From 2b7bb0c6b7aa4f7a43c82db1cf9a18d27600c62e Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Sun, 18 Dec 2011 14:16:30 +0100 Subject: Validate package signatures on db-update --- db-functions | 15 +++++++++++++++ db-update | 3 +++ test/lib/common.inc | 29 +++++++++++++++++++++++++---- test/test.d/signed-packages.sh | 20 +++++++++++++++++++- 4 files changed, 62 insertions(+), 5 deletions(-) diff --git a/db-functions b/db-functions index a3e2168..7c4a7fe 100644 --- a/db-functions +++ b/db-functions @@ -466,6 +466,21 @@ check_repo_permission() { return 0 } +check_pkgsig() { + local signature=$1 + local ret=1 + local fd="$(mktemp --tmpdir="${WORKDIR}")" + + exec 4>"${fd}" + gpg --homedir /etc/pacman.d/gnupg/ --status-fd 4 --verify "${signature}" >/dev/null 2>&1 + exec 4>&- + if grep -q TRUST_FULLY "${fd}"; then + ret=0 + fi + + return $ret +} + set_repo_permission() { local repo=$1 local arch=$2 diff --git a/db-update b/db-update index 4b9c78f..60af79f 100755 --- a/db-update +++ b/db-update @@ -35,6 +35,9 @@ for repo in ${repos[@]}; do if ! check_pkgfile "${pkg}"; then die "Package ${repo}/$(basename ${pkg}) is not consistent with its meta data" fi + if ${REQUIRE_SIGNATURE} && ! check_pkgsig "${pkg}.sig"; then + die "Package ${repo}/$(basename ${pkg}) does not have a valid signature" + fi if ! check_pkgsvn "${pkg}" "${repo}"; then die "Package ${repo}/$(basename ${pkg}) is not consistent with svn repository" fi diff --git a/test/lib/common.inc b/test/lib/common.inc index a2dee10..e0e7048 100644 --- a/test/lib/common.inc +++ b/test/lib/common.inc @@ -3,6 +3,21 @@ set -E . "$(dirname ${BASH_SOURCE[0]})/../../config" . "$(dirname ${BASH_SOURCE[0]})/../../db-functions" +signpkg() { + if [[ -r '/etc/makepkg.conf' ]]; then + source '/etc/makepkg.conf' + else + die '/etc/makepkg.conf not found!' + fi + if [[ -r ~/.makepkg.conf ]]; then + . ~/.makepkg.conf + fi + if [[ -n $GPGKEY ]]; then + SIGNWITHKEY="-u ${GPGKEY}" + fi + gpg --detach-sign --use-agent ${SIGNWITHKEY} ${@} || die +} + oneTimeSetUp() { local p local d @@ -110,18 +125,24 @@ releasePackage() { local repo=$1 local pkgbase=$2 local arch=$3 + local a + local p + local pkgver + local pkgname pushd "${TMP}/svn-packages-copy"/${pkgbase}/trunk/ >/dev/null archrelease ${repo}-${arch} >/dev/null 2&>1 pkgver=$(. PKGBUILD; echo $(get_full_version ${epoch:-0} ${pkgver} ${pkgrel})) + pkgname=($(. PKGBUILD; echo ${pkgname[@]})) popd >/dev/null cp "${pkgdir}/${pkgbase}"/*-${pkgver}-${arch}${PKGEXT} "${STAGING}"/${repo}/ if ${REQUIRE_SIGNATURE}; then - # TODO: really sign the packages with a valid key - find "${STAGING}"/${repo}/ -type f \ - -name "*-${pkgver}-${arch}${PKGEXT}" \ - -exec touch {}.sig \; + for a in ${arch[@]}; do + for p in ${pkgname[@]}; do + signpkg "${STAGING}"/${repo}/${p}-${pkgver}-${a}${PKGEXT} + done + done fi } diff --git a/test/test.d/signed-packages.sh b/test/test.d/signed-packages.sh index 5d6f4ff..20ad844 100755 --- a/test/test.d/signed-packages.sh +++ b/test/test.d/signed-packages.sh @@ -5,9 +5,27 @@ curdir=$(readlink -e $(dirname $0)) testAddUnsignedPackage() { releasePackage extra 'pkg-simple-a' 'i686' - # remove any signature rm "${STAGING}"/extra/*.sig ../db-update >/dev/null 2>&1 && fail "db-update should fail when a signature is missing!" } +testAddInvalidSignedPackage() { + local p + releasePackage extra 'pkg-simple-a' 'i686' + for p in "${STAGING}"/extra/*${PKGEXT}; do + unxz $p + xz -0 ${p%%.xz} + done + ../db-update >/dev/null 2>&1 && fail "db-update should fail when a signature is invalid!" +} + +testAddBrokenSignature() { + local s + releasePackage extra 'pkg-simple-a' 'i686' + for s in "${STAGING}"/extra/*.sig; do + echo 0 > $s + done + ../db-update >/dev/null 2>&1 && fail "db-update should fail when a signature is broken!" +} + . "${curdir}/../lib/shunit2" -- cgit v1.2.3-24-g4f1b