mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-26 03:22:08 +03:00
ced22f6c9b
Working on the libcurl backend, I hit the issue that the trivial-httpd program depends on libsoup. I briefly considered having two versions, but libcurl is client only, and moreover trivial-httpd is no longer trivial - it has various features which are used by the test suite extensively. Hence, what we'll do is build it as a separate binary which links to libsoup, and use it during the tests. We *also* currently still provide `ostree trivial-httpd` since some things use it like `rpm-ostree-toolbox` and the Cockpit tests. After those are ported to use some other webserver, I plan to add a build-time option to drop it. Closes: #636 Approved by: jlebon
140 lines
5.3 KiB
Bash
Executable File
140 lines
5.3 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (C) 2013 Jeremy Whiting <jeremy.whiting@collabora.com>
|
|
#
|
|
# This library is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; either
|
|
# version 2 of the License, or (at your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library; if not, write to the
|
|
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
# Boston, MA 02111-1307, USA.
|
|
|
|
set -euo pipefail
|
|
|
|
. $(dirname $0)/libtest.sh
|
|
|
|
if ! has_gpgme; then
|
|
echo "1..0 #SKIP no gpg support compiled in"
|
|
exit 0
|
|
fi
|
|
|
|
echo "1..1"
|
|
|
|
keyid="472CDAFA"
|
|
oldpwd=`pwd`
|
|
mkdir ostree-srv
|
|
cd ostree-srv
|
|
mkdir gnomerepo
|
|
${CMD_PREFIX} ostree --repo=gnomerepo init --mode="archive-z2"
|
|
mkdir gnomerepo-files
|
|
cd gnomerepo-files
|
|
echo first > firstfile
|
|
mkdir baz
|
|
echo moo > baz/cow
|
|
echo alien > baz/saucer
|
|
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit -b main -s "A remote commit" -m "Some Commit body" --gpg-sign=$keyid --gpg-homedir=${test_tmpdir}/gpghome
|
|
mkdir baz/deeper
|
|
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit -b main -s "Add deeper" --gpg-sign=$keyid --gpg-homedir=${test_tmpdir}/gpghome
|
|
echo hi > baz/deeper/ohyeah
|
|
mkdir baz/another/
|
|
echo x > baz/another/y
|
|
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit -b main -s "The rest" --gpg-sign=$keyid --gpg-homedir=${test_tmpdir}/gpghome
|
|
cd ..
|
|
|
|
cd ${test_tmpdir}
|
|
mkdir ${test_tmpdir}/httpd
|
|
cd httpd
|
|
ln -s ${test_tmpdir}/ostree-srv ostree
|
|
${OSTREE_HTTPD} --autoexit --daemonize -P 18081 -p ${test_tmpdir}/httpd-port
|
|
port=$(cat ${test_tmpdir}/httpd-port)
|
|
assert_streq $port 18081
|
|
echo "http://127.0.0.1:${port}" > ${test_tmpdir}/httpd-address
|
|
cd ${oldpwd}
|
|
|
|
export OSTREE="${CMD_PREFIX} ostree --repo=repo"
|
|
|
|
repopath=${test_tmpdir}/ostree-srv/gnomerepo
|
|
cp -a ${repopath} ${repopath}.orig
|
|
|
|
# Set OSTREE_GPG_HOME to a place with no keyrings, we shouldn't trust the signature
|
|
cd ${test_tmpdir}
|
|
mkdir repo
|
|
${CMD_PREFIX} ostree --repo=repo init
|
|
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo
|
|
if env OSTREE_GPG_HOME=${test_tmpdir} ${CMD_PREFIX} ostree --repo=repo pull origin main; then
|
|
assert_not_reached "pull with no trusted GPG keys unexpectedly succeeded!"
|
|
fi
|
|
rm repo -rf
|
|
|
|
# And a test case with valid signature
|
|
cd ${test_tmpdir}
|
|
mkdir repo
|
|
${CMD_PREFIX} ostree --repo=repo init
|
|
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo
|
|
${CMD_PREFIX} ostree --repo=repo pull origin main
|
|
${CMD_PREFIX} ostree --repo=repo show --gpg-verify-remote=origin main | grep -o 'Found [[:digit:]] signature' > show-verify-remote
|
|
assert_file_has_content show-verify-remote 'Found 1 signature'
|
|
rm repo -rf
|
|
|
|
# A test with corrupted detached signature
|
|
cd ${test_tmpdir}
|
|
find ${test_tmpdir}/ostree-srv/gnomerepo -name '*.commitmeta' | while read fname; do
|
|
echo borkborkbork > ${fname};
|
|
done
|
|
mkdir repo
|
|
${CMD_PREFIX} ostree --repo=repo init
|
|
${CMD_PREFIX} ostree --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo
|
|
if ${CMD_PREFIX} ostree --repo=repo pull origin main; then
|
|
assert_not_reached "pull with corrupted signature unexpectedly succeeded!"
|
|
fi
|
|
rm repo -rf
|
|
|
|
# And now attempt to pull the same corrupted commit, but with GPG
|
|
# verification off
|
|
cd ${test_tmpdir}
|
|
mkdir repo
|
|
${CMD_PREFIX} ostree --repo=repo init
|
|
${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin $(cat httpd-address)/ostree/gnomerepo
|
|
${CMD_PREFIX} ostree --repo=repo pull origin main
|
|
rm repo -rf
|
|
|
|
# Add an unsigned commit to the repo, then pull, then sign the commit,
|
|
# then pull again. Make sure we get the expected number of signatures
|
|
# each time.
|
|
cd ${test_tmpdir}/ostree-srv/gnomerepo-files
|
|
echo secret > signme
|
|
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit -b main -s "Don't forget to sign me!"
|
|
cd ${test_tmpdir}
|
|
mkdir repo
|
|
${CMD_PREFIX} ostree --repo=repo init
|
|
${CMD_PREFIX} ostree --repo=repo remote add --set=gpg-verify=false origin $(cat httpd-address)/ostree/gnomerepo
|
|
${CMD_PREFIX} ostree --repo=repo pull origin main
|
|
if ${CMD_PREFIX} ostree --repo=repo show main | grep -o 'Found [[:digit:]] signature'; then
|
|
assert_not_reached
|
|
fi
|
|
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo gpg-sign --gpg-homedir=${test_tmpdir}/gpghome main $keyid
|
|
${CMD_PREFIX} ostree --repo=repo pull origin main
|
|
${CMD_PREFIX} ostree --repo=repo show main | grep -o 'Found [[:digit:]] signature' > show
|
|
assert_file_has_content show 'Found 1 signature'
|
|
|
|
# Delete the signature from the commit so the detached metadata is empty,
|
|
# then pull and verify the signature is also deleted on the client side.
|
|
${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo gpg-sign --gpg-homedir=${test_tmpdir}/gpghome --delete main $keyid
|
|
${CMD_PREFIX} ostree --repo=repo pull origin main
|
|
if ${CMD_PREFIX} ostree --repo=repo show main | grep -o 'Found [[:digit:]] signature'; then
|
|
assert_not_reached
|
|
fi
|
|
|
|
rm -rf repo gnomerepo-files
|
|
libtest_cleanup_gpg
|
|
|
|
echo "ok"
|