mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-22 17:35:55 +03:00
tests: Add test-remote-gpg-import.sh
This commit is contained in:
parent
64252a4a39
commit
06818ceddc
@ -25,6 +25,7 @@ testfiles = test-basic \
|
||||
test-pull-subpath \
|
||||
test-archivez \
|
||||
test-remote-add \
|
||||
test-remote-gpg-import \
|
||||
test-commit-sign \
|
||||
test-help \
|
||||
test-libarchive \
|
||||
@ -76,7 +77,10 @@ insttest_DATA = tests/archive-test.sh \
|
||||
|
||||
gpginsttestdir = $(pkglibexecdir)/installed-tests/gpghome
|
||||
gpginsttest_DATA = tests/gpghome/secring.gpg \
|
||||
tests/gpghome/trustdb.gpg
|
||||
tests/gpghome/trustdb.gpg \
|
||||
tests/gpghome/key1.asc \
|
||||
tests/gpghome/key2.asc \
|
||||
tests/gpghome/key3.asc
|
||||
gpginsttest_trusteddir = $(pkglibexecdir)/installed-tests/gpghome/trusted
|
||||
gpginsttest_trusted_DATA = tests/gpghome/trusted/pubring.gpg
|
||||
|
||||
|
30
tests/gpghome/key1.asc
Normal file
30
tests/gpghome/key1.asc
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1
|
||||
|
||||
mQENBFIuhBYBCADTbnocQsJgMfOELkFt3wRrAZShijoBPYZT9BrIuIKZxAbaxZJr
|
||||
Tbw8eIGgHZ51NCfdoikul0i82dt4hwtsACNVL5EGRmvTIKHPacb0yJMr1YBjcSwD
|
||||
Slo+niLPb/oVtLTbDWFt/msYKREF/lGJT9dJyXkQ5UOwWdipDaHIlwb0IKUvL7cu
|
||||
NpNthRFRm1M5d5M9OtqTCrCja6zckQ6OfvoStsbneHzfVWeH7vLcKBxxkfDhusVt
|
||||
y1iVaDk1EYT8ZxsrAWw4S7nRK/bjr86IYpFPjG2aKMd9qxyIo7hcX4r8od24jzfM
|
||||
v/ysOapnkTJuv8J6v7MakM1HkCz+TKF6gXxVABEBAAG0HU9zdHJlZSBUZXN0ZXIg
|
||||
PHRlc3RAdGVzdC5jb20+iQE5BBMBAgAjBQJSLoQWAhsDBwsJCAcDAgEGFQgCCQoL
|
||||
BBYCAwECHgECF4AACgkQf8oj2Ecs2vr/9wgAnme6WsWQy8CYeGH4q/5I6XFL6q1m
|
||||
S0+qdeGnYRmR0jJAGJ84vqDhnKxjeQzp+8Nq81DHGEJBszCkMW2o22neFi2Mo95h
|
||||
Dq3GWNZVldCDshjPs563AY6j7zACUN7Cy5XB3MK/vj5R/SrHBtJmSgPTx9WfmUgn
|
||||
n5Udg+fzSsS8z8DUtJFtexgrSnEmwH+nOmIfrsjIYL5EPg+CTTalhygROrERjINr
|
||||
pCYiShaFCKbuyt/XvyQ71y0JbB2yS7tDv0mL4SZjSuBQ1PkNE8ZQsymqBOJHA1Y3
|
||||
ppgPs1OenmtYgxaR8HQQv7uxHWZz0dmwQN93Qx8zMZwW40Odmdh1zLNQf7kBDQRS
|
||||
LoQWAQgA9i9QWg28qmFrPIzn90ZlNlUtFzoZy/8/lIk34awge1uO5aHydYBzkuWU
|
||||
jCDyBtQLWZQlwOKq8oHBbjENR2sfsmNkrYKcceQ02hSXqEJkc6jcDMCpB9eWy34K
|
||||
sPZmdl76Eo/vIIgRqJ9JPeGoMPaIBg2ouEz6Ft6jcX3EriYIKebCEA9wPk29z40x
|
||||
7D8mBZn06WrZ3JyePfbCdNJlQANEnrk7KDMNwPhhE1wcfPkiVtqBR0/FwIoUP0jn
|
||||
PishIWOuFObYnXQQ2R8sxrw/V0hGqVTh+k+iNAjzEp4yPsAvB+LdMH9nCY5rU3Vo
|
||||
1paEqVM1EHoBPu4NupRN0AjIJPr5UQARAQABiQEfBBgBAgAJBQJSLoQWAhsMAAoJ
|
||||
EH/KI9hHLNr68i4IAMdc+EgAaPZFWZcXFGBfhnOKQFC/u/W6Cu1JjqIYkGO0HxSh
|
||||
SfBkxArqlp37w4YVH4bUku6ja421bfGFNMtMfXjw2mU3HRdaDenP6OGv2jYmYmFt
|
||||
6zi0JZZhvi8ZCcAQTStZ2Ms3hwstCMiBXPmYA7KW9Gzo4JQSKCW5haICGVSWl7kh
|
||||
n0OkhOTVI9uzNr7+LhYn2ib/ynSaMKeI4hZ8v1HDuY0V1E63vFPGLFBTPaoRPpnm
|
||||
9yBnXMWhrbV97L6eEoe7faurSyPcF11LEFC5x8oENnbH+wtAXOayQo3lld+JRa9C
|
||||
JEZl8STdRU9o2NFwF8XM8BEOWntMS8aNpPoILC8=
|
||||
=ZNNc
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
30
tests/gpghome/key2.asc
Normal file
30
tests/gpghome/key2.asc
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1
|
||||
|
||||
mQENBFUIM4ABCADYBuvzGgzv5nMy2wICv79l+N4bN9/o9hTdFEOzyAeCEaF5Wugc
|
||||
L9nfTgUS9NRHsSpGt9DeZVEzRm5XzccgHOPs7MlYH0Irhc4Hb9ycOO2vBZ7ZiBK/
|
||||
jbY+R5GN4Ut9XIRexbXWddOjJpRUTCWQeXw5iqV9Puqm1ge2Vcal+NZOi2AFRKKe
|
||||
p/QI9EXIIx7ca6OWtH2SS/qE2p9obDYsMNrW+Dk623dbNKQiWaWyfRD+hB91UNbt
|
||||
vK7agokTeU0hKr9C8dHrhepgl9B/Hz8SFibZQQiTxSiVH3fUu10eQsyuDC/01KHp
|
||||
z0MR28Lc4VlCs6dsJBmGMBayHHVzbyXgw6uZABEBAAG0IU9zdHJlZSBUZXN0ZXIg
|
||||
SUkgPHRlc3QyQHRlc3QuY29tPokBOAQTAQIAIgUCVQgzgAIbAwYLCQgHAwIGFQgC
|
||||
CQoLBBYCAwECHgECF4AACgkQ2CKM/sqVDUFpJAgAirtYbbkvnlKtBxDsCu+A6qyl
|
||||
7r+cW8IH5U1P4MqxqQwkAe1ZalfjuTSHVKYqt/K6gt0+4NvCee3A2JxXTvLq1hdR
|
||||
DNMUFAjkbZv3Y6VS8Qtj3edsviNEB7s8uyWgR/EBB312YSZCwzk5uSLzM5E7AmvM
|
||||
0/ZPIAAxjz8TpQKc8vJx1/4nqgt0Wjv5B74vuOQJT26zoFygCQM76YeN+ULzk/hN
|
||||
hW7aNp/S2STasvEv7NgwqAe6eWy45xTrvxhEhQV760/toLbI0DuuBGr6Ue/G+Id4
|
||||
P/R604HAbMg3GdCztyoD3WTuvcsY6oXD7GlSEX4DZ0LA2TqQDZB+Pqe2yF7Gi7kB
|
||||
DQRVCDOAAQgAsxH2E9JeQPbcdXGyxLCa4FyMeziCrxn7tOEsRkeqZmb76mAOn67Q
|
||||
ZuZ6SXcAQDjKOBu7QNEcFQ+bAW/urohzD/sjr09vKqibLh6v8t81DE79GHI1UZ7F
|
||||
SuYDLgcGUvOCJej8iftJcudWuzCW9SvoykNcgPcIOYEXbbJVRr2xvK4z2a34DyWL
|
||||
jEXU2r6g1KNwtGyT6hZ7Ax99MKAzCFX3to0V51EXcrnUojwz/8i4Lal9t3d4P3lu
|
||||
FZw3ITWh4e9zNxp8aSxsAN/vQ1EHccMPrNmO+d+yjhH7inTxf+vLErP3Cs5rPjxl
|
||||
FgoLvBCSCT0jQ0xP+8Aa2TDyXDcMHg85QwARAQABiQEfBBgBAgAJBQJVCDOAAhsM
|
||||
AAoJENgijP7KlQ1Bc68H/RBn5PpUe8CA1CJ8eN4LIfRee3DjacwvjGsdgiMzcLhb
|
||||
Hp/ke42kentYjT+gF1ABPbeUERDlhnZ8BguKGZV+jOGDWRI2KFrQXL444aNznjn8
|
||||
aTOQY/d4LibwSaQ3qzf4Zp4CyZq2X2Vg3+B3HoUM6pkIL/r2ao5TnFqKubCE3sEo
|
||||
St+LV4eHktoAS1GXmxYKo4Q67yMVekTZt7C/VQ2a20qfAXBn2U8UA3tUvNqKtyyJ
|
||||
XrxeTJ+T4MMv60zdC/B/UPNjjHLNyB6culIzyiYFglGw3ctx2erJN2d+aQLrw78E
|
||||
vIuMy+JcH6y3JlzVGdByWbC7628OcWWa+NL/CXnYMyQ=
|
||||
=j9RC
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
30
tests/gpghome/key3.asc
Normal file
30
tests/gpghome/key3.asc
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1
|
||||
|
||||
mQENBFUIM6EBCACr57QUYEEuxvkX20yM1LVt2jyYZRKKQsqXx/xCF+Pg1MNz6mYx
|
||||
Qz6R6+yZZmlADsfRdnEpRvl4Dq2g3cP0DqkjnIKwI7ffEsyXlves8OMlpwT2Vh4x
|
||||
8Lx92eIEeqmb+PT8m88+x+EPVaR2R5KBHFkGXGyVgw+Ry8Oa9ZtJEKSkL/EQvzWv
|
||||
5q+OR1Pm8rnIPe64XPh3yAx5SBJ2m7hykH/XMVrdGqaZvpuGBx77pmmqfMMjNWMC
|
||||
U09hURyuyGWUsj9lFWYgpBvAzASmJNpAf7FZTjzCwLJwqpxCYm6a3sp76yyjuY7q
|
||||
vgJOolRHp9F/XETsSLdy6966oBxclGNaD6gnABEBAAG0Ik9zdHJlZSBUZXN0ZXIg
|
||||
SUlJIDx0ZXN0M0B0ZXN0LmNvbT6JATgEEwECACIFAlUIM6ECGwMGCwkIBwMCBhUI
|
||||
AgkKCwQWAgMBAh4BAheAAAoJEA0V+uffRE1n0n4H/0Z8bC1cdr5cMFZ6YBaJlw4c
|
||||
b61krhan2qCrwQupwaXi6LHt0zMwgljOcN+X2sAlZj9Jv0CabU5S1vM1fh9DZ6OY
|
||||
2OQ/Pq2lXGk22JjrbPPq5o//xTzo92Uxptuxq6O4frVzuGCo1yPlrHJh+TxbXIc8
|
||||
XOz9C9KTfcb9OwidSSW5LlUBzQ2e3oQLSUQPsdB3TZP5zlqPIYerWn+LdETKcOTr
|
||||
JyoaobFqX2BN223d3vkA1/GcuB17eBnzbnS0OWLJH+E3bsCqjtCJMEc1uTq97tyF
|
||||
XStIk9i0gVbA+GiK/ZFMt+a5kagR5dOUwpNZ0BE+Kzf0CtkSaSWkAh1vQV/j2E65
|
||||
AQ0EVQgzoQEIAMeXa6sp5kdmJn/fVw0Pk5oluBXif7BiFt+T7K03RxCOKRpne6dI
|
||||
SS98ruwZ1B5hn0lZO0UiL5RKpBQUrI9Y7251tz+oWohU2ZkUwwP3OcBlTXtErhe0
|
||||
LctcJ1nUA5NICVP5brhJR94durULiM+Rrhr12Ccs+a9bV268btNLN51z7ICMwNI6
|
||||
xuNxLt9orVJwP82a2eelQOgkPyFpiq7UxZ1erJg4aBVfWHP+rlxyQlzawVebbQMO
|
||||
gwYW+gAawTxd2x7PV9CC3KsaM+HI6wBvDOtcWlbzo+TxzcVocd5oern4Mr5Y86Gt
|
||||
lajuO9DVsuxxIfBrvHdRut613ShhOVlfy2MAEQEAAYkBHwQYAQIACQUCVQgzoQIb
|
||||
DAAKCRANFfrn30RNZyPVB/9jNFOjcNCAZSrz9vylaO0xHsPhIn4osmkiU6BvodwO
|
||||
n+qR4eEUw7BzoWC5QqGxUPYuDneQK7N7U31SFYjmY5Y1CDMsFtcYzjPgN5qWhtaN
|
||||
iNTtE9pb5f97PyLSUwcdW1y/cfDfqoAY6rpRXieo7hJv1xBtlEzJIbSSTS1SUEd1
|
||||
4qwPCqNWMSM6qBcaFB5Yuw0Z/E6B1JfNTUw5J5jDxbGdOzkLx2mXCldte1axq9Lp
|
||||
1V17jMTvn7Ml1QdoEAqzvt4VNQci/Su/qd3XjQ46b4dFFP03+jJv7mO6tHka2luZ
|
||||
RX0zfsk5q8wqbtV2k0XZFRD+22ddKMf1j4wID157lNQs
|
||||
=Dq+d
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
142
tests/test-remote-gpg-import.sh
Executable file
142
tests/test-remote-gpg-import.sh
Executable file
@ -0,0 +1,142 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright (C) 2015 Red Hat, Inc.
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
# License as published by the Free Software Foundation; either
|
||||
# version 2 of the License, or (at your option) any later version.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public
|
||||
# License along with this library; if not, write to the
|
||||
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||
# Boston, MA 02111-1307, USA.
|
||||
|
||||
set -e
|
||||
|
||||
. $(dirname $0)/libtest.sh
|
||||
|
||||
# We don't want OSTREE_GPG_HOME used for these tests.
|
||||
unset OSTREE_GPG_HOME
|
||||
|
||||
setup_fake_remote_repo1 "archive-z2"
|
||||
|
||||
cd ${test_tmpdir}
|
||||
mkdir repo
|
||||
${OSTREE} init
|
||||
|
||||
#----------------------------------------------
|
||||
# Test synchronicity of keyring file and remote
|
||||
#----------------------------------------------
|
||||
|
||||
assert_not_has_file repo/R1.trustedkeys.gpg
|
||||
|
||||
${OSTREE} remote add R1 $(cat httpd-address)/ostree/gnomerepo
|
||||
|
||||
assert_not_has_file repo/R1.trustedkeys.gpg
|
||||
|
||||
# Import one valid key ID
|
||||
${OSTREE} remote gpg-import --keyring ${SRCDIR}/gpghome/trusted/pubring.gpg R1 ${TEST_GPG_KEYID_1} | grep -o 'Imported [[:digit:]] GPG key' > result
|
||||
assert_file_has_content result 'Imported 1 GPG key'
|
||||
|
||||
assert_has_file repo/R1.trustedkeys.gpg
|
||||
|
||||
${OSTREE} remote delete R1
|
||||
|
||||
assert_not_has_file repo/R1.trustedkeys.gpg
|
||||
|
||||
#---------------------------------------
|
||||
# Test gpg-import with --keyring option
|
||||
#---------------------------------------
|
||||
|
||||
${OSTREE} remote add R1 $(cat httpd-address)/ostree/gnomerepo
|
||||
|
||||
# Import one valid key ID
|
||||
${OSTREE} remote gpg-import --keyring ${SRCDIR}/gpghome/trusted/pubring.gpg R1 ${TEST_GPG_KEYID_1} | grep -o 'Imported [[:digit:]] GPG key' > result
|
||||
assert_file_has_content result 'Imported 1 GPG key'
|
||||
|
||||
# Import multiple valid key IDs
|
||||
${OSTREE} remote gpg-import --keyring ${SRCDIR}/gpghome/trusted/pubring.gpg R1 ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3} | grep -o 'Imported [[:digit:]] GPG key' > result
|
||||
assert_file_has_content result 'Imported 2 GPG key'
|
||||
|
||||
# Import key IDs we already have, make sure they're caught
|
||||
${OSTREE} remote gpg-import --keyring ${SRCDIR}/gpghome/trusted/pubring.gpg R1 ${TEST_GPG_KEYID_1} ${TEST_GPG_KEYID_3} | grep -o 'Imported [[:digit:]] GPG key' > result
|
||||
assert_file_has_content result 'Imported 0 GPG key'
|
||||
|
||||
${OSTREE} remote delete R1
|
||||
|
||||
${OSTREE} remote add R1 $(cat httpd-address)/ostree/gnomerepo
|
||||
|
||||
# Import all keys from keyring
|
||||
${OSTREE} remote gpg-import --keyring ${SRCDIR}/gpghome/trusted/pubring.gpg R1 | grep -o 'Imported [[:digit:]] GPG key' > result
|
||||
assert_file_has_content result 'Imported 3 GPG key'
|
||||
|
||||
${OSTREE} remote delete R1
|
||||
|
||||
#-------------------------------------
|
||||
# Test gpg-import with --stdin option
|
||||
#-------------------------------------
|
||||
|
||||
${OSTREE} remote add R1 $(cat httpd-address)/ostree/gnomerepo
|
||||
|
||||
# Import ASCII-armored keys thru stdin
|
||||
cat ${SRCDIR}/gpghome/key{1,2,3}.asc | ${OSTREE} remote gpg-import --stdin R1 | grep -o 'Imported [[:digit:]] GPG key' > result
|
||||
assert_file_has_content result 'Imported 3 GPG key'
|
||||
|
||||
${OSTREE} remote delete R1
|
||||
|
||||
#------------------------------------------------------------
|
||||
# Divide keys across multiple remotes, test GPG verification
|
||||
# For testing purposes the remotes all point to the same URL
|
||||
# This also tests "remote add" with --gpg-import.
|
||||
#------------------------------------------------------------
|
||||
|
||||
${OSTREE} remote add --gpg-import ${SRCDIR}/gpghome/key1.asc R1 $(cat httpd-address)/ostree/gnomerepo | grep -o 'Imported [[:digit:]] GPG key' > result
|
||||
assert_file_has_content result 'Imported 1 GPG key'
|
||||
|
||||
${OSTREE} remote add --gpg-import ${SRCDIR}/gpghome/key2.asc R2 $(cat httpd-address)/ostree/gnomerepo | grep -o 'Imported [[:digit:]] GPG key' > result
|
||||
assert_file_has_content result 'Imported 1 GPG key'
|
||||
|
||||
${OSTREE} remote add --gpg-import ${SRCDIR}/gpghome/key3.asc R3 $(cat httpd-address)/ostree/gnomerepo | grep -o 'Imported [[:digit:]] GPG key' > result
|
||||
assert_file_has_content result 'Imported 1 GPG key'
|
||||
|
||||
# Checkout the "remote" repo so we can add more commits
|
||||
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo checkout main workdir
|
||||
|
||||
# Sign a new commit with key1 and try pulling from each remote
|
||||
echo shadow > workdir/blinky
|
||||
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo commit -b main -s "Add blinky" --gpg-sign ${TEST_GPG_KEYID_1} --gpg-homedir ${SRCDIR}/gpghome
|
||||
if ${OSTREE} pull R2:main >/dev/null 2>&1; then
|
||||
assert_not_reached "(key1/R2) GPG verification unexpectedly succeeded"
|
||||
fi
|
||||
if ${OSTREE} pull R3:main >/dev/null 2>&1; then
|
||||
assert_not_reached "(key1/R3) GPG verification unexpectedly succeeded"
|
||||
fi
|
||||
${OSTREE} pull R1:main >/dev/null
|
||||
|
||||
# Sign a new commit with key2 and try pulling from each remote
|
||||
echo speedy > workdir/pinky
|
||||
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo commit -b main -s "Add pinky" --gpg-sign ${TEST_GPG_KEYID_2} --gpg-homedir ${SRCDIR}/gpghome
|
||||
if ${OSTREE} pull R1:main >/dev/null 2>&1; then
|
||||
assert_not_reached "(key2/R1) GPG verification unexpectedly succeeded"
|
||||
fi
|
||||
if ${OSTREE} pull R3:main >/dev/null 2>&1; then
|
||||
assert_not_reached "(key2/R3) GPG verification unexpectedly succeeded"
|
||||
fi
|
||||
${OSTREE} pull R2:main >/dev/null
|
||||
|
||||
# Sign a new commit with key3 and try pulling from each remote
|
||||
echo bashful > workdir/inky
|
||||
${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo commit -b main -s "Add inky" --gpg-sign ${TEST_GPG_KEYID_3} --gpg-homedir ${SRCDIR}/gpghome
|
||||
if ${OSTREE} pull R1:main >/dev/null 2>&1; then
|
||||
assert_not_reached "(key3/R1) GPG verification unexpectedly succeeded"
|
||||
fi
|
||||
if ${OSTREE} pull R2:main >/dev/null 2>&1; then
|
||||
assert_not_reached "(key3/R2) GPG verification unexpectedly succeeded"
|
||||
fi
|
||||
${OSTREE} pull R3:main >/dev/null
|
Loading…
Reference in New Issue
Block a user