mirror of
https://github.com/ostreedev/ostree.git
synced 2025-04-01 18:50:37 +03:00
tests: Use tap_ok/tap_end in test-signed-commit.sh
Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno
parent
1a6165e3ee
commit
86a7a53d86
@ -21,8 +21,6 @@ set -euo pipefail
|
||||
|
||||
. $(dirname $0)/libtest.sh
|
||||
|
||||
echo "1..11"
|
||||
|
||||
# This is explicitly opt in for testing
|
||||
export OSTREE_DUMMY_SIGN_ENABLED=1
|
||||
|
||||
@ -40,17 +38,17 @@ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy ${COMMIT}
|
||||
# Ensure that detached metadata really contain expected string
|
||||
EXPECTEDSIGN="$(echo $DUMMYSIGN | hexdump -n 9 -e '8/1 "0x%.2x, " 1/1 " 0x%.2x"')"
|
||||
${CMD_PREFIX} ostree --repo=repo show ${COMMIT} --print-detached-metadata-key=ostree.sign.dummy | grep -q -e "${EXPECTEDSIGN}"
|
||||
echo "ok Detached dummy signature added"
|
||||
tap_ok "Detached dummy signature added"
|
||||
|
||||
# Verify vith sign mechanism
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN}
|
||||
echo "ok dummy signature verified"
|
||||
tap_ok "dummy signature verified"
|
||||
|
||||
echo "Signed commit with dummy key: ${DUMMYSIGN}" >> file.txt
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo commit -b main -s 'Signed with dummy module' --sign=${DUMMYSIGN} --sign-type=dummy
|
||||
COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)"
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN}
|
||||
echo "ok commit with dummy signing"
|
||||
tap_ok "commit with dummy signing"
|
||||
|
||||
if ${CMD_PREFIX} env -u OSTREE_DUMMY_SIGN_ENABLED ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} 2>err.txt; then
|
||||
fatal "verified dummy signature without env"
|
||||
@ -58,17 +56,17 @@ fi
|
||||
# FIXME the error message here is broken
|
||||
#assert_file_has_content_literal err.txt 'dummy signature type is only for ostree testing'
|
||||
assert_file_has_content_literal err.txt ' No valid signatures found'
|
||||
echo "ok dummy sig requires env"
|
||||
tap_ok "dummy sig requires env"
|
||||
|
||||
# tests below require libsodium support
|
||||
if ! has_ostree_feature sign-ed25519; then
|
||||
echo "ok Detached ed25519 signature # SKIP due libsodium unavailability"
|
||||
echo "ok ed25519 signature verified # SKIP due libsodium unavailability"
|
||||
echo "ok multiple signing # SKIP due libsodium unavailability"
|
||||
echo "ok verify ed25519 keys file # SKIP due libsodium unavailability"
|
||||
echo "ok sign with ed25519 keys file # SKIP due libsodium unavailability"
|
||||
echo "ok verify ed25519 system-wide configuration # SKIP due libsodium unavailability"
|
||||
echo "ok verify ed25519 revoking keys mechanism # SKIP due libsodium unavailability"
|
||||
tap_ok "Detached ed25519 signature # SKIP due libsodium unavailability"
|
||||
tap_ok "ed25519 signature verified # SKIP due libsodium unavailability"
|
||||
tap_ok "multiple signing # SKIP due libsodium unavailability"
|
||||
tap_ok "verify ed25519 keys file # SKIP due libsodium unavailability"
|
||||
tap_ok "sign with ed25519 keys file # SKIP due libsodium unavailability"
|
||||
tap_ok "verify ed25519 system-wide configuration # SKIP due libsodium unavailability"
|
||||
tap_ok "verify ed25519 revoking keys mechanism # SKIP due libsodium unavailability"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
@ -87,7 +85,7 @@ COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)"
|
||||
|
||||
# Ensure that detached metadata contain signature
|
||||
${CMD_PREFIX} ostree --repo=repo show ${COMMIT} --print-detached-metadata-key=ostree.sign.ed25519 &>/dev/null
|
||||
echo "ok Detached ed25519 signature added"
|
||||
tap_ok "Detached ed25519 signature added"
|
||||
|
||||
# Verify vith sign mechanism
|
||||
if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${WRONG_PUBLIC}; then
|
||||
@ -99,7 +97,7 @@ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed255
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} $(gen_ed25519_random_public) $(gen_ed25519_random_public) ${PUBLIC}
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${PUBLIC} $(gen_ed25519_random_public) $(gen_ed25519_random_public)
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} $(gen_ed25519_random_public) $(gen_ed25519_random_public) ${PUBLIC} $(gen_ed25519_random_public) $(gen_ed25519_random_public)
|
||||
echo "ok ed25519 signature verified"
|
||||
tap_ok "ed25519 signature verified"
|
||||
|
||||
# Check if we are able to use all available modules to sign the same commit
|
||||
echo "Unsigned commit for multi-sign" >> file.txt
|
||||
@ -121,7 +119,7 @@ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed2551
|
||||
assert_file_has_content out.txt "ed25519: Signature verified successfully with key"
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} >out.txt
|
||||
assert_file_has_content out.txt "dummy: Signature verified"
|
||||
echo "ok multiple signing "
|
||||
tap_ok "multiple signing "
|
||||
|
||||
# Prepare files with public ed25519 signatures
|
||||
PUBKEYS="$(mktemp -p ${test_tmpdir} ed25519_XXXXXX.ed25519)"
|
||||
@ -163,7 +161,7 @@ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed2551
|
||||
echo ${PUBLIC} >> ${PUBKEYS}
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}
|
||||
|
||||
echo "ok verify ed25519 keys file"
|
||||
tap_ok "verify ed25519 keys file"
|
||||
|
||||
# Check ed25519 signing with secret file
|
||||
echo "Unsigned commit for secret file usage" >> file.txt
|
||||
@ -176,7 +174,7 @@ echo "${SECRET}" > ${KEYFILE}
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=ed25519 --keys-file=${KEYFILE} ${COMMIT}
|
||||
# Verify
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}
|
||||
echo "ok sign with ed25519 keys file"
|
||||
tap_ok "sign with ed25519 keys file"
|
||||
|
||||
# Check the well-known places mechanism
|
||||
mkdir -p ${test_tmpdir}/{trusted,revoked}.ed25519.d
|
||||
@ -192,7 +190,7 @@ echo ${PUBLIC} > ${test_tmpdir}/trusted.ed25519.d/correct
|
||||
# Verify with correct key
|
||||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-dir=${test_tmpdir} ${COMMIT}
|
||||
|
||||
echo "ok verify ed25519 system-wide configuration"
|
||||
tap_ok "verify ed25519 system-wide configuration"
|
||||
|
||||
# Add the public key into revoked list
|
||||
echo ${PUBLIC} > ${test_tmpdir}/revoked.ed25519.d/correct
|
||||
@ -201,4 +199,6 @@ if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed2
|
||||
exit 1
|
||||
fi
|
||||
rm -rf ${test_tmpdir}/{trusted,revoked}.ed25519.d
|
||||
echo "ok verify ed25519 revoking keys mechanism"
|
||||
tap_ok "verify ed25519 revoking keys mechanism"
|
||||
|
||||
tap_end
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user