diff options
| author | Colin Walters <walters@verbum.org> | 2020-05-15 20:43:23 +0000 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2020-05-22 19:10:32 +0000 |
| commit | 5cb9d0df38e7c24e9db999c2d4e6a76fbf758fa5 (patch) | |
| tree | 1b89d6c0905731229e3a2ae95ba72b22e250f4a8 /tests/test-signed-pull.sh | |
| parent | 8801e38bba46ed586a74b733ea2e49d06ff8afd7 (diff) | |
| download | ostree-5cb9d0df38e7c24e9db999c2d4e6a76fbf758fa5.tar.gz | |
pull: Add support for sign-verify=<list>
The goal here is to move the code towards a model
where the *client* can explicitly specify which signature types
are acceptable.
We retain support for `sign-verify=true` for backwards compatibility.
But in that configuration, a missing public key is just "no signatures found".
With `sign-verify=ed25519` and no key configured, we can
explicitly say `No keys found for required signapi type ed25519`
which is much, much clearer.
Implementation side, rather than maintaining `gboolean sign_verify` *and*
`GPtrArray sign_verifiers`, just have the array. If it's `NULL` that means
not to verify.
Note that currently, an explicit list is an OR of signatures, not AND.
In practice...I think most people are going to be using a single entry
anyways.
Diffstat (limited to 'tests/test-signed-pull.sh')
| -rwxr-xr-x | tests/test-signed-pull.sh | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/tests/test-signed-pull.sh b/tests/test-signed-pull.sh index b207eac2..fe78321a 100755 --- a/tests/test-signed-pull.sh +++ b/tests/test-signed-pull.sh @@ -23,7 +23,7 @@ set -euo pipefail . $(dirname $0)/libtest.sh -echo "1..16" +echo "1..20" # This is explicitly opt in for testing export OSTREE_DUMMY_SIGN_ENABLED=1 @@ -102,6 +102,31 @@ test_signed_pull "dummy" "" repo_init --sign-verify=dummy=inline:${DUMMYSIGN} test_signed_pull "dummy" "from remote opt" +# And now explicitly limit it to dummy +repo_init +${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.sign-verify dummy +${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-dummy-key "${DUMMYSIGN}" +test_signed_pull "dummy" "explicit value" + +# dummy, but no key configured +repo_init +${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.sign-verify dummy +if ${CMD_PREFIX} ostree --repo=repo pull origin main 2>err.txt; then + assert_not_reached "pull with nosuchsystem succeeded" +fi +assert_file_has_content err.txt 'No keys found for required signapi type dummy' +echo "ok explicit dummy but unconfigured" + +# Set it to an unknown explicit value +repo_init +${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.sign-verify nosuchsystem; +${CMD_PREFIX} ostree --repo=repo config set 'remote "origin"'.verification-dummy-key "${DUMMYSIGN}" +if ${CMD_PREFIX} ostree --repo=repo pull origin main 2>err.txt; then + assert_not_reached "pull with nosuchsystem succeeded" +fi +assert_file_has_content err.txt 'Requested signature type is not implemented' +echo "ok pull failure for unknown system" + repo_init if ${CMD_PREFIX} ostree --repo=repo remote add other --sign-verify=trustme=inline:ok http://localhost 2>err.txt; then assert_not_reached "remote add with invalid keytype succeeded" |