Commit Graph

15 Commits

Author SHA1 Message Date
Simon McVittie
a84e56d603 tests: Generalize has_gpgme, has_sign_ed25519 into has_ostree_feature
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-02-19 21:01:05 +00:00
Colin Walters
1a2fac371b tests: Remove dead references to "SEED"
Nothing uses this.
2023-07-18 07:55:14 -04:00
Joseph Marrero
581a58067b Update FSF license notices to use URL instead of address 2021-12-07 08:34:25 -05:00
Colin Walters
36258036ae signapi: Change API to also return a success message
This is the dual of 1f3c8c5b3d
where we output more detail when signapi fails to validate.

Extend the API to return a string for success, which we output
to stdout.

This will help the test suite *and* end users validate that the expected
thing is happening.

In order to make this cleaner, split the "verified commit" set
in the pull code into GPG and signapi verified sets, and have
the signapi verified set contain the verification string.

We're not doing anything with the verification string in the
pull code *yet* but I plan to add something like
`ostree pull --verbose` which would finally print this.
2020-06-17 00:33:47 +00:00
Colin Walters
1f3c8c5b3d sign/ed25519: Output failed signatures in error message
To aid debuggability, when we find a commit that isn't signed
by our expected key, output a specific error message with the
key.

(And then add code to switch to just printing the count beyond 3
 because the test suite injects 100 keys and hopefully no one
 ever actually does that)
2020-06-16 18:20:54 +03:00
Denis Pynkin
40a2fb3b07 tests/signed-commit: fix the test of well-known places
Commit e474033e removed the redirection of incorrect public keys
aimed to generate a lot of files without correct public signature.

Fix the test by returning back the creation of files containing
incorrect public keys for ed25519.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-04-17 16:46:49 +03:00
Colin Walters
d1e5ed379e Use sign-ed25519 for the feature name
`libsodium` is an implementation detail.  In particular, I'd like
to consider using OpenSSL for ed25519 (if libsodium isn't configured
and openssl is).

So switch the name of the exposed feature and adjust the tests.
2020-04-16 16:43:43 +00:00
Colin Walters
b6040143e5 Only enable "dummy" signature type with opt-in env variable
I don't want to even have to think about people using
this in production.
2020-04-14 22:18:13 +00:00
Denis Pynkin
e474033ea9 tests/sign: use library functions for ed25519 keys
Switch to library functions usage.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
7e71f87ebc tests/sign: check system-wide config and revoked keys
Extend the ed25519 tests with checking the system-wide directory
keys loading code(with the help of redefinition).
Added test of ed25519 revoking keys mechanism.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
ea291a0605 builtin/sign: allow to use multiple public keys for verification
`ostree sign` is able to use several public keys provided via arguments
and via file with keys.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
36e4667973 builtin/sign: allow to sign with keys from secret file
Read keys from secret file provided by `--keys-file=` option.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
0b55db9b2f tests/sign: check public keys load from file
Test ed25519 public keys load from file and verify signed commit
against that file.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
2303202c86 sign: API changes for public keys and CLI keys format
API changes:
- added function `ostree_sign_add_pk()` for multiple public keys using.
- `ostree_sign_set_pk()` now substitutes all previously added keys.
- added function `ostree_sign_load_pk()` allowed to load keys from file.
- `ostree_sign_ed25519_load_pk()` able to load the raw keys list from file.
- use base64 encoded public and private ed25519 keys for CLI and keys file.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
9e8f0f4ca0 tests: add test for commits sign/verification
Add tests checking:
- sign mechanism is in working state
- module 'dummy' is able to sign/verify commit
- module 'ed25519' is able to sign/verify commit
- both modules could be used for the same commit
- 'ostree sign' builtin works with commits
- 'ostree commit' builtin able to sign commits

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00