diff --git a/Makefile-tests.am b/Makefile-tests.am index 411c5628..a4179377 100644 --- a/Makefile-tests.am +++ b/Makefile-tests.am @@ -140,6 +140,7 @@ _installed_or_uninstalled_test_scripts = \ tests/test-config.sh \ tests/test-signed-commit.sh \ tests/test-signed-pull.sh \ + tests/test-pre-signed-pull.sh \ tests/test-signed-pull-summary.sh \ $(NULL) @@ -201,6 +202,7 @@ dist_installed_test_data = tests/archive-test.sh \ tests/fah-deltadata-old.tar.xz \ tests/fah-deltadata-new.tar.xz \ tests/ostree-path-traverse.tar.gz \ + tests/pre-signed-pull-data.tar.gz \ tests/libtest-core.sh \ $(NULL) diff --git a/tests/pre-signed-pull-data.tar.gz b/tests/pre-signed-pull-data.tar.gz new file mode 100644 index 00000000..53a6019a Binary files /dev/null and b/tests/pre-signed-pull-data.tar.gz differ diff --git a/tests/test-pre-signed-pull.sh b/tests/test-pre-signed-pull.sh new file mode 100755 index 00000000..ae4e26f9 --- /dev/null +++ b/tests/test-pre-signed-pull.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# +# Copyright (C) 2020 Collabora Ltd. +# +# SPDX-License-Identifier: LGPL-2.0+ +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +set -euo pipefail + +. $(dirname $0)/libtest.sh + +echo "1..1" + +if ! has_sign_ed25519; then + echo "ok pre-signed pull # SKIP due ed25519 unavailability" + exit 0 +fi + +mkdir upstream +cd upstream +tar xzf $(dirname $0)/pre-signed-pull-data.tar.gz +cd .. + +pubkey='45yzbkuEok0lLabxzdAHWUDSMZgYfxU40sN+LMfYHVA=' + +ostree --repo=repo init --mode=archive +ostree --repo=repo remote add upstream --set=gpg-verify=false --sign-verify=ed25519=inline:${pubkey} file://$(pwd)/upstream/repo +ostree --repo=repo pull upstream:testref + +wrongkey=$(gen_ed25519_random_public) +rm repo -rf +ostree --repo=repo init --mode=archive +ostree --repo=repo remote add badupstream --set=gpg-verify=false --sign-verify=ed25519=inline:${wrongkey} file://$(pwd)/upstream/repo +if ostree --repo=repo pull badupstream:testref 2>err.txt; then + fatal "pulled with wrong key" +fi +assert_file_has_content err.txt 'error:.* no valid ed25519 signatures found' +echo "ok pre-signed pull"