/test-signed-commit.sh Executable file
View File

@ -0,0 +1,193 @@
#!/bin/bash
#
# Copyright (C) 2019 Collabora Ltd.
#
# SPDX-License-Identifier: LGPL-2.0+
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
set -euo pipefail
. $(dirname $0)/libtest.sh
echo "1..10"
mkdir ${test_tmpdir}/repo
ostree_repo_init repo --mode="archive"
echo "Unsigned commit" > file.txt
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo commit -b main -s 'Unsigned commit'
COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)"
# Test `ostree sign` with dummy module first
DUMMYSIGN="dummysign"
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy ${COMMIT} ${DUMMYSIGN}
# Ensure that detached metadata really contain expected string
EXPECTEDSIGN="$(echo $DUMMYSIGN | hexdump -n 9 -e '8/1 "0x%.2x, " 1/1 " 0x%.2x"')"
${CMD_PREFIX} ostree --repo=repo show ${COMMIT} --print-detached-metadata-key=ostree.sign.dummy | grep -q -e "${EXPECTEDSIGN}"
echo "ok Detached dummy signature added"
# Verify vith sign mechanism
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN}
echo "ok dummy signature verified"
echo "Signed commit with dummy key: ${DUMMYSIGN}" >> file.txt
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo commit -b main -s 'Signed with dummy module' --sign=${DUMMYSIGN} --sign-type=dummy
COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)"
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN}
echo "ok commit with dummy signing"
# tests below require libsodium support
if ! has_libsodium; then
echo "ok Detached ed25519 signature # SKIP due libsodium unavailability"
echo "ok ed25519 signature verified # SKIP due libsodium unavailability"
echo "ok multiple signing # SKIP due libsodium unavailability"
echo "ok verify ed25519 keys file # SKIP due libsodium unavailability"
echo "ok sign with ed25519 keys file # SKIP due libsodium unavailability"
echo "ok verify ed25519 system-wide configuration # SKIP due libsodium unavailability"
echo "ok verify ed25519 revoking keys mechanism # SKIP due libsodium unavailability"
exit 0
fi
# Test ostree sign with 'ed25519' module
gen_ed25519_keys
PUBLIC=${ED25519PUBLIC}
SEED=${ED25519SEED}
SECRET=${ED25519SECRET}
WRONG_PUBLIC="$(gen_ed25519_random_public)"
echo "SEED = $SEED"
echo "PUBLIC = $PUBLIC"
echo "Signed commit with ed25519: ${SECRET}" >> file.txt
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo commit -b main -s "Signed with ed25519 module" --sign="${SECRET}" --sign-type=ed25519
COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)"
# Ensure that detached metadata contain signature
${CMD_PREFIX} ostree --repo=repo show ${COMMIT} --print-detached-metadata-key=ostree.sign.ed25519 &>/dev/null
echo "ok Detached ed25519 signature added"
# Verify vith sign mechanism
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${WRONG_PUBLIC}; then
exit 1
fi
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${PUBLIC}
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${PUBLIC} ${PUBLIC}
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} $(gen_ed25519_random_public) ${PUBLIC}
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} $(gen_ed25519_random_public) $(gen_ed25519_random_public) ${PUBLIC}
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${PUBLIC} $(gen_ed25519_random_public) $(gen_ed25519_random_public)
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} $(gen_ed25519_random_public) $(gen_ed25519_random_public) ${PUBLIC} $(gen_ed25519_random_public) $(gen_ed25519_random_public)
echo "ok ed25519 signature verified"
# Check if we able to use all available modules to sign the same commit
echo "Unsigned commit for multi-sign" >> file.txt
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo commit -b main -s 'Unsigned commit'
COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)"
# Check if we have no signatures
for mod in "dummy" "ed25519"; do
if ostree --repo=repo show ${COMMIT} --print-detached-metadata-key=ostree.sign.${mod}; then
echo "Unexpected signature for ${mod} found"
exit 1
fi
done
# Sign with all available modules
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy ${COMMIT} ${DUMMYSIGN}
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=ed25519 ${COMMIT} ${SECRET}
# and verify
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${PUBLIC}
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN}
echo "ok multiple signing "
# Prepare files with public ed25519 signatures
PUBKEYS="$(mktemp -p ${test_tmpdir} ed25519_XXXXXX.ed25519)"
# Test if file contain no keys
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}; then
exit 1
fi
# Test if have a problem with file object
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${test_tmpdir} ${COMMIT}; then
exit 1
fi
# Test with single key in list
echo ${PUBLIC} > ${PUBKEYS}
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}
# Test the file with multiple keys without a valid public key
for((i=0;i<100;i++)); do
# Generate a list with some public signatures
gen_ed25519_random_public
done > ${PUBKEYS}
# Check if file contain no valid signatures
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}; then
exit 1
fi
# Check if no valid signatures provided via args&file
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} ${WRONG_PUBLIC}; then
exit 1
fi
#Test keys file and public key
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} ${PUBLIC}
# Add correct key into the list
echo ${PUBLIC} >> ${PUBKEYS}
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}
echo "ok verify ed25519 keys file"
# Check ed25519 signing with secret file
echo "Unsigned commit for secret file usage" >> file.txt
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo commit -b main -s 'Unsigned commit'
COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)"
KEYFILE="$(mktemp -p ${test_tmpdir} secret_XXXXXX.ed25519)"
echo "${SECRET}" > ${KEYFILE}
# Sign
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=ed25519 --keys-file=${KEYFILE} ${COMMIT}
# Verify
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}
echo "ok sign with ed25519 keys file"
# Check the well-known places mechanism
mkdir -p ${test_tmpdir}/{trusted,revoked}.ed25519.d
for((i=0;i<100;i++)); do
# Generate some key files with random public signatures
gen_ed25519_random_public
done
# Check no valid public keys are available
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-dir=${test_tmpdir} ${COMMIT}; then
exit 1
fi
echo ${PUBLIC} > ${test_tmpdir}/trusted.ed25519.d/correct
# Verify with correct key
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-dir=${test_tmpdir} ${COMMIT}
echo "ok verify ed25519 system-wide configuration"
# Add the public key into revoked list
echo ${PUBLIC} > ${test_tmpdir}/revoked.ed25519.d/correct
# Check if public key is not valid anymore
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-dir=${test_tmpdir} ${COMMIT}; then
exit 1
fi
rm -rf ${test_tmpdir}/{trusted,revoked}.ed25519.d
echo "ok verify ed25519 revoking keys mechanism"

287
tests/test-signed-pull-summary.sh Executable file
View File

@ -0,0 +1,287 @@
#!/bin/bash
#
# Copyright (C) 2019 Collabora Ltd.
#
# SPDX-License-Identifier: LGPL-2.0+
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
# Based on test-pull-summary-sigs.sh test.
set -euo pipefail
. $(dirname $0)/libtest.sh
echo "1..14"
repo_reinit () {
ARGS="$*"
cd ${test_tmpdir}
rm -rf repo
mkdir repo
ostree_repo_init repo --mode=archive
${OSTREE} --repo=repo remote add \
--set=gpg-verify=false --set=gpg-verify-summary=false \
--set=sign-verify=false --set=sign-verify-summary=true \
${ARGS} origin $(cat httpd-address)/ostree/gnomerepo
}
for engine in dummy ed25519
do
case "${engine}" in
dummy)
# Tests with dummy engine
SIGN_KEY="dummysign"
PUBLIC_KEY="dummysign"
;;
ed25519)
if ! has_libsodium; then
echo "ok ${engine} pull mirror summary # SKIP due libsodium unavailability"
echo "ok ${engine} pull with signed summary # SKIP due libsodium unavailability"
echo "ok ${engine} prune summary cache # SKIP due libsodium unavailability"
echo "ok ${engine} pull with signed summary and cachedir # SKIP due libsodium unavailability"
echo "ok ${engine} pull with invalid ${engine} summary signature fails # SKIP due libsodium unavailability"
echo "ok ${engine} pull delta with signed summary # SKIP due libsodium unavailability"
continue
fi
gen_ed25519_keys
SIGN_KEY="${ED25519SECRET}"
PUBLIC_KEY="${ED25519PUBLIC}"
;;
*)
fatal "Unsupported engine ${engine}"
;;
esac
COMMIT_SIGN="--sign-type=${engine} --sign=${SIGN_KEY}"
# clenup the testdir prior the next engine
rm -rf ${test_tmpdir}/ostree-srv ${test_tmpdir}/gnomerepo ${test_tmpdir}/httpd ${test_tmpdir}/repo ${test_tmpdir}/cachedir\
${test_tmpdir}/main-copy ${test_tmpdir}/other-copy ${test_tmpdir}/yet-another-copy
setup_fake_remote_repo1 "archive" "${COMMIT_SIGN}"
# Now, setup multiple branches
mkdir ${test_tmpdir}/ostree-srv/other-files
cd ${test_tmpdir}/ostree-srv/other-files
echo 'hello world another object' > hello-world
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit ${COMMIT_SIGN} -b other -s "A commit" -m "Another Commit body"
mkdir ${test_tmpdir}/ostree-srv/yet-other-files
cd ${test_tmpdir}/ostree-srv/yet-other-files
echo 'hello world yet another object' > yet-another-hello-world
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit ${COMMIT_SIGN} -b yet-another -s "A commit" -m "Another Commit body"
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u
prev_dir=`pwd`
cd ${test_tmpdir}
ostree_repo_init repo --mode=archive
${CMD_PREFIX} ostree --repo=repo remote add \
--set=gpg-verify=false --set=gpg-verify-summary=false \
--set=sign-verify=false --set=sign-verify-summary=false \
origin $(cat httpd-address)/ostree/gnomerepo
${CMD_PREFIX} ostree --repo=repo pull --mirror origin
assert_has_file repo/summary
${CMD_PREFIX} ostree --repo=repo checkout -U main main-copy
assert_file_has_content main-copy/baz/cow "moo"
${CMD_PREFIX} ostree --repo=repo checkout -U other other-copy
assert_file_has_content other-copy/hello-world "hello world another object"
${CMD_PREFIX} ostree --repo=repo checkout -U yet-another yet-another-copy
assert_file_has_content yet-another-copy/yet-another-hello-world "hello world yet another object"
${CMD_PREFIX} ostree --repo=repo fsck
echo "ok ${engine} pull mirror summary"
cd $prev_dir
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
cd ${test_tmpdir}
repo_reinit --set=verification-key=${PUBLIC_KEY}
${OSTREE} --repo=repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
rm repo/tmp/cache/summaries/origin
${OSTREE} --repo=repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
echo "ok ${engine} pull with signed summary"
touch repo/tmp/cache/summaries/foo
touch repo/tmp/cache/summaries/foo.sig
${OSTREE} --repo=repo prune
assert_not_has_file repo/tmp/cache/summaries/foo
assert_not_has_file repo/tmp/cache/summaries/foo.sig
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
echo "ok ${engine} prune summary cache"
cd ${test_tmpdir}
repo_reinit --set=verification-key=${PUBLIC_KEY}
mkdir cachedir
${OSTREE} --repo=repo pull --cache-dir=cachedir origin main
assert_not_has_file repo/tmp/cache/summaries/origin
assert_not_has_file repo/tmp/cache/summaries/origin.sig
assert_has_file cachedir/summaries/origin
assert_has_file cachedir/summaries/origin.sig
rm cachedir/summaries/origin
${OSTREE} --repo=repo pull --cache-dir=cachedir origin main
assert_not_has_file repo/tmp/cache/summaries/origin
assert_has_file cachedir/summaries/origin
echo "ok ${engine} pull with signed summary and cachedir"
cd ${test_tmpdir}
repo_reinit --set=verification-key=${PUBLIC_KEY}
mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{,.good}
echo invalid > ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig
if ${OSTREE} --repo=repo pull origin main 2>err.txt; then
assert_not_reached "Successful pull with invalid ${engine} signature"
fi
assert_file_has_content err.txt "signed with unknown key"
mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.good,}
echo "ok ${engine} pull with invalid ${engine} summary signature fails"
# Generate a delta
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo static-delta generate --empty main
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
cd ${test_tmpdir}
repo_reinit --set=verification-key=${PUBLIC_KEY}
${OSTREE} --repo=repo pull origin main
echo "ok ${engine} pull delta with signed summary"
done
if ! has_libsodium; then
echo "ok ${engine} pull with signed summary remote old summary # SKIP due libsodium unavailability"
echo "ok ${engine} pull with signed summary broken cache # SKIP due libsodium unavailability"
exit 0
fi
gen_ed25519_keys
SIGN_KEY="${ED25519SECRET}"
PUBLIC_KEY="${ED25519PUBLIC}"
COMMIT_SIGN="--sign-type=${engine} --sign=${SIGN_KEY}"
# Verify 'ostree remote summary' output.
${OSTREE} --repo=repo remote summary origin > summary.txt
assert_file_has_content summary.txt "* main"
assert_file_has_content summary.txt "* other"
assert_file_has_content summary.txt "* yet-another"
grep static-deltas summary.txt > static-deltas.txt
assert_file_has_content static-deltas.txt \
$(${OSTREE} --repo=repo rev-parse origin:main)
## Tests for handling of cached summaries while racing with remote summary updates
# Make 2 different but valid summary/signature pairs to test races with
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{,.1}
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{,.1}
mkdir ${test_tmpdir}/ostree-srv/even-another-files
cd ${test_tmpdir}/ostree-srv/even-another-files
echo 'hello world even another object' > even-another-hello-world
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo commit ${COMMIT_SIGN} -b even-another -s "A commit" -m "Another Commit body"
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{,.2}
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{,.2}
cd ${test_tmpdir}
# Reset to the old valid summary and pull to cache it
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{.1,}
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.1,}
repo_reinit --set=verification-key=${PUBLIC_KEY}
${OSTREE} --repo=repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2
cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.1 >&2
# Simulate a pull race where the client gets the old summary and the new
# summary signature since it was generated on the server between the
# requests
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.2,}
if ${OSTREE} --repo=repo pull origin main 2>err.txt; then
assert_not_reached "Successful pull with old summary"
fi
assert_file_has_content err.txt "signed with unknown key"
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2
cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.1 >&2
# Publish correct summary and check that subsequent pull succeeds
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{.2,}
${OSTREE} --repo=repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.2 >&2
cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.2 >&2
echo "ok ${engine} pull with signed summary remote old summary"
# Reset to the old valid summary and pull to cache it
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{.1,}
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.1,}
repo_reinit --set=verification-key=${PUBLIC_KEY}
${OSTREE} --repo=repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2
cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.1 >&2
# Simulate a broken summary cache to see if it can be recovered from.
# Prior to commit c4c2b5eb the client would save the summary to the
# cache before validating the signature. That would mean the cache would
# have mismatched summary and signature and ostree would remain
# deadlocked there until the remote published a new signature.
#
# First pull with OSTREE_REPO_TEST_ERROR=invalid-cache to see the
# invalid cache is detected. Then pull again to check if it can be
# recovered from.
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.2 repo/tmp/cache/summaries/origin
if OSTREE_REPO_TEST_ERROR=invalid-cache ${OSTREE} --repo=repo pull origin main 2>err.txt; then
assert_not_reached "Should have hit OSTREE_REPO_TEST_ERROR_INVALID_CACHE"
fi
assert_file_has_content err.txt "OSTREE_REPO_TEST_ERROR_INVALID_CACHE"
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.2 >&2
cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.1 >&2
${OSTREE} --repo=repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2
cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.1 >&2
# Publish new signature and check that subsequent pull succeeds
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{.2,}
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.2,}
${OSTREE} --repo=repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.2 >&2
cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.2 >&2
echo "ok ${engine} pull with signed summary broken cache"

139
tests/test-signed-pull.sh Executable file
View File

@ -0,0 +1,139 @@
#!/bin/bash
#
# Copyright (C) 2019 Collabora Ltd.
#
# SPDX-License-Identifier: LGPL-2.0+
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
set -euo pipefail
. $(dirname $0)/libtest.sh
echo "1..11"
setup_fake_remote_repo1 "archive"
repo_mode="archive"
function repo_init() {
cd ${test_tmpdir}
rm repo -rf
mkdir repo
ostree_repo_init repo --mode=${repo_mode}
${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false --set=sign-verify-summary=false origin $(cat httpd-address)/ostree/gnomerepo "$@"
}
function test_signed_pull() {
local sign_type="$1"
local comment="$2"
cd ${test_tmpdir}
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo commit ${COMMIT_ARGS} \
-b main -s "A signed commit" --tree=ref=main
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo summary -u
# make sure gpg verification is correctly on
csum=$(${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo rev-parse main)
objpath=objects/${csum::2}/${csum:2}.commitmeta
remotesig=ostree-srv/gnomerepo/$objpath
localsig=repo/$objpath
mv $remotesig $remotesig.bak
if ${CMD_PREFIX} ostree --repo=repo --depth=0 pull origin main; then
assert_not_reached "pull with sign-verify unexpectedly succeeded?"
fi
# ok now check that we can pull correctly
mv $remotesig.bak $remotesig
${CMD_PREFIX} ostree --repo=repo pull origin main
echo "ok ${sign_type}${comment} pull signed commit"
rm $localsig
${CMD_PREFIX} ostree --repo=repo pull origin main
test -f $localsig
echo "ok ${sign_type}${comment} re-pull signature for stored commit"
}
DUMMYSIGN="dummysign"
COMMIT_ARGS="--sign=${DUMMYSIGN} --sign-type=dummy"
repo_init --set=sign-verify=true
# Check if verification-key and verification-file options throw error with wrong keys
cd ${test_tmpdir}
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo commit ${COMMIT_ARGS} \
-b main -s "A signed commit" --tree=ref=main
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo summary -u
if ${CMD_PREFIX} ostree --repo=repo pull origin main; then
assert_not_reached "pull without keys unexpectedly succeeded"
fi
echo "ok pull failure without keys preloaded"
${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-key "somewrongkey"
if ${CMD_PREFIX} ostree --repo=repo pull origin main; then
assert_not_reached "pull with unknown key unexpectedly succeeded"
fi
echo "ok pull failure with incorrect key option"
${CMD_PREFIX} ostree --repo=repo config unset 'remote "origin"'.verification-key
${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-file "/non/existing/file"
if ${CMD_PREFIX} ostree --repo=repo pull origin main; then
assert_not_reached "pull with unknown keys file unexpectedly succeeded"
fi
echo "ok pull failure with incorrect keys file option"
# Test with correct dummy key
${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-key "${DUMMYSIGN}"
test_signed_pull "dummy" ""
if ! has_libsodium; then
echo "ok ed25519-key pull signed commit # SKIP due libsodium unavailability"
echo "ok ed25519-key re-pull signature for stored commit # SKIP due libsodium unavailability"
echo "ok ed25519-key+file pull signed commit # SKIP due libsodium unavailability"
echo "ok ed25519-key+file re-pull signature for stored commit # SKIP due libsodium unavailability"
echo "ok ed25519-file pull signed commit # SKIP due libsodium unavailability"
echo "ok ed25519-file re-pull signature for stored commit # SKIP due libsodium unavailability"
exit 0
fi
# Test ostree sign with 'ed25519' module
gen_ed25519_keys
PUBLIC=${ED25519PUBLIC}
SEED=${ED25519SEED}
SECRET=${ED25519SECRET}
COMMIT_ARGS="--sign=${SECRET} --sign-type=ed25519"
repo_init --set=sign-verify=true
${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-key "${PUBLIC}"
test_signed_pull "ed25519" "key"
# Prepare files with public ed25519 signatures
PUBKEYS="$(mktemp -p ${test_tmpdir} ed25519_XXXXXX.ed25519)"
# Test the file with multiple keys without a valid public key
for((i=0;i<100;i++)); do
# Generate a list with some public signatures
gen_ed25519_random_public
done > ${PUBKEYS}
# Test case with the file containing incorrect signatures and with the correct key set
${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-file "${PUBKEYS}"
test_signed_pull "ed25519" "key+file"
# Add correct key into the list
echo ${PUBLIC} >> ${PUBKEYS}
repo_init --set=sign-verify=true
${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-file "${PUBKEYS}"
test_signed_pull "ed25519" "file"

4
tests/test-summary-collections.sh
View File

@ -63,7 +63,7 @@ mkdir collection-repo
ostree_repo_init collection-repo --collection-id org.example.RemoteCollection
mkdir -p adir
${CMD_PREFIX} ostree --repo=collection-repo commit --branch=rcommit -m rcommit -s rcommit adir
${CMD_PREFIX} ostree --repo=repo remote add --no-gpg-verify --collection-id org.example.RemoteCollection collection-repo-remote "file://${test_tmpdir}/collection-repo"
${CMD_PREFIX} ostree --repo=repo remote add --no-sign-verify --collection-id org.example.RemoteCollection collection-repo-remote "file://${test_tmpdir}/collection-repo"
${CMD_PREFIX} ostree --repo=repo pull collection-repo-remote rcommit
${CMD_PREFIX} ostree --repo=repo summary --update
@ -75,7 +75,7 @@ mkdir no-collection-repo
ostree_repo_init no-collection-repo
mkdir -p adir2
${CMD_PREFIX} ostree --repo=no-collection-repo commit --branch=rcommit2 -m rcommit2 -s rcommit2 adir2
${CMD_PREFIX} ostree --repo=repo remote add --no-gpg-verify no-collection-repo-remote "file://${test_tmpdir}/no-collection-repo"
${CMD_PREFIX} ostree --repo=repo remote add --no-sign-verify no-collection-repo-remote "file://${test_tmpdir}/no-collection-repo"
${CMD_PREFIX} ostree --repo=repo pull no-collection-repo-remote rcommit2
${CMD_PREFIX} ostree --repo=repo summary --update