def test_add_rpm_sig_header_signed(self, open, ensuredir, isdir, get_build,
get_rpm, run_callbacks, _fetchMulti):
"""Test addRPMSig with header-only signed RPM"""
_fetchMulti.side_effect = [[]]
isdir.side_effect = [True]
get_rpm.side_effect = [{
'id': 1,
'name': 'testpkg',
'version': '1.0.0',
'release': '1',
'arch': 'noarch',
'epoch': None,
'payloadhash': '1706d0174aa29a5a3e5c60855a778c35',
'size': 123,
'external_repo_id': None,
'build_id': 1,
}]
open.side_effect = [mock.MagicMock()]
rpm_path = os.path.join(self.data_path, 'header-signed.rpm')
sighdr = koji.rip_rpm_sighdr(rpm_path)
self.exports.addRPMSig(1, base64.b64encode(sighdr))
self.context.session.assertPerm.assert_called_once_with('sign')
self.assertEqual(len(self.inserts), 1)
insert = self.inserts[0]
self.assertEqual(insert.data['rpm_id'], 1)
self.assertEqual(insert.data['sigkey'], '15f712be')
def __get_sighdr(self, signed_rpm_path, rpm_path, rpm_info):
try:
header_fields = koji.get_header_fields(signed_rpm_path, ('siggpg', 'sigpgp'))
except rpm.error:
raise SigningError("Signing server returned corrupt RPM for %s"
% rpm_path)
if header_fields['siggpg'] is not None:
sigkey = header_fields['siggpg']
elif header_fields['sigpgp'] is not None:
sigkey = header_fields['sigpgp']
else:
raise SigningError("Signing server returned unsigned RPM for %s"
% rpm_path)
sigkey = koji.get_sigpacket_key_id(sigkey)
sigs = context.handlers.call("queryRPMSigs",
rpm_id=rpm_info['id'],
sigkey=sigkey)
if len(sigs) > 0:
raise AlreadySignedError()
return koji.rip_rpm_sighdr(signed_rpm_path), sigkey
def _get_rpm_sighdr_sigkey(self, path):
"""
Read header and sigkey from an RPM.
:param path: Path to a RPM package
:type path: str
:return: (sighdr, sigkey)
:rtype: tuple
"""
# I/O is expensive, cache RPM headers and sigkeys
result = self._get_rpm_sighdr_sigkey_cache.get(path)
if result:
return result
sighdr = koji.rip_rpm_sighdr(path)
rawhdr = koji.RawHeader(sighdr)
sigpkt = rawhdr.get(koji.RPM_SIGTAG_GPG)
if not sigpkt:
sigpkt = rawhdr.get(koji.RPM_SIGTAG_PGP)
sigkey = ""
if sigpkt:
sigkey = koji.get_sigpacket_key_id(sigpkt)
sigkey = sigkey.lower()
result = (sighdr, sigkey)
self._get_rpm_sighdr_sigkey_cache[path] = result
return result
def _extract_filesigs(rpm_path, output_path):
sighdr = rip_rpm_sighdr(rpm_path)
sighdr = RawHeader(sighdr)
filesigs = _get_header_type_8(sighdr, RPMSIGTAG_FILESIGNATURES)
rpm_hdr = get_rpm_header(rpm_path)
diridxs = rpm_hdr[rpm.RPMTAG_DIRINDEXES]
dirnames = rpm_hdr[rpm.RPMTAG_DIRNAMES]
basenames = rpm_hdr[rpm.RPMTAG_BASENAMES]
if len(basenames) != len(filesigs):
raise Exception("Invalid number of file signatures (%d) for basenames (%d)" % (len(filesigs), len(basenames)))
if len(diridxs) != len(basenames):
raise Exception("Invalid number of diridxs (%d) for basenames (%d)" % (len(diridxs), len(basenames)))
for i in range(len(basenames)):
basename = basenames[i]
dirname = dirnames[diridxs[i]]
if dirname.startswith('/'):
dirname = dirname[1:]
full_path = os.path.join(output_path, dirname, basename)
filesig = filesigs[i]
if sys.version_info.major == 2:
filesig = bytes(filesig)
xattr.setxattr(full_path, 'user.ima', filesig)
def get_rpm_sign_keyid(rpmfname):
try:
sighdr = koji.rip_rpm_sighdr(rpmfname)
sigkeyid = koji.get_sighdr_key(sighdr)
if sigkeyid:
return sigkeyid.upper()
except koji.GenericError as e:
raise RebuilderException(
"Failed to get RPM signature keyid: {}".format(str(e)))
def rip_sighdr(self, path):
sigkey = ""
sighdr = koji.rip_rpm_sighdr(path)
rawhdr = koji.RawHeader(sighdr)
sigpkt = rawhdr.get(koji.RPM_SIGTAG_GPG)
if not sigpkt:
sigpkt = rawhdr.get(koji.RPM_SIGTAG_PGP)
if sigpkt:
sigkey = koji.get_sigpacket_key_id(sigpkt)
return sighdr, sigkey
def test_scan_sighdr_header_signed(self):
"""Test _scan_sighdr on a header-only signed package"""
rpm_path = os.path.join(self.data_path, 'header-signed.rpm')
sighdr = koji.rip_rpm_sighdr(rpm_path)
sigmd5, sig = kojihub._scan_sighdr(sighdr, rpm_path)
self.assertEqual(koji.hex_string(sigmd5),
'1706d0174aa29a5a3e5c60855a778c35')
sigkey = koji.get_sigpacket_key_id(sig)
self.assertEqual(sigkey, '15f712be')
def rip_sighdr(self, path):
sigkey = ""
sighdr = koji.rip_rpm_sighdr(path)
rawhdr = koji.RawHeader(sighdr)
sigpkt = rawhdr.get(koji.RPM_SIGTAG_GPG)
if not sigpkt:
sigpkt = rawhdr.get(koji.RPM_SIGTAG_PGP)
if sigpkt:
sigkey = koji.get_sigpacket_key_id(sigpkt)
return sighdr, sigkey