Exemple #1
0
    def testTroveDisplaySigs(self):
        # go through a lot of trouble to sign this trove.
        # copied from sigtest.
        self.addComponent('foo:runtime', '1.0')
        from conary.lib import openpgpfile, openpgpkey
        from conary.build import signtrove
        fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')
        keyRing = open(resources.get_archive() + '/pubring.gpg')
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()

        # upload the public key
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True
        signtrove.signTroves(self.cfg, ["foo:runtime"])

        rs, txt = self.captureOutput(queryrep.displayTroves,
                                     self.cfg, ['foo:runtime'],
                                     digSigs=True)
        assert (txt.startswith('''\
foo:runtime=1.0-1-1
  Digital Signature:
      F7440D78FE813C882212C2BF8AC2828190B1E477:'''))
Exemple #2
0
    def testTroveDisplaySigs(self):
        # go through a lot of trouble to sign this trove.
        # copied from sigtest.
        self.addComponent('foo:runtime', '1.0')
        from conary.lib import openpgpfile, openpgpkey
        from conary.build import signtrove
        fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')
        keyRing = open(resources.get_archive() + '/pubring.gpg')
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()

        # upload the public key
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True
        signtrove.signTroves(self.cfg, [ "foo:runtime"])

        rs, txt = self.captureOutput(queryrep.displayTroves, self.cfg, 
                                     ['foo:runtime'],
                                     digSigs=True)
        assert(txt.startswith('''\
foo:runtime=1.0-1-1
  Digital Signature:
      F7440D78FE813C882212C2BF8AC2828190B1E477:'''))
Exemple #3
0
    def testChangeKeyOwner(self):
        fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        # supply the pass phrase for our private key
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')

        self.addQuickTestComponent("test:source", "1.0-1-1")

        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True

        repos = self.openRepository()
        anotherRepos = self.setupUser(repos, self.cfg.buildLabel, 'another',
                                      'anotherpass', None, None)

        # put the public key into the repo
        keyRing = open(
            resources.get_path('conary_test', 'archive', 'pubring.gpg'))
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        repos.changePGPKeyOwner(self.cfg.buildLabel, 'another', fingerprint)

        assert (repos.listUsersMainKeys(self.cfg.buildLabel,
                                        'another')[0] == fingerprint)
Exemple #4
0
    def testMirror(self):
        sourceRepos, targetRepos = self.createRepositories()
        mirrorFile = self.createConfigurationFile()
        # this is really ugly, but needed to ensure test consistency
        db = self.servers.getServer(0).reposDB.connect()
        cu = db.cursor()

        # test simple trove mirroring
        self.createTroves(sourceRepos, 1, 2, "1.0")
        self.createTroves(sourceRepos, 1, 2, "2.0")
        self.sleep(1.2)
        self.createTroves(sourceRepos, 1, 2, "3.0")
        # the following is just to get the trigger to fire
        cu.execute("update Instances set changed=1")
        db.commit()
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # simulate multiple trove versions with the same mark
        self.createTroves(sourceRepos, 10, 2, "1.0", "~foo")
        self.createTroves(sourceRepos, 10, 2, "1.0", "~!foo")
        self.createTroves(sourceRepos, 10, 2, "1.1")
        # the following is just to get the trigger to fire
        cu.execute("update Instances set changed=1")
        db.commit()
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # test mirroring of ascii keys
        sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test',
                                      sigtest.unexpiredKey)
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # test mirroring of new trove signatures
        self.createTroves(sourceRepos, 20, 2)
        self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D'
        signtrove.signTroves(self.cfg, ["test10:runtime", "test20:runtime"])
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        fprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fprint, '111111')
        self.cfg.signatureKey = fprint

        keyRing = open(resources.get_archive() + '/pubring.gpg')
        keyData = openpgpfile.exportKey(fprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        sourceRepos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        signtrove.signTroves(self.cfg, ["test11:runtime", "test21:runtime"])
        self.createTroves(sourceRepos, 30, 2)
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)
Exemple #5
0
    def testMirror(self):
        sourceRepos, targetRepos = self.createRepositories()
        mirrorFile = self.createConfigurationFile()
        # this is really ugly, but needed to ensure test consistency
        db = self.servers.getServer(0).reposDB.connect()
        cu = db.cursor()

        # test simple trove mirroring
        self.createTroves(sourceRepos, 1, 2, "1.0")
        self.createTroves(sourceRepos, 1, 2, "2.0")
        self.sleep(1.2)
        self.createTroves(sourceRepos, 1, 2, "3.0")
        # the following is just to get the trigger to fire
        cu.execute("update Instances set changed=1")
        db.commit()
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # simulate multiple trove versions with the same mark
        self.createTroves(sourceRepos, 10, 2, "1.0", "~foo")
        self.createTroves(sourceRepos, 10, 2, "1.0", "~!foo")
        self.createTroves(sourceRepos, 10, 2, "1.1")
        # the following is just to get the trigger to fire
        cu.execute("update Instances set changed=1")
        db.commit()
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # test mirroring of ascii keys
        sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey)
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        # test mirroring of new trove signatures
        self.createTroves(sourceRepos, 20, 2)
        self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D'
        signtrove.signTroves(self.cfg, [ "test10:runtime", "test20:runtime" ])
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)

        fprint='F7440D78FE813C882212C2BF8AC2828190B1E477'
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fprint, '111111')
        self.cfg.signatureKey = fprint

        keyRing = open(resources.get_archive() + '/pubring.gpg')
        keyData = openpgpfile.exportKey(fprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        sourceRepos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        signtrove.signTroves(self.cfg, [ "test11:runtime", "test21:runtime" ])
        self.createTroves(sourceRepos, 30, 2)
        self.runMirror(mirrorFile)
        self.compareRepositories(sourceRepos, targetRepos)
Exemple #6
0
    def _setupSignature(self, repos, fingerprint):
        # supply the pass phrase for our private key
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')

        # get the public key
        keyRing = open(resources.get_archive('pubring.gpg'))
        if hasattr(openpgpfile, 'readKeyData'):
            keyData = openpgpfile.readKeyData(keyRing, fingerprint)
        else:
            keyData = openpgpfile.exportKey(fingerprint, keyRing)
            keyData.seek(0)
            keyData = keyData.read()

        # upload the public key
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        self.buildCfg.signatureKey = fingerprint
Exemple #7
0
    def _setupSignature(self, repos, fingerprint):
        # supply the pass phrase for our private key
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')

        # get the public key
        keyRing = open(resources.get_archive('pubring.gpg'))
        if hasattr(openpgpfile, 'readKeyData'):
            keyData = openpgpfile.readKeyData(keyRing, fingerprint)
        else:
            keyData = openpgpfile.exportKey(fingerprint, keyRing)
            keyData.seek(0)
            keyData = keyData.read()

        # upload the public key
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        self.buildCfg.signatureKey = fingerprint
Exemple #8
0
    def testAddingSigs(self):
        fingerprint = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E'

        # get the public key
        keyRing = open(
            resources.get_path('conary_test', 'archive', 'pubring.gpg'))
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()

        # force the repository to be setup before we use a broken password
        # to access it
        self.openRepository()
        repos = self.getRepositoryClient(user='******', password='******')
        self.assertRaises(errors.InsufficientPermission, repos.addNewPGPKey,
                          self.cfg.buildLabel, 'test', keyData)

        self.assertRaises(errors.InsufficientPermission,
                          repos.addNewAsciiPGPKey, self.cfg.buildLabel, 'test',
                          unexpiredKey)
Exemple #9
0
    def testSignedCheckout(self):
        fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        # supply the pass phrase for our private key
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')

        self.addQuickTestComponent("test:source", "1.0-1-1")

        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True

        # put the public key into the repo
        keyRing = open(
            resources.get_path('conary_test', 'archive', 'pubring.gpg'))
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        signtrove.signTroves(self.cfg, ["test:source"])

        # alter key's trust value and determine that the doUpdate
        # code properly verifies trust thresholds
        pubKey = keyCache.getPublicKey(fingerprint)
        pubKey.trustLevel = openpgpfile.TRUST_UNTRUSTED
        keyCache.publicDict[fingerprint] = pubKey
        self.cfg.trustThreshold = openpgpfile.TRUST_ULTIMATE
        self.logFilter.add()
        try:
            checkout(repos, self.cfg, self.workDir, ["test"])
            self.fail("checkin.checkout did not properly verify trust levels")
        except DigitalSignatureVerificationError:
            self.logFilter.compare([
                'warning: The trove test:source has '
                'signatures generated with untrusted keys. You can either '
                'resign the trove with a key that you trust, or add one of the '
                'keys to the list of trusted keys (the trustedKeys '
                'configuration option). The keys that were not trusted are: '
                '90B1E477'
            ])
Exemple #10
0
 def _getKey(self, fingerprint, armored=False):
     return openpgpfile.exportKey(fingerprint, self.pubringfn, armored=True)
 def _getKey(self, fingerprint, armored=False):
     return openpgpfile.exportKey(fingerprint, self.pubringfn, armored=True)
Exemple #12
0
    def testSignedUpdate(self):
        fingerprint = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E'
        # supply the pass phrase for our private key
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')

        self.addQuickTestComponent("test:doc", "1.0-1-1")

        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True

        # put the public key into the repo
        keyRing = open(
            resources.get_path('conary_test', 'archive', 'pubring.gpg'))
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        signtrove.signTroves(self.cfg, ["test:doc"])

        # alter key's trust value and determine that the doUpdate
        # code properly verifies trust thresholds
        pubKey = keyCache.getPublicKey(fingerprint)
        pubKey.trustLevel = openpgpfile.TRUST_UNTRUSTED
        keyCache.publicDict[fingerprint] = pubKey
        self.cfg.trustThreshold = openpgpfile.TRUST_ULTIMATE
        self.logFilter.add()
        try:
            self.discardOutput(doUpdate, self.cfg, 'test:doc')
            self.fail("updatecmd.doUpdate did not properly check trust levels")
        except DigitalSignatureVerificationError:
            self.logFilter.compare([
                'warning: The trove test:doc has '
                'signatures generated with untrusted keys. You can either '
                'resign the trove with a key that you trust, or add one of the '
                'keys to the list of trusted keys (the trustedKeys '
                'configuration option). The keys that were not trusted are: '
                'F94E405E'
            ])

        # An example how one can catch the digital signature verification
        # error for each unsigned trove (and display some message in a GUI
        # maybe). In this case we just raise a different exception.
        class MyException(Exception):
            errorIsUncatchable = True

        class C_(callbacks.UpdateCallback):
            def verifyTroveSignatures(self, trv):
                try:
                    return callbacks.UpdateCallback.verifyTroveSignatures(
                        self, trv)
                except DigitalSignatureVerificationError:
                    raise MyException("Error in trove %s" % trv.getName())

        callback = C_(trustThreshold=self.cfg.trustThreshold)
        # We should catch our own exception now
        self.discardOutput(self.assertRaises,
                           MyException,
                           doUpdate,
                           self.cfg,
                           "test:doc",
                           callback=callback)
Exemple #13
0
    def testSignTrove(self):
        fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477'
        # supply the pass phrase for our private key
        keyCache = openpgpkey.getKeyCache()
        keyCache.getPrivateKey(fingerprint, '111111')

        self.addQuickTestComponent("test:doc", "1.0-1-1")
        self.cfg.signatureKey = fingerprint
        self.cfg.quiet = True

        self.assertRaises(errors.DigitalSignatureError, signtrove.signTroves,
                          self.cfg, ["test:doc"])

        # get the public key
        keyRing = open(
            resources.get_path('conary_test', 'archive', 'pubring.gpg'))
        keyData = openpgpfile.exportKey(fingerprint, keyRing)
        keyData.seek(0)
        keyData = keyData.read()

        # upload the public key
        repos = self.openRepository()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)
        signtrove.signTroves(self.cfg, ["test:doc"])

        # get the signed trove from the repository, verify that
        # everything is correct
        v = versions.VersionFromString('/localhost@rpl:linux/1.0-1-1')
        f = deps.parseFlavor('')
        t = repos.getTrove('test:doc', v, f)
        self._checkDigitalSig(t, fingerprint)
        self.assertEqual(t.verifyDigitalSignatures(),
                         (openpgpfile.TRUST_TRUSTED, [], set()))

        # add another signature.  This exercises code such as the
        # change set cache invalidation
        fingerprint2 = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E'
        keyCache.getPrivateKey(fingerprint2, '111111')

        # upload the public key
        keyRing = open(
            resources.get_path('conary_test', 'archive', 'pubring.gpg'))
        keyData = openpgpfile.exportKey(fingerprint2, keyRing)
        keyData.seek(0)
        keyData = keyData.read()
        repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData)

        # sign with the second private key
        self.cfg.signatureKey = fingerprint2
        self.cfg.quiet = True
        signtrove.signTroves(self.cfg, ["test:doc"])

        # iterate over the signatures, making sure each signature version has
        # two sigs associated with it
        t = repos.getTrove('test:doc', v, f)
        self._checkDigitalSig(t, fingerprint)
        self._checkDigitalSig(t, fingerprint2)
        self.assertEqual(t.verifyDigitalSignatures(),
                         (openpgpfile.TRUST_TRUSTED, [], set()))

        # attempt signing again with a key that already signed the trove
        self.assertRaises(errors.DigitalSignatureError, signtrove.signTroves,
                          self.cfg, ["test:doc"])