| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the dual of https://github.com/ostreedev/ostree/pull/2129/commits/1f3c8c5b3de978f6e069c24938967f823cce7ee8
where we output more detail when signapi fails to validate.
Extend the API to return a string for success, which we output
to stdout.
This will help the test suite *and* end users validate that the expected
thing is happening.
In order to make this cleaner, split the "verified commit" set
in the pull code into GPG and signapi verified sets, and have
the signapi verified set contain the verification string.
We're not doing anything with the verification string in the
pull code *yet* but I plan to add something like
`ostree pull --verbose` which would finally print this.
|
|
|
|
|
|
|
|
|
|
| |
To aid debuggability, when we find a commit that isn't signed
by our expected key, output a specific error message with the
key.
(And then add code to switch to just printing the count beyond 3
because the test suite injects 100 keys and hopefully no one
ever actually does that)
|
|
|
|
|
|
|
|
|
|
| |
Commit e474033e removed the redirection of incorrect public keys
aimed to generate a lot of files without correct public signature.
Fix the test by returning back the creation of files containing
incorrect public keys for ed25519.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
|
|
|
|
|
|
|
|
| |
`libsodium` is an implementation detail. In particular, I'd like
to consider using OpenSSL for ed25519 (if libsodium isn't configured
and openssl is).
So switch the name of the exposed feature and adjust the tests.
|
|
|
|
|
| |
I don't want to even have to think about people using
this in production.
|
|
|
|
|
|
| |
Switch to library functions usage.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
|
|
|
|
|
|
|
|
| |
Extend the ed25519 tests with checking the system-wide directory
keys loading code(with the help of redefinition).
Added test of ed25519 revoking keys mechanism.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
|
|
|
|
|
|
|
| |
`ostree sign` is able to use several public keys provided via arguments
and via file with keys.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
|
|
|
|
|
|
| |
Read keys from secret file provided by `--keys-file=` option.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
|
|
|
|
|
|
|
| |
Test ed25519 public keys load from file and verify signed commit
against that file.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
|
|
|
|
|
|
|
|
|
|
|
| |
API changes:
- added function `ostree_sign_add_pk()` for multiple public keys using.
- `ostree_sign_set_pk()` now substitutes all previously added keys.
- added function `ostree_sign_load_pk()` allowed to load keys from file.
- `ostree_sign_ed25519_load_pk()` able to load the raw keys list from file.
- use base64 encoded public and private ed25519 keys for CLI and keys file.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
|
|
Add tests checking:
- sign mechanism is in working state
- module 'dummy' is able to sign/verify commit
- module 'ed25519' is able to sign/verify commit
- both modules could be used for the same commit
- 'ostree sign' builtin works with commits
- 'ostree commit' builtin able to sign commits
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
|