diff options
author | Colin Walters <walters@verbum.org> | 2015-06-27 12:00:49 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2015-06-27 12:04:18 -0400 |
commit | 720e3b5f834056d3fa978f84c85cdf15274d5c75 (patch) | |
tree | 37b2a0ff3f4b813c8b0ccb591e5b3649c3e06ed4 /tests/test-pull-summary-sigs.sh | |
parent | 3737b9851ae1e35ff1f5344625a0f50940fddad6 (diff) | |
download | ostree-720e3b5f834056d3fa978f84c85cdf15274d5c75.tar.gz |
pull: Error if gpg=true and summary is 404, add more tests
I did a quick audit pass through the pull code. What I focused on the
most is the case where `gpg-verify-summary=true`, and in particular
where `gpg-verify=false` too. This should be a valid and secure
configuration.
The primary change here is to error out very quickly if either
`summary` or `summary.sig` are 404. Previously, we'd only error out
if we were processing deltas.
Expand the existing test case to cover this, plus invalid summary and
invalid sig. (The test case was failing with current git master too).
Diffstat (limited to 'tests/test-pull-summary-sigs.sh')
-rw-r--r-- | tests/test-pull-summary-sigs.sh | 40 |
1 files changed, 32 insertions, 8 deletions
diff --git a/tests/test-pull-summary-sigs.sh b/tests/test-pull-summary-sigs.sh index a57a9eb1..b0acf460 100644 --- a/tests/test-pull-summary-sigs.sh +++ b/tests/test-pull-summary-sigs.sh @@ -60,22 +60,46 @@ cd $prev_dir ${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN} +repo_reinit () { + cd ${test_tmpdir} + rm -rf repo + mkdir repo + ${OSTREE} --repo=repo init --mode=archive-z2 + ${OSTREE} --repo=repo remote add --set=gpg-verify-summary=true origin $(cat httpd-address)/ostree/gnomerepo +} + cd ${test_tmpdir} -rm -rf repo -mkdir repo -${OSTREE} --repo=repo init --mode=archive-z2 -${OSTREE} --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo +repo_reinit ${OSTREE} --repo=repo pull origin main echo "ok pull with signed summary" +cd ${test_tmpdir} +repo_reinit +mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{,.good} +echo invalid > ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig +if ${OSTREE} --repo=repo pull origin main 2>err.txt; then + assert_not_reached "Successful pull with invalid GPG sig" +fi +assert_file_has_content err.txt "no signatures found" +mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.good,} +echo "ok pull with invalid summary gpg signature fails" + +cd ${test_tmpdir} +repo_reinit +cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{,.good} +# Some leading garbage +(echo invalid && cat ${test_tmpdir}/ostree-srv/gnomerepo/summary) > summary.bad.tmp && mv summary.bad.tmp ${test_tmpdir}/ostree-srv/gnomerepo/summary +if ${OSTREE} --repo=repo pull origin main; then + assert_not_reached "Successful pull with invalid summary" +fi +mv ${test_tmpdir}/ostree-srv/gnomerepo/summary{.good,} +echo "ok pull with invalid summary (leading garbage) fails" + # Generate a delta ${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo static-delta generate --empty main ${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN} cd ${test_tmpdir} -rm -rf repo -mkdir repo -${OSTREE} --repo=repo init --mode=archive-z2 -${OSTREE} --repo=repo remote add origin $(cat httpd-address)/ostree/gnomerepo +repo_reinit ${OSTREE} --repo=repo pull origin main echo "ok pull delta with signed summary" |