-
Notifications
You must be signed in to change notification settings - Fork 305
/
test-admin-gpg.sh
executable file
·159 lines (138 loc) · 5.37 KB
/
test-admin-gpg.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#!/bin/bash
#
# Copyright (C) 2019 Rafael Fonseca <[email protected]>
#
# SPDX-License-Identifier: LGPL-2.0+
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see <https://www.gnu.org/licenses/>.
set -euo pipefail
. $(dirname $0)/libtest.sh
if test -z "${OSTREE_HTTPD}"; then
echo "1..0 #SKIP no ostree-trivial-httpd"
exit 0
fi
setup_os_repository_signed () {
mode=$1
shift
bootmode=$1
shift
bootdir=${1:-usr/lib/modules/3.6.0}
oldpwd=`pwd`
keyid="7FCA23D8472CDAFA"
cd ${test_tmpdir}
mkdir testos-repo
if test -n "$mode"; then
ostree_repo_init testos-repo --mode=${mode}
else
ostree_repo_init testos-repo
fi
cd ${test_tmpdir}
mkdir osdata
cd osdata
kver=3.6.0
mkdir -p usr/bin ${bootdir} usr/lib/modules/${kver} usr/share usr/etc
kernel_path=${bootdir}/vmlinuz
initramfs_path=${bootdir}/initramfs.img
# /usr/lib/modules just uses "vmlinuz", since the version is in the module
# directory name.
if [[ $bootdir != usr/lib/modules/* ]]; then
kernel_path=${kernel_path}-${kver}
initramfs_path=${bootdir}/initramfs-${kver}.img
fi
echo "a kernel" > ${kernel_path}
echo "an initramfs" > ${initramfs_path}
bootcsum=$(cat ${kernel_path} ${initramfs_path} | sha256sum | cut -f 1 -d ' ')
export bootcsum
# Add the checksum for legacy dirs (/boot, /usr/lib/ostree-boot), but not
# /usr/lib/modules.
if [[ $bootdir != usr/lib/modules/* ]]; then
mv ${kernel_path}{,-${bootcsum}}
mv ${initramfs_path}{,-${bootcsum}}
fi
echo "an executable" > usr/bin/sh
echo "some shared data" > usr/share/langs.txt
echo "a library" > usr/lib/libfoo.so.0
ln -s usr/bin bin
cat > usr/etc/os-release <<EOF
NAME=TestOS
VERSION=42
ID=testos
VERSION_ID=42
PRETTY_NAME="TestOS 42"
EOF
echo "a config file" > usr/etc/aconfigfile
mkdir -p usr/etc/NetworkManager
echo "a default daemon file" > usr/etc/NetworkManager/nm.conf
mkdir -p usr/etc/testdirectory
echo "a default daemon file" > usr/etc/testdirectory/test
${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit --add-metadata-string version=1.0.9 -b testos/buildmain/x86_64-runtime -s "Build" --gpg-sign=$keyid --gpg-homedir=${test_tmpdir}/gpghome
# Ensure these commits have distinct second timestamps
sleep 2
echo "a new executable" > usr/bin/sh
${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit --add-metadata-string version=1.0.10 -b testos/buildmain/x86_64-runtime -s "Build" --gpg-sign=$keyid --gpg-homedir=${test_tmpdir}/gpghome
cd ${test_tmpdir}
rm -rf osdata-devel
mkdir osdata-devel
tar -C osdata -cf - . | tar -C osdata-devel -xf -
cd osdata-devel
mkdir -p usr/include
echo "a development header" > usr/include/foo.h
${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit --add-metadata-string version=1.0.9 -b testos/buildmain/x86_64-devel -s "Build" --gpg-sign=$keyid --gpg-homedir=${test_tmpdir}/gpghome
${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo fsck -q
cd ${test_tmpdir}
mkdir sysroot
export OSTREE_SYSROOT=sysroot
${CMD_PREFIX} ostree admin init-fs sysroot
if test -n "${OSTREE_NO_XATTRS:-}"; then
echo -e 'disable-xattrs=true\n' >> sysroot/ostree/repo/config
fi
${CMD_PREFIX} ostree admin os-init testos
case $bootmode in
"syslinux")
setup_os_boot_syslinux
;;
"uboot")
setup_os_boot_uboot
;;
*grub2*)
setup_os_boot_grub2 "${bootmode}"
;;
esac
cd ${test_tmpdir}
mkdir ${test_tmpdir}/httpd
cd httpd
ln -s ${test_tmpdir} ostree
${OSTREE_HTTPD} --autoexit --daemonize -p ${test_tmpdir}/httpd-port
port=$(cat ${test_tmpdir}/httpd-port)
echo "http://127.0.0.1:${port}" > ${test_tmpdir}/httpd-address
cd ${oldpwd}
}
# Exports OSTREE_SYSROOT so --sysroot not needed.
setup_os_repository_signed "archive" "syslinux"
echo "1..2"
${CMD_PREFIX} ostree --repo=sysroot/ostree/repo remote add testos $(cat httpd-address)/ostree/testos-repo
${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --gpg-verify=true --remote=testos testos-repo testos/buildmain/x86_64-runtime
# This initial deployment gets kicked off with some kernel arguments
${CMD_PREFIX} ostree admin deploy --karg=root=LABEL=MOO --karg=quiet --os=testos testos:testos/buildmain/x86_64-runtime
assert_has_dir sysroot/boot/ostree/testos-${bootcsum}
echo "ok deploy command"
${CMD_PREFIX} ostree admin status > status.txt
test -f status.txt
assert_file_has_content status.txt "GPG: Signature made"
assert_not_file_has_content status.txt "GPG: Can't check signature: public key not found"
rm -f status.txt
${CMD_PREFIX} ostree admin status --verify > status.txt
assert_file_has_content status.txt "GPG: Signature made"
rm -f status.txt
echo 'ok gpg signature'