projects / ostree.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8baee5c)
Only enable "dummy" signature type with opt-in env variable
authorColin Walters <walters@verbum.org>
Tue, 14 Apr 2020 22:18:13 +0000 (22:18 +0000)
committerColin Walters <walters@verbum.org>
Tue, 14 Apr 2020 22:18:13 +0000 (22:18 +0000)
I don't want to even have to think about people using
this in production.

src/libostree/ostree-sign-dummy.c patch | blob | history
tests/test-signed-commit.sh patch | blob | history
tests/test-signed-pull-summary.sh patch | blob | history
tests/test-signed-pull.sh patch | blob | history

diff --git a/src/libostree/ostree-sign-dummy.c b/src/libostree/ostree-sign-dummy.c
index 722d461b0e36de4f4ccf1b126a69dd3f4fb86780..82575dc556bb3c94b619593c782cdfbfeae9015d 100644 (file)
--- a/src/libostree/ostree-sign-dummy.c
+++ b/src/libostree/ostree-sign-dummy.c
@@ -53,6 +53,14 @@ ostree_sign_dummy_iface_init (OstreeSignInterface *self);
 G_DEFINE_TYPE_WITH_CODE (OstreeSignDummy, _ostree_sign_dummy, G_TYPE_OBJECT,
         G_IMPLEMENT_INTERFACE (OSTREE_TYPE_SIGN, ostree_sign_dummy_iface_init));
 
+static gboolean
+check_dummy_sign_enabled (GError **error)
+{
+  if (g_strcmp0 (g_getenv ("OSTREE_DUMMY_SIGN_ENABLED"), "1") != 0)
+    return glnx_throw (error, "dummy signature type is only for ostree testing");
+  return TRUE;
+}
+
 static void
 ostree_sign_dummy_iface_init (OstreeSignInterface *self)
 {
@@ -83,6 +91,8 @@ _ostree_sign_dummy_init (OstreeSignDummy *self)
 
 gboolean ostree_sign_dummy_set_sk (OstreeSign *self, GVariant *key, GError **error)
 {
+  if (!check_dummy_sign_enabled (error))
+    return FALSE;
 
   OstreeSignDummy *sign =  _ostree_sign_dummy_get_instance_private(OSTREE_SIGN_DUMMY(self));
 
@@ -95,7 +105,6 @@ gboolean ostree_sign_dummy_set_sk (OstreeSign *self, GVariant *key, GError **err
 
 gboolean ostree_sign_dummy_set_pk (OstreeSign *self, GVariant *key, GError **error)
 {
-
   OstreeSignDummy *sign =  _ostree_sign_dummy_get_instance_private(OSTREE_SIGN_DUMMY(self));
 
   g_free(sign->pk_ascii);
@@ -111,6 +120,8 @@ gboolean ostree_sign_dummy_data (OstreeSign *self,
                                  GCancellable *cancellable,
                                  GError **error)
 {
+  if (!check_dummy_sign_enabled (error))
+    return FALSE;
 
   g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
 
@@ -145,6 +156,9 @@ gboolean ostree_sign_dummy_data_verify (OstreeSign *self,
                                             GVariant   *signatures,
                                             GError     **error)
 {
+  if (!check_dummy_sign_enabled (error))
+    return FALSE;
+
   g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
   g_return_val_if_fail (data != NULL, FALSE);
 
diff --git a/tests/test-signed-commit.sh b/tests/test-signed-commit.sh
index 6730a6df4341dce07ee68f2439deaad85ff8633a..3ac3f3c13ad0898005506e72faad41e9ff9fc6a5 100755 (executable)
--- a/tests/test-signed-commit.sh
+++ b/tests/test-signed-commit.sh
@@ -23,7 +23,10 @@ set -euo pipefail
 
 . $(dirname $0)/libtest.sh
 
-echo "1..10"
+echo "1..11"
+
+# This is explicitly opt in for testing
+export OSTREE_DUMMY_SIGN_ENABLED=1
 
 mkdir ${test_tmpdir}/repo
 ostree_repo_init repo --mode="archive"
@@ -51,6 +54,14 @@ COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)"
 ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN}
 echo "ok commit with dummy signing"
 
+if ${CMD_PREFIX} env -u OSTREE_DUMMY_SIGN_ENABLED ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} 2>err.txt; then
+    fatal "verified dummy signature without env"
+fi
+# FIXME the error message here is broken
+#assert_file_has_content_literal err.txt 'dummy signature type is only for ostree testing'
+assert_file_has_content_literal err.txt ' No valid signatures found'
+echo "ok dummy sig requires env"
+
 # tests below require libsodium support
 if ! has_libsodium; then
     echo "ok Detached ed25519 signature # SKIP due libsodium unavailability"
diff --git a/tests/test-signed-pull-summary.sh b/tests/test-signed-pull-summary.sh
index ee731e86df4853802aa2940db1ef08774680e331..c328d2881252401ed32a0f5f1b764fd536868494 100755 (executable)
--- a/tests/test-signed-pull-summary.sh
+++ b/tests/test-signed-pull-summary.sh
@@ -27,6 +27,9 @@ set -euo pipefail
 
 echo "1..14"
 
+# This is explicitly opt in for testing
+export OSTREE_DUMMY_SIGN_ENABLED=1
+
 repo_reinit () {
     ARGS="$*"
     cd ${test_tmpdir}
diff --git a/tests/test-signed-pull.sh b/tests/test-signed-pull.sh
index 2c677d46fb424982899c97370ea43af709323e9e..6d1afe2918e6ca5b00d04797c4d836d94a2f25e7 100755 (executable)
--- a/tests/test-signed-pull.sh
+++ b/tests/test-signed-pull.sh
@@ -25,6 +25,8 @@ set -euo pipefail
 
 echo "1..11"
 
+# This is explicitly opt in for testing
+export OSTREE_DUMMY_SIGN_ENABLED=1
 setup_fake_remote_repo1 "archive"
 
 repo_mode="archive"
Unnamed repository; edit this file 'description' to name the repository.