mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-22 17:35:55 +03:00
720e3b5f83
I did a quick audit pass through the pull code. What I focused on the most is the case where `gpg-verify-summary=true`, and in particular where `gpg-verify=false` too. This should be a valid and secure configuration. The primary change here is to error out very quickly if either `summary` or `summary.sig` are 404. Previously, we'd only error out if we were processing deltas. Expand the existing test case to cover this, plus invalid summary and invalid sig. (The test case was failing with current git master too).
106 lines
3.9 KiB
Bash
106 lines
3.9 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Copyright (C) 2014 Colin Walters <walters@verbum.org>
|
|
#
|
|
# This library is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; either
|
|
# version 2 of the License, or (at your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library; if not, write to the
|
|
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
# Boston, MA 02111-1307, USA.
|
|
|
|
set -e
|
|
|
|
. $(dirname $0)/libtest.sh
|
|
|
|
COMMIT_SIGN="--gpg-homedir=${TEST_GPG_KEYHOME} --gpg-sign=${TEST_GPG_KEYID_1}"
|
|
setup_fake_remote_repo1 "archive-z2" "${COMMIT_SIGN}"
|
|
|
|
# Now, setup multiple branches
|
|
mkdir ${test_tmpdir}/ostree-srv/other-files
|
|
cd ${test_tmpdir}/ostree-srv/other-files
|
|
echo 'hello world another object' > hello-world
|
|
ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit ${COMMIT_SIGN} -b other -s "A commit" -m "Another Commit body"
|
|
|
|
mkdir ${test_tmpdir}/ostree-srv/yet-other-files
|
|
cd ${test_tmpdir}/ostree-srv/yet-other-files
|
|
echo 'hello world yet another object' > yet-another-hello-world
|
|
ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit ${COMMIT_SIGN} -b yet-another -s "A commit" -m "Another Commit body"
|
|
|
|
ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u
|
|
|
|
prev_dir=`pwd`
|
|
cd ${test_tmpdir}
|
|
ostree --repo=repo init --mode=archive-z2
|
|
ostree --repo=repo remote add --set=gpg-verify=false origin $(cat httpd-address)/ostree/gnomerepo
|
|
ostree --repo=repo pull --mirror origin
|
|
assert_has_file repo/summary
|
|
ostree --repo=repo checkout -U main main-copy
|
|
assert_file_has_content main-copy/baz/cow "moo"
|
|
ostree --repo=repo checkout -U other other-copy
|
|
assert_file_has_content other-copy/hello-world "hello world another object"
|
|
ostree --repo=repo checkout -U yet-another yet-another-copy
|
|
assert_file_has_content yet-another-copy/yet-another-hello-world "hello world yet another object"
|
|
ostree --repo=repo fsck
|
|
echo "ok pull mirror summary"
|
|
|
|
if ! ${CMD_PREFIX} ostree --version | grep -q -e '\+gpgme'; then
|
|
exit 0;
|
|
fi
|
|
|
|
cd $prev_dir
|
|
|
|
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
|
|
|
|
repo_reinit () {
|
|
cd ${test_tmpdir}
|
|
rm -rf repo
|
|
mkdir repo
|
|
${OSTREE} --repo=repo init --mode=archive-z2
|
|
${OSTREE} --repo=repo remote add --set=gpg-verify-summary=true origin $(cat httpd-address)/ostree/gnomerepo
|
|
}
|
|
|
|
cd ${test_tmpdir}
|
|
repo_reinit
|
|
${OSTREE} --repo=repo pull origin main
|
|
echo "ok pull with signed summary"
|
|
|
|
cd ${test_tmpdir}
|
|
repo_reinit
|
|
mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{,.good}
|
|
echo invalid > ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig
|
|
if ${OSTREE} --repo=repo pull origin main 2>err.txt; then
|
|
assert_not_reached "Successful pull with invalid GPG sig"
|
|
fi
|
|
assert_file_has_content err.txt "no signatures found"
|
|
mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.good,}
|
|
echo "ok pull with invalid summary gpg signature fails"
|
|
|
|
cd ${test_tmpdir}
|
|
repo_reinit
|
|
cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{,.good}
|
|
# Some leading garbage
|
|
(echo invalid && cat ${test_tmpdir}/ostree-srv/gnomerepo/summary) > summary.bad.tmp && mv summary.bad.tmp ${test_tmpdir}/ostree-srv/gnomerepo/summary
|
|
if ${OSTREE} --repo=repo pull origin main; then
|
|
assert_not_reached "Successful pull with invalid summary"
|
|
fi
|
|
mv ${test_tmpdir}/ostree-srv/gnomerepo/summary{.good,}
|
|
echo "ok pull with invalid summary (leading garbage) fails"
|
|
|
|
# Generate a delta
|
|
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo static-delta generate --empty main
|
|
${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
|
|
|
|
cd ${test_tmpdir}
|
|
repo_reinit
|
|
${OSTREE} --repo=repo pull origin main
|
|
echo "ok pull delta with signed summary"
|