diff --git a/tests/test-signed-commit.sh b/tests/test-signed-commit.sh index 73218528ce..3fac605e8c 100755 --- a/tests/test-signed-commit.sh +++ b/tests/test-signed-commit.sh @@ -21,8 +21,6 @@ set -euo pipefail . $(dirname $0)/libtest.sh -echo "1..11" - # This is explicitly opt in for testing export OSTREE_DUMMY_SIGN_ENABLED=1 @@ -40,17 +38,17 @@ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy ${COMMIT} # Ensure that detached metadata really contain expected string EXPECTEDSIGN="$(echo $DUMMYSIGN | hexdump -n 9 -e '8/1 "0x%.2x, " 1/1 " 0x%.2x"')" ${CMD_PREFIX} ostree --repo=repo show ${COMMIT} --print-detached-metadata-key=ostree.sign.dummy | grep -q -e "${EXPECTEDSIGN}" -echo "ok Detached dummy signature added" +tap_ok "Detached dummy signature added" # Verify vith sign mechanism ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} -echo "ok dummy signature verified" +tap_ok "dummy signature verified" echo "Signed commit with dummy key: ${DUMMYSIGN}" >> file.txt ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo commit -b main -s 'Signed with dummy module' --sign=${DUMMYSIGN} --sign-type=dummy COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)" ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} -echo "ok commit with dummy signing" +tap_ok "commit with dummy signing" if ${CMD_PREFIX} env -u OSTREE_DUMMY_SIGN_ENABLED ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} 2>err.txt; then fatal "verified dummy signature without env" @@ -58,17 +56,17 @@ fi # FIXME the error message here is broken #assert_file_has_content_literal err.txt 'dummy signature type is only for ostree testing' assert_file_has_content_literal err.txt ' No valid signatures found' -echo "ok dummy sig requires env" +tap_ok "dummy sig requires env" # tests below require libsodium support if ! has_ostree_feature sign-ed25519; then - echo "ok Detached ed25519 signature # SKIP due libsodium unavailability" - echo "ok ed25519 signature verified # SKIP due libsodium unavailability" - echo "ok multiple signing # SKIP due libsodium unavailability" - echo "ok verify ed25519 keys file # SKIP due libsodium unavailability" - echo "ok sign with ed25519 keys file # SKIP due libsodium unavailability" - echo "ok verify ed25519 system-wide configuration # SKIP due libsodium unavailability" - echo "ok verify ed25519 revoking keys mechanism # SKIP due libsodium unavailability" + tap_ok "Detached ed25519 signature # SKIP due libsodium unavailability" + tap_ok "ed25519 signature verified # SKIP due libsodium unavailability" + tap_ok "multiple signing # SKIP due libsodium unavailability" + tap_ok "verify ed25519 keys file # SKIP due libsodium unavailability" + tap_ok "sign with ed25519 keys file # SKIP due libsodium unavailability" + tap_ok "verify ed25519 system-wide configuration # SKIP due libsodium unavailability" + tap_ok "verify ed25519 revoking keys mechanism # SKIP due libsodium unavailability" exit 0 fi @@ -87,7 +85,7 @@ COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)" # Ensure that detached metadata contain signature ${CMD_PREFIX} ostree --repo=repo show ${COMMIT} --print-detached-metadata-key=ostree.sign.ed25519 &>/dev/null -echo "ok Detached ed25519 signature added" +tap_ok "Detached ed25519 signature added" # Verify vith sign mechanism if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${WRONG_PUBLIC}; then @@ -99,7 +97,7 @@ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed255 ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} $(gen_ed25519_random_public) $(gen_ed25519_random_public) ${PUBLIC} ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} ${PUBLIC} $(gen_ed25519_random_public) $(gen_ed25519_random_public) ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 ${COMMIT} $(gen_ed25519_random_public) $(gen_ed25519_random_public) ${PUBLIC} $(gen_ed25519_random_public) $(gen_ed25519_random_public) -echo "ok ed25519 signature verified" +tap_ok "ed25519 signature verified" # Check if we are able to use all available modules to sign the same commit echo "Unsigned commit for multi-sign" >> file.txt @@ -121,7 +119,7 @@ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed2551 assert_file_has_content out.txt "ed25519: Signature verified successfully with key" ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} >out.txt assert_file_has_content out.txt "dummy: Signature verified" -echo "ok multiple signing " +tap_ok "multiple signing " # Prepare files with public ed25519 signatures PUBKEYS="$(mktemp -p ${test_tmpdir} ed25519_XXXXXX.ed25519)" @@ -163,7 +161,7 @@ ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed2551 echo ${PUBLIC} >> ${PUBKEYS} ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} -echo "ok verify ed25519 keys file" +tap_ok "verify ed25519 keys file" # Check ed25519 signing with secret file echo "Unsigned commit for secret file usage" >> file.txt @@ -176,7 +174,7 @@ echo "${SECRET}" > ${KEYFILE} ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=ed25519 --keys-file=${KEYFILE} ${COMMIT} # Verify ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} -echo "ok sign with ed25519 keys file" +tap_ok "sign with ed25519 keys file" # Check the well-known places mechanism mkdir -p ${test_tmpdir}/{trusted,revoked}.ed25519.d @@ -192,7 +190,7 @@ echo ${PUBLIC} > ${test_tmpdir}/trusted.ed25519.d/correct # Verify with correct key ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-dir=${test_tmpdir} ${COMMIT} -echo "ok verify ed25519 system-wide configuration" +tap_ok "verify ed25519 system-wide configuration" # Add the public key into revoked list echo ${PUBLIC} > ${test_tmpdir}/revoked.ed25519.d/correct @@ -201,4 +199,6 @@ if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed2 exit 1 fi rm -rf ${test_tmpdir}/{trusted,revoked}.ed25519.d -echo "ok verify ed25519 revoking keys mechanism" +tap_ok "verify ed25519 revoking keys mechanism" + +tap_end