diff options
author | Denis Pynkin <denis.pynkin@collabora.com> | 2019-08-28 04:21:22 +0300 |
---|---|---|
committer | Denis Pynkin <denis.pynkin@collabora.com> | 2020-03-25 15:23:54 +0300 |
commit | 36e4667973c4b17576758a9ef31d73932bb1d120 (patch) | |
tree | b0dce3b86ea5f00cf48b7e659305a85c9871e33f /tests/test-signed-commit.sh | |
parent | 94447617db1b3668a3dce77147008415e7ccde58 (diff) | |
download | ostree-36e4667973c4b17576758a9ef31d73932bb1d120.tar.gz |
builtin/sign: allow to sign with keys from secret file
Read keys from secret file provided by `--keys-file=` option.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
Diffstat (limited to 'tests/test-signed-commit.sh')
-rwxr-xr-x | tests/test-signed-commit.sh | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/tests/test-signed-commit.sh b/tests/test-signed-commit.sh index 2c547542..ce29b1e4 100755 --- a/tests/test-signed-commit.sh +++ b/tests/test-signed-commit.sh @@ -23,7 +23,7 @@ set -euo pipefail . $(dirname $0)/libtest.sh -echo "1..7" +echo "1..8" mkdir ${test_tmpdir}/repo ostree_repo_init repo --mode="archive" @@ -57,6 +57,7 @@ if ! has_libsodium; then echo "ok ed25519 signature verified # SKIP due libsodium unavailability" echo "ok multiple signing # SKIP due libsodium unavailability" echo "ok verify ed25519 keys file # SKIP due libsodium unavailability" + echo "ok sign with ed25519 keys file # SKIP due libsodium unavailability" exit 0 fi @@ -136,3 +137,17 @@ echo ${PUBLIC} >> ${PUBKEYS} ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} echo "ok verify ed25519 keys file" + +# Check ed25519 signing with secret file +echo "Unsigned commit for secret file usage" >> file.txt +${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo commit -b main -s 'Unsigned commit' +COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)" + +KEYFILE="$(mktemp -p ${test_tmpdir} secret_XXXXXX.ed25519)" +echo "${SECRET}" > ${KEYFILE} +# Sign +${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=ed25519 --keys-file=${KEYFILE} ${COMMIT} +# Verify +${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} +echo "ok sign with ed25519 keys file" + |