#!/bin/bash # # Copyright (C) 2014 Alexander Larsson # # SPDX-License-Identifier: LGPL-2.0+ # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the # Free Software Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. set -euo pipefail # We don't want OSTREE_GPG_HOME used for these tests. unset OSTREE_GPG_HOME . $(dirname $0)/libtest.sh skip_without_user_xattrs echo "1..11" setup_test_repository "archive" echo "ok setup" cd ${test_tmpdir} mkdir repo2 ostree_repo_init repo2 --mode="bare-user" ${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${CMD_PREFIX} ostree --repo=repo2 fsck echo "ok pull-local z2 to bare-user" mkdir repo3 ostree_repo_init repo3 --mode="archive" ${CMD_PREFIX} ostree --repo=repo3 pull-local repo2 ${CMD_PREFIX} ostree --repo=repo3 fsck echo "ok pull-local bare-user to z2" # Verify the name + size + mode + type + symlink target + owner/group are the same # for all checkouts ${CMD_PREFIX} ostree checkout --repo repo test2 checkout1 find checkout1 -printf '%P %s %#m %u/%g %y %l\n' | sort > checkout1.files ${CMD_PREFIX} ostree checkout --repo repo2 test2 checkout2 find checkout2 -printf '%P %s %#m %u/%g %y %l\n' | sort > checkout2.files ${CMD_PREFIX} ostree checkout --repo repo3 test2 checkout3 find checkout3 -printf '%P %s %#m %u/%g %y %l\n' | sort > checkout3.files cmp checkout1.files checkout2.files cmp checkout1.files checkout3.files echo "ok checkouts same" if has_gpgme; then # These tests are needed GPG support mkdir repo4 ostree_repo_init repo4 --mode="archive" ${CMD_PREFIX} ostree --repo=repo4 remote add --gpg-import ${test_tmpdir}/gpghome/key1.asc origin repo if ${CMD_PREFIX} ostree --repo=repo4 pull-local --remote=origin --gpg-verify repo test2 2>&1; then assert_not_reached "GPG verification unexpectedly succeeded" fi echo "ok --gpg-verify with no signature" ${OSTREE} gpg-sign --gpg-homedir=${TEST_GPG_KEYHOME} test2 ${TEST_GPG_KEYID_1} mkdir repo5 ostree_repo_init repo5 --mode="archive" ${CMD_PREFIX} ostree --repo=repo5 remote add --gpg-import ${test_tmpdir}/gpghome/key1.asc origin repo ${CMD_PREFIX} ostree --repo=repo5 pull-local --remote=origin --gpg-verify repo test2 echo "ok --gpg-verify" mkdir repo6 ostree_repo_init repo6 --mode="archive" ${CMD_PREFIX} ostree --repo=repo6 remote add --gpg-import ${test_tmpdir}/gpghome/key1.asc origin repo if ${CMD_PREFIX} ostree --repo=repo6 pull-local --remote=origin --gpg-verify-summary repo test2 2>&1; then assert_not_reached "GPG summary verification with no summary unexpectedly succeeded" fi ${OSTREE} summary --update if ${CMD_PREFIX} ostree --repo=repo6 pull-local --remote=origin --gpg-verify-summary repo test2 2>&1; then assert_not_reached "GPG summary verification with signed no summary unexpectedly succeeded" fi ${OSTREE} summary --update --gpg-sign=${TEST_GPG_KEYID_1} --gpg-homedir=${TEST_GPG_KEYHOME} ${CMD_PREFIX} ostree --repo=repo6 pull-local --remote=origin --gpg-verify-summary repo test2 2>&1 echo "ok --gpg-verify-summary" else echo "ok --gpg-verify with no signature | # SKIP due GPG unavailability" echo "ok --gpg-verify | # SKIP due GPG unavailability" echo "ok --gpg-verify-summary | # SKIP due GPG unavailability" fi mkdir repo7 ostree_repo_init repo7 --mode="archive" ${CMD_PREFIX} ostree --repo=repo7 pull-local repo ${CMD_PREFIX} ostree --repo=repo7 fsck for src_object in `find repo/objects -name '*.filez'`; do dst_object=${src_object/repo/repo7} assert_files_hardlinked "$src_object" "$dst_object" done echo "ok pull-local z2 to z2 default hardlink" if has_sign_ed25519; then gen_ed25519_keys mkdir repo8 ostree_repo_init repo8 --mode="archive" ${CMD_PREFIX} ostree --repo=repo8 remote add --set=verification-ed25519-key="${ED25519PUBLIC}" origin repo cat repo8/config if ${CMD_PREFIX} ostree --repo=repo8 pull-local --remote=origin --sign-verify repo test2 2>err.txt; then assert_not_reached "Ed25519 signature verification unexpectedly succeeded" fi assert_file_has_content err.txt 'ed25519: commit have no signatures of my type' echo "ok --sign-verify with no signature" ${OSTREE} sign test2 ${ED25519SECRET} mkdir repo9 ostree_repo_init repo9 --mode="archive" ${CMD_PREFIX} ostree --repo=repo9 remote add --set=verification-ed25519-key="$(gen_ed25519_random_public)" origin repo if ${CMD_PREFIX} ostree --repo=repo9 pull-local --remote=origin --sign-verify repo test2 2>err.txt; then assert_not_reached "Ed25519 signature verification unexpectedly succeeded" fi assert_file_has_content err.txt 'no valid ed25519 signatures found' echo "ok --sign-verify with wrong signature" mkdir repo10 ostree_repo_init repo10 --mode="archive" ${CMD_PREFIX} ostree --repo=repo10 remote add --set=verification-ed25519-key="${ED25519PUBLIC}" origin repo ${CMD_PREFIX} ostree --repo=repo10 pull-local --remote=origin --sign-verify repo test2 echo "ok --sign-verify" else echo "ok --sign-verify with no signature | # SKIP due libsodium unavailability" echo "ok --sign-verify with wrong signature | # SKIP due libsodium unavailability" echo "ok --sign-verify | # SKIP libsodium unavailability" fi