--- /dev/null
+#!/bin/bash
+#
+# Copyright (C) 2019 Collabora Ltd.
+#
+# SPDX-License-Identifier: LGPL-2.0+
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+# Based on test-pull-summary-sigs.sh test.
+
+set -euo pipefail
+
+. $(dirname $0)/libtest.sh
+
+echo "1..14"
+
+repo_reinit () {
+ ARGS="$*"
+ cd ${test_tmpdir}
+ rm -rf repo
+ mkdir repo
+ ostree_repo_init repo --mode=archive
+ ${OSTREE} --repo=repo remote add \
+ --set=gpg-verify=false --set=gpg-verify-summary=false \
+ --set=sign-verify=false --set=sign-verify-summary=true \
+ ${ARGS} origin $(cat httpd-address)/ostree/gnomerepo
+}
+
+for engine in dummy ed25519
+do
+ case "${engine}" in
+ dummy)
+ # Tests with dummy engine
+ SIGN_KEY="dummysign"
+ PUBLIC_KEY="dummysign"
+ ;;
+ ed25519)
+ if ! has_libsodium; then
+ echo "ok ${engine} pull mirror summary # SKIP due libsodium unavailability"
+ echo "ok ${engine} pull with signed summary # SKIP due libsodium unavailability"
+ echo "ok ${engine} prune summary cache # SKIP due libsodium unavailability"
+ echo "ok ${engine} pull with signed summary and cachedir # SKIP due libsodium unavailability"
+ echo "ok ${engine} pull with invalid ${engine} summary signature fails # SKIP due libsodium unavailability"
+ echo "ok ${engine} pull delta with signed summary # SKIP due libsodium unavailability"
+
+ continue
+ fi
+ gen_ed25519_keys
+ SIGN_KEY="${ED25519SECRET}"
+ PUBLIC_KEY="${ED25519PUBLIC}"
+ ;;
+ *)
+ fatal "Unsupported engine ${engine}"
+ ;;
+ esac
+
+ COMMIT_SIGN="--sign-type=${engine} --sign=${SIGN_KEY}"
+
+ # clenup the testdir prior the next engine
+ rm -rf ${test_tmpdir}/ostree-srv ${test_tmpdir}/gnomerepo ${test_tmpdir}/httpd ${test_tmpdir}/repo ${test_tmpdir}/cachedir\
+ ${test_tmpdir}/main-copy ${test_tmpdir}/other-copy ${test_tmpdir}/yet-another-copy
+
+ setup_fake_remote_repo1 "archive" "${COMMIT_SIGN}"
+
+ # Now, setup multiple branches
+ mkdir ${test_tmpdir}/ostree-srv/other-files
+ cd ${test_tmpdir}/ostree-srv/other-files
+ echo 'hello world another object' > hello-world
+ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit ${COMMIT_SIGN} -b other -s "A commit" -m "Another Commit body"
+
+ mkdir ${test_tmpdir}/ostree-srv/yet-other-files
+ cd ${test_tmpdir}/ostree-srv/yet-other-files
+ echo 'hello world yet another object' > yet-another-hello-world
+ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo commit ${COMMIT_SIGN} -b yet-another -s "A commit" -m "Another Commit body"
+
+ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u
+
+ prev_dir=`pwd`
+ cd ${test_tmpdir}
+ ostree_repo_init repo --mode=archive
+ ${CMD_PREFIX} ostree --repo=repo remote add \
+ --set=gpg-verify=false --set=gpg-verify-summary=false \
+ --set=sign-verify=false --set=sign-verify-summary=false \
+ origin $(cat httpd-address)/ostree/gnomerepo
+ ${CMD_PREFIX} ostree --repo=repo pull --mirror origin
+ assert_has_file repo/summary
+ ${CMD_PREFIX} ostree --repo=repo checkout -U main main-copy
+ assert_file_has_content main-copy/baz/cow "moo"
+ ${CMD_PREFIX} ostree --repo=repo checkout -U other other-copy
+ assert_file_has_content other-copy/hello-world "hello world another object"
+ ${CMD_PREFIX} ostree --repo=repo checkout -U yet-another yet-another-copy
+ assert_file_has_content yet-another-copy/yet-another-hello-world "hello world yet another object"
+ ${CMD_PREFIX} ostree --repo=repo fsck
+ echo "ok ${engine} pull mirror summary"
+
+
+ cd $prev_dir
+
+ ${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
+
+ cd ${test_tmpdir}
+ repo_reinit --set=verification-key=${PUBLIC_KEY}
+ ${OSTREE} --repo=repo pull origin main
+ assert_has_file repo/tmp/cache/summaries/origin
+ assert_has_file repo/tmp/cache/summaries/origin.sig
+
+ rm repo/tmp/cache/summaries/origin
+ ${OSTREE} --repo=repo pull origin main
+ assert_has_file repo/tmp/cache/summaries/origin
+
+ echo "ok ${engine} pull with signed summary"
+
+ touch repo/tmp/cache/summaries/foo
+ touch repo/tmp/cache/summaries/foo.sig
+ ${OSTREE} --repo=repo prune
+ assert_not_has_file repo/tmp/cache/summaries/foo
+ assert_not_has_file repo/tmp/cache/summaries/foo.sig
+ assert_has_file repo/tmp/cache/summaries/origin
+ assert_has_file repo/tmp/cache/summaries/origin.sig
+ echo "ok ${engine} prune summary cache"
+
+ cd ${test_tmpdir}
+ repo_reinit --set=verification-key=${PUBLIC_KEY}
+ mkdir cachedir
+ ${OSTREE} --repo=repo pull --cache-dir=cachedir origin main
+ assert_not_has_file repo/tmp/cache/summaries/origin
+ assert_not_has_file repo/tmp/cache/summaries/origin.sig
+ assert_has_file cachedir/summaries/origin
+ assert_has_file cachedir/summaries/origin.sig
+
+ rm cachedir/summaries/origin
+ ${OSTREE} --repo=repo pull --cache-dir=cachedir origin main
+ assert_not_has_file repo/tmp/cache/summaries/origin
+ assert_has_file cachedir/summaries/origin
+
+ echo "ok ${engine} pull with signed summary and cachedir"
+
+ cd ${test_tmpdir}
+ repo_reinit --set=verification-key=${PUBLIC_KEY}
+ mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{,.good}
+ echo invalid > ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig
+ if ${OSTREE} --repo=repo pull origin main 2>err.txt; then
+ assert_not_reached "Successful pull with invalid ${engine} signature"
+ fi
+ assert_file_has_content err.txt "Can't verify summary"
+ mv ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.good,}
+ echo "ok ${engine} pull with invalid ${engine} summary signature fails"
+
+ # Generate a delta
+ ${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo static-delta generate --empty main
+ ${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
+
+ cd ${test_tmpdir}
+ repo_reinit --set=verification-key=${PUBLIC_KEY}
+ ${OSTREE} --repo=repo pull origin main
+ echo "ok ${engine} pull delta with signed summary"
+
+done
+
+if ! has_libsodium; then
+ echo "ok ${engine} pull with signed summary remote old summary # SKIP due libsodium unavailability"
+ echo "ok ${engine} pull with signed summary broken cache # SKIP due libsodium unavailability"
+ exit 0
+fi
+
+gen_ed25519_keys
+SIGN_KEY="${ED25519SECRET}"
+PUBLIC_KEY="${ED25519PUBLIC}"
+COMMIT_SIGN="--sign-type=${engine} --sign=${SIGN_KEY}"
+
+
+# Verify 'ostree remote summary' output.
+${OSTREE} --repo=repo remote summary origin > summary.txt
+assert_file_has_content summary.txt "* main"
+assert_file_has_content summary.txt "* other"
+assert_file_has_content summary.txt "* yet-another"
+grep static-deltas summary.txt > static-deltas.txt
+assert_file_has_content static-deltas.txt \
+ $(${OSTREE} --repo=repo rev-parse origin:main)
+
+## Tests for handling of cached summaries while racing with remote summary updates
+
+# Make 2 different but valid summary/signature pairs to test races with
+${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{,.1}
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{,.1}
+mkdir ${test_tmpdir}/ostree-srv/even-another-files
+cd ${test_tmpdir}/ostree-srv/even-another-files
+echo 'hello world even another object' > even-another-hello-world
+${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo commit ${COMMIT_SIGN} -b even-another -s "A commit" -m "Another Commit body"
+${OSTREE} --repo=${test_tmpdir}/ostree-srv/gnomerepo summary -u ${COMMIT_SIGN}
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{,.2}
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{,.2}
+cd ${test_tmpdir}
+
+# Reset to the old valid summary and pull to cache it
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{.1,}
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.1,}
+repo_reinit --set=verification-key=${PUBLIC_KEY}
+${OSTREE} --repo=repo pull origin main
+assert_has_file repo/tmp/cache/summaries/origin
+assert_has_file repo/tmp/cache/summaries/origin.sig
+cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2
+cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.1 >&2
+
+# Simulate a pull race where the client gets the old summary and the new
+# summary signature since it was generated on the server between the
+# requests
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.2,}
+if ${OSTREE} --repo=repo pull origin main 2>err.txt; then
+ assert_not_reached "Successful pull with old summary"
+fi
+assert_file_has_content err.txt "Can't verify summary"
+assert_has_file repo/tmp/cache/summaries/origin
+assert_has_file repo/tmp/cache/summaries/origin.sig
+cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2
+cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.1 >&2
+
+# Publish correct summary and check that subsequent pull succeeds
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{.2,}
+${OSTREE} --repo=repo pull origin main
+assert_has_file repo/tmp/cache/summaries/origin
+assert_has_file repo/tmp/cache/summaries/origin.sig
+cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.2 >&2
+cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.2 >&2
+
+echo "ok ${engine} pull with signed summary remote old summary"
+
+
+# Reset to the old valid summary and pull to cache it
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{.1,}
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.1,}
+repo_reinit --set=verification-key=${PUBLIC_KEY}
+${OSTREE} --repo=repo pull origin main
+assert_has_file repo/tmp/cache/summaries/origin
+assert_has_file repo/tmp/cache/summaries/origin.sig
+cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2
+cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.1 >&2
+
+# Simulate a broken summary cache to see if it can be recovered from.
+# Prior to commit c4c2b5eb the client would save the summary to the
+# cache before validating the signature. That would mean the cache would
+# have mismatched summary and signature and ostree would remain
+# deadlocked there until the remote published a new signature.
+#
+# First pull with OSTREE_REPO_TEST_ERROR=invalid-cache to see the
+# invalid cache is detected. Then pull again to check if it can be
+# recovered from.
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.2 repo/tmp/cache/summaries/origin
+if OSTREE_REPO_TEST_ERROR=invalid-cache ${OSTREE} --repo=repo pull origin main 2>err.txt; then
+ assert_not_reached "Should have hit OSTREE_REPO_TEST_ERROR_INVALID_CACHE"
+fi
+assert_file_has_content err.txt "OSTREE_REPO_TEST_ERROR_INVALID_CACHE"
+assert_has_file repo/tmp/cache/summaries/origin
+assert_has_file repo/tmp/cache/summaries/origin.sig
+cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.2 >&2
+cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.1 >&2
+${OSTREE} --repo=repo pull origin main
+assert_has_file repo/tmp/cache/summaries/origin
+assert_has_file repo/tmp/cache/summaries/origin.sig
+cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2
+cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.1 >&2
+
+# Publish new signature and check that subsequent pull succeeds
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary{.2,}
+cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.2,}
+${OSTREE} --repo=repo pull origin main
+assert_has_file repo/tmp/cache/summaries/origin
+assert_has_file repo/tmp/cache/summaries/origin.sig
+cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.2 >&2
+cmp repo/tmp/cache/summaries/origin.sig ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig.2 >&2
+
+echo "ok ${engine} pull with signed summary broken cache"
+
projects / ostree.git / commitdiff