summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2011-12-18 14:16:30 +0100
committerPierre Schmitz <pierre@archlinux.de>2011-12-18 14:16:30 +0100
commit2b7bb0c6b7aa4f7a43c82db1cf9a18d27600c62e (patch)
tree215c7aacc2d23b6b553f8b1f1d033273fea571cd
parenta8b219b325cd642a781a64d8e08a0e66d25c1b44 (diff)
Validate package signatures on db-update
-rw-r--r--db-functions15
-rwxr-xr-xdb-update3
-rw-r--r--test/lib/common.inc29
-rwxr-xr-xtest/test.d/signed-packages.sh20
4 files changed, 62 insertions, 5 deletions
diff --git a/db-functions b/db-functions
index a3e2168..7c4a7fe 100644
--- a/db-functions
+++ b/db-functions
@@ -466,6 +466,21 @@ check_repo_permission() {
return 0
}
+check_pkgsig() {
+ local signature=$1
+ local ret=1
+ local fd="$(mktemp --tmpdir="${WORKDIR}")"
+
+ exec 4>"${fd}"
+ gpg --homedir /etc/pacman.d/gnupg/ --status-fd 4 --verify "${signature}" >/dev/null 2>&1
+ exec 4>&-
+ if grep -q TRUST_FULLY "${fd}"; then
+ ret=0
+ fi
+
+ return $ret
+}
+
set_repo_permission() {
local repo=$1
local arch=$2
diff --git a/db-update b/db-update
index 4b9c78f..60af79f 100755
--- a/db-update
+++ b/db-update
@@ -35,6 +35,9 @@ for repo in ${repos[@]}; do
if ! check_pkgfile "${pkg}"; then
die "Package ${repo}/$(basename ${pkg}) is not consistent with its meta data"
fi
+ if ${REQUIRE_SIGNATURE} && ! check_pkgsig "${pkg}.sig"; then
+ die "Package ${repo}/$(basename ${pkg}) does not have a valid signature"
+ fi
if ! check_pkgsvn "${pkg}" "${repo}"; then
die "Package ${repo}/$(basename ${pkg}) is not consistent with svn repository"
fi
diff --git a/test/lib/common.inc b/test/lib/common.inc
index a2dee10..e0e7048 100644
--- a/test/lib/common.inc
+++ b/test/lib/common.inc
@@ -3,6 +3,21 @@ set -E
. "$(dirname ${BASH_SOURCE[0]})/../../config"
. "$(dirname ${BASH_SOURCE[0]})/../../db-functions"
+signpkg() {
+ if [[ -r '/etc/makepkg.conf' ]]; then
+ source '/etc/makepkg.conf'
+ else
+ die '/etc/makepkg.conf not found!'
+ fi
+ if [[ -r ~/.makepkg.conf ]]; then
+ . ~/.makepkg.conf
+ fi
+ if [[ -n $GPGKEY ]]; then
+ SIGNWITHKEY="-u ${GPGKEY}"
+ fi
+ gpg --detach-sign --use-agent ${SIGNWITHKEY} ${@} || die
+}
+
oneTimeSetUp() {
local p
local d
@@ -110,18 +125,24 @@ releasePackage() {
local repo=$1
local pkgbase=$2
local arch=$3
+ local a
+ local p
+ local pkgver
+ local pkgname
pushd "${TMP}/svn-packages-copy"/${pkgbase}/trunk/ >/dev/null
archrelease ${repo}-${arch} >/dev/null 2&>1
pkgver=$(. PKGBUILD; echo $(get_full_version ${epoch:-0} ${pkgver} ${pkgrel}))
+ pkgname=($(. PKGBUILD; echo ${pkgname[@]}))
popd >/dev/null
cp "${pkgdir}/${pkgbase}"/*-${pkgver}-${arch}${PKGEXT} "${STAGING}"/${repo}/
if ${REQUIRE_SIGNATURE}; then
- # TODO: really sign the packages with a valid key
- find "${STAGING}"/${repo}/ -type f \
- -name "*-${pkgver}-${arch}${PKGEXT}" \
- -exec touch {}.sig \;
+ for a in ${arch[@]}; do
+ for p in ${pkgname[@]}; do
+ signpkg "${STAGING}"/${repo}/${p}-${pkgver}-${a}${PKGEXT}
+ done
+ done
fi
}
diff --git a/test/test.d/signed-packages.sh b/test/test.d/signed-packages.sh
index 5d6f4ff..20ad844 100755
--- a/test/test.d/signed-packages.sh
+++ b/test/test.d/signed-packages.sh
@@ -5,9 +5,27 @@ curdir=$(readlink -e $(dirname $0))
testAddUnsignedPackage() {
releasePackage extra 'pkg-simple-a' 'i686'
- # remove any signature
rm "${STAGING}"/extra/*.sig
../db-update >/dev/null 2>&1 && fail "db-update should fail when a signature is missing!"
}
+testAddInvalidSignedPackage() {
+ local p
+ releasePackage extra 'pkg-simple-a' 'i686'
+ for p in "${STAGING}"/extra/*${PKGEXT}; do
+ unxz $p
+ xz -0 ${p%%.xz}
+ done
+ ../db-update >/dev/null 2>&1 && fail "db-update should fail when a signature is invalid!"
+}
+
+testAddBrokenSignature() {
+ local s
+ releasePackage extra 'pkg-simple-a' 'i686'
+ for s in "${STAGING}"/extra/*.sig; do
+ echo 0 > $s
+ done
+ ../db-update >/dev/null 2>&1 && fail "db-update should fail when a signature is broken!"
+}
+
. "${curdir}/../lib/shunit2"