def test_add_rpm_sig_header_signed(self, open, ensuredir, isdir, get_build, get_rpm, run_callbacks, _fetchMulti): """Test addRPMSig with header-only signed RPM""" _fetchMulti.side_effect = [[]] isdir.side_effect = [True] get_rpm.side_effect = [{ 'id': 1, 'name': 'testpkg', 'version': '1.0.0', 'release': '1', 'arch': 'noarch', 'epoch': None, 'payloadhash': '1706d0174aa29a5a3e5c60855a778c35', 'size': 123, 'external_repo_id': None, 'build_id': 1, }] open.side_effect = [mock.MagicMock()] rpm_path = os.path.join(self.data_path, 'header-signed.rpm') sighdr = koji.rip_rpm_sighdr(rpm_path) self.exports.addRPMSig(1, base64.b64encode(sighdr)) self.context.session.assertPerm.assert_called_once_with('sign') self.assertEqual(len(self.inserts), 1) insert = self.inserts[0] self.assertEqual(insert.data['rpm_id'], 1) self.assertEqual(insert.data['sigkey'], '15f712be')
def __get_sighdr(self, signed_rpm_path, rpm_path, rpm_info): try: header_fields = koji.get_header_fields(signed_rpm_path, ('siggpg', 'sigpgp')) except rpm.error: raise SigningError("Signing server returned corrupt RPM for %s" % rpm_path) if header_fields['siggpg'] is not None: sigkey = header_fields['siggpg'] elif header_fields['sigpgp'] is not None: sigkey = header_fields['sigpgp'] else: raise SigningError("Signing server returned unsigned RPM for %s" % rpm_path) sigkey = koji.get_sigpacket_key_id(sigkey) sigs = context.handlers.call("queryRPMSigs", rpm_id=rpm_info['id'], sigkey=sigkey) if len(sigs) > 0: raise AlreadySignedError() return koji.rip_rpm_sighdr(signed_rpm_path), sigkey
def _get_rpm_sighdr_sigkey(self, path): """ Read header and sigkey from an RPM. :param path: Path to a RPM package :type path: str :return: (sighdr, sigkey) :rtype: tuple """ # I/O is expensive, cache RPM headers and sigkeys result = self._get_rpm_sighdr_sigkey_cache.get(path) if result: return result sighdr = koji.rip_rpm_sighdr(path) rawhdr = koji.RawHeader(sighdr) sigpkt = rawhdr.get(koji.RPM_SIGTAG_GPG) if not sigpkt: sigpkt = rawhdr.get(koji.RPM_SIGTAG_PGP) sigkey = "" if sigpkt: sigkey = koji.get_sigpacket_key_id(sigpkt) sigkey = sigkey.lower() result = (sighdr, sigkey) self._get_rpm_sighdr_sigkey_cache[path] = result return result
def _extract_filesigs(rpm_path, output_path): sighdr = rip_rpm_sighdr(rpm_path) sighdr = RawHeader(sighdr) filesigs = _get_header_type_8(sighdr, RPMSIGTAG_FILESIGNATURES) rpm_hdr = get_rpm_header(rpm_path) diridxs = rpm_hdr[rpm.RPMTAG_DIRINDEXES] dirnames = rpm_hdr[rpm.RPMTAG_DIRNAMES] basenames = rpm_hdr[rpm.RPMTAG_BASENAMES] if len(basenames) != len(filesigs): raise Exception("Invalid number of file signatures (%d) for basenames (%d)" % (len(filesigs), len(basenames))) if len(diridxs) != len(basenames): raise Exception("Invalid number of diridxs (%d) for basenames (%d)" % (len(diridxs), len(basenames))) for i in range(len(basenames)): basename = basenames[i] dirname = dirnames[diridxs[i]] if dirname.startswith('/'): dirname = dirname[1:] full_path = os.path.join(output_path, dirname, basename) filesig = filesigs[i] if sys.version_info.major == 2: filesig = bytes(filesig) xattr.setxattr(full_path, 'user.ima', filesig)
def get_rpm_sign_keyid(rpmfname): try: sighdr = koji.rip_rpm_sighdr(rpmfname) sigkeyid = koji.get_sighdr_key(sighdr) if sigkeyid: return sigkeyid.upper() except koji.GenericError as e: raise RebuilderException( "Failed to get RPM signature keyid: {}".format(str(e)))
def rip_sighdr(self, path): sigkey = "" sighdr = koji.rip_rpm_sighdr(path) rawhdr = koji.RawHeader(sighdr) sigpkt = rawhdr.get(koji.RPM_SIGTAG_GPG) if not sigpkt: sigpkt = rawhdr.get(koji.RPM_SIGTAG_PGP) if sigpkt: sigkey = koji.get_sigpacket_key_id(sigpkt) return sighdr, sigkey
def test_scan_sighdr_header_signed(self): """Test _scan_sighdr on a header-only signed package""" rpm_path = os.path.join(self.data_path, 'header-signed.rpm') sighdr = koji.rip_rpm_sighdr(rpm_path) sigmd5, sig = kojihub._scan_sighdr(sighdr, rpm_path) self.assertEqual(koji.hex_string(sigmd5), '1706d0174aa29a5a3e5c60855a778c35') sigkey = koji.get_sigpacket_key_id(sig) self.assertEqual(sigkey, '15f712be')