packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2092 from cgwalters/sign-verify-ed25519-explicit 

remote-add: Add --sign-verify=KEYTYPE=[inline|file]:PUBKEYREF
This commit is contained in:
OpenShift Merge Robot 2020-05-10 14:22:41 +02:00 committed by GitHub
parent 4c01c0385f 588f42e8c6
commit f572206f15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 80 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/ostree/ot-remote-builtin-add.c
View File

@ -32,6 +32,7 @@ static gboolean opt_no_sign_verify;
static gboolean opt_if_not_exists; static gboolean opt_if_not_exists;
static gboolean opt_force; static gboolean opt_force;
static char *opt_gpg_import; static char *opt_gpg_import;
static char **opt_sign_verify;
static char *opt_contenturl; static char *opt_contenturl;
static char *opt_collection_id; static char *opt_collection_id;
static char *opt_sysroot; static char *opt_sysroot;
@ -46,6 +47,7 @@ static GOptionEntry option_entries[] = {
{ "set", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_set, "Set config option KEY=VALUE for remote", "KEY=VALUE" }, { "set", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_set, "Set config option KEY=VALUE for remote", "KEY=VALUE" },
{ "no-gpg-verify", 0, 0, G_OPTION_ARG_NONE, &opt_no_gpg_verify, "Disable GPG verification", NULL }, { "no-gpg-verify", 0, 0, G_OPTION_ARG_NONE, &opt_no_gpg_verify, "Disable GPG verification", NULL },
{ "no-sign-verify", 0, 0, G_OPTION_ARG_NONE, &opt_no_sign_verify, "Disable signature verification", NULL }, { "no-sign-verify", 0, 0, G_OPTION_ARG_NONE, &opt_no_sign_verify, "Disable signature verification", NULL },
{ "sign-verify", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_sign_verify, "Verify signatures using KEYTYPE=inline:PUBKEY or KEYTYPE=file:/path/to/key", "KEYTYPE=[inline|file]:PUBKEY" },
{ "if-not-exists", 0, 0, G_OPTION_ARG_NONE, &opt_if_not_exists, "Do nothing if the provided remote exists", NULL }, { "if-not-exists", 0, 0, G_OPTION_ARG_NONE, &opt_if_not_exists, "Do nothing if the provided remote exists", NULL },
{ "force", 0, 0, G_OPTION_ARG_NONE, &opt_force, "Replace the provided remote if it exists", NULL }, { "force", 0, 0, G_OPTION_ARG_NONE, &opt_force, "Replace the provided remote if it exists", NULL },
{ "gpg-import", 0, 0, G_OPTION_ARG_FILENAME, &opt_gpg_import, "Import GPG key from FILE", "FILE" }, { "gpg-import", 0, 0, G_OPTION_ARG_FILENAME, &opt_gpg_import, "Import GPG key from FILE", "FILE" },
@ -57,6 +59,42 @@ static GOptionEntry option_entries[] = {
{ NULL } { NULL }
}; };
static gboolean
add_verify_opt (GVariantBuilder *builder,
const char *keyspec,
GError **error)
{
g_auto(GStrv) parts = g_strsplit (keyspec, "=", 2);
g_assert (parts && *parts);
const char *keytype = parts[0];
if (!parts[1])
return glnx_throw (error, "Failed to parse KEYTYPE=[inline|file]:DATA in %s", keyspec);
g_autoptr(OstreeSign) sign = ostree_sign_get_by_name (keytype, error);
if (!sign)
return FALSE;
const char *rest = parts[1];
g_assert (!parts[2]);
g_auto(GStrv) keyparts = g_strsplit (rest, ":", 2);
g_assert (keyparts && *keyparts);
const char *keyref = keyparts[0];
g_assert (keyref);
g_autofree char *optname = NULL;
if (g_str_equal (keyref, "inline"))
optname = g_strdup_printf ("verification-%s-key", keytype);
else if (g_str_equal (keyref, "file"))
optname = g_strdup_printf ("verification-%s-file", keytype);
else
return glnx_throw (error, "Invalid key reference %s, expected inline|file", keyref);
g_assert (keyparts[1] && !keyparts[2]);
g_variant_builder_add (builder, "{s@v}",
optname,
g_variant_new_variant (g_variant_new_string (keyparts[1])));
return TRUE;
}
gboolean gboolean
ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error) ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error)
{ {
@ -144,9 +182,24 @@ ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocatio
#endif /* OSTREE_DISABLE_GPGME */ #endif /* OSTREE_DISABLE_GPGME */
if (opt_no_sign_verify) if (opt_no_sign_verify)
{
if (opt_sign_verify)
return glnx_throw (error, "Cannot specify both --sign-verify and --no-sign-verify");
g_variant_builder_add (optbuilder, "{s@v}", g_variant_builder_add (optbuilder, "{s@v}",
"sign-verify", "sign-verify",
g_variant_new_variant (g_variant_new_boolean (FALSE))); g_variant_new_variant (g_variant_new_boolean (FALSE)));
}
for (char **iter = opt_sign_verify; iter && *iter; iter++)
{
const char *keyspec = *iter;
if (!add_verify_opt (optbuilder, keyspec, error))
return FALSE;
}
if (opt_sign_verify)
g_variant_builder_add (optbuilder, "{s@v}",
"sign-verify",
g_variant_new_variant (g_variant_new_boolean (TRUE)));
if (opt_collection_id != NULL) if (opt_collection_id != NULL)
g_variant_builder_add (optbuilder, "{s@v}", "collection-id", g_variant_builder_add (optbuilder, "{s@v}", "collection-id",

27
tests/test-signed-pull.sh
View File

@ -23,7 +23,7 @@ set -euo pipefail
. $(dirname $0)/libtest.sh . $(dirname $0)/libtest.sh
echo "1..11" echo "1..16"
# This is explicitly opt in for testing # This is explicitly opt in for testing
export OSTREE_DUMMY_SIGN_ENABLED=1 export OSTREE_DUMMY_SIGN_ENABLED=1
@ -54,7 +54,7 @@ function test_signed_pull() {
localsig=repo/$objpath localsig=repo/$objpath
mv $remotesig $remotesig.bak mv $remotesig $remotesig.bak
if ${CMD_PREFIX} ostree --repo=repo --depth=0 pull origin main; then if ${CMD_PREFIX} ostree --repo=repo --depth=0 pull origin main; then
assert_not_reached "pull with sign-verify unexpectedly succeeded?" assert_not_reached "pull with sign-verify and no commitmeta unexpectedly succeeded?"
fi fi
# ok now check that we can pull correctly # ok now check that we can pull correctly
mv $remotesig.bak $remotesig mv $remotesig.bak $remotesig
@ -98,6 +98,25 @@ ${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-dummy
${CMD_PREFIX} ostree --repo=repo config unset 'remote "origin"'.verification-dummy-file ${CMD_PREFIX} ostree --repo=repo config unset 'remote "origin"'.verification-dummy-file
test_signed_pull "dummy" "" test_signed_pull "dummy" ""
# Another test with the --verify option directly
repo_init --sign-verify=dummy=inline:${DUMMYSIGN}
test_signed_pull "dummy" "from remote opt"
repo_init
if ${CMD_PREFIX} ostree --repo=repo remote add other --sign-verify=trustme=inline:ok http://localhost 2>err.txt; then
assert_not_reached "remote add with invalid keytype succeeded"
fi
assert_file_has_content err.txt 'Requested signature type is not implemented'
if ${CMD_PREFIX} ostree --repo=repo remote add other --sign-verify=dummy http://localhost 2>err.txt; then
assert_not_reached "remote add with invalid keytype succeeded"
fi
assert_file_has_content err.txt 'Failed to parse KEYTYPE'
if ${CMD_PREFIX} ostree --repo=repo remote add other --sign-verify=dummy=foo:bar http://localhost 2>err.txt; then
assert_not_reached "remote add with invalid keytype succeeded"
fi
assert_file_has_content err.txt 'Invalid key reference'
echo "ok remote add errs"
if ! has_sign_ed25519; then if ! has_sign_ed25519; then
echo "ok ed25519-key pull signed commit # SKIP due libsodium unavailability" echo "ok ed25519-key pull signed commit # SKIP due libsodium unavailability"
echo "ok ed25519-key re-pull signature for stored commit # SKIP due libsodium unavailability" echo "ok ed25519-key re-pull signature for stored commit # SKIP due libsodium unavailability"
@ -105,6 +124,8 @@ if ! has_sign_ed25519; then
echo "ok ed25519-key+file re-pull signature for stored commit # SKIP due libsodium unavailability" echo "ok ed25519-key+file re-pull signature for stored commit # SKIP due libsodium unavailability"
echo "ok ed25519-file pull signed commit # SKIP due libsodium unavailability" echo "ok ed25519-file pull signed commit # SKIP due libsodium unavailability"
echo "ok ed25519-file re-pull signature for stored commit # SKIP due libsodium unavailability" echo "ok ed25519-file re-pull signature for stored commit # SKIP due libsodium unavailability"
echo "ok ed25519-inline # SKIP due libsodium unavailability"
echo "ok ed25519-inline # SKIP due libsodium unavailability"
exit 0 exit 0
fi fi
@ -140,3 +161,5 @@ repo_init --set=sign-verify=true
${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-ed25519-file "${PUBKEYS}" ${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-ed25519-file "${PUBKEYS}"
test_signed_pull "ed25519" "file" test_signed_pull "ed25519" "file"
repo_init --sign-verify=ed25519=inline:"${ED25519PUBLIC}"
test_signed_pull "ed25519" "--verify-ed25519"