rpm/tests/rpmsigdig.at

450 lines
15 KiB
Plaintext

# rpmsigdig.at: rpm signature and digest tests
AT_BANNER([RPM signatures and digests])
# ------------------------------
# Test pre-built package verification
AT_SETUP([rpmkeys -Kv <unsigned> 1])
AT_KEYWORDS([rpmkeys digest])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i386.rpm
],
[0],
[/data/RPMS/hello-2.0-1.x86_64.rpm:
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: OK
MD5 digest: OK
/data/RPMS/hello-1.0-1.i386.rpm:
Header SHA1 digest: OK
MD5 digest: OK
],
[])
AT_CLEANUP
# ------------------------------
# Test corrupted package verification (corrupted signature)
AT_SETUP([rpmkeys -Kv <corrupted unsigned> 1])
AT_KEYWORDS([rpmkeys digest])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
pkg="hello-2.0-1.x86_64.rpm"
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
# conv=notrunc bs=1 seek=261 count=6 2> /dev/null
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
conv=notrunc bs=1 seek=333 count=4 2> /dev/null
runroot rpmkeys -Kv /tmp/${pkg}
],
[1],
[/tmp/hello-2.0-1.x86_64.rpm:
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: OK
MD5 digest: BAD (Expected 007ca1d8b35cca02a1854ba301c5432e != 137ca1d8b35cca02a1854ba301c5432e)
],
[])
AT_CLEANUP
# ------------------------------
# Test corrupted package verification (corrupted header)
AT_SETUP([rpmkeys -Kv <corrupted unsigned> 2])
AT_KEYWORDS([rpmkeys digest])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
pkg="hello-2.0-1.x86_64.rpm"
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
conv=notrunc bs=1 seek=5555 count=6 2> /dev/null
runroot rpmkeys -Kv /tmp/${pkg}
],
[1],
[/tmp/hello-2.0-1.x86_64.rpm:
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
Payload SHA256 digest: OK
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e)
],
[])
AT_CLEANUP
# ------------------------------
# Test corrupted package verification (corrupted payload)
AT_SETUP([rpmkeys -Kv <corrupted unsigned> 3])
AT_KEYWORDS([rpmkeys digest])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
pkg="hello-2.0-1.x86_64.rpm"
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
conv=notrunc bs=1 seek=7777 count=6 2> /dev/null
runroot rpmkeys -Kv /tmp/${pkg}
],
[1],
[/tmp/hello-2.0-1.x86_64.rpm:
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
],
[])
AT_CLEANUP
# ------------------------------
# Reproducably build and verify a package
AT_SETUP([rpmkeys -Kv <unsigned> 2])
AT_KEYWORDS([rpmkeys digest])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
runroot rpmbuild -bb --quiet \
--define "%optflags -O2 -g" \
--define "%_target_platform noarch-linux" \
--define "%_binary_payload w.ufdio" \
--define "%_buildhost localhost" \
--define "%source_date_epoch_from_changelog 1" \
--define "%clamp_mtime_to_source_date_epoch 1" \
/data/SPECS/attrtest.spec
runroot rpmkeys -Kv /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm
],
[0],
[/build/RPMS/noarch/attrtest-1.0-1.noarch.rpm:
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: OK
MD5 digest: OK
],
[])
AT_CLEANUP
# ------------------------------
# Import a public RSA key
AT_SETUP([rpmkeys --import rsa])
AT_KEYWORDS([rpmkeys import])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpm -qi gpg-pubkey-1964c5fc-58e63918|grep -v Date|grep -v Version:
runroot rpm -q --provides gpg-pubkey-1964c5fc-58e63918
],
[0],
[Name : gpg-pubkey
Version : 1964c5fc
Release : 58e63918
Architecture: (none)
Group : Public Keys
Size : 0
License : pubkey
Signature : (none)
Source RPM : (none)
Build Host : localhost
Relocations : (not relocatable)
Packager : rpm.org RSA testkey <rsa@rpm.org>
Summary : rpm.org RSA testkey <rsa@rpm.org> public key
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
+mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAGJAR8EGAEIAAkFAljmORgCGwwA
CgkQQ0RZHhlkxfzwDQf/Y5on5o+s/xD3tDyRYa6SErfT44lEArdCD7Yi+cygJFox
3jyM8ovtJAkwRegwyxcaLN7zeG1p1Sk9ZAYWQEJT6qSU4Ppu+CVGHgxgnTcfUiu6
EZZQE6srvua53IMY1lT50M7vx0T5VicHFRWBFV2C/Mc32p7cEE6nn45nEZgUXQNl
ySEyvoRlsAJq6gFsfqucVz2vMJDTMVczUtq1CjvUqFbif8JVL36EoZCf1SeRw6d6
s1Kp3AA33Rjd+Uw87HJ4EIB75zMFQX2H0ggAVdYTQcqGXHP5MZK1jJrHfxJyMi3d
UNW2iqnN3BA7guhOv6OMiROF1+I7Q5nWT63mQC7IgQ==
=Z6nu
-----END PGP PUBLIC KEY BLOCK-----
gpg(rpm.org RSA testkey <rsa@rpm.org>) = 4:4344591e1964c5fc-58e63918
gpg(1964c5fc) = 4:4344591e1964c5fc-58e63918
gpg(4344591e1964c5fc) = 4:4344591e1964c5fc-58e63918
gpg(f00650f8) = 4:185e6146f00650f8-58e63918
gpg(185e6146f00650f8) = 4:185e6146f00650f8-58e63918
],
[])
AT_CLEANUP
# ------------------------------
# Test pre-built package verification
AT_SETUP([rpmkeys -K <signed> 1])
AT_KEYWORDS([rpmkeys digest signature])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
runroot rpmkeys -K /data/RPMS/hello-2.0-1.x86_64-signed.rpm
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpmkeys -K /data/RPMS/hello-2.0-1.x86_64-signed.rpm
],
[0],
[[/data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests SIGNATURES NOT OK
/data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests signatures OK
]],
[])
AT_CLEANUP
# ------------------------------
# Test pre-built package verification
AT_SETUP([rpmkeys -Kv <signed> 1])
AT_KEYWORDS([rpmkeys digest signature])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64-signed.rpm
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64-signed.rpm
runroot rpmkeys -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm
runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm
],
[0],
[/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
MD5 digest: OK
/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
MD5 digest: OK
/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: OK
MD5 digest: OK
],
[])
AT_CLEANUP
# ------------------------------
# Test pre-built corrupted package verification (corrupted signature)
AT_SETUP([rpmkeys -Kv <corrupted signed> 1])
AT_KEYWORDS([rpmkeys digest signature])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
pkg="hello-2.0-1.x86_64-signed.rpm"
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
conv=notrunc bs=1 seek=264 count=6 2> /dev/null
runroot rpmkeys -Kv /tmp/${pkg}
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpmkeys -Kv /tmp/${pkg}
],
[1],
[/tmp/hello-2.0-1.x86_64-signed.rpm:
Header signature: BAD (package tag 268: invalid OpenPGP signature)
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
MD5 digest: OK
/tmp/hello-2.0-1.x86_64-signed.rpm:
Header signature: BAD (package tag 268: invalid OpenPGP signature)
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
MD5 digest: OK
],
[])
AT_CLEANUP
# ------------------------------
# Test pre-built corrupted package verification (corrupted header)
AT_SETUP([rpmkeys -Kv <corrupted signed> 2])
AT_KEYWORDS([rpmkeys digest signature])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
pkg="hello-2.0-1.x86_64-signed.rpm"
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
conv=notrunc bs=1 seek=5555 count=6 2> /dev/null
runroot rpmkeys -Kv /tmp/${pkg}
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpmkeys -Kv /tmp/${pkg}
],
[1],
[/tmp/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e)
/tmp/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e)
],
[])
AT_CLEANUP
# ------------------------------
# Test pre-built corrupted package verification (corrupted payload)
AT_SETUP([rpmkeys -Kv <corrupted signed> 3])
AT_KEYWORDS([rpmkeys digest signature])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
pkg="hello-2.0-1.x86_64-signed.rpm"
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
conv=notrunc bs=1 seek=7777 count=6 2> /dev/null
runroot rpmkeys -Kv /tmp/${pkg}
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpmkeys -Kv /tmp/${pkg}
],
[1],
[/tmp/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
/tmp/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
Header SHA1 digest: OK
Header SHA256 digest: OK
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
],
[])
AT_CLEANUP
# ------------------------------
# Test --addsign
AT_SETUP([rpmsign --addsign <unsigned>])
AT_KEYWORDS([rpmsign signature])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo PRE-IMPORT
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
echo POST-IMPORT
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo POST-DELSIGN
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
],
[0],
[PRE-IMPORT
/tmp/hello-2.0-1.x86_64.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
POST-IMPORT
/tmp/hello-2.0-1.x86_64.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
POST-DELSIGN
/tmp/hello-2.0-1.x86_64.rpm:
],
[])
AT_CLEANUP
# ------------------------------
# Test --delsign
AT_SETUP([rpmsign --delsign <package>])
AT_KEYWORDS([rpmsign signature])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/
echo PRE-DELSIGN
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm|grep -v digest
echo POST-DELSIGN
run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm > /dev/null
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm|grep -v digest
],
[0],
[PRE-DELSIGN
/tmp/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
POST-DELSIGN
/tmp/hello-2.0-1.x86_64-signed.rpm:
],
[])
AT_CLEANUP
# ------------------------------
# Test --addsign
AT_SETUP([rpmsign --addsign <signed>])
AT_KEYWORDS([rpmsign signature])
AT_CHECK([
RPMDB_CLEAR
RPMDB_INIT
rm -rf "${TOPDIR}"
cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping"
],
[0],
[],
[])
AT_CLEANUP