2015-06-01 18:40:44 -04:00
#!/bin/bash
#
# Copyright (C) 2014 Colin Walters <walters@verbum.org>
#
2018-01-30 20:26:26 +01:00
# SPDX-License-Identifier: LGPL-2.0+
#
2015-06-01 18:40:44 -04:00
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
2021-12-06 20:20:55 -05:00
# License along with this library. If not, see <https://www.gnu.org/licenses/>.
2015-06-01 18:40:44 -04:00
2016-01-27 11:44:10 -05:00
set -euo pipefail
2015-06-01 18:40:44 -04:00
. $( dirname $0 ) /libtest.sh
2021-04-19 11:00:20 -06:00
# Ensure repo caching is in use.
unset OSTREE_SKIP_CACHE
2019-07-30 02:39:12 +03:00
COMMIT_SIGN = ""
2024-02-19 15:57:51 +00:00
if has_ostree_feature gpgme; then
2019-07-30 02:39:12 +03:00
COMMIT_SIGN = " --gpg-homedir= ${ TEST_GPG_KEYHOME } --gpg-sign= ${ TEST_GPG_KEYID_1 } "
echo "1..10"
else
# Only one test don't need GPG support
echo "1..1"
fi
2016-03-02 10:28:04 -05:00
2017-09-01 16:15:33 -04:00
setup_fake_remote_repo1 "archive" " ${ COMMIT_SIGN } "
2015-06-01 18:40:44 -04:00
# Now, setup multiple branches
mkdir ${ test_tmpdir } /ostree-srv/other-files
cd ${ test_tmpdir } /ostree-srv/other-files
echo 'hello world another object' > hello-world
2015-11-09 13:03:35 +01:00
${ CMD_PREFIX } ostree --repo= ${ test_tmpdir } /ostree-srv/gnomerepo commit ${ COMMIT_SIGN } -b other -s "A commit" -m "Another Commit body"
2015-06-01 18:40:44 -04:00
mkdir ${ test_tmpdir } /ostree-srv/yet-other-files
cd ${ test_tmpdir } /ostree-srv/yet-other-files
echo 'hello world yet another object' > yet-another-hello-world
2015-11-09 13:03:35 +01:00
${ CMD_PREFIX } ostree --repo= ${ test_tmpdir } /ostree-srv/gnomerepo commit ${ COMMIT_SIGN } -b yet-another -s "A commit" -m "Another Commit body"
2015-06-01 18:40:44 -04:00
2015-11-09 13:03:35 +01:00
${ CMD_PREFIX } ostree --repo= ${ test_tmpdir } /ostree-srv/gnomerepo summary -u
2015-06-01 18:40:44 -04:00
prev_dir = ` pwd `
cd ${ test_tmpdir }
2017-09-01 16:15:33 -04:00
ostree_repo_init repo --mode= archive
2015-11-09 13:03:35 +01:00
${ CMD_PREFIX } ostree --repo= repo remote add --set= gpg-verify= false origin $( cat httpd-address) /ostree/gnomerepo
${ CMD_PREFIX } ostree --repo= repo pull --mirror origin
2015-06-01 18:40:44 -04:00
assert_has_file repo/summary
2015-11-09 13:03:35 +01:00
${ CMD_PREFIX } ostree --repo= repo checkout -U main main-copy
2015-06-01 18:40:44 -04:00
assert_file_has_content main-copy/baz/cow "moo"
2015-11-09 13:03:35 +01:00
${ CMD_PREFIX } ostree --repo= repo checkout -U other other-copy
2015-06-01 18:40:44 -04:00
assert_file_has_content other-copy/hello-world "hello world another object"
2015-11-09 13:03:35 +01:00
${ CMD_PREFIX } ostree --repo= repo checkout -U yet-another yet-another-copy
2015-06-01 18:40:44 -04:00
assert_file_has_content yet-another-copy/yet-another-hello-world "hello world yet another object"
2015-11-09 13:03:35 +01:00
${ CMD_PREFIX } ostree --repo= repo fsck
2015-06-01 18:40:44 -04:00
echo "ok pull mirror summary"
2024-02-19 15:57:51 +00:00
if ! has_ostree_feature gpgme; then
2015-06-01 18:40:44 -04:00
exit 0;
fi
cd $prev_dir
${ OSTREE } --repo= ${ test_tmpdir } /ostree-srv/gnomerepo summary -u ${ COMMIT_SIGN }
2015-06-27 12:00:49 -04:00
repo_reinit ( ) {
cd ${ test_tmpdir }
rm -rf repo
mkdir repo
2017-09-01 16:15:33 -04:00
ostree_repo_init repo --mode= archive
2015-06-27 12:00:49 -04:00
${ OSTREE } --repo= repo remote add --set= gpg-verify-summary= true origin $( cat httpd-address) /ostree/gnomerepo
}
2015-06-01 18:40:44 -04:00
cd ${ test_tmpdir }
2015-06-27 12:00:49 -04:00
repo_reinit
2015-06-01 18:40:44 -04:00
${ OSTREE } --repo= repo pull origin main
2016-03-11 13:04:54 +01:00
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
rm repo/tmp/cache/summaries/origin
${ OSTREE } --repo= repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
2015-06-01 18:40:44 -04:00
echo "ok pull with signed summary"
2016-03-11 13:04:54 +01:00
touch repo/tmp/cache/summaries/foo
touch repo/tmp/cache/summaries/foo.sig
${ OSTREE } --repo= repo prune
assert_not_has_file repo/tmp/cache/summaries/foo
assert_not_has_file repo/tmp/cache/summaries/foo.sig
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
echo "ok prune summary cache"
2016-04-11 12:43:07 +02:00
cd ${ test_tmpdir }
repo_reinit
mkdir cachedir
${ OSTREE } --repo= repo pull --cache-dir= cachedir origin main
assert_not_has_file repo/tmp/cache/summaries/origin
assert_not_has_file repo/tmp/cache/summaries/origin.sig
assert_has_file cachedir/summaries/origin
assert_has_file cachedir/summaries/origin.sig
rm cachedir/summaries/origin
${ OSTREE } --repo= repo pull --cache-dir= cachedir origin main
assert_not_has_file repo/tmp/cache/summaries/origin
assert_has_file cachedir/summaries/origin
echo "ok pull with signed summary and cachedir"
2016-03-11 13:04:54 +01:00
2015-06-27 12:00:49 -04:00
cd ${ test_tmpdir }
repo_reinit
mv ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig{ ,.good}
echo invalid > ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig
if ${ OSTREE } --repo= repo pull origin main 2>err.txt; then
assert_not_reached "Successful pull with invalid GPG sig"
fi
assert_file_has_content err.txt "no signatures found"
mv ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig{ .good,}
echo "ok pull with invalid summary gpg signature fails"
cd ${ test_tmpdir }
repo_reinit
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary{ ,.good}
# Some leading garbage
( echo invalid && cat ${ test_tmpdir } /ostree-srv/gnomerepo/summary) > summary.bad.tmp && mv summary.bad.tmp ${ test_tmpdir } /ostree-srv/gnomerepo/summary
if ${ OSTREE } --repo= repo pull origin main; then
assert_not_reached "Successful pull with invalid summary"
fi
mv ${ test_tmpdir } /ostree-srv/gnomerepo/summary{ .good,}
echo "ok pull with invalid summary (leading garbage) fails"
2015-06-01 18:40:44 -04:00
# Generate a delta
${ OSTREE } --repo= ${ test_tmpdir } /ostree-srv/gnomerepo static-delta generate --empty main
${ OSTREE } --repo= ${ test_tmpdir } /ostree-srv/gnomerepo summary -u ${ COMMIT_SIGN }
cd ${ test_tmpdir }
2015-06-27 12:00:49 -04:00
repo_reinit
2015-06-01 18:40:44 -04:00
${ OSTREE } --repo= repo pull origin main
echo "ok pull delta with signed summary"
2015-12-16 18:55:28 -05:00
# Verify 'ostree remote summary' output.
${ OSTREE } --repo= repo remote summary origin > summary.txt
assert_file_has_content summary.txt "* main"
assert_file_has_content summary.txt "* other"
assert_file_has_content summary.txt "* yet-another"
assert_file_has_content summary.txt "found 1 signature"
2019-04-01 19:01:49 -07:00
assert_file_has_content summary.txt "Good signature from \"Ostree Tester <test@test\.com>\""
2015-12-16 18:55:28 -05:00
grep static-deltas summary.txt > static-deltas.txt
assert_file_has_content static-deltas.txt \
$( ${ OSTREE } --repo= repo rev-parse origin:main)
2023-01-29 22:45:29 -07:00
${ OSTREE } --repo= repo remote summary origin --list-metadata-keys > metadata
assert_file_has_content metadata " ^ostree.static-deltas $"
assert_file_has_content metadata " ^ostree.summary.indexed-deltas $"
assert_file_has_content metadata " ^ostree.summary.last-modified $"
assert_file_has_content metadata " ^ostree.summary.mode $"
assert_file_has_content metadata " ^ostree.summary.tombstone-commits $"
${ OSTREE } --repo= repo remote summary origin --print-metadata-key= ostree.summary.indexed-deltas > metadata
assert_file_has_content metadata " ^true $"
${ OSTREE } --repo= repo remote summary origin --print-metadata-key= ostree.summary.mode > metadata
assert_file_has_content metadata " ^'archive-z2' $"
2016-03-31 08:27:32 +01:00
2018-08-02 13:58:56 -05:00
## Tests for handling of cached summaries while racing with remote summary updates
# Make 2 different but valid summary/signature pairs to test races with
${ OSTREE } --repo= ${ test_tmpdir } /ostree-srv/gnomerepo summary -u ${ COMMIT_SIGN }
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary{ ,.1}
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig{ ,.1}
mkdir ${ test_tmpdir } /ostree-srv/even-another-files
cd ${ test_tmpdir } /ostree-srv/even-another-files
echo 'hello world even another object' > even-another-hello-world
${ OSTREE } --repo= ${ test_tmpdir } /ostree-srv/gnomerepo commit ${ COMMIT_SIGN } -b even-another -s "A commit" -m "Another Commit body"
${ OSTREE } --repo= ${ test_tmpdir } /ostree-srv/gnomerepo summary -u ${ COMMIT_SIGN }
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary{ ,.2}
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig{ ,.2}
cd ${ test_tmpdir }
# Reset to the old valid summary and pull to cache it
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary{ .1,}
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig{ .1,}
2020-11-22 13:17:24 +00:00
touch -t 200101010101 ${ test_tmpdir } /ostree-srv/gnomerepo/summary
touch -t 200101010101 ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig
2018-08-02 13:58:56 -05:00
repo_reinit
${ OSTREE } --repo= repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${ test_tmpdir } /ostree-srv/gnomerepo/summary.1 >& 2
cmp repo/tmp/cache/summaries/origin.sig ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig.1 >& 2
# Simulate a pull race where the client gets the old summary and the new
# summary signature since it was generated on the server between the
# requests
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig{ .2,}
2020-11-22 13:17:24 +00:00
touch -t 200202020202 ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig
2018-08-02 13:58:56 -05:00
if ${ OSTREE } --repo= repo pull origin main 2>err.txt; then
assert_not_reached "Successful pull with old summary"
fi
2019-06-15 09:56:44 -05:00
assert_file_has_content err.txt "BAD signature"
2018-08-02 13:58:56 -05:00
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${ test_tmpdir } /ostree-srv/gnomerepo/summary.1 >& 2
cmp repo/tmp/cache/summaries/origin.sig ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig.1 >& 2
# Publish correct summary and check that subsequent pull succeeds
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary{ .2,}
2020-11-22 13:17:24 +00:00
touch -t 200202020202 ${ test_tmpdir } /ostree-srv/gnomerepo/summary
2018-08-02 13:58:56 -05:00
${ OSTREE } --repo= repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${ test_tmpdir } /ostree-srv/gnomerepo/summary.2 >& 2
cmp repo/tmp/cache/summaries/origin.sig ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig.2 >& 2
echo "ok pull with signed summary remote old summary"
# Reset to the old valid summary and pull to cache it
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary{ .1,}
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig{ .1,}
2020-11-22 13:17:24 +00:00
touch -t 200101010101 ${ test_tmpdir } /ostree-srv/gnomerepo/summary
touch -t 200101010101 ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig
2018-08-02 13:58:56 -05:00
repo_reinit
${ OSTREE } --repo= repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${ test_tmpdir } /ostree-srv/gnomerepo/summary.1 >& 2
cmp repo/tmp/cache/summaries/origin.sig ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig.1 >& 2
# Simulate a pull race where the client gets the new summary and the old
# summary signature. This is unlikely to happen except if the web server
# is caching the old signature. This should succeed because the cached
# old summary is used.
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary{ .2,}
2020-11-22 13:17:24 +00:00
touch -t 200202020202 ${ test_tmpdir } /ostree-srv/gnomerepo/summary
2018-08-02 13:58:56 -05:00
${ OSTREE } --repo= repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${ test_tmpdir } /ostree-srv/gnomerepo/summary.1 >& 2
cmp repo/tmp/cache/summaries/origin.sig ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig.1 >& 2
# Publish correct signature and check that subsequent pull succeeds
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig{ .2,}
2020-11-22 13:17:24 +00:00
touch -t 200202020202 ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig
2018-08-02 13:58:56 -05:00
${ OSTREE } --repo= repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${ test_tmpdir } /ostree-srv/gnomerepo/summary.2 >& 2
cmp repo/tmp/cache/summaries/origin.sig ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig.2 >& 2
echo "ok pull with signed summary remote old summary signature"
2018-08-02 14:12:32 -05:00
# Reset to the old valid summary and pull to cache it
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary{ .1,}
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig{ .1,}
2020-11-22 13:17:24 +00:00
touch -t 200101010101 ${ test_tmpdir } /ostree-srv/gnomerepo/summary
touch -t 200101010101 ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig
2018-08-02 14:12:32 -05:00
repo_reinit
${ OSTREE } --repo= repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${ test_tmpdir } /ostree-srv/gnomerepo/summary.1 >& 2
cmp repo/tmp/cache/summaries/origin.sig ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig.1 >& 2
# Simulate a broken summary cache to see if it can be recovered from.
# Prior to commit c4c2b5eb the client would save the summary to the
# cache before validating the signature. That would mean the cache would
# have mismatched summary and signature and ostree would remain
# deadlocked there until the remote published a new signature.
2018-08-10 11:53:50 -05:00
#
# First pull with OSTREE_REPO_TEST_ERROR=invalid-cache to see the
# invalid cache is detected. Then pull again to check if it can be
# recovered from.
2018-08-02 14:12:32 -05:00
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary.2 repo/tmp/cache/summaries/origin
2018-08-10 11:53:50 -05:00
if OSTREE_REPO_TEST_ERROR = invalid-cache ${ OSTREE } --repo= repo pull origin main 2>err.txt; then
assert_not_reached "Should have hit OSTREE_REPO_TEST_ERROR_INVALID_CACHE"
fi
assert_file_has_content err.txt "OSTREE_REPO_TEST_ERROR_INVALID_CACHE"
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${ test_tmpdir } /ostree-srv/gnomerepo/summary.2 >& 2
cmp repo/tmp/cache/summaries/origin.sig ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig.1 >& 2
2018-08-02 14:12:32 -05:00
${ OSTREE } --repo= repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${ test_tmpdir } /ostree-srv/gnomerepo/summary.1 >& 2
cmp repo/tmp/cache/summaries/origin.sig ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig.1 >& 2
# Publish new signature and check that subsequent pull succeeds
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary{ .2,}
cp ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig{ .2,}
2020-11-22 13:17:24 +00:00
touch -t 200202020202 ${ test_tmpdir } /ostree-srv/gnomerepo/summary
touch -t 200202020202 ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig
2018-08-02 14:12:32 -05:00
${ OSTREE } --repo= repo pull origin main
assert_has_file repo/tmp/cache/summaries/origin
assert_has_file repo/tmp/cache/summaries/origin.sig
cmp repo/tmp/cache/summaries/origin ${ test_tmpdir } /ostree-srv/gnomerepo/summary.2 >& 2
cmp repo/tmp/cache/summaries/origin.sig ${ test_tmpdir } /ostree-srv/gnomerepo/summary.sig.2 >& 2
echo "ok pull with signed summary broken cache"