Tests for signing metadata
This commit is contained in:
parent
a1481cb285
commit
d785e7e483
@ -4,3 +4,4 @@ test_suite("xbps-rindex")
|
|||||||
atf_test_program{name="add_test"}
|
atf_test_program{name="add_test"}
|
||||||
atf_test_program{name="clean_test"}
|
atf_test_program{name="clean_test"}
|
||||||
atf_test_program{name="remove_test"}
|
atf_test_program{name="remove_test"}
|
||||||
|
atf_test_program{name="sign_test"}
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
TOPDIR = ../../..
|
TOPDIR = ../../..
|
||||||
-include $(TOPDIR)/config.mk
|
-include $(TOPDIR)/config.mk
|
||||||
|
|
||||||
TESTSHELL = add_test clean_test remove_test
|
TESTSHELL = add_test clean_test remove_test sign_test
|
||||||
TESTSSUBDIR = xbps/xbps-rindex
|
TESTSSUBDIR = xbps/xbps-rindex
|
||||||
EXTRA_FILES = Kyuafile
|
EXTRA_FILES = Kyuafile
|
||||||
|
|
||||||
|
@ -0,0 +1,12 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||||
|
<plist version="1.0">
|
||||||
|
<dict>
|
||||||
|
<key>public-key</key>
|
||||||
|
<data>LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUF0WlRZM3ZpT1k2a1JLRTlXVnROdwpVTFVpTmV1ZSs3M1doS2hENGtDRFo3aDdLUkxGbGdvZ2p3dHdRbWN5UDRieHVXVDZjSkcyRVRDSE1tSEFFaHZqCmlaNks4d3gwSXRiZ1cxMjEvcllpbkdTTjJQbXRmUWJLV1QyeUF2aEJVUU1SRm52YjNWT1BkRitKSW45ckVWSFUKMVJMREdHNnh1SzBSZjBiazQ1Rkp4TUV1YUVNTEQ0OHJGYUlMU0JYRmI0QjBWV01vNjVhemxldkJ6QjZMdkpibwpMOUo2MERIQzdja3BRTTB1OXRkWGs3clRUMEJ4N2RTY0R5aVhGQXJhZ2cxNkE5Nm5yMjE1NDN2TFZnNTQxQTJBCkhheGJkZ1FENjM0ZzdlWXNQOFRsK1c1OXdPS09CTUt1Z2ZrYjB0ZEIwbnI2MXgwdUt3OXh0ak05YTFwS0VTZkYKeHhMZFR6bkdvWDRWYlU2Z2JLVStIb1AyVWRJZFZwUDZOZit4dHhtSkdMY2J4MWtNSEFaTmQvMUxBa0c5ZG1EMgpVdWRDcjlBWEhEQTFiUGFLN3k5bE85bCtkN29CZGtJTU5UZW4za0VLS2ZEQVpaT1NONmhHU2tzOU5JN3ZrOUM5CmFoZVhFemFNZWoxZHRsQ0EzM1Y3dlh3KzZsaUdscDVYY1M0bnJoZjg3MG9WOFcyS0VIbVozeTZqYzBGMDBRMHcKVXRaREM3RGpOWlJwSStCWFRJdkYvWEFxWlB6UVViR3A0cVltbFdsRW1qQWJKOXYrQUZIMTJDZU9aTE1KSWVIVApJeWM1NTRLTGVmK3N3bDR4K1BFWVFvSFFEKzUxWnpaaDdOdW9ad0hDZFZzcm5QTHc0VnZwR1F0SW55Qll0Q0luCm1vRUNhaFg4ZTgvMndmNGZFVUdCUVBrQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=</data>
|
||||||
|
<key>public-key-size</key>
|
||||||
|
<integer>4096</integer>
|
||||||
|
<key>signature-by</key>
|
||||||
|
<string>Void Linux</string>
|
||||||
|
</dict>
|
||||||
|
</plist>
|
51
tests/xbps/xbps-rindex/data/id_xbps
Normal file
51
tests/xbps/xbps-rindex/data/id_xbps
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIJKQIBAAKCAgEAtZTY3viOY6kRKE9WVtNwULUiNeue+73WhKhD4kCDZ7h7KRLF
|
||||||
|
lgogjwtwQmcyP4bxuWT6cJG2ETCHMmHAEhvjiZ6K8wx0ItbgW121/rYinGSN2Pmt
|
||||||
|
fQbKWT2yAvhBUQMRFnvb3VOPdF+JIn9rEVHU1RLDGG6xuK0Rf0bk45FJxMEuaEML
|
||||||
|
D48rFaILSBXFb4B0VWMo65azlevBzB6LvJboL9J60DHC7ckpQM0u9tdXk7rTT0Bx
|
||||||
|
7dScDyiXFAragg16A96nr21543vLVg541A2AHaxbdgQD634g7eYsP8Tl+W59wOKO
|
||||||
|
BMKugfkb0tdB0nr61x0uKw9xtjM9a1pKESfFxxLdTznGoX4VbU6gbKU+HoP2UdId
|
||||||
|
VpP6Nf+xtxmJGLcbx1kMHAZNd/1LAkG9dmD2UudCr9AXHDA1bPaK7y9lO9l+d7oB
|
||||||
|
dkIMNTen3kEKKfDAZZOSN6hGSks9NI7vk9C9aheXEzaMej1dtlCA33V7vXw+6liG
|
||||||
|
lp5XcS4nrhf870oV8W2KEHmZ3y6jc0F00Q0wUtZDC7DjNZRpI+BXTIvF/XAqZPzQ
|
||||||
|
UbGp4qYmlWlEmjAbJ9v+AFH12CeOZLMJIeHTIyc554KLef+swl4x+PEYQoHQD+51
|
||||||
|
ZzZh7NuoZwHCdVsrnPLw4VvpGQtInyBYtCInmoECahX8e8/2wf4fEUGBQPkCAwEA
|
||||||
|
AQKCAgBMXBP3cD8w2eBFO1frm28YAZQpaLSq2OJlVv11H/wimgnw89vzhL68aOsE
|
||||||
|
gbE31d/BPx2ySRRvliDEpybGdsPxE6MLIqmUHRisU3Q9cQqNChw8qoKymTBu5ur9
|
||||||
|
JLkTAF8nPV7wbDtfjO12fG7iEa+XCxTQKXzDVMSO6ZlHuclz3GlPnyH/oQ1VQ5fK
|
||||||
|
8Jzejv5dCh4jNHTBDyuoUxAgdrWdpr3O355BsN6QSbj+RQCnN2G1ajx+73HRThh6
|
||||||
|
bTYGivRMvE14EGm5qE2SGvPk+OhvkhPERVwApEHkyW7CQmMTyctIWf2vMs+ACOoS
|
||||||
|
eENN6DmkTLklkpEXNeUWSBntrPQWVfN2vRJJ6qxxl7Ma8Au16BZycauq4iSVp1BC
|
||||||
|
ZFk99qTbi77qNW+ryP/RKSn07k8l2oN4NyF185pCAPrwTYHdXRS6O0bC1ysTT7zI
|
||||||
|
Md1eshoyl7uFI5AaVxOntA+5f8Uw9ZT3y9gz5ZU9k+mDhhw4+MJb3yilN++Y1saT
|
||||||
|
ZywWf9e8vMTpJ72r22ha60g4W3yLrKgtM1QMvsrlonJe9NZXIJIXruzMwabWPAP6
|
||||||
|
UeSVU8aVR9PAVWcy4eDdRsMYPRUoVhxQyGfWuOxLSd2SyiyWHWa5jUq4woNQvdS5
|
||||||
|
n5TGsJmHs0MLxBJUxvS6J3juWvxrYHLFNKp6zcztNWbyFJfegQKCAQEA4J6r0M3w
|
||||||
|
RfxWOYCLlCLEICVB/GKXlu9dZhaE0nmvMIYCjpUPyLRBxgCdHvhxQ8sva6tOVAUF
|
||||||
|
lqmmVCw8ugUhCfB7NP1i3BB6hnsafFml9Wf36Ie2IuivcG1ij2q8tErC88cz3Mhh
|
||||||
|
WjubXQLXhRua7Gr6Wj6AO1LO3JsLOVw3nRHtFEXEVkNoodyO3k7ljKfttXapEXRi
|
||||||
|
RGIxlfTStYOQXYC5RF6gQsryK7sZpHHi8atGJpH00hWkbLmTSgxctv/qZvTHlo7D
|
||||||
|
NlSYMBGj+tHWS4+kWjRkGpowQwKsBk9MHO1wwgJX+pL0wlQsCY2WA0bsi0ocUzE+
|
||||||
|
/lVAOou+5gOMNQKCAQEAzvLyUqsyGhd9cawBI8V4FDCHBynfVXoXSC5jzMkXyP4U
|
||||||
|
mEhTUMDO1/2vvAsc0Qlc6NDMK6apigNdKE5WPCLYnBy+UlOuDtYa5e88dhduNrYX
|
||||||
|
JxU8WKgCYIPi3ofC1DrpxU7kxIzjCFouL9dIhLOrLDiC0SIS9o3g5zdhuFzRuOv4
|
||||||
|
3O4Kxpvo+muUeDkh7/QBK1CRCMsxXQjpZeEplr/AT5YM6MdWyd4yg4odagaXgosk
|
||||||
|
028XFMxuy/ZXBiadx/EeVybQ9cpW6zO2pPDg5CYrUf+0ltCsMNi5Pd0FxeMDvZvz
|
||||||
|
JoC28NkRsgQeaQbPKpfLyZi+WMFu+dXeL0mJPXOSNQKCAQEAzHI/ys8XSmwyAyao
|
||||||
|
ZM38G5It7E3E0mHObjRC8txFA/KF80dj1XeUgmdem6jgVydiYyrKIZlsi8Sgmu6k
|
||||||
|
21/9wXE8g2+6grkQ/MShx9tFPghC0khsFHwb60X0trsdRTDjH0YKQ4OzcJDeiZsj
|
||||||
|
lYkZyuRYOLm4t8ZYeN06KxxvliyR0Kjr2uSCIQmClH/VWeAjcc6udi+rnbiOj4IG
|
||||||
|
I6a7SQ/4EW3bis/z+q/S2CW8veD5+fNRlcKTJU8H7BcycHKg5NMZs0UAE7yNxPrZ
|
||||||
|
eVtzJNV6b4xOLRR4pxWQhDG7An1v63Z8o5sM4rAAYTWY/CSa+vEatPIW9yGbU26M
|
||||||
|
9Aj4nQKCAQEAgI7big9faGX/P4Yijx40ohYjS4fvfSIDJIvs42JorCtqj88eMqQT
|
||||||
|
2ol1idM9a33tgZNzwgoed+XvEQLY/zKGbTRN5sak8gJ/Yydi39leVg54A4dlnY2B
|
||||||
|
LIPBg4vCtCSE5FVGN/NtddrPpliObCFQzH+uhEwui4tHk1sMEYNXpRCx4Ezf1NE1
|
||||||
|
wZri+GxFcNKbh1TdRCE14R2QIAHn3AXyaX5FNrXebDjkGGLMMvk1VZsqnU39gKYe
|
||||||
|
jgXRubhze6mFt44dcRLpO+M8KuqYSiKL9rxqauXmkdGQAaYz1+JWiItAWULMYoH2
|
||||||
|
RCfa3FOmjkcOCYYhePFxBzKce7Oq1cndoQKCAQAT4a/uLfmVvZwPOf4vYhm+tqEk
|
||||||
|
dwibC7bHT/gEtZEAcIvDuNEeRp62dCQlqs4g9pXU/Cj7BTIS7QtQ2WM+dBhcf9Mm
|
||||||
|
3UX5msEVwaGuSBvLf6aZ/FZAqT6mnX+JYN7Er+zWbMVYkS2So0XVf+LRcKhJYR/b
|
||||||
|
NJ29CPY8hvSS5IoCeoxiUBIWRWETv4dLSxM0ND012+PxsY0eYV/4jM5T0JpCrvZi
|
||||||
|
ugb+FxtJgO5IdVg4faWCRcUYrODh1aqrS0et+LkuccvEqsw1gWbeQUMGtMN0FNs4
|
||||||
|
cYAo45EPUFXEGwzeJlqjeXt6aX7t9hm/BxJ9hzW0EP2fkYokSmu2ohVqb8XF
|
||||||
|
-----END RSA PRIVATE KEY-----
|
85
tests/xbps/xbps-rindex/sign_test.sh
Normal file
85
tests/xbps/xbps-rindex/sign_test.sh
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
#! /usr/bin/env atf-sh
|
||||||
|
# Test that xbps-rindex(1) signing repo metadata works as expected.
|
||||||
|
|
||||||
|
get_resources() {
|
||||||
|
mkdir -p root/var/db/xbps/keys
|
||||||
|
mkdir -p /var/db/xbps/keys
|
||||||
|
cp $(atf_get_srcdir)/data/id_xbps .
|
||||||
|
cp $(atf_get_srcdir)/data/bd:75:21:4e:40:06:97:5e:72:31:40:6e:9e:08:a8:ae.plist root/var/db/xbps/keys
|
||||||
|
cp $(atf_get_srcdir)/data/bd:75:21:4e:40:06:97:5e:72:31:40:6e:9e:08:a8:ae.plist /var/db/xbps/keys
|
||||||
|
}
|
||||||
|
|
||||||
|
atf_test_case sign
|
||||||
|
|
||||||
|
sign_head() {
|
||||||
|
atf_set "descr" "xbps-rindex(1) signing test"
|
||||||
|
}
|
||||||
|
|
||||||
|
sign_body() {
|
||||||
|
get_resources
|
||||||
|
# make pkg
|
||||||
|
mkdir -p some_repo pkg_A
|
||||||
|
touch pkg_A/file00
|
||||||
|
cd some_repo
|
||||||
|
xbps-create -A noarch -n foo-1.0_1 -s "foo pkg" ../pkg_A
|
||||||
|
atf_check_equal $? 0
|
||||||
|
# make repodata
|
||||||
|
xbps-rindex -a $PWD/*.xbps
|
||||||
|
atf_check_equal $? 0
|
||||||
|
repodata=$(ls *-repodata)
|
||||||
|
atf_check_equal $(tar tf $repodata | wc -l) 2
|
||||||
|
# sign repodata
|
||||||
|
xbps-rindex -s $PWD --signedby test --privkey ../id_xbps
|
||||||
|
atf_check_equal $? 0
|
||||||
|
atf_check_equal $(tar tf $repodata | wc -l) 3
|
||||||
|
# update pkg
|
||||||
|
xbps-create -A noarch -n foo-1.1_1 -s "foo pkg" ../pkg_A
|
||||||
|
atf_check_equal $? 0
|
||||||
|
# update repodata
|
||||||
|
xbps-rindex -a $PWD/*.xbps --privkey ../id_xbps
|
||||||
|
atf_check_equal $? 0
|
||||||
|
atf_check_equal $(tar tf $repodata | wc -l) 3
|
||||||
|
}
|
||||||
|
|
||||||
|
atf_test_case verify
|
||||||
|
|
||||||
|
verify_head() {
|
||||||
|
atf_set "descr" "xbps-rindex(1) verifying test"
|
||||||
|
}
|
||||||
|
|
||||||
|
verify_body() {
|
||||||
|
get_resources
|
||||||
|
# make pkg
|
||||||
|
mkdir -p some_repo pkg_A
|
||||||
|
touch pkg_A/file00
|
||||||
|
cd some_repo
|
||||||
|
xbps-create -A noarch -n foo-1.0_1 -s "foo pkg" ../pkg_A
|
||||||
|
atf_check_equal $? 0
|
||||||
|
# make repodata
|
||||||
|
xbps-rindex -a $PWD/*.xbps
|
||||||
|
atf_check_equal $? 0
|
||||||
|
repodata=$(ls *-repodata)
|
||||||
|
# sign repodata
|
||||||
|
xbps-rindex -s $PWD --signedby test --privkey ../id_xbps
|
||||||
|
atf_check_equal $? 0
|
||||||
|
# verify signature
|
||||||
|
xbps-install -nid --repository=$PWD foo 2>&1 | grep -q "some_repo/$repodata' signature passed."
|
||||||
|
atf_check_equal $? 0
|
||||||
|
# modify what is signed
|
||||||
|
tar tf $repodata
|
||||||
|
mkdir repodata
|
||||||
|
cd repodata
|
||||||
|
tar xf ../$repodata
|
||||||
|
sed -i -e 's:string>test<:string>stranger<:' index-meta.plist
|
||||||
|
tar cf ../$repodata index.plist index-meta.plist index-meta.plist.sig
|
||||||
|
atf_check_equal $? 0
|
||||||
|
cd ..
|
||||||
|
# verify wrong signature
|
||||||
|
xbps-install -nid --repository=$PWD foo 2>&1 | grep -q "some_repo/$repodata' signature failed. Taking safe part."
|
||||||
|
atf_check_equal $? 0
|
||||||
|
}
|
||||||
|
|
||||||
|
atf_init_test_cases() {
|
||||||
|
atf_add_test_case sign
|
||||||
|
atf_add_test_case verify
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user