ostree/tests/test-gpg-signed-commit.sh

#!/bin/bash
#
# Copyright (C) 2013 Jeremy Whiting <jeremy.whiting@collabora.com>
# Copyright (C) 2015 Red Hat, Inc.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.

set -e

if ! ${CMD_PREFIX} ostree --version | grep -q -e '\+gpgme'; then
    exit 77
fi

. $(dirname $0)/libtest.sh

setup_test_repository "archive-z2"

export OSTREE_GPG_SIGN="${OSTREE} gpg-sign --gpg-homedir=${TEST_GPG_KEYHOME}"

cd ${test_tmpdir}
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID_1} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
# We at least got some content here and ran through the code; later
# tests will actually do verification
assert_file_has_content test2-show 'Found 1 signature'

# Now sign a commit with 3 different keys
cd ${test_tmpdir}
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID_1} --gpg-sign=${TEST_GPG_KEYID_2} --gpg-sign=${TEST_GPG_KEYID_3} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
assert_file_has_content test2-show 'Found 3 signature'

# Commit and sign separately, then monkey around with signatures
cd ${test_tmpdir}
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --tree=dir=files
if ${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature'; then
  assert_not_reached
fi
${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_1}
${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
assert_file_has_content test2-show 'Found 1 signature'
# Signing with a previously used key should be caught
if ${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_1} 2>/dev/null; then
  assert_not_reached
fi
# Add a few more signatures and then delete them
${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3}
${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
assert_file_has_content test2-show 'Found 3 signature'
${OSTREE_GPG_SIGN} --delete test2 ${TEST_GPG_KEYID_2} | grep -o 'Signatures deleted: [[:digit:]]' > test2-delete
assert_file_has_content test2-delete 'Signatures deleted: 1'
${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
assert_file_has_content test2-show 'Found 2 signature'
# Already deleted TEST_GPG_KEYID_2; should be ignored
${OSTREE_GPG_SIGN} --delete test2 ${TEST_GPG_KEYID_1} ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3} | grep -o 'Signatures deleted: [[:digit:]]' > test2-delete
assert_file_has_content test2-delete 'Signatures deleted: 2'
# Verify all signatures are gone
if ${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature'; then
  assert_not_reached
fi
core: Use libgpgme to add GPG signatures to detached metadata for commit object Add an optional dependency on gpgme to add GPG signatures into the detached metadata, with the key "ostree.gpgsigs", as an "aay", an array of signatures (treated as binary data). The commit command gains a --gpg-sign=<key-id> argument. Also add an argument --gpg-homedir to set the GPG homedir where we look for keyrings. 2013-09-03 05:43:49 +04:00			`#!/bin/bash`
			`#`
			`# Copyright (C) 2013 Jeremy Whiting <jeremy.whiting@collabora.com>`
tests: Update test-gpg-signed-commit.sh Utilize and test new CLI capabilities: - Signature count in 'ostree show' result - Duplicate signatures now rejected - Ability to delete signatures 2015-03-17 18:22:27 +03:00			`# Copyright (C) 2015 Red Hat, Inc.`
core: Use libgpgme to add GPG signatures to detached metadata for commit object Add an optional dependency on gpgme to add GPG signatures into the detached metadata, with the key "ostree.gpgsigs", as an "aay", an array of signatures (treated as binary data). The commit command gains a --gpg-sign=<key-id> argument. Also add an argument --gpg-homedir to set the GPG homedir where we look for keyrings. 2013-09-03 05:43:49 +04:00			`#`
			`# This library is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU Lesser General Public`
			`# License as published by the Free Software Foundation; either`
			`# version 2 of the License, or (at your option) any later version.`
			`#`
			`# This library is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`# Lesser General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU Lesser General Public`
			`# License along with this library; if not, write to the`
			`# Free Software Foundation, Inc., 59 Temple Place - Suite 330,`
			`# Boston, MA 02111-1307, USA.`

			`set -e`

tests: enforce ${CMD_PREFIX} on all ostree processes Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> 2015-03-03 15:13:54 +03:00			`if ! ${CMD_PREFIX} ostree --version \| grep -q -e '\+gpgme'; then`
core: Use libgpgme to add GPG signatures to detached metadata for commit object Add an optional dependency on gpgme to add GPG signatures into the detached metadata, with the key "ostree.gpgsigs", as an "aay", an array of signatures (treated as binary data). The commit command gains a --gpg-sign=<key-id> argument. Also add an argument --gpg-homedir to set the GPG homedir where we look for keyrings. 2013-09-03 05:43:49 +04:00			`exit 77`
			`fi`

			`. $(dirname $0)/libtest.sh`

			`setup_test_repository "archive-z2"`

tests: Update test-gpg-signed-commit.sh Utilize and test new CLI capabilities: - Signature count in 'ostree show' result - Duplicate signatures now rejected - Ability to delete signatures 2015-03-17 18:22:27 +03:00			`export OSTREE_GPG_SIGN="${OSTREE} gpg-sign --gpg-homedir=${TEST_GPG_KEYHOME}"`

core: Use libgpgme to add GPG signatures to detached metadata for commit object Add an optional dependency on gpgme to add GPG signatures into the detached metadata, with the key "ostree.gpgsigs", as an "aay", an array of signatures (treated as binary data). The commit command gains a --gpg-sign=<key-id> argument. Also add an argument --gpg-homedir to set the GPG homedir where we look for keyrings. 2013-09-03 05:43:49 +04:00			`cd ${test_tmpdir}`
tests: Update test-gpg-signed-commit.sh Utilize and test new CLI capabilities: - Signature count in 'ostree show' result - Duplicate signatures now rejected - Ability to delete signatures 2015-03-17 18:22:27 +03:00			`${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID_1} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files`
			`${OSTREE} show test2 \| grep -o 'Found [[:digit:]] signature' > test2-show`
core: Use libgpgme to add GPG signatures to detached metadata for commit object Add an optional dependency on gpgme to add GPG signatures into the detached metadata, with the key "ostree.gpgsigs", as an "aay", an array of signatures (treated as binary data). The commit command gains a --gpg-sign=<key-id> argument. Also add an argument --gpg-homedir to set the GPG homedir where we look for keyrings. 2013-09-03 05:43:49 +04:00			`# We at least got some content here and ran through the code; later`
			`# tests will actually do verification`
tests: Update test-gpg-signed-commit.sh Utilize and test new CLI capabilities: - Signature count in 'ostree show' result - Duplicate signatures now rejected - Ability to delete signatures 2015-03-17 18:22:27 +03:00			`assert_file_has_content test2-show 'Found 1 signature'`
core: Use libgpgme to add GPG signatures to detached metadata for commit object Add an optional dependency on gpgme to add GPG signatures into the detached metadata, with the key "ostree.gpgsigs", as an "aay", an array of signatures (treated as binary data). The commit command gains a --gpg-sign=<key-id> argument. Also add an argument --gpg-homedir to set the GPG homedir where we look for keyrings. 2013-09-03 05:43:49 +04:00
tests: Update test-gpg-signed-commit.sh Utilize and test new CLI capabilities: - Signature count in 'ostree show' result - Duplicate signatures now rejected - Ability to delete signatures 2015-03-17 18:22:27 +03:00			`# Now sign a commit with 3 different keys`
core: Use libgpgme to add GPG signatures to detached metadata for commit object Add an optional dependency on gpgme to add GPG signatures into the detached metadata, with the key "ostree.gpgsigs", as an "aay", an array of signatures (treated as binary data). The commit command gains a --gpg-sign=<key-id> argument. Also add an argument --gpg-homedir to set the GPG homedir where we look for keyrings. 2013-09-03 05:43:49 +04:00			`cd ${test_tmpdir}`
tests: Update test-gpg-signed-commit.sh Utilize and test new CLI capabilities: - Signature count in 'ostree show' result - Duplicate signatures now rejected - Ability to delete signatures 2015-03-17 18:22:27 +03:00			`${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID_1} --gpg-sign=${TEST_GPG_KEYID_2} --gpg-sign=${TEST_GPG_KEYID_3} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files`
			`${OSTREE} show test2 \| grep -o 'Found [[:digit:]] signature' > test2-show`
			`assert_file_has_content test2-show 'Found 3 signature'`
ostree: Add gpg-sign command Signs a commit with one or more GPG keys. 2015-02-25 21:55:14 +03:00
tests: Update test-gpg-signed-commit.sh Utilize and test new CLI capabilities: - Signature count in 'ostree show' result - Duplicate signatures now rejected - Ability to delete signatures 2015-03-17 18:22:27 +03:00			`# Commit and sign separately, then monkey around with signatures`
ostree: Add gpg-sign command Signs a commit with one or more GPG keys. 2015-02-25 21:55:14 +03:00			`cd ${test_tmpdir}`
			`${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --tree=dir=files`
tests: Update test-gpg-signed-commit.sh Utilize and test new CLI capabilities: - Signature count in 'ostree show' result - Duplicate signatures now rejected - Ability to delete signatures 2015-03-17 18:22:27 +03:00			`if ${OSTREE} show test2 \| grep -o 'Found [[:digit:]] signature'; then`
			`assert_not_reached`
			`fi`
			`${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_1}`
			`${OSTREE} show test2 \| grep -o 'Found [[:digit:]] signature' > test2-show`
			`assert_file_has_content test2-show 'Found 1 signature'`
			`# Signing with a previously used key should be caught`
			`if ${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_1} 2>/dev/null; then`
			`assert_not_reached`
			`fi`
			`# Add a few more signatures and then delete them`
			`${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3}`
			`${OSTREE} show test2 \| grep -o 'Found [[:digit:]] signature' > test2-show`
			`assert_file_has_content test2-show 'Found 3 signature'`
			`${OSTREE_GPG_SIGN} --delete test2 ${TEST_GPG_KEYID_2} \| grep -o 'Signatures deleted: [[:digit:]]' > test2-delete`
			`assert_file_has_content test2-delete 'Signatures deleted: 1'`
			`${OSTREE} show test2 \| grep -o 'Found [[:digit:]] signature' > test2-show`
			`assert_file_has_content test2-show 'Found 2 signature'`
			`# Already deleted TEST_GPG_KEYID_2; should be ignored`
			`${OSTREE_GPG_SIGN} --delete test2 ${TEST_GPG_KEYID_1} ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3} \| grep -o 'Signatures deleted: [[:digit:]]' > test2-delete`
			`assert_file_has_content test2-delete 'Signatures deleted: 2'`
			`# Verify all signatures are gone`
			`if ${OSTREE} show test2 \| grep -o 'Found [[:digit:]] signature'; then`
			`assert_not_reached`
			`fi`