packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests/delta: Add new tests for applying signed deltas 

Add new test to apply offline signed deltas.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
This commit is contained in:
Frédéric Danis 2020-08-21 17:24:49 +02:00
parent 2e97f5659f
commit ecbfe08ec7
2 changed files with 84 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
tests/test-delta-ed25519.sh
View File

@ -29,7 +29,7 @@ skip_without_sign_ed25519
bindatafiles="bash true ostree" bindatafiles="bash true ostree"
echo '1..9' echo '1..12'
mkdir repo mkdir repo
ostree_repo_init repo --mode=archive ostree_repo_init repo --mode=archive
@ -281,3 +281,42 @@ ${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origr
assert_file_has_content show-ed25519-multiplekeys-inline-signed-4.txt "Verification OK" assert_file_has_content show-ed25519-multiplekeys-inline-signed-4.txt "Verification OK"
echo 'ok verified with ed25519 (multiple keys)' echo 'ok verified with ed25519 (multiple keys)'
rm -rf repo2
ostree_repo_init repo2 --mode=bare-user
${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --sign-type=ed25519 --keys-file=${PUBKEYS} repo/deltas/${deltaprefix}/${deltadir}
${CMD_PREFIX} ostree --repo=repo2 fsck
${CMD_PREFIX} ostree --repo=repo2 ls ${newrev} >/dev/null
echo 'ok apply offline with ed25519 (keyfile)'
mkdir -p ${test_tmpdir}/{trusted,revoked}.ed25519.d
rm -rf repo2
ostree_repo_init repo2 --mode=bare-user
echo ${PUBLIC} > ${test_tmpdir}/trusted.ed25519.d/correct
${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --keys-dir=${test_tmpdir} repo/deltas/${deltaprefix}/${deltadir}
${CMD_PREFIX} ostree --repo=repo2 fsck
${CMD_PREFIX} ostree --repo=repo2 ls ${newrev} >/dev/null
echo 'ok apply offline with ed25519 (keydir)'
rm -rf repo2
ostree_repo_init repo2 --mode=bare-user
echo ${PUBLIC} > ${test_tmpdir}/revoked.ed25519.d/correct
${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
if ${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --keys-dir=${test_tmpdir} repo/deltas/${deltaprefix}/${deltadir}; then
exit 1
fi
rm -rf ${test_tmpdir}/{trusted,revoked}.ed25519.d
echo 'ok apply offline with ed25519 revoking key mechanism (keydir)'

45
tests/test-delta-sign.sh
View File

@ -27,7 +27,7 @@ skip_without_user_xattrs
bindatafiles="bash true ostree" bindatafiles="bash true ostree"
echo '1..3' echo '1..7'
# This is explicitly opt in for testing # This is explicitly opt in for testing
export OSTREE_DUMMY_SIGN_ENABLED=1 export OSTREE_DUMMY_SIGN_ENABLED=1
@ -129,3 +129,46 @@ ${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=dummy ${origrev
assert_file_has_content show-dummy-bad-inline-signed.txt "Verification fails" assert_file_has_content show-dummy-bad-inline-signed.txt "Verification fails"
echo 'ok verification failed with dummy and bad key' echo 'ok verification failed with dummy and bad key'
rm -rf repo2
ostree_repo_init repo2 --mode=bare-user
${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline repo/deltas/${deltaprefix}/${deltadir}
${CMD_PREFIX} ostree --repo=repo2 fsck
${CMD_PREFIX} ostree --repo=repo2 ls ${newrev} >/dev/null
echo 'ok apply offline with no signature verification and no key'
rm -rf repo2
ostree_repo_init repo2 --mode=bare-user
${CMD_PREFIX} ostree --repo=repo2 config set core.sign-verify-deltas true
${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline repo/deltas/${deltaprefix}/${deltadir} 2> apply-offline-verification-no-key.txt && exit 1
assert_file_has_content apply-offline-verification-no-key.txt "Key is mandatory to check delta signature"
echo 'ok apply offline failed with signature verification forced and no key'
rm -rf repo2
ostree_repo_init repo2 --mode=bare-user
${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --sign-type=dummy repo/deltas/${deltaprefix}/${deltadir} dummysign
${CMD_PREFIX} ostree --repo=repo2 fsck
${CMD_PREFIX} ostree --repo=repo2 ls ${newrev} >/dev/null
echo 'ok apply offline with dummy'
rm -rf repo2
ostree_repo_init repo2 --mode=bare-user
${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --sign-type=dummy repo/deltas/${deltaprefix}/${deltadir} badsign 2> apply-offline-bad-key.txt && exit 1
assert_file_has_content apply-offline-bad-key.txt "signature: dummy: incorrect signature"
echo 'ok apply offline failed with dummy and bad key'