mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-21 22:04:15 +03:00
1f3c8c5b3d
To aid debuggability, when we find a commit that isn't signed by our expected key, output a specific error message with the key. (And then add code to switch to just printing the count beyond 3 because the test suite injects 100 keys and hopefully no one ever actually does that)
53 lines
1.7 KiB
Bash
Executable File
53 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (C) 2020 Collabora Ltd.
|
|
#
|
|
# SPDX-License-Identifier: LGPL-2.0+
|
|
#
|
|
# This library is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; either
|
|
# version 2 of the License, or (at your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library; if not, write to the
|
|
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
# Boston, MA 02111-1307, USA.
|
|
|
|
set -euo pipefail
|
|
|
|
. $(dirname $0)/libtest.sh
|
|
|
|
echo "1..1"
|
|
|
|
if ! has_sign_ed25519; then
|
|
echo "ok pre-signed pull # SKIP due ed25519 unavailability"
|
|
exit 0
|
|
fi
|
|
|
|
mkdir upstream
|
|
cd upstream
|
|
tar xzf $(dirname $0)/pre-signed-pull-data.tar.gz
|
|
cd ..
|
|
|
|
pubkey='45yzbkuEok0lLabxzdAHWUDSMZgYfxU40sN+LMfYHVA='
|
|
|
|
ostree --repo=repo init --mode=archive
|
|
ostree --repo=repo remote add upstream --set=gpg-verify=false --sign-verify=ed25519=inline:${pubkey} file://$(pwd)/upstream/repo
|
|
ostree --repo=repo pull upstream:testref
|
|
|
|
wrongkey=$(gen_ed25519_random_public)
|
|
rm repo -rf
|
|
ostree --repo=repo init --mode=archive
|
|
ostree --repo=repo remote add badupstream --set=gpg-verify=false --sign-verify=ed25519=inline:${wrongkey} file://$(pwd)/upstream/repo
|
|
if ostree --repo=repo pull badupstream:testref 2>err.txt; then
|
|
fatal "pulled with wrong key"
|
|
fi
|
|
assert_file_has_content err.txt 'error:.* ed25519: Signature couldn.t be verified with: key'
|
|
echo "ok pre-signed pull"
|