mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-24 06:04:16 +03:00
455cc5e892
There are a lot of things suboptimal about this approach, but on the other hand we need to get our CI back up and running. The basic approach is to - in the test suite, detect if we're on overlayfs. If so, set a flag in the repo, which gets picked up by a few strategic places in the core to turn on "ignore xattrs". I also had to add a variant of this for the sysroot work. The core problem here is while overlayfs will let us read and see the SELinux labels, it won't let us write them. Down the line, we should improve this so that we can selectively ignore e.g. `security.*` attributes but not `user.*` say. Closes: https://github.com/ostreedev/ostree/issues/758 Closes: #759 Approved by: jlebon
153 lines
5.6 KiB
Bash
Executable File
153 lines
5.6 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (C) 2014 Colin Walters <walters@verbum.org>
|
|
#
|
|
# This library is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; either
|
|
# version 2 of the License, or (at your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library; if not, write to the
|
|
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
# Boston, MA 02111-1307, USA.
|
|
|
|
set -euo pipefail
|
|
|
|
. $(dirname $0)/libtest.sh
|
|
|
|
echo "1..7"
|
|
|
|
COMMIT_SIGN="--gpg-homedir=${TEST_GPG_KEYHOME} --gpg-sign=${TEST_GPG_KEYID_1}"
|
|
setup_fake_remote_repo1 "archive-z2" "${COMMIT_SIGN}"
|
|
|
|
# Now, setup multiple branches
|
|
mkdir ${test_tmpdir}/ostree-srv/other-files
|
|
cd ${test_tmpdir}/ostree-srv/other-files
|
|
echo 'hello world another object' > hello-world
|
|
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit ${COMMIT_SIGN} -b other -s "A commit" -m "Another Commit body"
|
|
|
|
mkdir ${test_tmpdir}/ostree-srv/yet-other-files
|
|
cd ${test_tmpdir}/ostree-srv/yet-other-files
|
|
echo 'hello world yet another object' > yet-another-hello-world
|
|
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit ${COMMIT_SIGN} -b yet-another -s "A commit" -m "Another Commit body"
|
|
|
|
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u
|
|
|
|
prev_dir=`pwd`
|
|
cd ${test_tmpdir}
|
|
ostree_repo_init repo --mode=archive-z2
|
|
${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin $(cat httpd-address)/ostree/gnomerepo
|
|
${CMD_PREFIX} ostree --repo=repo pull --mirror origin
|
|
assert_has_file repo/summary
|
|
${CMD_PREFIX} ostree --repo=repo checkout -U main main-copy
|
|
assert_file_has_content main-copy/baz/cow "moo"
|
|
${CMD_PREFIX} ostree --repo=repo checkout -U other other-copy
|
|
assert_file_has_content other-copy/hello-world "hello world another object"
|
|
${CMD_PREFIX} ostree --repo=repo checkout -U yet-another yet-another-copy
|
|
assert_file_has_content yet-another-copy/yet-another-hello-world "hello world yet another object"
|
|
${CMD_PREFIX} ostree --repo=repo fsck
|
|
echo "ok pull mirror summary"
|
|
|
|
if ! has_gpgme; then
|
|
exit 0;
|
|
fi
|
|
|
|
cd $prev_dir
|
|
|
|
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
|
|
|
|
repo_reinit () {
|
|
cd ${test_tmpdir}
|
|
rm -rf repo
|
|
mkdir repo
|
|
ostree_repo_init repo --mode=archive-z2
|
|
${OSTREE} --repo=repo remote add --set=gpg-verify-summary=true origin $(cat httpd-address)/ostree/gnomerepo
|
|
}
|
|
|
|
cd ${test_tmpdir}
|
|
repo_reinit
|
|
${OSTREE} --repo=repo pull origin main
|
|
assert_has_file repo/tmp/cache/summaries/origin
|
|
assert_has_file repo/tmp/cache/summaries/origin.sig
|
|
|
|
rm repo/tmp/cache/summaries/origin
|
|
${OSTREE} --repo=repo pull origin main
|
|
assert_has_file repo/tmp/cache/summaries/origin
|
|
|
|
echo "ok pull with signed summary"
|
|
|
|
touch repo/tmp/cache/summaries/foo
|
|
touch repo/tmp/cache/summaries/foo.sig
|
|
${OSTREE} --repo=repo prune
|
|
assert_not_has_file repo/tmp/cache/summaries/foo
|
|
assert_not_has_file repo/tmp/cache/summaries/foo.sig
|
|
assert_has_file repo/tmp/cache/summaries/origin
|
|
assert_has_file repo/tmp/cache/summaries/origin.sig
|
|
echo "ok prune summary cache"
|
|
|
|
cd ${test_tmpdir}
|
|
repo_reinit
|
|
mkdir cachedir
|
|
${OSTREE} --repo=repo pull --cache-dir=cachedir origin main
|
|
assert_not_has_file repo/tmp/cache/summaries/origin
|
|
assert_not_has_file repo/tmp/cache/summaries/origin.sig
|
|
assert_has_file cachedir/summaries/origin
|
|
assert_has_file cachedir/summaries/origin.sig
|
|
|
|
rm cachedir/summaries/origin
|
|
${OSTREE} --repo=repo pull --cache-dir=cachedir origin main
|
|
assert_not_has_file repo/tmp/cache/summaries/origin
|
|
assert_has_file cachedir/summaries/origin
|
|
|
|
echo "ok pull with signed summary and cachedir"
|
|
|
|
cd ${test_tmpdir}
|
|
repo_reinit
|
|
mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{,.good}
|
|
echo invalid > ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig
|
|
if ${OSTREE} --repo=repo pull origin main 2>err.txt; then
|
|
assert_not_reached "Successful pull with invalid GPG sig"
|
|
fi
|
|
assert_file_has_content err.txt "no signatures found"
|
|
mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.good,}
|
|
echo "ok pull with invalid summary gpg signature fails"
|
|
|
|
cd ${test_tmpdir}
|
|
repo_reinit
|
|
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{,.good}
|
|
# Some leading garbage
|
|
(echo invalid && cat ${test_tmpdir}/ostree-srv/gnomerepo/summary) > summary.bad.tmp && mv summary.bad.tmp ${test_tmpdir}/ostree-srv/gnomerepo/summary
|
|
if ${OSTREE} --repo=repo pull origin main; then
|
|
assert_not_reached "Successful pull with invalid summary"
|
|
fi
|
|
mv ${test_tmpdir}/ostree-srv/gnomerepo/summary{.good,}
|
|
echo "ok pull with invalid summary (leading garbage) fails"
|
|
|
|
# Generate a delta
|
|
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo static-delta generate --empty main
|
|
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
|
|
|
|
cd ${test_tmpdir}
|
|
repo_reinit
|
|
${OSTREE} --repo=repo pull origin main
|
|
echo "ok pull delta with signed summary"
|
|
|
|
# Verify 'ostree remote summary' output.
|
|
${OSTREE} --repo=repo remote summary origin > summary.txt
|
|
assert_file_has_content summary.txt "* main"
|
|
assert_file_has_content summary.txt "* other"
|
|
assert_file_has_content summary.txt "* yet-another"
|
|
assert_file_has_content summary.txt "found 1 signature"
|
|
assert_file_has_content summary.txt "Good signature from \"Ostree Tester <test@test.com>\""
|
|
grep static-deltas summary.txt > static-deltas.txt
|
|
assert_file_has_content static-deltas.txt \
|
|
$(${OSTREE} --repo=repo rev-parse origin:main)
|
|
|
|
libtest_cleanup_gpg
|