packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2128 from cgwalters/verify-pre-signed 

tests: Add a pre-signed-pull.sh test
This commit is contained in:
OpenShift Merge Robot 2020-06-15 15:29:23 -04:00 committed by GitHub
parent a128eb551a 40d6f6b5ee
commit fa70ab417b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile-tests.am
View File

@ -140,6 +140,7 @@ _installed_or_uninstalled_test_scripts = \
tests/test-config.sh \
tests/test-signed-commit.sh \
tests/test-signed-pull.sh \
tests/test-pre-signed-pull.sh \
tests/test-signed-pull-summary.sh \
$(NULL)
@ -201,6 +202,7 @@ dist_installed_test_data = tests/archive-test.sh \
tests/fah-deltadata-old.tar.xz \
tests/fah-deltadata-new.tar.xz \
tests/ostree-path-traverse.tar.gz \
tests/pre-signed-pull-data.tar.gz \
tests/libtest-core.sh \
$(NULL)

BIN
tests/pre-signed-pull-data.tar.gz Normal file
View File

Binary file not shown.

52
tests/test-pre-signed-pull.sh Executable file
View File

@ -0,0 +1,52 @@
#!/bin/bash
#
# Copyright (C) 2020 Collabora Ltd.
#
# SPDX-License-Identifier: LGPL-2.0+
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
set -euo pipefail
. $(dirname $0)/libtest.sh
echo "1..1"
if ! has_sign_ed25519; then
echo "ok pre-signed pull # SKIP due ed25519 unavailability"
exit 0
fi
mkdir upstream
cd upstream
tar xzf $(dirname $0)/pre-signed-pull-data.tar.gz
cd ..
pubkey='45yzbkuEok0lLabxzdAHWUDSMZgYfxU40sN+LMfYHVA='
ostree --repo=repo init --mode=archive
ostree --repo=repo remote add upstream --set=gpg-verify=false --sign-verify=ed25519=inline:${pubkey} file://$(pwd)/upstream/repo
ostree --repo=repo pull upstream:testref
wrongkey=$(gen_ed25519_random_public)
rm repo -rf
ostree --repo=repo init --mode=archive
ostree --repo=repo remote add badupstream --set=gpg-verify=false --sign-verify=ed25519=inline:${wrongkey} file://$(pwd)/upstream/repo
if ostree --repo=repo pull badupstream:testref 2>err.txt; then
fatal "pulled with wrong key"
fi
assert_file_has_content err.txt 'error:.* no valid ed25519 signatures found'
echo "ok pre-signed pull"