shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2024-10-26 17:25:36 +03:00
Code Issues Projects Releases Wiki Activity
5f08649f51
ostree/tests/test-local-pull.sh
Colin Walters 5a47c926c1 pull: Only have API to disable signapi for local pulls 
There's a lot of historical baggage associated with GPG verification
and `ostree pull` versus `ostree pull-local`.  In particular nowadays,
if you use a `file://` remote things are transparently optimized
to e.g. use reflinks if available.

So for anyone who doesn't trust the "remote" repository, you should
really go through through the regular
`ostree remote add --sign-verify=X file://`
path for example.

Having a mechanism to say "turn on signapi verification" *without*
providing keys goes back into the "global state" debate I brought
up in https://github.com/ostreedev/ostree/issues/2080

It's just much cleaner architecturally if there is exactly one
path to find keys: from a remote config.

So here in contrast to the GPG code, for `pull-local` we explictily
disable signapi validation, and the `ostree_repo_pull()` API just
surfaces flags to disable it, not enable it.
2020-05-17 13:52:24 +00:00

118 lines
4.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# Copyright (C) 2014 Alexander Larsson <alexl@redhat.com>
#
# SPDX-License-Identifier: LGPL-2.0+
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
set -euo pipefail
# We don't want OSTREE_GPG_HOME used for these tests.
unset OSTREE_GPG_HOME
. $(dirname $0)/libtest.sh
skip_without_user_xattrs
echo "1..8"
setup_test_repository "archive"
echo "ok setup"
cd ${test_tmpdir}
mkdir repo2
ostree_repo_init repo2 --mode="bare-user"
${CMD_PREFIX} ostree --repo=repo2 pull-local repo
${CMD_PREFIX} ostree --repo=repo2 fsck
echo "ok pull-local z2 to bare-user"
mkdir repo3
ostree_repo_init repo3 --mode="archive"
${CMD_PREFIX} ostree --repo=repo3 pull-local repo2
${CMD_PREFIX} ostree --repo=repo3 fsck
echo "ok pull-local bare-user to z2"
# Verify the name + size + mode + type + symlink target + owner/group are the same
# for all checkouts
${CMD_PREFIX} ostree checkout --repo repo test2 checkout1
find checkout1 -printf '%P %s %#m %u/%g %y %l\n' | sort > checkout1.files
${CMD_PREFIX} ostree checkout --repo repo2 test2 checkout2
find checkout2 -printf '%P %s %#m %u/%g %y %l\n' | sort > checkout2.files
${CMD_PREFIX} ostree checkout --repo repo3 test2 checkout3
find checkout3 -printf '%P %s %#m %u/%g %y %l\n' | sort > checkout3.files
cmp checkout1.files checkout2.files
cmp checkout1.files checkout3.files
echo "ok checkouts same"
if has_gpgme; then
# These tests are needed GPG support
mkdir repo4
ostree_repo_init repo4 --mode="archive"
${CMD_PREFIX} ostree --repo=repo4 remote add --gpg-import ${test_tmpdir}/gpghome/key1.asc origin repo
if ${CMD_PREFIX} ostree --repo=repo4 pull-local --remote=origin --gpg-verify repo test2 2>&1; then
assert_not_reached "GPG verification unexpectedly succeeded"
fi
echo "ok --gpg-verify with no signature"
${OSTREE} gpg-sign --gpg-homedir=${TEST_GPG_KEYHOME} test2 ${TEST_GPG_KEYID_1}
mkdir repo5
ostree_repo_init repo5 --mode="archive"
${CMD_PREFIX} ostree --repo=repo5 remote add --gpg-import ${test_tmpdir}/gpghome/key1.asc origin repo
${CMD_PREFIX} ostree --repo=repo5 pull-local --remote=origin --gpg-verify repo test2
echo "ok --gpg-verify"
mkdir repo6
ostree_repo_init repo6 --mode="archive"
${CMD_PREFIX} ostree --repo=repo6 remote add --gpg-import ${test_tmpdir}/gpghome/key1.asc origin repo
if ${CMD_PREFIX} ostree --repo=repo6 pull-local --remote=origin --gpg-verify-summary repo test2 2>&1; then
assert_not_reached "GPG summary verification with no summary unexpectedly succeeded"
fi
${OSTREE} summary --update
if ${CMD_PREFIX} ostree --repo=repo6 pull-local --remote=origin --gpg-verify-summary repo test2 2>&1; then
assert_not_reached "GPG summary verification with signed no summary unexpectedly succeeded"
fi
${OSTREE} summary --update --gpg-sign=${TEST_GPG_KEYID_1} --gpg-homedir=${TEST_GPG_KEYHOME}
${CMD_PREFIX} ostree --repo=repo6 pull-local --remote=origin --gpg-verify-summary repo test2 2>&1
echo "ok --gpg-verify-summary"
else
echo "ok --gpg-verify with no signature | # SKIP due GPG unavailability"
echo "ok --gpg-verify | # SKIP due GPG unavailability"
echo "ok --gpg-verify-summary | # SKIP due GPG unavailability"
fi
mkdir repo7
ostree_repo_init repo7 --mode="archive"
${CMD_PREFIX} ostree --repo=repo7 pull-local repo
${CMD_PREFIX} ostree --repo=repo7 fsck
for src_object in `find repo/objects -name '*.filez'`; do
dst_object=${src_object/repo/repo7}
assert_files_hardlinked "$src_object" "$dst_object"
done
echo "ok pull-local z2 to z2 default hardlink"
Reference in New Issue View Git Blame Copy Permalink