mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-03 05:18:24 +03:00
tests: Add a pre-signed-pull.sh test
I'm thinking about adding an implementation of ed25519 signatures with OpenSSL (so we can ship the feature with Fedora CoreOS without requiring an additional library) and in preparation for that it's essential that we validate that libsodium-generated signatures and OpenSSL-generated signatures are compatible. I don't know if they are yet actually, but the goal of this new test is to add a pre-generated repository with a signed commit generated by libsodium. This will catch if e.g. there's ever a change in libsodium, or if existing libsodium implementation versions (e.g. the one in Debian) might differ from what we ship here.
This commit is contained in:
parent
a128eb551a
commit
40d6f6b5ee
@ -140,6 +140,7 @@ _installed_or_uninstalled_test_scripts = \
|
|||||||
tests/test-config.sh \
|
tests/test-config.sh \
|
||||||
tests/test-signed-commit.sh \
|
tests/test-signed-commit.sh \
|
||||||
tests/test-signed-pull.sh \
|
tests/test-signed-pull.sh \
|
||||||
|
tests/test-pre-signed-pull.sh \
|
||||||
tests/test-signed-pull-summary.sh \
|
tests/test-signed-pull-summary.sh \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
|
|
||||||
@ -201,6 +202,7 @@ dist_installed_test_data = tests/archive-test.sh \
|
|||||||
tests/fah-deltadata-old.tar.xz \
|
tests/fah-deltadata-old.tar.xz \
|
||||||
tests/fah-deltadata-new.tar.xz \
|
tests/fah-deltadata-new.tar.xz \
|
||||||
tests/ostree-path-traverse.tar.gz \
|
tests/ostree-path-traverse.tar.gz \
|
||||||
|
tests/pre-signed-pull-data.tar.gz \
|
||||||
tests/libtest-core.sh \
|
tests/libtest-core.sh \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
|
|
||||||
|
BIN
tests/pre-signed-pull-data.tar.gz
Normal file
BIN
tests/pre-signed-pull-data.tar.gz
Normal file
Binary file not shown.
52
tests/test-pre-signed-pull.sh
Executable file
52
tests/test-pre-signed-pull.sh
Executable file
@ -0,0 +1,52 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Copyright (C) 2020 Collabora Ltd.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: LGPL-2.0+
|
||||||
|
#
|
||||||
|
# This library is free software; you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU Lesser General Public
|
||||||
|
# License as published by the Free Software Foundation; either
|
||||||
|
# version 2 of the License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This library is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
# Lesser General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Lesser General Public
|
||||||
|
# License along with this library; if not, write to the
|
||||||
|
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||||
|
# Boston, MA 02111-1307, USA.
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
. $(dirname $0)/libtest.sh
|
||||||
|
|
||||||
|
echo "1..1"
|
||||||
|
|
||||||
|
if ! has_sign_ed25519; then
|
||||||
|
echo "ok pre-signed pull # SKIP due ed25519 unavailability"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir upstream
|
||||||
|
cd upstream
|
||||||
|
tar xzf $(dirname $0)/pre-signed-pull-data.tar.gz
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
pubkey='45yzbkuEok0lLabxzdAHWUDSMZgYfxU40sN+LMfYHVA='
|
||||||
|
|
||||||
|
ostree --repo=repo init --mode=archive
|
||||||
|
ostree --repo=repo remote add upstream --set=gpg-verify=false --sign-verify=ed25519=inline:${pubkey} file://$(pwd)/upstream/repo
|
||||||
|
ostree --repo=repo pull upstream:testref
|
||||||
|
|
||||||
|
wrongkey=$(gen_ed25519_random_public)
|
||||||
|
rm repo -rf
|
||||||
|
ostree --repo=repo init --mode=archive
|
||||||
|
ostree --repo=repo remote add badupstream --set=gpg-verify=false --sign-verify=ed25519=inline:${wrongkey} file://$(pwd)/upstream/repo
|
||||||
|
if ostree --repo=repo pull badupstream:testref 2>err.txt; then
|
||||||
|
fatal "pulled with wrong key"
|
||||||
|
fi
|
||||||
|
assert_file_has_content err.txt 'error:.* no valid ed25519 signatures found'
|
||||||
|
echo "ok pre-signed pull"
|
Loading…
Reference in New Issue
Block a user