Beispiel #1
0
    def testTroveDisplaySigs(self):
        # go through a lot of trouble to sign this trove.
        # copied from sigtest.
        self.addComponent('foo:runtime', '1.0')
        from conary.lib import openpgpfile, openpgpkey
        from conary.build import signtrove
        fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')
        keyRing = open(resources.get_archive() + '/pubring.gpg')
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()

        # upload the public key
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True
        signtrove.signTroves(self.cfg, [ "foo:runtime"])

        rs, txt = self.captureOutput(queryrep.displayTroves, self.cfg, 
                                     ['foo:runtime'],
                                     digSigs=True)
        assert(txt.startswith('''\
foo:runtime=1.0-1-1
  Digital Signature:
      F7440D78FE813C882212C2BF8AC2828190B1E477:'''))
Beispiel #2
0
 def testCompareRepos(self):
     sourceRepos, targetRepos = self.createRepositories()
     mirrorFile = self.createConfigurationFile()
     self.createTroves(sourceRepos, 1,1)
     # repos should be different
     self.assertRaises(AssertionError, self.compareRepositories,
                       sourceRepos, targetRepos)
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
     # sign our trove
     sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey)
     self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D'
     signtrove.signTroves(self.cfg, [ "test1:runtime" ])
     self.assertRaises(AssertionError, self.compareRepositories,
                       sourceRepos, targetRepos)
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
     # test metadata changes
     if sourceRepos.c['localhost'].getProtocolVersion() < 47:
         return
     ti = trove.TroveInfo()
     mi = trove.MetadataItem()
     mi.shortDesc.set('testsuite is fun to run')
     ti.metadata.addItem(mi)
     tl = sourceRepos.getTroveVersionList("localhost", {"test1:runtime":None})
     tl = self._flatten(tl)
     sourceRepos.setTroveInfo(zip(tl, [ti] * len(tl)))
     self.assertRaises(AssertionError, self.compareRepositories,
                       sourceRepos, targetRepos)
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
Beispiel #3
0
 def testCompareRepos(self):
     sourceRepos, targetRepos = self.createRepositories()
     mirrorFile = self.createConfigurationFile()
     self.createTroves(sourceRepos, 1, 1)
     # repos should be different
     self.assertRaises(AssertionError, self.compareRepositories,
                       sourceRepos, targetRepos)
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
     # sign our trove
     sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test',
                                   sigtest.unexpiredKey)
     self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D'
     signtrove.signTroves(self.cfg, ["test1:runtime"])
     self.assertRaises(AssertionError, self.compareRepositories,
                       sourceRepos, targetRepos)
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
     # test metadata changes
     if sourceRepos.c['localhost'].getProtocolVersion() < 47:
         return
     ti = trove.TroveInfo()
     mi = trove.MetadataItem()
     mi.shortDesc.set('testsuite is fun to run')
     ti.metadata.addItem(mi)
     tl = sourceRepos.getTroveVersionList("localhost",
                                          {"test1:runtime": None})
     tl = self._flatten(tl)
     sourceRepos.setTroveInfo(zip(tl, [ti] * len(tl)))
     self.assertRaises(AssertionError, self.compareRepositories,
                       sourceRepos, targetRepos)
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
Beispiel #4
0
    def testSignNoKey(self):
        fingerprint = None

        self.addQuickTestComponent("test:doc", "1.0-1-1")
        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True
        signtrove.signTroves(self.cfg, ["test:doc"])
Beispiel #5
0
    def testInstallSignedTrove(self):
        # CNY-2555
        fingerprint = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E'
        self.addComponent('test:run',
                          '1',
                          fileContents=[('/usr/share/foo1', 'blah')])
        self.addCollection('test', '1', [':run'])

        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True
        signtrove.signTroves(self.cfg, ["test"])

        # Install, have a non-existant keyring
        self.cfg.pubRing = "/some/keyring"
        openpgpkey.getKeyCache().reset()
        openpgpkey.getKeyCache().setPublicPath(self.cfg.pubRing)

        # This should change to an error when RMK-791 (related to CNY-2555) is
        # fixed
        self.logFilter.add()
        self.updatePkg("test")
        self.logFilter.remove()

        self.logFilter.compare(
            "error: While caching PGP key: Permission denied: /some")
Beispiel #6
0
    def testUpdateMissingKey(self):
        fingerprint = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E'
        # supply the pass phrase for our private key
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')

        self.cfg.signatureKey = fingerprint
        self.addQuickTestComponent("test:doc", "1.0-1-1")

        signtrove.signTroves(self.cfg, ["test:doc"])

        repos = self.openRepository()

        # utterly prevent the keycache from knowing about the key,
        # but give it a place to store a keyserver retrieved key.
        newKeyCache = openpgpkey.OpenPGPKeyFileCache()
        tmpPath = mkdtemp()
        pubRing = self.cfg.pubRing
        self.cfg.pubRing = [tmpPath + '/pubring.gpg']
        newKeyCache.publicPaths = self.cfg.pubRing
        keyCacheCallback = openpgpkey.KeyCacheCallback(repos, self.cfg)
        newKeyCache.setCallback(keyCacheCallback)

        openpgpkey.setKeyCache(newKeyCache)

        try:
            self.updatePkg(self.rootDir, "test:doc")
            newKeyCache.getPublicKey(fingerprint)
        finally:
            self.cfg.pubRing = pubRing
            openpgpkey.setKeyCache(keyCache)
        util.rmtree(tmpPath)
Beispiel #7
0
    def testTroveDisplaySigs(self):
        # go through a lot of trouble to sign this trove.
        # copied from sigtest.
        self.addComponent('foo:runtime', '1.0')
        from conary.lib import openpgpfile, openpgpkey
        from conary.build import signtrove
        fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')
        keyRing = open(resources.get_archive() + '/pubring.gpg')
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()

        # upload the public key
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True
        signtrove.signTroves(self.cfg, ["foo:runtime"])

        rs, txt = self.captureOutput(queryrep.displayTroves,
                                     self.cfg, ['foo:runtime'],
                                     digSigs=True)
        assert (txt.startswith('''\
foo:runtime=1.0-1-1
  Digital Signature:
      F7440D78FE813C882212C2BF8AC2828190B1E477:'''))
Beispiel #8
0
 def runCommand(self, cfg, argSet, args, profile = False,
                callback = None, repos = None):
     args = args[1:]
     if len(args) <2: return self.usage()
     if argSet.has_key('quiet'):
         cfg.quiet = True
         del argSet['quiet']
     recurse = argSet.pop('recurse', False)
     signtrove.signTroves(cfg, args[1:], recurse)
Beispiel #9
0
    def testMirror(self):
        sourceRepos, targetRepos = self.createRepositories()
        mirrorFile = self.createConfigurationFile()
        # this is really ugly, but needed to ensure test consistency
        db = self.servers.getServer(0).reposDB.connect()
        cu = db.cursor()

        # test simple trove mirroring
        self.createTroves(sourceRepos, 1, 2, "1.0")
        self.createTroves(sourceRepos, 1, 2, "2.0")
        self.sleep(1.2)
        self.createTroves(sourceRepos, 1, 2, "3.0")
        # the following is just to get the trigger to fire
        cu.execute("update Instances set changed=1")
        db.commit()
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # simulate multiple trove versions with the same mark
        self.createTroves(sourceRepos, 10, 2, "1.0", "~foo")
        self.createTroves(sourceRepos, 10, 2, "1.0", "~!foo")
        self.createTroves(sourceRepos, 10, 2, "1.1")
        # the following is just to get the trigger to fire
        cu.execute("update Instances set changed=1")
        db.commit()
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # test mirroring of ascii keys
        sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test',
                                      sigtest.unexpiredKey)
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # test mirroring of new trove signatures
        self.createTroves(sourceRepos, 20, 2)
        self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D'
        signtrove.signTroves(self.cfg, ["test10:runtime", "test20:runtime"])
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        fprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fprint, '111111')
        self.cfg.signatureKey = fprint

        keyRing = open(resources.get_archive() + '/pubring.gpg')
        keyData = openpgpfile.exportKey(fprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        sourceRepos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        signtrove.signTroves(self.cfg, ["test11:runtime", "test21:runtime"])
        self.createTroves(sourceRepos, 30, 2)
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)
Beispiel #10
0
    def testMirror(self):
        sourceRepos, targetRepos = self.createRepositories()
        mirrorFile = self.createConfigurationFile()
        # this is really ugly, but needed to ensure test consistency
        db = self.servers.getServer(0).reposDB.connect()
        cu = db.cursor()

        # test simple trove mirroring
        self.createTroves(sourceRepos, 1, 2, "1.0")
        self.createTroves(sourceRepos, 1, 2, "2.0")
        self.sleep(1.2)
        self.createTroves(sourceRepos, 1, 2, "3.0")
        # the following is just to get the trigger to fire
        cu.execute("update Instances set changed=1")
        db.commit()
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # simulate multiple trove versions with the same mark
        self.createTroves(sourceRepos, 10, 2, "1.0", "~foo")
        self.createTroves(sourceRepos, 10, 2, "1.0", "~!foo")
        self.createTroves(sourceRepos, 10, 2, "1.1")
        # the following is just to get the trigger to fire
        cu.execute("update Instances set changed=1")
        db.commit()
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # test mirroring of ascii keys
        sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey)
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # test mirroring of new trove signatures
        self.createTroves(sourceRepos, 20, 2)
        self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D'
        signtrove.signTroves(self.cfg, [ "test10:runtime", "test20:runtime" ])
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        fprint='F7440D78FE813C882212C2BF8AC2828190B1E477'
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fprint, '111111')
        self.cfg.signatureKey = fprint

        keyRing = open(resources.get_archive() + '/pubring.gpg')
        keyData = openpgpfile.exportKey(fprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        sourceRepos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        signtrove.signTroves(self.cfg, [ "test11:runtime", "test21:runtime" ])
        self.createTroves(sourceRepos, 30, 2)
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)
Beispiel #11
0
 def testMirrorInfo(self):
     sourceRepos, targetRepos = self.createRepositories()
     mirrorFile = self.createConfigurationFile()
     self.createTroves(sourceRepos, 10, 2, "1.0")
     self.createTroves(sourceRepos, 10, 2, "2.0")
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
     # test mirroring signatures
     sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test',
                                   sigtest.unexpiredKey)
     self.createTroves(sourceRepos, 20, 2, "1.1")
     self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D'
     signtrove.signTroves(self.cfg, ["test10:runtime", "test11:runtime"])
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
     signtrove.signTroves(self.cfg, ["test20:runtime"])
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
     # test mirroring metadata changes
     ti = trove.TroveInfo()
     mi = trove.MetadataItem()
     mi.shortDesc.set('This is the short description')
     ti.metadata.addItem(mi)
     # get the versions of the troves we're testing
     tl = ["test%d:runtime" % x for x in (10, 20, 21)]
     tl = sourceRepos.getTroveVersionList("localhost", dict.fromkeys(tl))
     tl = self._flatten(tl)
     tl = dict([(n, (v, f)) for n, v, f in tl])
     self.sleep(1.2)
     for tidx in (21, 20, 10):
         t = "test%d:runtime" % tidx
         sourceRepos.setTroveInfo([((t, tl[t][0], tl[t][1]), ti)])
         self.assertRaises(AssertionError, self.compareRepositories,
                           sourceRepos, targetRepos)
         if tidx == 10:
             self.createTroves(sourceRepos, 30, 10, "3.0")
         self.runMirror(mirrorFile)
         self.compareRepositories(sourceRepos, targetRepos)
     # test mirroring with the addMetadataItem call
     mi = trove.MetadataItem()
     mi.longDesc.set(
         "this should be areally long description, but it isn't")
     mi.url.set("http://localhost/")
     mi.keyValue['key'] = 'value'
     for tidx in (21, 20, 10):
         t = "test%d:runtime" % tidx
         sourceRepos.addMetadataItems([((t, tl[t][0], tl[t][1]), mi)])
         self.assertRaises(AssertionError, self.compareRepositories,
                           sourceRepos, targetRepos)
         if tidx == 10:
             self.createTroves(sourceRepos, 40, 10, "3.1")
         self.runMirror(mirrorFile)
         self.compareRepositories(sourceRepos, targetRepos)
Beispiel #12
0
 def testMirrorInfo(self):
     sourceRepos, targetRepos = self.createRepositories()
     mirrorFile = self.createConfigurationFile()
     self.createTroves(sourceRepos, 10, 2, "1.0")
     self.createTroves(sourceRepos, 10, 2, "2.0")
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
     # test mirroring signatures
     sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey)
     self.createTroves(sourceRepos, 20, 2, "1.1")
     self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D'
     signtrove.signTroves(self.cfg, [ "test10:runtime", "test11:runtime" ])
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
     signtrove.signTroves(self.cfg, [ "test20:runtime" ])
     self.runMirror(mirrorFile)
     self.compareRepositories(sourceRepos, targetRepos)
     # test mirroring metadata changes
     ti = trove.TroveInfo()
     mi = trove.MetadataItem()
     mi.shortDesc.set('This is the short description')
     ti.metadata.addItem(mi)
     # get the versions of the troves we're testing
     tl = [ "test%d:runtime" % x for x in (10,20,21) ]
     tl = sourceRepos.getTroveVersionList("localhost", dict.fromkeys(tl))
     tl = self._flatten(tl)
     tl = dict([ (n, (v,f)) for n,v,f in tl ])
     self.sleep(1.2)
     for tidx in (21, 20, 10):
         t = "test%d:runtime" % tidx
         sourceRepos.setTroveInfo([((t, tl[t][0], tl[t][1]), ti)])
         self.assertRaises(AssertionError, self.compareRepositories,
                               sourceRepos, targetRepos)
         if tidx == 10:
             self.createTroves(sourceRepos, 30, 10, "3.0")
         self.runMirror(mirrorFile)
         self.compareRepositories(sourceRepos, targetRepos)
     # test mirroring with the addMetadataItem call
     mi = trove.MetadataItem()
     mi.longDesc.set("this should be areally long description, but it isn't")
     mi.url.set("http://localhost/")
     mi.keyValue['key'] = 'value'
     for tidx in (21, 20, 10):
         t = "test%d:runtime" % tidx
         sourceRepos.addMetadataItems([((t,tl[t][0],tl[t][1]), mi)])
         self.assertRaises(AssertionError, self.compareRepositories,
                               sourceRepos, targetRepos)
         if tidx == 10:
             self.createTroves(sourceRepos, 40, 10, "3.1")
         self.runMirror(mirrorFile)
         self.compareRepositories(sourceRepos, targetRepos)
Beispiel #13
0
 def runCommand(self,
                cfg,
                argSet,
                args,
                profile=False,
                callback=None,
                repos=None):
     args = args[1:]
     if len(args) < 2: return self.usage()
     if argSet.has_key('quiet'):
         cfg.quiet = True
         del argSet['quiet']
     recurse = argSet.pop('recurse', False)
     signtrove.signTroves(cfg, args[1:], recurse)
Beispiel #14
0
    def testSignTroveExpiration(self):
        # test that a key that hasn't expired will succeed
        fingerprint = "7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D"
        repos = self.openRepository()
        repos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', unexpiredKey)
        self.addQuickTestComponent("test:doc", "1.0-1-1")
        self.cfg.signatureKey = fingerprint
        signtrove.signTroves(self.cfg, ["test:doc"])

        # test that a key that has expired won't succeed
        fingerprint = "69E3912FA8DDD94EDF172D4BF7C542A9DA44E4BD"
        repos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', unexpiredKey)
        self.cfg.signatureKey = fingerprint
        self.assertRaises(errors.DigitalSignatureError, signtrove.signTroves,
                          self.cfg, ["test:doc"])
Beispiel #15
0
    def testSignedCheckout(self):
        fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        # supply the pass phrase for our private key
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')

        self.addQuickTestComponent("test:source", "1.0-1-1")

        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True

        # put the public key into the repo
        keyRing = open(
            resources.get_path('conary_test', 'archive', 'pubring.gpg'))
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        signtrove.signTroves(self.cfg, ["test:source"])

        # alter key's trust value and determine that the doUpdate
        # code properly verifies trust thresholds
        pubKey = keyCache.getPublicKey(fingerprint)
        pubKey.trustLevel = openpgpfile.TRUST_UNTRUSTED
        keyCache.publicDict[fingerprint] = pubKey
        self.cfg.trustThreshold = openpgpfile.TRUST_ULTIMATE
        self.logFilter.add()
        try:
            checkout(repos, self.cfg, self.workDir, ["test"])
            self.fail("checkin.checkout did not properly verify trust levels")
        except DigitalSignatureVerificationError:
            self.logFilter.compare([
                'warning: The trove test:source has '
                'signatures generated with untrusted keys. You can either '
                'resign the trove with a key that you trust, or add one of the '
                'keys to the list of trusted keys (the trustedKeys '
                'configuration option). The keys that were not trusted are: '
                '90B1E477'
            ])
Beispiel #16
0
 def testMirrrorInfoExcluded(self):
     sourceRepos, targetRepos = self.createRepositories()
     # only mirror test10 troves
     mirrorFile = self.createConfigurationFile(matchTroves="+test10.*")
     self.createTroves(sourceRepos, 10, 3, "1.0")
     self.runMirror(mirrorFile)
     src = sourceRepos.getTroveVersionList("localhost", { None : None })
     src = self._flatten(src)
     self.assertEqual(len(src), 6)
     dst = targetRepos.getTroveVersionList("localhost", { None : None })
     dst = self._flatten(dst)
     self.assertEqual(len(dst), 2)
     # test mirroring signatures
     sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey)
     self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D'
     signtrove.signTroves(self.cfg, [ "test10:runtime", "test11:runtime" ])
     self.runMirror(mirrorFile)
     signtrove.signTroves(self.cfg, [ "test12:runtime" ])
     self.runMirror(mirrorFile)
     troves1 = sourceRepos.getTroves(dst)
     troves2 = targetRepos.getTroves(dst)
     self.assertEqual(troves1, troves2)
Beispiel #17
0
 def testMirrrorInfoExcluded(self):
     sourceRepos, targetRepos = self.createRepositories()
     # only mirror test10 troves
     mirrorFile = self.createConfigurationFile(matchTroves="+test10.*")
     self.createTroves(sourceRepos, 10, 3, "1.0")
     self.runMirror(mirrorFile)
     src = sourceRepos.getTroveVersionList("localhost", {None: None})
     src = self._flatten(src)
     self.assertEqual(len(src), 6)
     dst = targetRepos.getTroveVersionList("localhost", {None: None})
     dst = self._flatten(dst)
     self.assertEqual(len(dst), 2)
     # test mirroring signatures
     sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test',
                                   sigtest.unexpiredKey)
     self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D'
     signtrove.signTroves(self.cfg, ["test10:runtime", "test11:runtime"])
     self.runMirror(mirrorFile)
     signtrove.signTroves(self.cfg, ["test12:runtime"])
     self.runMirror(mirrorFile)
     troves1 = sourceRepos.getTroves(dst)
     troves2 = targetRepos.getTroves(dst)
     self.assertEqual(troves1, troves2)
Beispiel #18
0
    def testSignTrove(self):
        fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        # supply the pass phrase for our private key
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')

        self.addQuickTestComponent("test:doc", "1.0-1-1")
        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True

        self.assertRaises(errors.DigitalSignatureError, signtrove.signTroves,
                          self.cfg, ["test:doc"])

        # get the public key
        keyRing = open(
            resources.get_path('conary_test', 'archive', 'pubring.gpg'))
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()

        # upload the public key
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        signtrove.signTroves(self.cfg, ["test:doc"])

        # get the signed trove from the repository, verify that
        # everything is correct
        v = versions.VersionFromString('/localhost@rpl:linux/1.0-1-1')
        f = deps.parseFlavor('')
        t = repos.getTrove('test:doc', v, f)
        self._checkDigitalSig(t, fingerprint)
        self.assertEqual(t.verifyDigitalSignatures(),
                         (openpgpfile.TRUST_TRUSTED, [], set()))

        # add another signature.  This exercises code such as the
        # change set cache invalidation
        fingerprint2 = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E'
        keyCache.getPrivateKey(fingerprint2, '111111')

        # upload the public key
        keyRing = open(
            resources.get_path('conary_test', 'archive', 'pubring.gpg'))
        keyData = openpgpfile.exportKey(fingerprint2, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)

        # sign with the second private key
        self.cfg.signatureKey = fingerprint2
        self.cfg.quiet = True
        signtrove.signTroves(self.cfg, ["test:doc"])

        # iterate over the signatures, making sure each signature version has
        # two sigs associated with it
        t = repos.getTrove('test:doc', v, f)
        self._checkDigitalSig(t, fingerprint)
        self._checkDigitalSig(t, fingerprint2)
        self.assertEqual(t.verifyDigitalSignatures(),
                         (openpgpfile.TRUST_TRUSTED, [], set()))

        # attempt signing again with a key that already signed the trove
        self.assertRaises(errors.DigitalSignatureError, signtrove.signTroves,
                          self.cfg, ["test:doc"])
Beispiel #19
0
    def testSignedUpdate(self):
        fingerprint = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E'
        # supply the pass phrase for our private key
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')

        self.addQuickTestComponent("test:doc", "1.0-1-1")

        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True

        # put the public key into the repo
        keyRing = open(
            resources.get_path('conary_test', 'archive', 'pubring.gpg'))
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        signtrove.signTroves(self.cfg, ["test:doc"])

        # alter key's trust value and determine that the doUpdate
        # code properly verifies trust thresholds
        pubKey = keyCache.getPublicKey(fingerprint)
        pubKey.trustLevel = openpgpfile.TRUST_UNTRUSTED
        keyCache.publicDict[fingerprint] = pubKey
        self.cfg.trustThreshold = openpgpfile.TRUST_ULTIMATE
        self.logFilter.add()
        try:
            self.discardOutput(doUpdate, self.cfg, 'test:doc')
            self.fail("updatecmd.doUpdate did not properly check trust levels")
        except DigitalSignatureVerificationError:
            self.logFilter.compare([
                'warning: The trove test:doc has '
                'signatures generated with untrusted keys. You can either '
                'resign the trove with a key that you trust, or add one of the '
                'keys to the list of trusted keys (the trustedKeys '
                'configuration option). The keys that were not trusted are: '
                'F94E405E'
            ])

        # An example how one can catch the digital signature verification
        # error for each unsigned trove (and display some message in a GUI
        # maybe). In this case we just raise a different exception.
        class MyException(Exception):
            errorIsUncatchable = True

        class C_(callbacks.UpdateCallback):
            def verifyTroveSignatures(self, trv):
                try:
                    return callbacks.UpdateCallback.verifyTroveSignatures(
                        self, trv)
                except DigitalSignatureVerificationError:
                    raise MyException("Error in trove %s" % trv.getName())

        callback = C_(trustThreshold=self.cfg.trustThreshold)
        # We should catch our own exception now
        self.discardOutput(self.assertRaises,
                           MyException,
                           doUpdate,
                           self.cfg,
                           "test:doc",
                           callback=callback)