Commit Graph

23 Commits

Author SHA1 Message Date
Joseph Marrero
581a58067b Update FSF license notices to use URL instead of address 2021-12-07 08:34:25 -05:00
Denis Pynkin
3767d87107 tests/gpg: fix GPG-dependent shell tests if no GPG support
Skip tests or run them without GPG-related functionality if GPGME
wasn't enabled in a build time.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Closes: #1889
Approved by: cgwalters
2019-08-01 02:06:47 +00:00
Dan Nicholson
abb173352d tests: Always cleanup gpg-agent when exiting
Add `libtest_cleanup_gpg()` to the array of commands to run when
exiting. This provides 2 improvements:

1. You don't need to worry about whether the test will spawn a gpg-agent
   and therefore require adding a call to `libtest_cleanup_gpg()`.

2. All the existing users were calling `libtest_cleanup_gpg()` at the
   end of the script. If there was a failure and the script exited
   early, then it wouldn't cleanup and there may be a stray gpg-agent
   hanging around.

Closes: #1799
Approved by: cgwalters
2019-06-19 17:30:24 +00:00
Marcus Folkesson
6bf4b3e1d8 Add SPDX-License-Identifier to source files
SPDX License List is a list of (common) open source
licenses that can be referred to by a “short identifier”.
It has several advantages compared to the common "license header texts"
usually found in source files.

Some of the advantages:
* It is precise; there is no ambiguity due to variations in license header
  text
* It is language neutral
* It is easy to machine process
* It is concise
* It is simple and can be used without much cost in interpreted
  environments like java Script, etc.
* An SPDX license identifier is immutable.
* It provides simple guidance for developers who want to make sure the
  license for their code is respected

See http://spdx.org for further reading.

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>

Closes: #1439
Approved by: cgwalters
2018-01-30 20:03:42 +00:00
Colin Walters
88b25dc65c tree-wide: Replace archive-z2 with archive
In almost all places. There are just a few exceptions; one tricky bit for
example is that the repo config must still have `mode=archive-z2`, since
`archive` used to mean something else. (We could very likely just get rid of
that check, but eh, later).

I also added a test that one can still do `ostree repo init --mode=archive-z2`.

Closes: #1125
Approved by: jlebon
2017-09-01 20:54:12 +00:00
Colin Walters
455cc5e892 repo+tests: Add [core]disable-xattrs=true, use it on overlayfs
There are a lot of things suboptimal about this approach, but
on the other hand we need to get our CI back up and running.

The basic approach is to - in the test suite, detect if we're on overlayfs. If
so, set a flag in the repo, which gets picked up by a few strategic places in
the core to turn on "ignore xattrs".

I also had to add a variant of this for the sysroot work.

The core problem here is while overlayfs will let us read and
see the SELinux labels, it won't let us write them.

Down the line, we should improve this so that we can selectively ignore e.g.
`security.*` attributes but not `user.*` say.

Closes: https://github.com/ostreedev/ostree/issues/758

Closes: #759
Approved by: jlebon
2017-03-24 22:16:43 +00:00
Jonathan Lebon
c4c030cc79 libtest: add has_gpgme() helper function
Closes: #469
Approved by: cgwalters
2016-08-31 16:52:12 +00:00
Colin Walters
bdf24cdc04 tests: Make failing to kill the GPG agent non-fatal
It's not working for me in `make check` on a RHEL 7 Workstation,
apparently because no GPG agent is spawned.  I'm guessing this has
something to do with the GPG version?

The downside of this is we will be less likely to notice if GPG
changes again and we start leaking agents like we're in The Matrix
Reloaded.  But the real solution to that is containers anyways.

Closes: #233
Approved by: smcv
2016-03-31 18:43:31 +00:00
Simon McVittie
b25ddd29ab In tests that use gpg, terminate the gpg-agent after testing
Otherwise we leak those processes.

Signed-off-by: Simon McVittie <smcv@debian.org>

Closes: #232
Approved by: cgwalters
2016-03-31 14:22:06 +00:00
Colin Walters
d25212f04a tests: Port to glib-tap.mk, make make check run all of the tests
OSTree's code for testing predates the `glib-tap.mk` making its
way into GLib.  Let's switch to it, as it provides a number
of advantages.

By far the biggest advantage is that `make check` can start to run
most of the tests *in addition* to having them work installed.

This commit keeps the installed tests working, but `make check` turns
out to be really broken because...our TAP usage has bitrotted to say
the least.  Fix that all up.

Do some hacks so that the tests work uninstalled as well - in
particular, `glib-tap.mk` and the bits encoded into
`g_test_build_filename()` assume *recursive* Automake (blah).  Work
around that by creating a symlink when installed to loop back.
2016-03-03 08:50:19 -05:00
Colin Walters
5ebe43859d tests: Use "bash strict mode"
I noticed in the static deltas tests, there were some tests that
should have been under `-o pipefail` to ensure we properly propagate
errors.

There were a few places where we were referencing undefined variables.

Overall, this is clearly a good idea IMO.
2016-01-27 11:44:10 -05:00
Giuseppe Scrivano
45cee1bd70 tests: prefix invocation of ostree with where missing
And add a syntax rule to avoid this in future.

Fixed by:

sed -i -e 's|^ostree |${CMD_PREFIX} ostree |g' tests/*.sh

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-11-16 11:07:55 +01:00
Giuseppe Scrivano
bddb25f79e pull: honor gpg-verify-summary=false when a summary signature is present
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-09-10 08:59:01 -04:00
Colin Walters
0110183675 fetcher: Use 0666 (-umask) for temporary files
There's no reason to keep them hidden.  I have a hard policy that
OSTree should *not* be used to carry secrets.  Things like host ssh
private keys should be set up out of band by an OS-external
configuration mechanism such as kickstart, cloud-init, etc.

We also assume that hiding binaries is not very useful as most
attackers would be able to find them on the Internet or (for
subscribed content) acting as a customer.

This fixes a bug with mirroring because we changed to take the
unmodified upstream objects rather than uncompress <-> recompress.

https://bugzilla.gnome.org/show_bug.cgi?id=748959
2015-08-27 11:36:48 -04:00
Colin Walters
530631376e tests: Check error messages instead of "expected-fail", handle old parallel 2015-06-29 13:35:07 -04:00
Giuseppe Scrivano
0bd10eb6e2 tests: add test for check for remote add --set=gpg-verify-summary=true
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-06-26 11:02:25 +02:00
Giuseppe Scrivano
19ce011e1f pull: fail if GPG is enabled and the summary is not signed
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-06-26 11:02:25 +02:00
Giuseppe Scrivano
91d7f3fa0d tests/test-pull-mirror-summary.sh: remove empty newline
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-06-12 13:10:02 +02:00
Colin Walters
9acb6283d1 tests: Add a commented out test for mirroring with deltas 2015-06-02 09:07:28 -04:00
Giuseppe Scrivano
6aeeba4280 tests: add a test for signed summary file
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-05-07 21:58:04 +02:00
Colin Walters
1fdecbd263 pull: Copy the upstream summary file when doing a pull --mirror
While it could be regenerated downstream, there might be other
metadata upstream, and the goal here is a mirror.

https://bugzilla.gnome.org/show_bug.cgi?id=739377
2015-02-05 21:24:21 -05:00
Colin Walters
fab1e113db When mirroring, write content directly, do not verify
When doing a pull --mirror from an archive-z2 repository into another
archive-z2 repository, currently we gunzip/checksum/gzip each content
object.  The re-gzip process in particular is fairly expensive.

This does assume that the upstream content is trusted and correct.
It'd be nice in the future to do at least a CRC check, if not the full
checksum.  (Could we append CRC data to the end of filez objects?)

We could also choose to only do this optimization if fetching over
TLS.

before: 1626 metadata, 20320 content objects fetched; 299634 KiB transferred in 62 seconds
after : 1626 metadata, 20320 content objects fetched; 299634 KiB transferred in 11 seconds
2015-02-05 21:24:21 -05:00
Colin Walters
1dceb99056 Add missing file from previous commit 2014-10-03 14:38:30 -04:00