diff options
author | Denis Pynkin <denis.pynkin@collabora.com> | 2020-02-20 02:43:36 +0300 |
---|---|---|
committer | Denis Pynkin <denis.pynkin@collabora.com> | 2020-03-25 15:23:55 +0300 |
commit | 5a39281fbec6956e16ef17f33288f6d6b7ceb205 (patch) | |
tree | 585107e37dfa8861c3a02c248aaab2a7d31cbd21 | |
parent | e16faa58f4c3be33f073b8986cd628f18047dabd (diff) | |
download | ostree-5a39281fbec6956e16ef17f33288f6d6b7ceb205.tar.gz |
tests/sign: check pull failure with invalid remote options
Pull should to fail if no known signature available in remote's
configuration or well-known places.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
-rwxr-xr-x | tests/test-signed-pull.sh | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/tests/test-signed-pull.sh b/tests/test-signed-pull.sh index e9d1bd75..f222db4f 100755 --- a/tests/test-signed-pull.sh +++ b/tests/test-signed-pull.sh @@ -23,7 +23,7 @@ set -euo pipefail . $(dirname $0)/libtest.sh -echo "1..8" +echo "1..11" setup_fake_remote_repo1 "archive" @@ -67,6 +67,31 @@ function test_signed_pull() { DUMMYSIGN="dummysign" COMMIT_ARGS="--sign=${DUMMYSIGN} --sign-type=dummy" repo_init --set=sign-verify=true + +# Check if verification-key and verification-file options throw error with wrong keys +cd ${test_tmpdir} +${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo commit ${COMMIT_ARGS} \ + -b main -s "A signed commit" --tree=ref=main +${CMD_PREFIX} ostree --repo=ostree-srv/gnomerepo summary -u +if ${CMD_PREFIX} ostree --repo=repo pull origin main; then + assert_not_reached "pull without keys unexpectedly succeeded" +fi +echo "ok pull failure without keys preloaded" + +${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-key "somewrongkey" +if ${CMD_PREFIX} ostree --repo=repo pull origin main; then + assert_not_reached "pull with unknown key unexpectedly succeeded" +fi +echo "ok pull failure with incorrect key option" + +${CMD_PREFIX} ostree --repo=repo config unset 'remote "origin"'.verification-key +${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-file "/non/existing/file" +if ${CMD_PREFIX} ostree --repo=repo pull origin main; then + assert_not_reached "pull with unknown keys file unexpectedly succeeded" +fi +echo "ok pull failure with incorrect keys file option" + +# Test with correct dummy key ${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-key "${DUMMYSIGN}" test_signed_pull "dummy" "" |