def test_gpkg_missing_manifest_signature(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ( 'FEATURES="${FEATURES} binpkg-signing ' 'binpkg-request-signature"', 'BINPKG_FORMAT="gpkg"', ), }) tmpdir = tempfile.mkdtemp() try: settings = playground.settings gpg = GPG(settings) gpg.unlock() orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) data = urandom(1048576) with open(os.path.join(orig_full_path, "data"), "wb") as f: f.write(data) binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar")) binpkg_1.compress(orig_full_path, {}) with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1: with tarfile.open(os.path.join(tmpdir, "test-2.gpkg.tar"), "w") as tar_2: for f in tar_1.getmembers(): if f.name == "Manifest": manifest = tar_1.extractfile(f).read().decode( "UTF-8") manifest = manifest.replace( "-----BEGIN PGP SIGNATURE-----", "") manifest = manifest.replace( "-----END PGP SIGNATURE-----", "") manifest_data = io.BytesIO( manifest.encode("UTF-8")) manifest_data.seek(0, io.SEEK_END) f.size = manifest_data.tell() manifest_data.seek(0) tar_2.addfile(f, manifest_data) else: tar_2.addfile(f, tar_1.extractfile(f)) binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar")) self.assertRaises(InvalidSignature, binpkg_2.decompress, os.path.join(tmpdir, "test")) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_manifest_duplicate_files(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ( 'FEATURES="${FEATURES} -binpkg-signing ' '-binpkg-request-signature -gpg-keepalive"', ), } ) tmpdir = tempfile.mkdtemp() try: settings = playground.settings orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) data = urandom(100) with open(os.path.join(orig_full_path, "data"), "wb") as f: f.write(data) binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar")) binpkg_1.compress(orig_full_path, {}) with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1: with tarfile.open( os.path.join(tmpdir, "test-2.gpkg.tar"), "w" ) as tar_2: for f in tar_1.getmembers(): if f.name == "Manifest": manifest = tar_1.extractfile(f).read() data = io.BytesIO(manifest) data.seek(io.SEEK_END) data.write(b"\n") data.write(manifest) f.size = data.tell() data.seek(0) tar_2.addfile(f, data) data.close() else: tar_2.addfile(f, tar_1.extractfile(f)) binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar")) self.assertRaises( DigestException, binpkg_2.decompress, os.path.join(tmpdir, "test") ) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_incorrect_checksum(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ( 'FEATURES="${FEATURES} -binpkg-signing ' '-binpkg-request-signature -gpg-keepalive"', ), } ) tmpdir = tempfile.mkdtemp() try: settings = playground.settings orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) data = urandom(1048576) with open(os.path.join(orig_full_path, "data"), "wb") as f: f.write(data) binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar")) binpkg_1.compress(orig_full_path, {}) with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1: with tarfile.open( os.path.join(tmpdir, "test-2.gpkg.tar"), "w" ) as tar_2: for f in tar_1.getmembers(): if f.name == "Manifest": data = io.BytesIO(tar_1.extractfile(f).read()) data_view = data.getbuffer() data_view[-16:] = b"20a6d80ab0320fh9" del data_view tar_2.addfile(f, data) data.close() else: tar_2.addfile(f, tar_1.extractfile(f)) binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar")) self.assertRaises( DigestException, binpkg_2.decompress, os.path.join(tmpdir, "test") ) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_missing_signature(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ( 'FEATURES="${FEATURES} binpkg-signing ' 'binpkg-request-signature"', 'BINPKG_FORMAT="gpkg"', ), }) tmpdir = tempfile.mkdtemp() try: settings = playground.settings gpg = GPG(settings) gpg.unlock() orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) data = urandom(1048576) with open(os.path.join(orig_full_path, "data"), "wb") as f: f.write(data) binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar")) binpkg_1.compress(orig_full_path, {}) with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1: with tarfile.open(os.path.join(tmpdir, "test-2.gpkg.tar"), "w") as tar_2: for f in tar_1.getmembers(): if f.name.endswith(".sig"): pass else: tar_2.addfile(f, tar_1.extractfile(f)) binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar")) self.assertRaises(MissingSignature, binpkg_2.decompress, os.path.join(tmpdir, "test")) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_symlink_path(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ('BINPKG_COMPRESS="none"',), } ) tmpdir = tempfile.mkdtemp() try: settings = playground.settings orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) os.symlink( "aaaabbbb/ccccdddd/eeeeffff/gggghhhh/iiiijjjj/kkkkllll/" "mmmmnnnn/oooopppp/qqqqrrrr/sssstttt/uuuuvvvv/wwwwxxxx/" "yyyyzzzz/00001111/22223333/44445555/66667777/88889999/test", os.path.join(orig_full_path, "a_long_symlink"), ) gpkg_file_loc = os.path.join(tmpdir, "test.gpkg.tar") test_gpkg = gpkg(settings, "test", gpkg_file_loc) check_result = test_gpkg._check_pre_image_files( os.path.join(tmpdir, "orig") ) self.assertEqual(check_result, (0, 14, 166, 0, 0)) test_gpkg.compress(os.path.join(tmpdir, "orig"), {"meta": "test"}) with open(gpkg_file_loc, "rb") as container: # container self.assertEqual( test_gpkg._get_tar_format(container), tarfile.USTAR_FORMAT ) with tarfile.open(gpkg_file_loc, "r") as container: metadata = io.BytesIO(container.extractfile("test/metadata.tar").read()) self.assertEqual( test_gpkg._get_tar_format(metadata), tarfile.USTAR_FORMAT ) metadata.close() image = io.BytesIO(container.extractfile("test/image.tar").read()) self.assertEqual(test_gpkg._get_tar_format(image), tarfile.GNU_FORMAT) image.close() test_gpkg.decompress(os.path.join(tmpdir, "test")) r = compare_files( os.path.join(tmpdir, "orig/", "a_long_symlink"), os.path.join(tmpdir, "test/", "a_long_symlink"), skipped_types=("atime", "mtime", "ctime"), ) self.assertEqual(r, ()) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_extra_files(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ( 'FEATURES="${FEATURES} -binpkg-signing ' '-binpkg-request-signature -gpg-keepalive"', ), } ) tmpdir = tempfile.mkdtemp() try: settings = playground.settings orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) data = urandom(1048576) with open(os.path.join(orig_full_path, "data"), "wb") as f: f.write(data) binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar")) binpkg_1.compress(orig_full_path, {}) with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1: with tarfile.open( os.path.join(tmpdir, "test-2.gpkg.tar"), "w" ) as tar_2: for f in tar_1.getmembers(): tar_2.addfile(f, tar_1.extractfile(f)) data_tarinfo = tarfile.TarInfo("data2") data_tarinfo.size = len(data) data2 = io.BytesIO(data) tar_2.addfile(data_tarinfo, data2) data2.close() binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar")) self.assertRaises( DigestException, binpkg_2.decompress, os.path.join(tmpdir, "test") ) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_short_path(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ('BINPKG_COMPRESS="none"',), } ) tmpdir = tempfile.mkdtemp() try: settings = playground.settings path_name = ( "aaaabbbb/ccccdddd/eeeeffff/gggghhhh/iiiijjjj/kkkkllll/" "mmmmnnnn/oooopppp/qqqqrrrr/sssstttt/" ) orig_full_path = os.path.join(tmpdir, "orig/" + path_name) os.makedirs(orig_full_path) with open(os.path.join(orig_full_path, "test"), "wb") as test_file: test_file.write(urandom(1048576)) gpkg_file_loc = os.path.join(tmpdir, "test.gpkg.tar") test_gpkg = gpkg(settings, "test", gpkg_file_loc) check_result = test_gpkg._check_pre_image_files( os.path.join(tmpdir, "orig") ) self.assertEqual(check_result, (95, 4, 0, 1048576, 1048576)) test_gpkg.compress(os.path.join(tmpdir, "orig"), {"meta": "test"}) with open(gpkg_file_loc, "rb") as container: # container self.assertEqual( test_gpkg._get_tar_format(container), tarfile.USTAR_FORMAT ) with tarfile.open(gpkg_file_loc, "r") as container: metadata = io.BytesIO(container.extractfile("test/metadata.tar").read()) self.assertEqual( test_gpkg._get_tar_format(metadata), tarfile.USTAR_FORMAT ) metadata.close() image = io.BytesIO(container.extractfile("test/image.tar").read()) self.assertEqual(test_gpkg._get_tar_format(image), tarfile.USTAR_FORMAT) image.close() test_gpkg.decompress(os.path.join(tmpdir, "test")) r = compare_files( os.path.join(tmpdir, "orig/" + path_name + "test"), os.path.join(tmpdir, "test/" + path_name + "test"), skipped_types=("atime", "mtime", "ctime"), ) self.assertEqual(r, ()) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_untrusted_signature(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") gpg_test_path = os.environ["PORTAGE_GNUPGHOME"] playground = ResolverPlayground( user_config={ "make.conf": ( 'FEATURES="${FEATURES} binpkg-signing ' 'binpkg-request-signature"', 'BINPKG_FORMAT="gpkg"', f'BINPKG_GPG_SIGNING_BASE_COMMAND="flock {gpg_test_path}/portage-binpkg-gpg.lock /usr/bin/gpg --sign --armor --batch --no-tty --yes --pinentry-mode loopback --passphrase GentooTest [PORTAGE_CONFIG]"', 'BINPKG_GPG_SIGNING_DIGEST="SHA512"', f'BINPKG_GPG_SIGNING_GPG_HOME="{gpg_test_path}"', 'BINPKG_GPG_SIGNING_KEY="0x8812797DDF1DD192"', 'BINPKG_GPG_VERIFY_BASE_COMMAND="/usr/bin/gpg --verify --batch --no-tty --yes --no-auto-check-trustdb --status-fd 1 [PORTAGE_CONFIG] [SIGNATURE]"', f'BINPKG_GPG_VERIFY_GPG_HOME="{gpg_test_path}"', ), }) tmpdir = tempfile.mkdtemp() try: settings = playground.settings gpg = GPG(settings) gpg.unlock() orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) data = urandom(1048576) with open(os.path.join(orig_full_path, "data"), "wb") as f: f.write(data) binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar")) binpkg_1.compress(orig_full_path, {}) binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar")) self.assertRaises(InvalidSignature, binpkg_2.decompress, os.path.join(tmpdir, "test")) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_different_size_file(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ( 'FEATURES="${FEATURES} -binpkg-signing ' '-binpkg-request-signature -gpg-keepalive"', ), } ) tmpdir = tempfile.mkdtemp() try: settings = playground.settings orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) data = urandom(100) with open(os.path.join(orig_full_path, "data"), "wb") as f: f.write(data) binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar")) binpkg_1.compress(orig_full_path, {}) with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1: with tarfile.open( os.path.join(tmpdir, "test-2.gpkg.tar"), "w" ) as tar_2: for f in tar_1.getmembers(): tar_2.addfile(f, tar_1.extractfile(f)) tar_2.addfile(f, tar_1.extractfile(f)) binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar")) self.assertRaises( InvalidBinaryPackageFormat, binpkg_2.decompress, os.path.join(tmpdir, "test"), ) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_get_metadata_url(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") if sys.version_info.major == 3 and sys.version_info.minor <= 6: self.skipTest("http server not support change root dir") playground = ResolverPlayground( user_config={ "make.conf": ( 'BINPKG_COMPRESS="gzip"', 'FEATURES="${FEATURES} -binpkg-signing ' '-binpkg-request-signature"', ), }) tmpdir = tempfile.mkdtemp() try: settings = playground.settings for _ in range(0, 5): port = random.randint(30000, 60000) try: server = self.start_http_server(tmpdir, port) except OSError: continue break orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) with open(os.path.join(orig_full_path, "test"), "wb") as test_file: test_file.write(urandom(1048576)) gpkg_file_loc = os.path.join(tmpdir, "test.gpkg.tar") test_gpkg = gpkg(settings, "test", gpkg_file_loc) meta = { "test1": b"{abcdefghijklmnopqrstuvwxyz, 1234567890}", "test2": urandom(102400), } test_gpkg.compress(os.path.join(tmpdir, "orig"), meta) meta_from_url = test_gpkg.get_metadata_url("http://127.0.0.1:" + str(port) + "/test.gpkg.tar") self.assertEqual(meta, meta_from_url) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_update_metadata(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ('BINPKG_COMPRESS="gzip"',), } ) tmpdir = tempfile.mkdtemp() try: settings = playground.settings orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) with open(os.path.join(orig_full_path, "test"), "wb") as test_file: test_file.write(urandom(1048576)) gpkg_file_loc = os.path.join(tmpdir, "test.gpkg.tar") test_gpkg = gpkg(settings, "test", gpkg_file_loc) meta = {"test1": b"1234567890", "test2": b"abcdef"} test_gpkg.compress(os.path.join(tmpdir, "orig"), meta) meta_result = test_gpkg.get_metadata() self.assertEqual(meta, meta_result) meta_new = {"test3": b"0987654321", "test4": b"XXXXXXXX"} test_gpkg.update_metadata(meta_new) meta_result = test_gpkg.get_metadata() self.assertEqual(meta_new, meta_result) test_gpkg.decompress(os.path.join(tmpdir, "test")) r = compare_files( os.path.join(tmpdir, "orig/" + "test"), os.path.join(tmpdir, "test/" + "test"), skipped_types=("atime", "mtime", "ctime"), ) self.assertEqual(r, ()) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_unknown_signature(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ( 'FEATURES="${FEATURES} binpkg-signing ' 'binpkg-request-signature"', 'BINPKG_FORMAT="gpkg"', ), }) tmpdir = tempfile.mkdtemp() try: settings = playground.settings gpg = GPG(settings) gpg.unlock() orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) data = urandom(1048576) with open(os.path.join(orig_full_path, "data"), "wb") as f: f.write(data) binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar")) binpkg_1.compress(orig_full_path, {}) with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1: with tarfile.open(os.path.join(tmpdir, "test-2.gpkg.tar"), "w") as tar_2: for f in tar_1.getmembers(): if f.name == "Manifest": sig = b""" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DATA test/image.tar.zst 1049649 BLAKE2B 3112adba9c09023962f26d9dcbf8e74107c05220f2f29aa2ce894f8a4104c3bb238f87095df73735befcf1e1f6039fc3abf4defa87e68ce80f33dd01e09c055a SHA512 9f584727f2e20a50a30e0077b94082c8c1f517ebfc9978eb3281887e24458108e73d1a2ce82eb0b59f5df7181597e4b0a297ae68bbfb36763aa052e6bdbf2c59 DATA test/image.tar.zst.sig 833 BLAKE2B 214724ae4ff9198879c8c960fd8167632e27982c2278bb873f195abe75b75afa1ebed4c37ec696f5f5bc35c3a1184b60e0b50d56695b072b254f730db01eddb5 SHA512 67316187da8bb6b7a5f9dc6a42ed5c7d72c6184483a97f23c0bebd8b187ac9268e0409eb233c935101606768718c99eaa5699037d6a68c2d88c9ed5331a3f73c -----BEGIN PGP SIGNATURE----- iNUEARYIAH0WIQSMe+CQzU+/D/DeMitA3PGOlxUHlQUCYVrQal8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OEM3 QkUwOTBDRDRGQkYwRkYwREUzMjJCNDBEQ0YxOEU5NzE1MDc5NQAKCRBA3PGOlxUH lbmTAP4jdhMTW6g550/t0V7XcixqVtBockOTln8hZrZIQrjAJAD/caDkxgz5Xl8C EP1pgSXXGtlUnv6akg/wueFJKEr9KQs= =edEg -----END PGP SIGNATURE----- """ data = io.BytesIO(sig) f.size = len(sig) tar_2.addfile(f, data) data.close() else: tar_2.addfile(f, tar_1.extractfile(f)) binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar")) self.assertRaises(InvalidSignature, binpkg_2.decompress, os.path.join(tmpdir, "test")) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_invalid_signature(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") playground = ResolverPlayground( user_config={ "make.conf": ( 'FEATURES="${FEATURES} binpkg-signing ' 'binpkg-request-signature"', 'BINPKG_FORMAT="gpkg"', ), }) tmpdir = tempfile.mkdtemp() try: settings = playground.settings gpg = GPG(settings) gpg.unlock() orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) data = urandom(1048576) with open(os.path.join(orig_full_path, "data"), "wb") as f: f.write(data) binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar")) binpkg_1.compress(orig_full_path, {}) with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1: with tarfile.open(os.path.join(tmpdir, "test-2.gpkg.tar"), "w") as tar_2: for f in tar_1.getmembers(): if f.name == "Manifest": sig = b""" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 DATA test/image.tar.zst 1049649 BLAKE2B 3112adba9c09023962f26d9dcbf8e74107c05220f2f29aa2ce894f8a4104c3bb238f87095df73735befcf1e1f6039fc3abf4defa87e68ce80f33dd01e09c055a SHA512 9f584727f2e20a50a30e0077b94082c8c1f517ebfc9978eb3281887e24458108e73d1a2ce82eb0b59f5df7181597e4b0a297ae68bbfb36763aa052e6bdbf2c59 DATA test/image.tar.zst.sig 833 BLAKE2B 214724ae4ff9198879c8c960fd8167632e27982c2278bb873f195abe75b75afa1ebed4c37ec696f5f5bc35c3a1184b60e0b50d56695b072b254f730db01eddb5 SHA512 67316187da8bb6b7a5f9dc6a42ed5c7d72c6184483a97f23c0bebd8b187ac9268e0409eb233c935101606768718c99eaa5699037d6a68c2d88c9ed5331a3f73c -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBrOjEb13XCgNIqkwXZDqBjUhd/YFAmFazXEACgkQXZDqBjUh d/YFZA//eiXkYAS2NKxim6Ppr1HcZdjU1f6H+zyQzC7OdPkAh7wsVXpSr1aq+giD G4tNtI6nsFokpA5CMhDf+ffBofKmFY5plk9zyQHr43N/RS5G6pcb2LHk0mQqgIdB EsZRRD75Na4uGDWjuNHRmsasPTsc9qyW7FLckjwUsVmk9foAoiLYYaTsilsEGqXD Bl/Z6PaQXvdd8txbcP6dOXfhVT06b+RWcnHI06KQrmFkZjZQh/7bCIeCVwNbXr7d Obo8SVzCrQbTONei57AkyuRfnPqBfP61k8rQtcDUmCckQQfyaRwoW2nDIewOPfIH xfvM137to2GEI2RR1TpWmGfu3iQzgC71f4svdX9Tyi5N7aFmfud7LZs6/Un3IdVk ZH9/AmRzeH6hKllqSv/6WuhjsTNvr0bOzGbskkhqlLga2tml08gHFYOMWRJb/bRz N8FZMhHzFoc0hsG8SU9uC+OeW+y5NdqpbRnQwgABmAiKEpgAPnABTsr0HjyxvjY+ uCUdvMMHvnTxTjNEZ3Q+UQ2VsSoZzPbW9Y4PuM0XxxmTI8htdn4uIhy9dLNPsJmB eTE8aov/1uKq9VMsYC8wcx5vLMaR7/O/9XstP+r6PaZwiLlyrKHGexV4O52sj6LC qGAN3VUF+8EsdcsV781H0F86PANhyBgEYTGDrnItTGe3/vAPjCo= =S/Vn -----END PGP SIGNATURE----- """ data = io.BytesIO(sig) f.size = len(sig) tar_2.addfile(f, data) data.close() else: tar_2.addfile(f, tar_1.extractfile(f)) binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar")) self.assertRaises(InvalidSignature, binpkg_2.decompress, os.path.join(tmpdir, "test")) finally: shutil.rmtree(tmpdir) playground.cleanup()
def test_gpkg_get_metadata_url_unknown_signature(self): if sys.version_info.major < 3: self.skipTest("Not support Python 2") if sys.version_info.major == 3 and sys.version_info.minor <= 6: self.skipTest("http server not support change root dir") playground = ResolverPlayground( user_config={ "make.conf": ( 'BINPKG_COMPRESS="gzip"', 'FEATURES="${FEATURES} binpkg-signing ' 'binpkg-request-signature"', ), }) tmpdir = tempfile.mkdtemp() try: settings = playground.settings gpg = GPG(settings) gpg.unlock() for _ in range(0, 5): port = random.randint(30000, 60000) try: server = self.start_http_server(tmpdir, port) except OSError: continue break orig_full_path = os.path.join(tmpdir, "orig/") os.makedirs(orig_full_path) with open(os.path.join(orig_full_path, "test"), "wb") as test_file: test_file.write(urandom(1048576)) gpkg_file_loc = os.path.join(tmpdir, "test-1.gpkg.tar") test_gpkg = gpkg(settings, "test", gpkg_file_loc) meta = { "test1": b"{abcdefghijklmnopqrstuvwxyz, 1234567890}", "test2": urandom(102400), } test_gpkg.compress(os.path.join(tmpdir, "orig"), meta) with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1: with tarfile.open(os.path.join(tmpdir, "test-2.gpkg.tar"), "w") as tar_2: for f in tar_1.getmembers(): if f.name == "test/metadata.tar.gz": sig = b""" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQRVhCbPGi/rhGTq4nV+k2dcK9uyIgUCXw4ehAAKCRB+k2dcK9uy IkCfAP49AOYjzuQPP0n5P0SGCINnAVEXN7QLQ4PurY/lt7cT2gEAq01stXjFhrz5 87Koh+ND2r5XfQsz3XeBqbb/BpmbEgo= =sc5K -----END PGP SIGNATURE----- """ data = io.BytesIO(sig) f.size = len(sig) tar_2.addfile(f, data) data.close() else: tar_2.addfile(f, tar_1.extractfile(f)) test_gpkg = gpkg(settings, "test") self.assertRaises( InvalidSignature, test_gpkg.get_metadata_url, "http://127.0.0.1:" + str(port) + "/test-2.gpkg.tar", ) finally: shutil.rmtree(tmpdir) playground.cleanup()