summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2011-04-02 13:19:05 +0200
committerPierre Schmitz <pierre@archlinux.de>2011-04-02 13:19:05 +0200
commit1ce0c6368d0908e25f9bd1bb8183b5f29053fac8 (patch)
tree225c1d19b42c5b4a5d9319adb49bfece95a49952 /test
parenta7b293ad4d819fa77592818af27f7c2a3b9b2ca4 (diff)
Add simple checks for handling signed packages
In addition to this dbscripts wont accept unsigned pacakges when REQUIRE_SIGNATURE is set to true. Note: At this point no signature verification is performed at all.
Diffstat (limited to 'test')
-rw-r--r--test/lib/common.inc30
-rwxr-xr-xtest/test.d/signed-packages.sh13
2 files changed, 42 insertions, 1 deletions
diff --git a/test/lib/common.inc b/test/lib/common.inc
index 2cf2769..eb46508 100644
--- a/test/lib/common.inc
+++ b/test/lib/common.inc
@@ -95,6 +95,7 @@ setUp() {
TMPDIR="${TMP}/tmp"
CLEANUP_DRYRUN=false
SOURCE_CLEANUP_DRYRUN=false
+ REQUIRE_SIGNATURE=true
eot
. "$(dirname ${BASH_SOURCE[0]})/../../config"
}
@@ -115,6 +116,13 @@ releasePackage() {
pkgver=$(. PKGBUILD; echo $(get_full_version ${epoch:-0} ${pkgver} ${pkgrel}))
popd >/dev/null
cp "${pkgdir}/${pkgbase}"/*-${pkgver}-${arch}${PKGEXT} "${STAGING}"/${repo}/
+
+ if ${REQUIRE_SIGNATURE}; then
+ # TODO: really sign the packages with a valid key
+ find "${STAGING}"/${repo}/ -type f \
+ -name "*-${pkgver}-${arch}${PKGEXT}" \
+ -exec touch {}.sig \;
+ fi
}
checkAnyPackage() {
@@ -124,13 +132,23 @@ checkAnyPackage() {
local db
[ -r "${FTP_BASE}/${PKGPOOL}/${pkg}" ] || fail "${PKGPOOL}/${pkg} not found"
+ if ${REQUIRE_SIGNATURE}; then
+ [ -r "${FTP_BASE}/${PKGPOOL}/${pkg}.sig" ] || fail "${PKGPOOL}/${pkg}.sig not found"
+ fi
for arch in i686 x86_64; do
- [ -L "${FTP_BASE}/${repo}/os/${arch}/${pkg}" ] || fail "${repo}/os/${arch}/${pkg} not a symlink"
+ [ -L "${FTP_BASE}/${repo}/os/${arch}/${pkg}" ] || fail "${repo}/os/${arch}/${pkg} is not a symlink"
[ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}")" == "${FTP_BASE}/${PKGPOOL}/${pkg}" ] \
|| fail "${repo}/os/${arch}/${pkg} does not link to ${PKGPOOL}/${pkg}"
+
+ if ${REQUIRE_SIGNATURE}; then
+ [ -L "${FTP_BASE}/${repo}/os/${arch}/${pkg}.sig" ] || fail "${repo}/os/${arch}/${pkg}.sig is not a symlink"
+ [ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}.sig")" == "${FTP_BASE}/${PKGPOOL}/${pkg}.sig" ] \
+ || fail "${repo}/os/${arch}/${pkg}.sig does not link to ${PKGPOOL}/${pkg}.sig"
+ fi
done
[ -r "${STAGING}"/${repo}/${pkg} ] && fail "${repo}/${pkg} found in staging dir"
+ [ -r "${STAGING}"/${repo}/${pkg}.sig ] && fail "${repo}/${pkg}.sig found in staging dir"
for db in ${DBEXT} ${FILESEXT}; do
( [ -r "${FTP_BASE}/${repo}/os/${arch}/${repo}${db%.tar.*}" ] \
@@ -139,6 +157,7 @@ checkAnyPackage() {
done
[ -r "${FTP_BASE}/${repo}/os/any/${pkg}" ] && fail "${repo}/os/any/${pkg} should not exist"
+ [ -r "${FTP_BASE}/${repo}/os/any/${pkg}.sig" ] && fail "${repo}/os/any/${pkg}.sig should not exist"
}
checkPackage() {
@@ -154,6 +173,15 @@ checkPackage() {
[ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}")" == "${FTP_BASE}/${PKGPOOL}/${pkg}" ] \
|| fail "${repo}/os/${arch}/${pkg} does not link to ${PKGPOOL}/${pkg}"
+ if ${REQUIRE_SIGNATURE}; then
+ [ -r "${FTP_BASE}/${PKGPOOL}/${pkg}.sig" ] || fail "${PKGPOOL}/${pkg}.sig not found"
+ [ -L "${FTP_BASE}/${repo}/os/${arch}/${pkg}.sig" ] || fail "${repo}/os/${arch}/${pkg}.sig is not a symlink"
+ [ -r "${STAGING}"/${repo}/${pkg}.sig ] && fail "${repo}/${pkg}.sig found in staging dir"
+
+ [ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}.sig")" == "${FTP_BASE}/${PKGPOOL}/${pkg}.sig" ] \
+ || fail "${repo}/os/${arch}/${pkg}.sig does not link to ${PKGPOOL}/${pkg}.sig"
+ fi
+
for db in ${DBEXT} ${FILESEXT}; do
( [ -r "${FTP_BASE}/${repo}/os/${arch}/${repo}${db%.tar.*}" ] \
&& bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${db%.tar.*}" -O | grep -q ${pkg}) \
diff --git a/test/test.d/signed-packages.sh b/test/test.d/signed-packages.sh
new file mode 100755
index 0000000..5d6f4ff
--- /dev/null
+++ b/test/test.d/signed-packages.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+curdir=$(readlink -e $(dirname $0))
+. "${curdir}/../lib/common.inc"
+
+testAddUnsignedPackage() {
+ releasePackage extra 'pkg-simple-a' 'i686'
+ # remove any signature
+ rm "${STAGING}"/extra/*.sig
+ ../db-update >/dev/null 2>&1 && fail "db-update should fail when a signature is missing!"
+}
+
+. "${curdir}/../lib/shunit2"