mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-22 17:35:55 +03:00
pull: Verify commits with gpg signatures from detached metadata
This uses gpgv for verification against DATADIR/ostree/pubring.gpg by default. The keyring can be overridden by specifying OSTREE_GPG_HOME. Add a unit test for commit signing with gpg key and verifying on pull; to implement this we ship a test GPG key generated with no password for Ostree Tester <test@test.com>. Change all of the existing tests to disable GPG verification.
This commit is contained in:
parent
b064581577
commit
7f9eefb62d
@ -57,6 +57,8 @@ libostree_1_la_SOURCES = \
|
||||
src/libostree/ostree-bootloader-uboot.c \
|
||||
src/libostree/ostree-ordered-hash.h \
|
||||
src/libostree/ostree-ordered-hash.c \
|
||||
src/libostree/ostree-gpg-verifier.c \
|
||||
src/libostree/ostree-gpg-verifier.h \
|
||||
$(NULL)
|
||||
if USE_LIBARCHIVE
|
||||
libostree_1_la_SOURCES += src/libostree/ostree-libarchive-input-stream.h \
|
||||
@ -102,5 +104,8 @@ pkgconfig_DATA += src/libostree/ostree-1.pc
|
||||
|
||||
if USE_GPGME
|
||||
libostree_1_la_LIBADD += $(GPGME_LIBS)
|
||||
|
||||
gpgreadme_DATA = src/libostree/README-gpg
|
||||
gpgreadmedir = $(pkgdatadir)
|
||||
endif
|
||||
|
||||
|
@ -23,6 +23,7 @@ insttestdir=$(pkglibexecdir)/installed-tests
|
||||
testfiles = test-basic \
|
||||
test-archivez \
|
||||
test-remote-add \
|
||||
test-commit-sign \
|
||||
test-corruption \
|
||||
test-libarchive \
|
||||
test-pull-archive-z \
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit e0b2fefbb69d03f7aa1390f723e4dfc46f301e71
|
||||
Subproject commit 020fa7de344d9f10136ae1a3cb9bf6baa868218d
|
2
src/libostree/README-gpg
Normal file
2
src/libostree/README-gpg
Normal file
@ -0,0 +1,2 @@
|
||||
Any GPG keyring files ending in ".gpg" placed in this directory will
|
||||
be automatically trusted by OSTree.
|
307
src/libostree/ostree-gpg-verifier.c
Normal file
307
src/libostree/ostree-gpg-verifier.c
Normal file
@ -0,0 +1,307 @@
|
||||
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
|
||||
*
|
||||
* Copyright (C) 2011 Colin Walters <walters@verbum.org>
|
||||
* Copyright (C) 2013 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the
|
||||
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||
* Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Author: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
|
||||
*/
|
||||
|
||||
#include "ostree-gpg-verifier.h"
|
||||
#include "otutil.h"
|
||||
|
||||
#define GPGVGOODPREFIX "[GNUPG:] GOODSIG "
|
||||
|
||||
typedef struct {
|
||||
GObjectClass parent_class;
|
||||
} OstreeGpgVerifierClass;
|
||||
|
||||
struct OstreeGpgVerifier {
|
||||
GObject parent;
|
||||
|
||||
GList *keyrings;
|
||||
gchar *homedir;
|
||||
};
|
||||
|
||||
static void _ostree_gpg_verifier_initable_iface_init (GInitableIface *iface);
|
||||
|
||||
G_DEFINE_TYPE_WITH_CODE (OstreeGpgVerifier, _ostree_gpg_verifier, G_TYPE_OBJECT,
|
||||
G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, _ostree_gpg_verifier_initable_iface_init))
|
||||
|
||||
static void
|
||||
ostree_gpg_verifier_finalize (GObject *object)
|
||||
{
|
||||
OstreeGpgVerifier *self = OSTREE_GPG_VERIFIER (object);
|
||||
|
||||
g_list_free_full (self->keyrings, g_object_unref);
|
||||
g_free (self->homedir);
|
||||
|
||||
G_OBJECT_CLASS (_ostree_gpg_verifier_parent_class)->finalize (object);
|
||||
}
|
||||
|
||||
static void
|
||||
_ostree_gpg_verifier_class_init (OstreeGpgVerifierClass *klass)
|
||||
{
|
||||
GObjectClass *object_class = G_OBJECT_CLASS (klass);
|
||||
|
||||
object_class->finalize = ostree_gpg_verifier_finalize;
|
||||
}
|
||||
|
||||
static void
|
||||
_ostree_gpg_verifier_init (OstreeGpgVerifier *self)
|
||||
{
|
||||
}
|
||||
|
||||
static gboolean
|
||||
ostree_gpg_verifier_initable_init (GInitable *initable,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
gboolean ret = FALSE;
|
||||
OstreeGpgVerifier *self = (OstreeGpgVerifier*)initable;
|
||||
const char *default_keyring_path = g_getenv ("OSTREE_GPG_HOME");
|
||||
gs_unref_object GFile *default_keyring_dir = NULL;
|
||||
gs_unref_object GFile *default_pubring_file = NULL;
|
||||
gs_unref_object GFile *default_pubring = NULL;
|
||||
|
||||
if (!default_keyring_path)
|
||||
default_keyring_path = DATADIR "/ostree/trusted.gpg.d/";
|
||||
|
||||
default_keyring_dir = g_file_new_for_path (default_keyring_path);
|
||||
default_pubring_file = g_file_get_child (default_keyring_dir, "pubring.gpg");
|
||||
|
||||
if (!_ostree_gpg_verifier_add_keyring (self, default_pubring_file,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
|
||||
ret = TRUE;
|
||||
out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void
|
||||
_ostree_gpg_verifier_initable_iface_init (GInitableIface *iface)
|
||||
{
|
||||
iface->init = ostree_gpg_verifier_initable_init;
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
OstreeGpgVerifier *self;
|
||||
GCancellable *cancellable;
|
||||
gboolean gpgv_done;
|
||||
gboolean status_done;
|
||||
|
||||
gint goodsigs;
|
||||
gint exitcode;
|
||||
GError *error;
|
||||
GMainLoop *loop;
|
||||
} VerifyRun;
|
||||
|
||||
static void
|
||||
_gpgv_parse_line (VerifyRun *v, const gchar *line)
|
||||
{
|
||||
if (g_str_has_prefix (line, GPGVGOODPREFIX))
|
||||
v->goodsigs++;
|
||||
}
|
||||
|
||||
static void
|
||||
on_process_done (GObject *s, GAsyncResult *res, gpointer user_data)
|
||||
{
|
||||
VerifyRun *v = user_data;
|
||||
gs_subprocess_wait_finish (GS_SUBPROCESS (s), res,
|
||||
&v->exitcode, &v->error);
|
||||
|
||||
v->gpgv_done = TRUE;
|
||||
|
||||
g_main_loop_quit (v->loop);
|
||||
}
|
||||
|
||||
static void
|
||||
on_read_line (GObject *s, GAsyncResult *res, gpointer user_data)
|
||||
{
|
||||
VerifyRun *v = user_data;
|
||||
gchar *line;
|
||||
|
||||
/* Ignore errors when reading from the data input */
|
||||
line = g_data_input_stream_read_line_finish (G_DATA_INPUT_STREAM (s),
|
||||
res, NULL, NULL);
|
||||
|
||||
if (line == NULL)
|
||||
{
|
||||
v->status_done = TRUE;
|
||||
g_main_loop_quit (v->loop);
|
||||
}
|
||||
else
|
||||
{
|
||||
_gpgv_parse_line (v, line);
|
||||
g_free (line);
|
||||
g_data_input_stream_read_line_async (G_DATA_INPUT_STREAM (s),
|
||||
G_PRIORITY_DEFAULT, v->cancellable,
|
||||
on_read_line, v);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
gboolean
|
||||
_ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
|
||||
GFile *file,
|
||||
GFile *signature,
|
||||
gboolean *out_had_valid_sig,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
gboolean ret = FALSE;
|
||||
gboolean ret_had_valid_sig = FALSE;
|
||||
gs_unref_object GSSubprocessContext *context = NULL;
|
||||
gs_unref_object GSSubprocess *proc = NULL;
|
||||
gs_unref_object GDataInputStream *data = NULL;
|
||||
gs_free gchar *status_fd_str = NULL;
|
||||
GInputStream *output;
|
||||
gint fd;
|
||||
VerifyRun v = { 0, };
|
||||
GList *item;
|
||||
GMainContext *maincontext = NULL;
|
||||
GMainLoop *loop = NULL;
|
||||
|
||||
g_return_val_if_fail (out_had_valid_sig != NULL, FALSE);
|
||||
|
||||
maincontext = g_main_context_new ();
|
||||
loop = g_main_loop_new (maincontext, FALSE);
|
||||
|
||||
g_main_context_push_thread_default (maincontext);
|
||||
|
||||
context = gs_subprocess_context_newv ("gpgv", NULL);
|
||||
gs_subprocess_context_set_stdin_disposition (context,
|
||||
GS_SUBPROCESS_STREAM_DISPOSITION_NULL);
|
||||
gs_subprocess_context_set_stdout_disposition (context,
|
||||
GS_SUBPROCESS_STREAM_DISPOSITION_NULL);
|
||||
gs_subprocess_context_set_stderr_disposition (context,
|
||||
GS_SUBPROCESS_STREAM_DISPOSITION_NULL);
|
||||
|
||||
if (!gs_subprocess_context_open_pipe_read (context, &output, &fd, error))
|
||||
goto out;
|
||||
|
||||
status_fd_str = g_strdup_printf ("%d", fd);
|
||||
gs_subprocess_context_argv_append (context, "--status-fd");
|
||||
gs_subprocess_context_argv_append (context, status_fd_str);
|
||||
|
||||
for (item = self->keyrings ; item != NULL; item = g_list_next (item))
|
||||
{
|
||||
GFile *keyring = item->data;
|
||||
gs_subprocess_context_argv_append (context, "--keyring");
|
||||
gs_subprocess_context_argv_append (context, gs_file_get_path_cached (keyring));
|
||||
}
|
||||
|
||||
gs_subprocess_context_argv_append (context, gs_file_get_path_cached (signature));
|
||||
gs_subprocess_context_argv_append (context, gs_file_get_path_cached (file));
|
||||
|
||||
proc = gs_subprocess_new (context, cancellable, error);
|
||||
if (proc == NULL)
|
||||
goto out;
|
||||
|
||||
data = g_data_input_stream_new (output);
|
||||
|
||||
v.self = self;
|
||||
v.cancellable = cancellable;
|
||||
v.loop = loop;
|
||||
|
||||
gs_subprocess_wait (proc, cancellable, on_process_done, &v);
|
||||
g_data_input_stream_read_line_async (data, G_PRIORITY_DEFAULT, cancellable,
|
||||
on_read_line, &v);
|
||||
|
||||
while (!v.gpgv_done || !v.status_done)
|
||||
g_main_loop_run (loop);
|
||||
|
||||
if (v.goodsigs > 0)
|
||||
ret_had_valid_sig = TRUE;
|
||||
|
||||
ret = TRUE;
|
||||
*out_had_valid_sig = ret_had_valid_sig;
|
||||
out:
|
||||
if (maincontext)
|
||||
{
|
||||
g_main_context_pop_thread_default (maincontext);
|
||||
g_main_context_unref (maincontext);
|
||||
}
|
||||
if (loop)
|
||||
g_main_loop_unref (loop);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void
|
||||
_ostree_gpg_verifier_set_homedir (OstreeGpgVerifier *self,
|
||||
const gchar *path)
|
||||
{
|
||||
g_free (self->homedir);
|
||||
self->homedir = g_strdup (path);
|
||||
}
|
||||
|
||||
gboolean
|
||||
_ostree_gpg_verifier_add_keyring (OstreeGpgVerifier *self,
|
||||
GFile *path,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
g_return_val_if_fail (path != NULL, FALSE);
|
||||
|
||||
self->keyrings = g_list_append (self->keyrings, g_object_ref (path));
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
gboolean
|
||||
_ostree_gpg_verifier_add_keyring_dir (OstreeGpgVerifier *self,
|
||||
GFile *path,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
gboolean ret = FALSE;
|
||||
gs_unref_object GFileEnumerator *enumerator = NULL;
|
||||
|
||||
enumerator = g_file_enumerate_children (path, OSTREE_GIO_FAST_QUERYINFO,
|
||||
G_FILE_QUERY_INFO_NONE,
|
||||
cancellable, error);
|
||||
if (!enumerator)
|
||||
goto out;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
GFileInfo *file_info;
|
||||
GFile *path;
|
||||
|
||||
if (!gs_file_enumerator_iterate (enumerator, &file_info, &path,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
if (file_info == NULL)
|
||||
break;
|
||||
|
||||
if (g_file_info_get_file_type (file_info) == G_FILE_TYPE_REGULAR &&
|
||||
g_str_has_suffix (g_file_info_get_name (file_info), ".gpg"))
|
||||
self->keyrings = g_list_append (self->keyrings, g_object_ref (path));
|
||||
}
|
||||
|
||||
ret = TRUE;
|
||||
out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
OstreeGpgVerifier*
|
||||
_ostree_gpg_verifier_new (GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
return g_initable_new (OSTREE_TYPE_GPG_VERIFIER, cancellable, error, NULL);
|
||||
}
|
64
src/libostree/ostree-gpg-verifier.h
Normal file
64
src/libostree/ostree-gpg-verifier.h
Normal file
@ -0,0 +1,64 @@
|
||||
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
|
||||
*
|
||||
* Copyright (C) 2011 Colin Walters <walters@verbum.org>
|
||||
* Copyright (C) 2013 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the
|
||||
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||
* Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Author: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
|
||||
*/
|
||||
|
||||
//#pragma once
|
||||
|
||||
#include "config.h"
|
||||
#include <glib-object.h>
|
||||
#include <gio/gio.h>
|
||||
|
||||
G_BEGIN_DECLS
|
||||
|
||||
#define OSTREE_TYPE_GPG_VERIFIER _ostree_gpg_verifier_get_type()
|
||||
#define OSTREE_GPG_VERIFIER(obj) \
|
||||
(G_TYPE_CHECK_INSTANCE_CAST ((obj), OSTREE_TYPE_GPG_VERIFIER, OstreeGpgVerifier))
|
||||
#define OSTREE_IS_GPG_VERIFIER(obj) \
|
||||
(G_TYPE_CHECK_INSTANCE_TYPE ((obj), OSTREE_TYPE_GPG_VERIFIER))
|
||||
|
||||
typedef struct OstreeGpgVerifier OstreeGpgVerifier;
|
||||
|
||||
GType _ostree_gpg_verifier_get_type (void);
|
||||
|
||||
OstreeGpgVerifier *_ostree_gpg_verifier_new (GCancellable *cancellable,
|
||||
GError **error);
|
||||
|
||||
gboolean _ostree_gpg_verifier_check_signature (OstreeGpgVerifier *self,
|
||||
GFile *file,
|
||||
GFile *signature,
|
||||
gboolean *had_valid_signature,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
|
||||
void _ostree_gpg_verifier_set_homedir (OstreeGpgVerifier *self,
|
||||
const gchar *path);
|
||||
|
||||
gboolean _ostree_gpg_verifier_add_keyring_dir (OstreeGpgVerifier *self,
|
||||
GFile *path,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
|
||||
gboolean _ostree_gpg_verifier_add_keyring (OstreeGpgVerifier *self,
|
||||
GFile *path,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
G_END_DECLS
|
@ -91,6 +91,8 @@ typedef struct {
|
||||
gboolean transaction_resuming;
|
||||
volatile gint n_scanned_metadata;
|
||||
SoupURI *fetching_sync_uri;
|
||||
|
||||
gboolean gpg_verify;
|
||||
|
||||
GThread *metadata_thread;
|
||||
GMainContext *metadata_thread_context;
|
||||
@ -747,6 +749,19 @@ scan_commit_object (OtPullData *pull_data,
|
||||
goto out;
|
||||
}
|
||||
|
||||
#ifdef HAVE_GPGME
|
||||
if (pull_data->gpg_verify)
|
||||
{
|
||||
if (!ostree_repo_verify_commit (pull_data->repo,
|
||||
checksum,
|
||||
NULL,
|
||||
NULL,
|
||||
cancellable,
|
||||
error))
|
||||
goto out;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!ostree_repo_load_variant (pull_data->repo, OSTREE_OBJECT_TYPE_COMMIT, checksum,
|
||||
&commit, error))
|
||||
goto out;
|
||||
@ -1234,6 +1249,14 @@ ostree_repo_pull (OstreeRepo *self,
|
||||
goto out;
|
||||
pull_data->base_uri = soup_uri_new (baseurl);
|
||||
|
||||
#ifdef HAVE_GPGME
|
||||
if (!ot_keyfile_get_boolean_with_default (config, remote_key, "gpg-verify",
|
||||
TRUE, &pull_data->gpg_verify, error))
|
||||
goto out;
|
||||
#else
|
||||
pull_data->gpg_verify = FALSE;
|
||||
#endif
|
||||
|
||||
if (!ot_keyfile_get_boolean_with_default (config, remote_key, "tls-permissive",
|
||||
FALSE, &tls_permissive, error))
|
||||
goto out;
|
||||
|
@ -31,6 +31,8 @@
|
||||
#include "ostree-core-private.h"
|
||||
#include "ostree-repo-private.h"
|
||||
#include "ostree-repo-file.h"
|
||||
#include "ostree-repo-file-enumerator.h"
|
||||
#include "ostree-gpg-verifier.h"
|
||||
|
||||
#ifdef HAVE_GPGME
|
||||
#include <locale.h>
|
||||
@ -403,6 +405,7 @@ ostree_repo_create (OstreeRepo *self,
|
||||
|
||||
config_data = g_string_new (DEFAULT_CONFIG_CONTENTS);
|
||||
g_string_append_printf (config_data, "mode=%s\n", mode_str);
|
||||
|
||||
if (!g_file_replace_contents (self->config_file,
|
||||
config_data->str,
|
||||
config_data->len,
|
||||
@ -1646,4 +1649,134 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* ostree_repo_verify_commit:
|
||||
* @self: Repository
|
||||
* @commit_checksum: ASCII SHA256 checksum
|
||||
* @keyringdir: (allow-none): Path to directory GPG keyrings; overrides built-in default if given
|
||||
* @extra_keyring: (allow-none): Path to additional keyring file (not a directory)
|
||||
* @cancellable: Cancellable
|
||||
* @error: Error
|
||||
*
|
||||
* Check for a valid GPG signature on commit named by the ASCII
|
||||
* checksum @commit_checksum.
|
||||
*/
|
||||
gboolean
|
||||
ostree_repo_verify_commit (OstreeRepo *self,
|
||||
const gchar *commit_checksum,
|
||||
GFile *keyringdir,
|
||||
GFile *extra_keyring,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
gboolean ret = FALSE;
|
||||
gs_unref_object OstreeGpgVerifier *verifier = NULL;
|
||||
gs_unref_variant GVariant *commit_variant = NULL;
|
||||
gs_unref_object GFile *commit_tmp_path = NULL;
|
||||
gs_unref_object GFile *keyringdir_ref = NULL;
|
||||
gs_unref_variant GVariant *metadata = NULL;
|
||||
gs_unref_variant GVariant *signaturedata = NULL;
|
||||
gs_free gchar *commit_filename = NULL;
|
||||
gint i, n;
|
||||
gboolean had_valid_signataure = FALSE;
|
||||
|
||||
if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT,
|
||||
commit_checksum, &commit_variant,
|
||||
error))
|
||||
goto out;
|
||||
|
||||
verifier = _ostree_gpg_verifier_new (cancellable, error);
|
||||
if (!verifier)
|
||||
goto out;
|
||||
|
||||
if (keyringdir)
|
||||
{
|
||||
if (!_ostree_gpg_verifier_add_keyring_dir (verifier, keyringdir,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
}
|
||||
if (extra_keyring != NULL)
|
||||
{
|
||||
if (!_ostree_gpg_verifier_add_keyring (verifier, extra_keyring,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!ostree_repo_read_commit_detached_metadata (self,
|
||||
commit_checksum,
|
||||
&metadata,
|
||||
cancellable,
|
||||
error))
|
||||
{
|
||||
g_prefix_error (error, "Failed to read detached metadata: ");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (metadata)
|
||||
signaturedata = g_variant_lookup_value (metadata, "ostree.gpgsigs", G_VARIANT_TYPE ("aay"));
|
||||
if (!signaturedata)
|
||||
{
|
||||
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
|
||||
"No signatures found");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!gs_file_open_in_tmpdir (self->tmp_dir, 0644,
|
||||
&commit_tmp_path, NULL,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
|
||||
if (!g_file_replace_contents (commit_tmp_path,
|
||||
(char*)g_variant_get_data (commit_variant),
|
||||
g_variant_get_size (commit_variant),
|
||||
NULL, FALSE, 0, NULL,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
|
||||
n = g_variant_n_children (signaturedata);
|
||||
for (i = 0; i < n; i++)
|
||||
{
|
||||
GVariant *signature_variant = g_variant_get_child_value (signaturedata, i);
|
||||
gs_unref_object GFile *temp_sig_path = NULL;
|
||||
|
||||
if (!gs_file_open_in_tmpdir (self->tmp_dir, 0644,
|
||||
&temp_sig_path, NULL,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
|
||||
if (!g_file_replace_contents (temp_sig_path,
|
||||
(char*)g_variant_get_data (signature_variant),
|
||||
g_variant_get_size (signature_variant),
|
||||
NULL, FALSE, 0, NULL,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
|
||||
if (!_ostree_gpg_verifier_check_signature (verifier,
|
||||
commit_tmp_path,
|
||||
temp_sig_path,
|
||||
&had_valid_signataure,
|
||||
cancellable, error))
|
||||
{
|
||||
(void) gs_file_unlink (temp_sig_path, NULL, NULL);
|
||||
goto out;
|
||||
}
|
||||
(void) gs_file_unlink (temp_sig_path, NULL, NULL);
|
||||
if (had_valid_signataure)
|
||||
break;
|
||||
}
|
||||
|
||||
if (!had_valid_signataure)
|
||||
{
|
||||
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
|
||||
"GPG signatures found, but none are in trusted keyring");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = TRUE;
|
||||
out:
|
||||
if (commit_tmp_path)
|
||||
(void) gs_file_unlink (commit_tmp_path, NULL, NULL);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -470,6 +470,13 @@ gboolean ostree_repo_sign_commit (OstreeRepo *self,
|
||||
const gchar *homedir,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
|
||||
gboolean ostree_repo_verify_commit (OstreeRepo *self,
|
||||
const gchar *commit_checksum,
|
||||
GFile *keyringdir,
|
||||
GFile *extra_keyring,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
#endif
|
||||
|
||||
G_END_DECLS
|
||||
|
@ -232,7 +232,8 @@ ostree_sysroot_ensure_initialized (OstreeSysroot *self,
|
||||
if (!g_file_query_exists (dir, NULL))
|
||||
{
|
||||
gs_unref_object OstreeRepo *repo = ostree_repo_new (repo_dir);
|
||||
if (!ostree_repo_create (repo, OSTREE_REPO_MODE_BARE, cancellable, error))
|
||||
if (!ostree_repo_create (repo, OSTREE_REPO_MODE_BARE,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -104,11 +104,12 @@ ot_admin_builtin_upgrade (int argc, char **argv, OstreeSysroot *sysroot, GCancel
|
||||
|
||||
if (origin_remote)
|
||||
{
|
||||
OstreeRepoPullFlags pullflags = 0;
|
||||
char *refs_to_fetch[] = { origin_ref, NULL };
|
||||
|
||||
g_print ("Fetching remote %s ref %s\n", origin_remote, origin_ref);
|
||||
|
||||
if (!ostree_repo_pull (repo, origin_remote, refs_to_fetch, OSTREE_REPO_PULL_FLAGS_NONE,
|
||||
if (!ostree_repo_pull (repo, origin_remote, refs_to_fetch, pullflags,
|
||||
cancellable, error))
|
||||
goto out;
|
||||
}
|
||||
|
@ -24,6 +24,7 @@ export G_DEBUG=fatal-warnings
|
||||
|
||||
export TEST_GPG_KEYID="472CDAFA"
|
||||
export TEST_GPG_HOME=${SRCDIR}/gpghome
|
||||
export OSTREE_GPG_HOME=${TEST_GPG_HOME}
|
||||
|
||||
if test -n "${OT_TESTS_DEBUG}"; then
|
||||
set -x
|
||||
|
@ -20,7 +20,7 @@
|
||||
cd ${test_tmpdir}
|
||||
mkdir repo
|
||||
${CMD_PREFIX} ostree --repo=repo init
|
||||
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo
|
||||
${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin $(cat httpd-address)/ostree/gnomerepo
|
||||
${CMD_PREFIX} ostree --repo=repo pull origin main
|
||||
${CMD_PREFIX} ostree --repo=repo fsck
|
||||
echo "ok pull"
|
||||
|
@ -132,7 +132,7 @@ ostree admin --sysroot=sysroot status
|
||||
echo "ok upgrade bare"
|
||||
|
||||
os_repository_new_commit
|
||||
ostree --repo=sysroot/ostree/repo remote add testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
|
||||
ostree --repo=sysroot/ostree/repo remote add --set=gpg-verify=false testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
|
||||
ostree admin --sysroot=sysroot upgrade --os=testos
|
||||
origrev=${rev}
|
||||
rev=${newrev}
|
||||
|
@ -41,12 +41,12 @@ echo "ok deploy command"
|
||||
# Commit + upgrade twice, so that we'll rotate out the original deployment
|
||||
bootcsum1=${bootcsum}
|
||||
os_repository_new_commit
|
||||
ostree --repo=sysroot/ostree/repo remote add testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
|
||||
ostree --repo=sysroot/ostree/repo remote add --set=gpg-verify=false testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
|
||||
ostree admin --sysroot=sysroot upgrade --os=testos
|
||||
bootcsum2=${bootcsum}
|
||||
os_repository_new_commit "1"
|
||||
bootcsum3=${bootcsum}
|
||||
ostree --repo=sysroot/ostree/repo remote add testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
|
||||
ostree --repo=sysroot/ostree/repo remote add --set=gpg-verify=false testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
|
||||
ostree admin --sysroot=sysroot upgrade --os=testos
|
||||
|
||||
rev=${newrev}
|
||||
|
@ -31,7 +31,7 @@ echo "ok setup"
|
||||
cd ${test_tmpdir}
|
||||
mkdir repo2
|
||||
${CMD_PREFIX} ostree --repo=repo2 init
|
||||
${CMD_PREFIX} ostree --repo=repo2 remote add aremote file://$(pwd)/repo test2
|
||||
${CMD_PREFIX} ostree --repo=repo2 remote add --set=gpg-verify=false aremote file://$(pwd)/repo test2
|
||||
ostree --repo=repo2 pull aremote
|
||||
ostree --repo=repo2 rev-parse aremote/test2
|
||||
ostree --repo=repo2 fsck
|
||||
|
102
tests/test-commit-sign.sh
Executable file
102
tests/test-commit-sign.sh
Executable file
@ -0,0 +1,102 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright (C) 2013 Jeremy Whiting <jeremy.whiting@collabora.com>
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
# License as published by the Free Software Foundation; either
|
||||
# version 2 of the License, or (at your option) any later version.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public
|
||||
# License along with this library; if not, write to the
|
||||
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||
# Boston, MA 02111-1307, USA.
|
||||
|
||||
set -e
|
||||
|
||||
if ! ostree --version | grep -q -e '\+gpgme'; then
|
||||
exit 77
|
||||
fi
|
||||
|
||||
. $(dirname $0)/libtest.sh
|
||||
|
||||
keyid="472CDAFA"
|
||||
oldpwd=`pwd`
|
||||
mkdir ostree-srv
|
||||
cd ostree-srv
|
||||
mkdir gnomerepo
|
||||
${CMD_PREFIX} ostree --repo=gnomerepo init --mode="archive-z2"
|
||||
mkdir gnomerepo-files
|
||||
cd gnomerepo-files
|
||||
echo first > firstfile
|
||||
mkdir baz
|
||||
echo moo > baz/cow
|
||||
echo alien > baz/saucer
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit -b main -s "A remote commit" -m "Some Commit body" --gpg-sign=$keyid --gpg-homedir=${SRCDIR}/gpghome
|
||||
mkdir baz/deeper
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit -b main -s "Add deeper" --gpg-sign=$keyid --gpg-homedir=${SRCDIR}/gpghome
|
||||
echo hi > baz/deeper/ohyeah
|
||||
mkdir baz/another/
|
||||
echo x > baz/another/y
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit -b main -s "The rest" --gpg-sign=$keyid --gpg-homedir=${SRCDIR}/gpghome
|
||||
cd ..
|
||||
rm -rf gnomerepo-files
|
||||
|
||||
cd ${test_tmpdir}
|
||||
mkdir ${test_tmpdir}/httpd
|
||||
cd httpd
|
||||
ln -s ${test_tmpdir}/ostree-srv ostree
|
||||
ostree trivial-httpd --daemonize -p ${test_tmpdir}/httpd-port
|
||||
port=$(cat ${test_tmpdir}/httpd-port)
|
||||
echo "http://127.0.0.1:${port}" > ${test_tmpdir}/httpd-address
|
||||
cd ${oldpwd}
|
||||
|
||||
export OSTREE="ostree --repo=repo"
|
||||
|
||||
repopath=${test_tmpdir}/ostree-srv/gnomerepo
|
||||
cp -a ${repopath} ${repopath}.orig
|
||||
|
||||
# Set OSTREE_GPG_HOME to a place with no keyrings, we shouldn't trust the signature
|
||||
cd ${test_tmpdir}
|
||||
mkdir repo
|
||||
${CMD_PREFIX} ostree --repo=repo init
|
||||
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo
|
||||
if env OSTREE_GPG_HOME=${test_tmpdir} ${CMD_PREFIX} ostree --repo=repo pull origin main; then
|
||||
assert_not_reached "pull with no trusted GPG keys unexpectedly succeeded!"
|
||||
fi
|
||||
rm repo -rf
|
||||
|
||||
# And a test case with valid signature
|
||||
cd ${test_tmpdir}
|
||||
mkdir repo
|
||||
${CMD_PREFIX} ostree --repo=repo init
|
||||
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo
|
||||
${CMD_PREFIX} ostree --repo=repo pull origin main
|
||||
rm repo -rf
|
||||
|
||||
# A test with corrupted detached signature
|
||||
cd ${test_tmpdir}
|
||||
find ${test_tmpdir}/ostree-srv/gnomerepo -name '*.commitmeta' | while read fname; do
|
||||
echo borkborkbork > ${fname};
|
||||
done
|
||||
mkdir repo
|
||||
${CMD_PREFIX} ostree --repo=repo init
|
||||
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo
|
||||
if ${CMD_PREFIX} ostree --repo=repo pull origin main; then
|
||||
assert_not_reached "pull with corrupted signature unexpectedly succeeded!"
|
||||
fi
|
||||
rm repo -rf
|
||||
|
||||
# And now attempt to pull the same corrupted commit, but with GPG
|
||||
# verification off
|
||||
cd ${test_tmpdir}
|
||||
mkdir repo
|
||||
${CMD_PREFIX} ostree --repo=repo init
|
||||
${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin $(cat httpd-address)/ostree/gnomerepo
|
||||
${CMD_PREFIX} ostree --repo=repo pull origin main
|
||||
rm repo -rf
|
@ -33,7 +33,7 @@ do_corrupt_pull_test() {
|
||||
rm repo -rf
|
||||
mkdir repo
|
||||
${CMD_PREFIX} ostree --repo=repo init
|
||||
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo
|
||||
${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin $(cat httpd-address)/ostree/gnomerepo
|
||||
if ${CMD_PREFIX} ostree --repo=repo pull origin main; then
|
||||
assert_not_reached "pull unexpectedly succeeded!"
|
||||
fi
|
||||
|
@ -32,7 +32,7 @@ cd ${test_tmpdir}
|
||||
rm repo -rf
|
||||
mkdir repo
|
||||
${CMD_PREFIX} ostree --repo=repo init
|
||||
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo
|
||||
${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin $(cat httpd-address)/ostree/gnomerepo
|
||||
|
||||
maxtries=`find ${repopath}/objects | wc -l`
|
||||
maxtries=`expr $maxtries \* 2`
|
||||
|
Loading…
Reference in New Issue
Block a user