Пример #1
0
def test_download_gpg_key_if_needed(keyid, ok):
    cf = CommitVerifier()
    if ok:
        assert cf.download_gpg_key_if_needed(keyid)
    else:
        with pytest.raises(PackitException):
            cf.download_gpg_key_if_needed(keyid)
Пример #2
0
def test_check_signature_of_commit_not_present_key(
    key,
    first_sign,
    second_sign,
    allowed_keys,
    local_keys,
    local_keys_after_download,
    valid,
    download_times,
):
    gpg_flexmock = flexmock(GPG)
    gpg_flexmock.should_receive("list_keys").and_return(
        flexmock(fingerprints=local_keys))

    gpg_flexmock.should_receive("recv_keys").and_return(
        flexmock(fingerprints=["fingerprint"])).times(download_times)

    repo_mock = flexmock(git=flexmock().should_receive("show").and_return(
        first_sign).and_return(key).and_return(second_sign).mock())

    verifier = CommitVerifier()
    is_valid = verifier.check_signature_of_commit(
        commit=flexmock(hexsha="abcd", repo=repo_mock),
        possible_key_fingerprints=allowed_keys,
    )
    assert is_valid == valid
Пример #3
0
    def check_last_commit(self) -> None:
        if self.allowed_gpg_keys is None:
            logger.debug("Allowed GPG keys are not set, skipping the verification.")
            return

        ver = CommitVerifier()
        last_commit = self.local_project.git_repo.head.commit
        valid = ver.check_signature_of_commit(
            commit=last_commit, possible_key_fingerprints=self.allowed_gpg_keys
        )
        if not valid:
            msg = f"Last commit '{last_commit.hexsha}' not signed by the authorized gpg key."
            logger.warning(msg)
            raise PackitException(msg)
Пример #4
0
def test_get_commit_signature_status(sign, status):
    """Just to be sure we do not mess anything in the future."""
    repo_mock = flexmock(
        git=flexmock().should_receive("show").and_return(sign).mock())

    status_found = CommitVerifier.get_commit_signature_status(
        commit=flexmock(hexsha="abcd", repo=repo_mock))
    assert status_found == status
Пример #5
0
def test_check_signature_of_commit_key_not_found():
    gpg_flexmock = flexmock(GPG)

    # No key present
    gpg_flexmock.should_receive("list_keys").and_return(flexmock(fingerprints=[]))

    # No key received
    gpg_flexmock.should_receive("recv_keys").and_return(flexmock(fingerprints=[]))

    # Signature cannot be checked
    repo_mock = flexmock(git=flexmock().should_receive("show").and_return("E").mock())

    verifier = CommitVerifier()
    with pytest.raises(PackitException) as ex:
        verifier.check_signature_of_commit(
            commit=flexmock(hexsha="abcd", repo=repo_mock),
            possible_key_fingerprints=["a"],
        )
    assert "Cannot receive" in str(ex)