From: Dan Nicholson Date: Mon, 23 Aug 2021 17:09:24 +0000 (-0600) Subject: bin/remote: Rename list-gpg-keys to gpg-list-keys X-Git-Tag: archive/raspbian/2022.1-3+rpi1~1^2~4^2~2^2~12^2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=58a683f8f0a14d19d15e3b5521b9fbcc6c04a9a1;p=ostree.git bin/remote: Rename list-gpg-keys to gpg-list-keys As pointed out in the original review, `gpg-list-keys` fits better alongside the existing `gpg-import`. Changes were done with: ``` git grep -l list-gpg-keys | xargs sed -i 's/list-gpg-keys/gpg-list-keys/' for src in $(git ls-files '*list-gpg-keys*'); do dst=${src/list-gpg-keys/gpg-list-keys} git mv "$src" "$dst" done ``` --- diff --git a/Makefile-ostree.am b/Makefile-ostree.am index a5509f7c..dde10c17 100644 --- a/Makefile-ostree.am +++ b/Makefile-ostree.am @@ -105,7 +105,7 @@ ostree_SOURCES += \ if USE_GPGME ostree_SOURCES += \ src/ostree/ot-remote-builtin-gpg-import.c \ - src/ostree/ot-remote-builtin-list-gpg-keys.c \ + src/ostree/ot-remote-builtin-gpg-list-keys.c \ $(NULL) endif diff --git a/Makefile-tests.am b/Makefile-tests.am index 1997bfd8..81fe2b76 100644 --- a/Makefile-tests.am +++ b/Makefile-tests.am @@ -152,7 +152,7 @@ _installed_or_uninstalled_test_scripts = \ if USE_GPGME _installed_or_uninstalled_test_scripts += \ tests/test-remote-gpg-import.sh \ - tests/test-remote-list-gpg-keys.sh \ + tests/test-remote-gpg-list-keys.sh \ tests/test-gpg-signed-commit.sh \ tests/test-admin-gpg.sh \ $(NULL) diff --git a/bash/ostree b/bash/ostree index 32d5e317..c990462f 100644 --- a/bash/ostree +++ b/bash/ostree @@ -1381,9 +1381,9 @@ _ostree_remote() { delete delete-cookie gpg-import + gpg-list-keys list list-cookies - list-gpg-keys refs show-url summary diff --git a/man/ostree-remote.xml b/man/ostree-remote.xml index 928bf9b5..20fe0a19 100644 --- a/man/ostree-remote.xml +++ b/man/ostree-remote.xml @@ -66,7 +66,7 @@ Boston, MA 02111-1307, USA. ostree remote gpg-import OPTIONS NAME KEY-ID - ostree remote list-gpg-keys NAME + ostree remote gpg-list-keys NAME ostree remote refs NAME @@ -112,7 +112,7 @@ Boston, MA 02111-1307, USA. The gpg-import subcommand can associate GPG keys to a specific remote repository for use when pulling signed commits from that repository (if GPG verification is enabled). The - list-gpg-keys subcommand can be used to see the + gpg-list-keys subcommand can be used to see the GPG keys currently associated with a remote repository. diff --git a/src/ostree/ot-builtin-remote.c b/src/ostree/ot-builtin-remote.c index 7028eacc..3c0d9d2e 100644 --- a/src/ostree/ot-builtin-remote.c +++ b/src/ostree/ot-builtin-remote.c @@ -44,7 +44,7 @@ static OstreeCommand remote_subcommands[] = { { "gpg-import", OSTREE_BUILTIN_FLAG_NONE, ot_remote_builtin_gpg_import, "Import GPG keys" }, - { "list-gpg-keys", OSTREE_BUILTIN_FLAG_NONE, + { "gpg-list-keys", OSTREE_BUILTIN_FLAG_NONE, ot_remote_builtin_list_gpg_keys, "Show remote GPG keys" }, #endif /* OSTREE_DISABLE_GPGME */ diff --git a/src/ostree/ot-remote-builtin-gpg-list-keys.c b/src/ostree/ot-remote-builtin-gpg-list-keys.c new file mode 100644 index 00000000..84d0f1a3 --- /dev/null +++ b/src/ostree/ot-remote-builtin-gpg-list-keys.c @@ -0,0 +1,66 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * SPDX-License-Identifier: LGPL-2.0+ + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. + */ + +#include "config.h" + +#include "otutil.h" + +#include "ot-main.h" +#include "ot-dump.h" +#include "ot-remote-builtins.h" + +/* ATTENTION: + * Please remember to update the bash-completion script (bash/ostree) and + * man page (man/ostree-remote.xml) when changing the option list. + */ + +static GOptionEntry option_entries[] = { + { NULL } +}; + +gboolean +ot_remote_builtin_list_gpg_keys (int argc, + char **argv, + OstreeCommandInvocation *invocation, + GCancellable *cancellable, + GError **error) +{ + g_autoptr(GOptionContext) context = g_option_context_new ("NAME"); + g_autoptr(OstreeRepo) repo = NULL; + if (!ostree_option_context_parse (context, option_entries, &argc, &argv, + invocation, &repo, cancellable, error)) + return FALSE; + + const char *remote_name = (argc > 1) ? argv[1] : NULL; + + g_autoptr(GPtrArray) keys = NULL; + if (!ostree_repo_remote_get_gpg_keys (repo, remote_name, NULL, &keys, + cancellable, error)) + return FALSE; + + for (guint i = 0; i < keys->len; i++) + { + if (!ot_dump_gpg_key (keys->pdata[i], error)) + return FALSE; + } + + return TRUE; +} diff --git a/src/ostree/ot-remote-builtin-list-gpg-keys.c b/src/ostree/ot-remote-builtin-list-gpg-keys.c deleted file mode 100644 index 84d0f1a3..00000000 --- a/src/ostree/ot-remote-builtin-list-gpg-keys.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (C) 2015 Red Hat, Inc. - * - * SPDX-License-Identifier: LGPL-2.0+ - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place - Suite 330, - * Boston, MA 02111-1307, USA. - */ - -#include "config.h" - -#include "otutil.h" - -#include "ot-main.h" -#include "ot-dump.h" -#include "ot-remote-builtins.h" - -/* ATTENTION: - * Please remember to update the bash-completion script (bash/ostree) and - * man page (man/ostree-remote.xml) when changing the option list. - */ - -static GOptionEntry option_entries[] = { - { NULL } -}; - -gboolean -ot_remote_builtin_list_gpg_keys (int argc, - char **argv, - OstreeCommandInvocation *invocation, - GCancellable *cancellable, - GError **error) -{ - g_autoptr(GOptionContext) context = g_option_context_new ("NAME"); - g_autoptr(OstreeRepo) repo = NULL; - if (!ostree_option_context_parse (context, option_entries, &argc, &argv, - invocation, &repo, cancellable, error)) - return FALSE; - - const char *remote_name = (argc > 1) ? argv[1] : NULL; - - g_autoptr(GPtrArray) keys = NULL; - if (!ostree_repo_remote_get_gpg_keys (repo, remote_name, NULL, &keys, - cancellable, error)) - return FALSE; - - for (guint i = 0; i < keys->len; i++) - { - if (!ot_dump_gpg_key (keys->pdata[i], error)) - return FALSE; - } - - return TRUE; -} diff --git a/tests/test-remote-gpg-list-keys.sh b/tests/test-remote-gpg-list-keys.sh new file mode 100755 index 00000000..51b60084 --- /dev/null +++ b/tests/test-remote-gpg-list-keys.sh @@ -0,0 +1,152 @@ +#!/bin/bash +# +# Copyright © 2021 Endless OS Foundation LLC +# +# SPDX-License-Identifier: LGPL-2.0+ +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +set -euo pipefail + +. $(dirname $0)/libtest.sh + +# We don't want OSTREE_GPG_HOME used for most of these tests. +emptydir=${test_tmpdir}/empty +trusteddir=${OSTREE_GPG_HOME} +mkdir ${emptydir} +OSTREE_GPG_HOME=${emptydir} + +# Key listings show dates using the local timezone, so specify UTC for +# consistency. +export TZ=UTC + +# Some tests require an appropriate gpg +num_non_gpg_tests=5 +num_gpg_tests=2 +num_tests=$((num_non_gpg_tests + num_gpg_tests)) + +echo "1..${num_tests}" + +setup_test_repository "archive" + +cd ${test_tmpdir} +${OSTREE} remote add R1 http://example.com/repo + +# No remote keyring should list no keys. +${OSTREE} remote gpg-list-keys R1 > result +assert_file_empty result + +echo "ok remote no keyring" + +# Make the global keyring available and make sure there are still no +# keys found for a specified remote. +OSTREE_GPG_HOME=${trusteddir} +${OSTREE} remote gpg-list-keys R1 > result +OSTREE_GPG_HOME=${emptydir} +assert_file_empty result + +echo "ok remote with global keyring" + +# Import a key and check that it's listed +${OSTREE} remote gpg-import --keyring ${TEST_GPG_KEYHOME}/key1.asc R1 +${OSTREE} remote gpg-list-keys R1 > result +cat > expected <<"EOF" +Key: 5E65DE75AB1C501862D476347FCA23D8472CDAFA + Created: Tue Sep 10 02:29:42 2013 + UID: Ostree Tester + Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test + Direct update URL: https://test.com/.well-known/openpgpkey/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test + Subkey: CC47B2DFB520AEF231180725DF20F58B408DEA49 + Created: Tue Sep 10 02:29:42 2013 +EOF +assert_files_equal result expected + +echo "ok remote with keyring" + +# Check the global keys with no keyring +OSTREE_GPG_HOME=${emptydir} +${OSTREE} remote gpg-list-keys > result +assert_file_empty result + +echo "ok global no keyring" + +# Now check the global keys with a keyring +OSTREE_GPG_HOME=${trusteddir} +${OSTREE} remote gpg-list-keys > result +OSTREE_GPG_HOME=${emptydir} +cat > expected <<"EOF" +Key: 5E65DE75AB1C501862D476347FCA23D8472CDAFA + Created: Tue Sep 10 02:29:42 2013 + UID: Ostree Tester + Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test + Direct update URL: https://test.com/.well-known/openpgpkey/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test + Subkey: CC47B2DFB520AEF231180725DF20F58B408DEA49 + Created: Tue Sep 10 02:29:42 2013 +Key: 7B3B1020D74479687FDB2273D8228CFECA950D41 + Created: Tue Mar 17 14:00:32 2015 + UID: Ostree Tester II + Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/nnxwsxno46ap6hw7fgphp68j76egpfa9?l=test2 + Direct update URL: https://test.com/.well-known/openpgpkey/hu/nnxwsxno46ap6hw7fgphp68j76egpfa9?l=test2 + Subkey: 1EFA95C06EB1EB91754575E004B69C2560D53993 + Created: Tue Mar 17 14:00:32 2015 +Key: 7D29CF060B8269CDF63BFBDD0D15FAE7DF444D67 + Created: Tue Mar 17 14:01:05 2015 + UID: Ostree Tester III + Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/8494gyqhmrcs6gn38tn6kgjexet117cj?l=test3 + Direct update URL: https://test.com/.well-known/openpgpkey/hu/8494gyqhmrcs6gn38tn6kgjexet117cj?l=test3 + Subkey: 0E45E48CBF7B360C0E04443E0C601A7402416340 + Created: Tue Mar 17 14:01:05 2015 +EOF +assert_files_equal result expected + +echo "ok global with keyring" + +# Tests checking for expiration and revocation listings require gpg. +GPG=$(which_gpg) +if [ -z "${GPG}" ]; then + # Print a skip message per skipped test + for (( i = 0; i < num_gpg_tests; i++ )); do + echo "ok # SKIP this test requires gpg" + done +else + # The GPG private keyring in gpghome is in the older secring.gpg + # format, but we're likely using a newer gpg. Normally it's + # implicitly migrated to the newer format, but this test hasn't + # signed anything, so the private keys haven't been loaded. Force + # the migration by listing the private keys. + ${GPG} --homedir=${test_tmpdir}/gpghome -K >/dev/null + + # Expire key1, wait for it to be expired and re-import it. + ${GPG} --homedir=${test_tmpdir}/gpghome --quick-set-expire ${TEST_GPG_KEYFPR_1} seconds=1 + sleep 2 + ${GPG} --homedir=${test_tmpdir}/gpghome --armor --export ${TEST_GPG_KEYID_1} > ${test_tmpdir}/key1expired.asc + ${OSTREE} remote gpg-import --keyring ${test_tmpdir}/key1expired.asc R1 + ${OSTREE} remote gpg-list-keys R1 > result + assert_file_has_content result "^ Expired:" + + echo "ok remote expired key" + + # Revoke key1 and re-import it. + ${GPG} --homedir=${TEST_GPG_KEYHOME} --import ${TEST_GPG_KEYHOME}/revocations/key1.rev + ${GPG} --homedir=${test_tmpdir}/gpghome --armor --export ${TEST_GPG_KEYID_1} > ${test_tmpdir}/key1revoked.asc + ${OSTREE} remote gpg-import --keyring ${test_tmpdir}/key1revoked.asc R1 + ${OSTREE} remote gpg-list-keys R1 > result + assert_file_has_content result "^Key: 5E65DE75AB1C501862D476347FCA23D8472CDAFA (revoked)" + assert_file_has_content result "^ UID: Ostree Tester (revoked)" + assert_file_has_content result "^ Subkey: CC47B2DFB520AEF231180725DF20F58B408DEA49 (revoked)" + + echo "ok remote revoked key" +fi diff --git a/tests/test-remote-list-gpg-keys.sh b/tests/test-remote-list-gpg-keys.sh deleted file mode 100755 index 81699f14..00000000 --- a/tests/test-remote-list-gpg-keys.sh +++ /dev/null @@ -1,152 +0,0 @@ -#!/bin/bash -# -# Copyright © 2021 Endless OS Foundation LLC -# -# SPDX-License-Identifier: LGPL-2.0+ -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the -# Free Software Foundation, Inc., 59 Temple Place - Suite 330, -# Boston, MA 02111-1307, USA. - -set -euo pipefail - -. $(dirname $0)/libtest.sh - -# We don't want OSTREE_GPG_HOME used for most of these tests. -emptydir=${test_tmpdir}/empty -trusteddir=${OSTREE_GPG_HOME} -mkdir ${emptydir} -OSTREE_GPG_HOME=${emptydir} - -# Key listings show dates using the local timezone, so specify UTC for -# consistency. -export TZ=UTC - -# Some tests require an appropriate gpg -num_non_gpg_tests=5 -num_gpg_tests=2 -num_tests=$((num_non_gpg_tests + num_gpg_tests)) - -echo "1..${num_tests}" - -setup_test_repository "archive" - -cd ${test_tmpdir} -${OSTREE} remote add R1 http://example.com/repo - -# No remote keyring should list no keys. -${OSTREE} remote list-gpg-keys R1 > result -assert_file_empty result - -echo "ok remote no keyring" - -# Make the global keyring available and make sure there are still no -# keys found for a specified remote. -OSTREE_GPG_HOME=${trusteddir} -${OSTREE} remote list-gpg-keys R1 > result -OSTREE_GPG_HOME=${emptydir} -assert_file_empty result - -echo "ok remote with global keyring" - -# Import a key and check that it's listed -${OSTREE} remote gpg-import --keyring ${TEST_GPG_KEYHOME}/key1.asc R1 -${OSTREE} remote list-gpg-keys R1 > result -cat > expected <<"EOF" -Key: 5E65DE75AB1C501862D476347FCA23D8472CDAFA - Created: Tue Sep 10 02:29:42 2013 - UID: Ostree Tester - Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test - Direct update URL: https://test.com/.well-known/openpgpkey/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test - Subkey: CC47B2DFB520AEF231180725DF20F58B408DEA49 - Created: Tue Sep 10 02:29:42 2013 -EOF -assert_files_equal result expected - -echo "ok remote with keyring" - -# Check the global keys with no keyring -OSTREE_GPG_HOME=${emptydir} -${OSTREE} remote list-gpg-keys > result -assert_file_empty result - -echo "ok global no keyring" - -# Now check the global keys with a keyring -OSTREE_GPG_HOME=${trusteddir} -${OSTREE} remote list-gpg-keys > result -OSTREE_GPG_HOME=${emptydir} -cat > expected <<"EOF" -Key: 5E65DE75AB1C501862D476347FCA23D8472CDAFA - Created: Tue Sep 10 02:29:42 2013 - UID: Ostree Tester - Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test - Direct update URL: https://test.com/.well-known/openpgpkey/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test - Subkey: CC47B2DFB520AEF231180725DF20F58B408DEA49 - Created: Tue Sep 10 02:29:42 2013 -Key: 7B3B1020D74479687FDB2273D8228CFECA950D41 - Created: Tue Mar 17 14:00:32 2015 - UID: Ostree Tester II - Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/nnxwsxno46ap6hw7fgphp68j76egpfa9?l=test2 - Direct update URL: https://test.com/.well-known/openpgpkey/hu/nnxwsxno46ap6hw7fgphp68j76egpfa9?l=test2 - Subkey: 1EFA95C06EB1EB91754575E004B69C2560D53993 - Created: Tue Mar 17 14:00:32 2015 -Key: 7D29CF060B8269CDF63BFBDD0D15FAE7DF444D67 - Created: Tue Mar 17 14:01:05 2015 - UID: Ostree Tester III - Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/8494gyqhmrcs6gn38tn6kgjexet117cj?l=test3 - Direct update URL: https://test.com/.well-known/openpgpkey/hu/8494gyqhmrcs6gn38tn6kgjexet117cj?l=test3 - Subkey: 0E45E48CBF7B360C0E04443E0C601A7402416340 - Created: Tue Mar 17 14:01:05 2015 -EOF -assert_files_equal result expected - -echo "ok global with keyring" - -# Tests checking for expiration and revocation listings require gpg. -GPG=$(which_gpg) -if [ -z "${GPG}" ]; then - # Print a skip message per skipped test - for (( i = 0; i < num_gpg_tests; i++ )); do - echo "ok # SKIP this test requires gpg" - done -else - # The GPG private keyring in gpghome is in the older secring.gpg - # format, but we're likely using a newer gpg. Normally it's - # implicitly migrated to the newer format, but this test hasn't - # signed anything, so the private keys haven't been loaded. Force - # the migration by listing the private keys. - ${GPG} --homedir=${test_tmpdir}/gpghome -K >/dev/null - - # Expire key1, wait for it to be expired and re-import it. - ${GPG} --homedir=${test_tmpdir}/gpghome --quick-set-expire ${TEST_GPG_KEYFPR_1} seconds=1 - sleep 2 - ${GPG} --homedir=${test_tmpdir}/gpghome --armor --export ${TEST_GPG_KEYID_1} > ${test_tmpdir}/key1expired.asc - ${OSTREE} remote gpg-import --keyring ${test_tmpdir}/key1expired.asc R1 - ${OSTREE} remote list-gpg-keys R1 > result - assert_file_has_content result "^ Expired:" - - echo "ok remote expired key" - - # Revoke key1 and re-import it. - ${GPG} --homedir=${TEST_GPG_KEYHOME} --import ${TEST_GPG_KEYHOME}/revocations/key1.rev - ${GPG} --homedir=${test_tmpdir}/gpghome --armor --export ${TEST_GPG_KEYID_1} > ${test_tmpdir}/key1revoked.asc - ${OSTREE} remote gpg-import --keyring ${test_tmpdir}/key1revoked.asc R1 - ${OSTREE} remote list-gpg-keys R1 > result - assert_file_has_content result "^Key: 5E65DE75AB1C501862D476347FCA23D8472CDAFA (revoked)" - assert_file_has_content result "^ UID: Ostree Tester (revoked)" - assert_file_has_content result "^ Subkey: CC47B2DFB520AEF231180725DF20F58B408DEA49 (revoked)" - - echo "ok remote revoked key" -fi