def test_gpkg_missing_manifest_signature(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": (
'FEATURES="${FEATURES} binpkg-signing '
'binpkg-request-signature"',
'BINPKG_FORMAT="gpkg"',
),
})
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
gpg = GPG(settings)
gpg.unlock()
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
data = urandom(1048576)
with open(os.path.join(orig_full_path, "data"), "wb") as f:
f.write(data)
binpkg_1 = gpkg(settings, "test",
os.path.join(tmpdir, "test-1.gpkg.tar"))
binpkg_1.compress(orig_full_path, {})
with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"),
"r") as tar_1:
with tarfile.open(os.path.join(tmpdir, "test-2.gpkg.tar"),
"w") as tar_2:
for f in tar_1.getmembers():
if f.name == "Manifest":
manifest = tar_1.extractfile(f).read().decode(
"UTF-8")
manifest = manifest.replace(
"-----BEGIN PGP SIGNATURE-----", "")
manifest = manifest.replace(
"-----END PGP SIGNATURE-----", "")
manifest_data = io.BytesIO(
manifest.encode("UTF-8"))
manifest_data.seek(0, io.SEEK_END)
f.size = manifest_data.tell()
manifest_data.seek(0)
tar_2.addfile(f, manifest_data)
else:
tar_2.addfile(f, tar_1.extractfile(f))
binpkg_2 = gpkg(settings, "test",
os.path.join(tmpdir, "test-2.gpkg.tar"))
self.assertRaises(InvalidSignature, binpkg_2.decompress,
os.path.join(tmpdir, "test"))
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_manifest_duplicate_files(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": (
'FEATURES="${FEATURES} -binpkg-signing '
'-binpkg-request-signature -gpg-keepalive"',
),
}
)
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
data = urandom(100)
with open(os.path.join(orig_full_path, "data"), "wb") as f:
f.write(data)
binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar"))
binpkg_1.compress(orig_full_path, {})
with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1:
with tarfile.open(
os.path.join(tmpdir, "test-2.gpkg.tar"), "w"
) as tar_2:
for f in tar_1.getmembers():
if f.name == "Manifest":
manifest = tar_1.extractfile(f).read()
data = io.BytesIO(manifest)
data.seek(io.SEEK_END)
data.write(b"\n")
data.write(manifest)
f.size = data.tell()
data.seek(0)
tar_2.addfile(f, data)
data.close()
else:
tar_2.addfile(f, tar_1.extractfile(f))
binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar"))
self.assertRaises(
DigestException, binpkg_2.decompress, os.path.join(tmpdir, "test")
)
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_incorrect_checksum(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": (
'FEATURES="${FEATURES} -binpkg-signing '
'-binpkg-request-signature -gpg-keepalive"',
),
}
)
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
data = urandom(1048576)
with open(os.path.join(orig_full_path, "data"), "wb") as f:
f.write(data)
binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar"))
binpkg_1.compress(orig_full_path, {})
with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1:
with tarfile.open(
os.path.join(tmpdir, "test-2.gpkg.tar"), "w"
) as tar_2:
for f in tar_1.getmembers():
if f.name == "Manifest":
data = io.BytesIO(tar_1.extractfile(f).read())
data_view = data.getbuffer()
data_view[-16:] = b"20a6d80ab0320fh9"
del data_view
tar_2.addfile(f, data)
data.close()
else:
tar_2.addfile(f, tar_1.extractfile(f))
binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar"))
self.assertRaises(
DigestException, binpkg_2.decompress, os.path.join(tmpdir, "test")
)
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_missing_signature(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": (
'FEATURES="${FEATURES} binpkg-signing '
'binpkg-request-signature"',
'BINPKG_FORMAT="gpkg"',
),
})
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
gpg = GPG(settings)
gpg.unlock()
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
data = urandom(1048576)
with open(os.path.join(orig_full_path, "data"), "wb") as f:
f.write(data)
binpkg_1 = gpkg(settings, "test",
os.path.join(tmpdir, "test-1.gpkg.tar"))
binpkg_1.compress(orig_full_path, {})
with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"),
"r") as tar_1:
with tarfile.open(os.path.join(tmpdir, "test-2.gpkg.tar"),
"w") as tar_2:
for f in tar_1.getmembers():
if f.name.endswith(".sig"):
pass
else:
tar_2.addfile(f, tar_1.extractfile(f))
binpkg_2 = gpkg(settings, "test",
os.path.join(tmpdir, "test-2.gpkg.tar"))
self.assertRaises(MissingSignature, binpkg_2.decompress,
os.path.join(tmpdir, "test"))
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_symlink_path(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": ('BINPKG_COMPRESS="none"',),
}
)
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
os.symlink(
"aaaabbbb/ccccdddd/eeeeffff/gggghhhh/iiiijjjj/kkkkllll/"
"mmmmnnnn/oooopppp/qqqqrrrr/sssstttt/uuuuvvvv/wwwwxxxx/"
"yyyyzzzz/00001111/22223333/44445555/66667777/88889999/test",
os.path.join(orig_full_path, "a_long_symlink"),
)
gpkg_file_loc = os.path.join(tmpdir, "test.gpkg.tar")
test_gpkg = gpkg(settings, "test", gpkg_file_loc)
check_result = test_gpkg._check_pre_image_files(
os.path.join(tmpdir, "orig")
)
self.assertEqual(check_result, (0, 14, 166, 0, 0))
test_gpkg.compress(os.path.join(tmpdir, "orig"), {"meta": "test"})
with open(gpkg_file_loc, "rb") as container:
# container
self.assertEqual(
test_gpkg._get_tar_format(container), tarfile.USTAR_FORMAT
)
with tarfile.open(gpkg_file_loc, "r") as container:
metadata = io.BytesIO(container.extractfile("test/metadata.tar").read())
self.assertEqual(
test_gpkg._get_tar_format(metadata), tarfile.USTAR_FORMAT
)
metadata.close()
image = io.BytesIO(container.extractfile("test/image.tar").read())
self.assertEqual(test_gpkg._get_tar_format(image), tarfile.GNU_FORMAT)
image.close()
test_gpkg.decompress(os.path.join(tmpdir, "test"))
r = compare_files(
os.path.join(tmpdir, "orig/", "a_long_symlink"),
os.path.join(tmpdir, "test/", "a_long_symlink"),
skipped_types=("atime", "mtime", "ctime"),
)
self.assertEqual(r, ())
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_extra_files(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": (
'FEATURES="${FEATURES} -binpkg-signing '
'-binpkg-request-signature -gpg-keepalive"',
),
}
)
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
data = urandom(1048576)
with open(os.path.join(orig_full_path, "data"), "wb") as f:
f.write(data)
binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar"))
binpkg_1.compress(orig_full_path, {})
with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1:
with tarfile.open(
os.path.join(tmpdir, "test-2.gpkg.tar"), "w"
) as tar_2:
for f in tar_1.getmembers():
tar_2.addfile(f, tar_1.extractfile(f))
data_tarinfo = tarfile.TarInfo("data2")
data_tarinfo.size = len(data)
data2 = io.BytesIO(data)
tar_2.addfile(data_tarinfo, data2)
data2.close()
binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar"))
self.assertRaises(
DigestException, binpkg_2.decompress, os.path.join(tmpdir, "test")
)
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_short_path(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": ('BINPKG_COMPRESS="none"',),
}
)
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
path_name = (
"aaaabbbb/ccccdddd/eeeeffff/gggghhhh/iiiijjjj/kkkkllll/"
"mmmmnnnn/oooopppp/qqqqrrrr/sssstttt/"
)
orig_full_path = os.path.join(tmpdir, "orig/" + path_name)
os.makedirs(orig_full_path)
with open(os.path.join(orig_full_path, "test"), "wb") as test_file:
test_file.write(urandom(1048576))
gpkg_file_loc = os.path.join(tmpdir, "test.gpkg.tar")
test_gpkg = gpkg(settings, "test", gpkg_file_loc)
check_result = test_gpkg._check_pre_image_files(
os.path.join(tmpdir, "orig")
)
self.assertEqual(check_result, (95, 4, 0, 1048576, 1048576))
test_gpkg.compress(os.path.join(tmpdir, "orig"), {"meta": "test"})
with open(gpkg_file_loc, "rb") as container:
# container
self.assertEqual(
test_gpkg._get_tar_format(container), tarfile.USTAR_FORMAT
)
with tarfile.open(gpkg_file_loc, "r") as container:
metadata = io.BytesIO(container.extractfile("test/metadata.tar").read())
self.assertEqual(
test_gpkg._get_tar_format(metadata), tarfile.USTAR_FORMAT
)
metadata.close()
image = io.BytesIO(container.extractfile("test/image.tar").read())
self.assertEqual(test_gpkg._get_tar_format(image), tarfile.USTAR_FORMAT)
image.close()
test_gpkg.decompress(os.path.join(tmpdir, "test"))
r = compare_files(
os.path.join(tmpdir, "orig/" + path_name + "test"),
os.path.join(tmpdir, "test/" + path_name + "test"),
skipped_types=("atime", "mtime", "ctime"),
)
self.assertEqual(r, ())
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_untrusted_signature(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
gpg_test_path = os.environ["PORTAGE_GNUPGHOME"]
playground = ResolverPlayground(
user_config={
"make.conf": (
'FEATURES="${FEATURES} binpkg-signing '
'binpkg-request-signature"',
'BINPKG_FORMAT="gpkg"',
f'BINPKG_GPG_SIGNING_BASE_COMMAND="flock {gpg_test_path}/portage-binpkg-gpg.lock /usr/bin/gpg --sign --armor --batch --no-tty --yes --pinentry-mode loopback --passphrase GentooTest [PORTAGE_CONFIG]"',
'BINPKG_GPG_SIGNING_DIGEST="SHA512"',
f'BINPKG_GPG_SIGNING_GPG_HOME="{gpg_test_path}"',
'BINPKG_GPG_SIGNING_KEY="0x8812797DDF1DD192"',
'BINPKG_GPG_VERIFY_BASE_COMMAND="/usr/bin/gpg --verify --batch --no-tty --yes --no-auto-check-trustdb --status-fd 1 [PORTAGE_CONFIG] [SIGNATURE]"',
f'BINPKG_GPG_VERIFY_GPG_HOME="{gpg_test_path}"',
),
})
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
gpg = GPG(settings)
gpg.unlock()
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
data = urandom(1048576)
with open(os.path.join(orig_full_path, "data"), "wb") as f:
f.write(data)
binpkg_1 = gpkg(settings, "test",
os.path.join(tmpdir, "test-1.gpkg.tar"))
binpkg_1.compress(orig_full_path, {})
binpkg_2 = gpkg(settings, "test",
os.path.join(tmpdir, "test-1.gpkg.tar"))
self.assertRaises(InvalidSignature, binpkg_2.decompress,
os.path.join(tmpdir, "test"))
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_different_size_file(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": (
'FEATURES="${FEATURES} -binpkg-signing '
'-binpkg-request-signature -gpg-keepalive"',
),
}
)
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
data = urandom(100)
with open(os.path.join(orig_full_path, "data"), "wb") as f:
f.write(data)
binpkg_1 = gpkg(settings, "test", os.path.join(tmpdir, "test-1.gpkg.tar"))
binpkg_1.compress(orig_full_path, {})
with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"), "r") as tar_1:
with tarfile.open(
os.path.join(tmpdir, "test-2.gpkg.tar"), "w"
) as tar_2:
for f in tar_1.getmembers():
tar_2.addfile(f, tar_1.extractfile(f))
tar_2.addfile(f, tar_1.extractfile(f))
binpkg_2 = gpkg(settings, "test", os.path.join(tmpdir, "test-2.gpkg.tar"))
self.assertRaises(
InvalidBinaryPackageFormat,
binpkg_2.decompress,
os.path.join(tmpdir, "test"),
)
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_get_metadata_url(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
if sys.version_info.major == 3 and sys.version_info.minor <= 6:
self.skipTest("http server not support change root dir")
playground = ResolverPlayground(
user_config={
"make.conf": (
'BINPKG_COMPRESS="gzip"',
'FEATURES="${FEATURES} -binpkg-signing '
'-binpkg-request-signature"',
),
})
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
for _ in range(0, 5):
port = random.randint(30000, 60000)
try:
server = self.start_http_server(tmpdir, port)
except OSError:
continue
break
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
with open(os.path.join(orig_full_path, "test"), "wb") as test_file:
test_file.write(urandom(1048576))
gpkg_file_loc = os.path.join(tmpdir, "test.gpkg.tar")
test_gpkg = gpkg(settings, "test", gpkg_file_loc)
meta = {
"test1": b"{abcdefghijklmnopqrstuvwxyz, 1234567890}",
"test2": urandom(102400),
}
test_gpkg.compress(os.path.join(tmpdir, "orig"), meta)
meta_from_url = test_gpkg.get_metadata_url("http://127.0.0.1:" +
str(port) +
"/test.gpkg.tar")
self.assertEqual(meta, meta_from_url)
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_update_metadata(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": ('BINPKG_COMPRESS="gzip"',),
}
)
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
with open(os.path.join(orig_full_path, "test"), "wb") as test_file:
test_file.write(urandom(1048576))
gpkg_file_loc = os.path.join(tmpdir, "test.gpkg.tar")
test_gpkg = gpkg(settings, "test", gpkg_file_loc)
meta = {"test1": b"1234567890", "test2": b"abcdef"}
test_gpkg.compress(os.path.join(tmpdir, "orig"), meta)
meta_result = test_gpkg.get_metadata()
self.assertEqual(meta, meta_result)
meta_new = {"test3": b"0987654321", "test4": b"XXXXXXXX"}
test_gpkg.update_metadata(meta_new)
meta_result = test_gpkg.get_metadata()
self.assertEqual(meta_new, meta_result)
test_gpkg.decompress(os.path.join(tmpdir, "test"))
r = compare_files(
os.path.join(tmpdir, "orig/" + "test"),
os.path.join(tmpdir, "test/" + "test"),
skipped_types=("atime", "mtime", "ctime"),
)
self.assertEqual(r, ())
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_unknown_signature(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": (
'FEATURES="${FEATURES} binpkg-signing '
'binpkg-request-signature"',
'BINPKG_FORMAT="gpkg"',
),
})
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
gpg = GPG(settings)
gpg.unlock()
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
data = urandom(1048576)
with open(os.path.join(orig_full_path, "data"), "wb") as f:
f.write(data)
binpkg_1 = gpkg(settings, "test",
os.path.join(tmpdir, "test-1.gpkg.tar"))
binpkg_1.compress(orig_full_path, {})
with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"),
"r") as tar_1:
with tarfile.open(os.path.join(tmpdir, "test-2.gpkg.tar"),
"w") as tar_2:
for f in tar_1.getmembers():
if f.name == "Manifest":
sig = b"""
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
DATA test/image.tar.zst 1049649 BLAKE2B 3112adba9c09023962f26d9dcbf8e74107c05220f2f29aa2ce894f8a4104c3bb238f87095df73735befcf1e1f6039fc3abf4defa87e68ce80f33dd01e09c055a SHA512 9f584727f2e20a50a30e0077b94082c8c1f517ebfc9978eb3281887e24458108e73d1a2ce82eb0b59f5df7181597e4b0a297ae68bbfb36763aa052e6bdbf2c59
DATA test/image.tar.zst.sig 833 BLAKE2B 214724ae4ff9198879c8c960fd8167632e27982c2278bb873f195abe75b75afa1ebed4c37ec696f5f5bc35c3a1184b60e0b50d56695b072b254f730db01eddb5 SHA512 67316187da8bb6b7a5f9dc6a42ed5c7d72c6184483a97f23c0bebd8b187ac9268e0409eb233c935101606768718c99eaa5699037d6a68c2d88c9ed5331a3f73c
-----BEGIN PGP SIGNATURE-----
iNUEARYIAH0WIQSMe+CQzU+/D/DeMitA3PGOlxUHlQUCYVrQal8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OEM3
QkUwOTBDRDRGQkYwRkYwREUzMjJCNDBEQ0YxOEU5NzE1MDc5NQAKCRBA3PGOlxUH
lbmTAP4jdhMTW6g550/t0V7XcixqVtBockOTln8hZrZIQrjAJAD/caDkxgz5Xl8C
EP1pgSXXGtlUnv6akg/wueFJKEr9KQs=
=edEg
-----END PGP SIGNATURE-----
"""
data = io.BytesIO(sig)
f.size = len(sig)
tar_2.addfile(f, data)
data.close()
else:
tar_2.addfile(f, tar_1.extractfile(f))
binpkg_2 = gpkg(settings, "test",
os.path.join(tmpdir, "test-2.gpkg.tar"))
self.assertRaises(InvalidSignature, binpkg_2.decompress,
os.path.join(tmpdir, "test"))
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_invalid_signature(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
playground = ResolverPlayground(
user_config={
"make.conf": (
'FEATURES="${FEATURES} binpkg-signing '
'binpkg-request-signature"',
'BINPKG_FORMAT="gpkg"',
),
})
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
gpg = GPG(settings)
gpg.unlock()
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
data = urandom(1048576)
with open(os.path.join(orig_full_path, "data"), "wb") as f:
f.write(data)
binpkg_1 = gpkg(settings, "test",
os.path.join(tmpdir, "test-1.gpkg.tar"))
binpkg_1.compress(orig_full_path, {})
with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"),
"r") as tar_1:
with tarfile.open(os.path.join(tmpdir, "test-2.gpkg.tar"),
"w") as tar_2:
for f in tar_1.getmembers():
if f.name == "Manifest":
sig = b"""
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
DATA test/image.tar.zst 1049649 BLAKE2B 3112adba9c09023962f26d9dcbf8e74107c05220f2f29aa2ce894f8a4104c3bb238f87095df73735befcf1e1f6039fc3abf4defa87e68ce80f33dd01e09c055a SHA512 9f584727f2e20a50a30e0077b94082c8c1f517ebfc9978eb3281887e24458108e73d1a2ce82eb0b59f5df7181597e4b0a297ae68bbfb36763aa052e6bdbf2c59
DATA test/image.tar.zst.sig 833 BLAKE2B 214724ae4ff9198879c8c960fd8167632e27982c2278bb873f195abe75b75afa1ebed4c37ec696f5f5bc35c3a1184b60e0b50d56695b072b254f730db01eddb5 SHA512 67316187da8bb6b7a5f9dc6a42ed5c7d72c6184483a97f23c0bebd8b187ac9268e0409eb233c935101606768718c99eaa5699037d6a68c2d88c9ed5331a3f73c
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBrOjEb13XCgNIqkwXZDqBjUhd/YFAmFazXEACgkQXZDqBjUh
d/YFZA//eiXkYAS2NKxim6Ppr1HcZdjU1f6H+zyQzC7OdPkAh7wsVXpSr1aq+giD
G4tNtI6nsFokpA5CMhDf+ffBofKmFY5plk9zyQHr43N/RS5G6pcb2LHk0mQqgIdB
EsZRRD75Na4uGDWjuNHRmsasPTsc9qyW7FLckjwUsVmk9foAoiLYYaTsilsEGqXD
Bl/Z6PaQXvdd8txbcP6dOXfhVT06b+RWcnHI06KQrmFkZjZQh/7bCIeCVwNbXr7d
Obo8SVzCrQbTONei57AkyuRfnPqBfP61k8rQtcDUmCckQQfyaRwoW2nDIewOPfIH
xfvM137to2GEI2RR1TpWmGfu3iQzgC71f4svdX9Tyi5N7aFmfud7LZs6/Un3IdVk
ZH9/AmRzeH6hKllqSv/6WuhjsTNvr0bOzGbskkhqlLga2tml08gHFYOMWRJb/bRz
N8FZMhHzFoc0hsG8SU9uC+OeW+y5NdqpbRnQwgABmAiKEpgAPnABTsr0HjyxvjY+
uCUdvMMHvnTxTjNEZ3Q+UQ2VsSoZzPbW9Y4PuM0XxxmTI8htdn4uIhy9dLNPsJmB
eTE8aov/1uKq9VMsYC8wcx5vLMaR7/O/9XstP+r6PaZwiLlyrKHGexV4O52sj6LC
qGAN3VUF+8EsdcsV781H0F86PANhyBgEYTGDrnItTGe3/vAPjCo=
=S/Vn
-----END PGP SIGNATURE-----
"""
data = io.BytesIO(sig)
f.size = len(sig)
tar_2.addfile(f, data)
data.close()
else:
tar_2.addfile(f, tar_1.extractfile(f))
binpkg_2 = gpkg(settings, "test",
os.path.join(tmpdir, "test-2.gpkg.tar"))
self.assertRaises(InvalidSignature, binpkg_2.decompress,
os.path.join(tmpdir, "test"))
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
def test_gpkg_get_metadata_url_unknown_signature(self):
if sys.version_info.major < 3:
self.skipTest("Not support Python 2")
if sys.version_info.major == 3 and sys.version_info.minor <= 6:
self.skipTest("http server not support change root dir")
playground = ResolverPlayground(
user_config={
"make.conf": (
'BINPKG_COMPRESS="gzip"',
'FEATURES="${FEATURES} binpkg-signing '
'binpkg-request-signature"',
),
})
tmpdir = tempfile.mkdtemp()
try:
settings = playground.settings
gpg = GPG(settings)
gpg.unlock()
for _ in range(0, 5):
port = random.randint(30000, 60000)
try:
server = self.start_http_server(tmpdir, port)
except OSError:
continue
break
orig_full_path = os.path.join(tmpdir, "orig/")
os.makedirs(orig_full_path)
with open(os.path.join(orig_full_path, "test"), "wb") as test_file:
test_file.write(urandom(1048576))
gpkg_file_loc = os.path.join(tmpdir, "test-1.gpkg.tar")
test_gpkg = gpkg(settings, "test", gpkg_file_loc)
meta = {
"test1": b"{abcdefghijklmnopqrstuvwxyz, 1234567890}",
"test2": urandom(102400),
}
test_gpkg.compress(os.path.join(tmpdir, "orig"), meta)
with tarfile.open(os.path.join(tmpdir, "test-1.gpkg.tar"),
"r") as tar_1:
with tarfile.open(os.path.join(tmpdir, "test-2.gpkg.tar"),
"w") as tar_2:
for f in tar_1.getmembers():
if f.name == "test/metadata.tar.gz":
sig = b"""
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRVhCbPGi/rhGTq4nV+k2dcK9uyIgUCXw4ehAAKCRB+k2dcK9uy
IkCfAP49AOYjzuQPP0n5P0SGCINnAVEXN7QLQ4PurY/lt7cT2gEAq01stXjFhrz5
87Koh+ND2r5XfQsz3XeBqbb/BpmbEgo=
=sc5K
-----END PGP SIGNATURE-----
"""
data = io.BytesIO(sig)
f.size = len(sig)
tar_2.addfile(f, data)
data.close()
else:
tar_2.addfile(f, tar_1.extractfile(f))
test_gpkg = gpkg(settings, "test")
self.assertRaises(
InvalidSignature,
test_gpkg.get_metadata_url,
"http://127.0.0.1:" + str(port) + "/test-2.gpkg.tar",
)
finally:
shutil.rmtree(tmpdir)
playground.cleanup()
