540 lines
18 KiB
Plaintext
540 lines
18 KiB
Plaintext
# rpmsigdig.at: rpm signature and digest tests
|
|
|
|
AT_BANNER([RPM signatures and digests])
|
|
|
|
# ------------------------------
|
|
# Test pre-built package verification
|
|
AT_SETUP([rpmkeys -Kv <unsigned> 1])
|
|
AT_KEYWORDS([rpmkeys digest])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i386.rpm
|
|
],
|
|
[0],
|
|
[/data/RPMS/hello-2.0-1.x86_64.rpm:
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: OK
|
|
MD5 digest: OK
|
|
/data/RPMS/hello-1.0-1.i386.rpm:
|
|
Header SHA1 digest: OK
|
|
MD5 digest: OK
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
|
|
AT_SETUP([rpmkeys -Kv <reconstructed> 1])
|
|
AT_KEYWORDS([rpmkeys digest])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
cp "${RPMTEST}"/data/misc/hello.intro "${RPMTEST}"/data/misc/hello.payload .
|
|
gzip -cd < hello.payload > hello.uc-payload
|
|
cat hello.intro hello.payload > "${RPMTEST}"/tmp/hello-c.rpm
|
|
cat hello.intro hello.uc-payload > "${RPMTEST}"/tmp/hello-uc.rpm
|
|
runroot rpmkeys -Kv /tmp/hello-c.rpm /tmp/hello-uc.rpm
|
|
],
|
|
[1],
|
|
[/tmp/hello-c.rpm:
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: OK
|
|
MD5 digest: OK
|
|
/tmp/hello-uc.rpm:
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 ALT digest: OK
|
|
MD5 digest: BAD (Expected 055607c4dee6464b9415ae726e7d81a7 != 839d24c30e5188e0b83599fbe3865919)
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
|
|
# ------------------------------
|
|
# Test corrupted package verification (corrupted signature)
|
|
AT_SETUP([rpmkeys -Kv <corrupted unsigned> 1])
|
|
AT_KEYWORDS([rpmkeys digest])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
pkg="hello-2.0-1.x86_64.rpm"
|
|
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
|
|
# conv=notrunc bs=1 seek=261 count=6 2> /dev/null
|
|
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
|
|
conv=notrunc bs=1 seek=333 count=4 2> /dev/null
|
|
runroot rpmkeys -Kv /tmp/${pkg}
|
|
],
|
|
[1],
|
|
[/tmp/hello-2.0-1.x86_64.rpm:
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: OK
|
|
MD5 digest: BAD (Expected 007ca1d8b35cca02a1854ba301c5432e != 137ca1d8b35cca02a1854ba301c5432e)
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
# ------------------------------
|
|
# Test corrupted package verification (corrupted header)
|
|
AT_SETUP([rpmkeys -Kv <corrupted unsigned> 2])
|
|
AT_KEYWORDS([rpmkeys digest])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
pkg="hello-2.0-1.x86_64.rpm"
|
|
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
|
|
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
|
|
conv=notrunc bs=1 seek=5555 count=6 2> /dev/null
|
|
runroot rpmkeys -Kv /tmp/${pkg}
|
|
],
|
|
[1],
|
|
[/tmp/hello-2.0-1.x86_64.rpm:
|
|
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
|
|
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
|
|
Payload SHA256 digest: OK
|
|
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e)
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
|
|
# ------------------------------
|
|
# Test corrupted package verification (corrupted payload)
|
|
AT_SETUP([rpmkeys -Kv <corrupted unsigned> 3])
|
|
AT_KEYWORDS([rpmkeys digest])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
pkg="hello-2.0-1.x86_64.rpm"
|
|
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
|
|
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
|
|
conv=notrunc bs=1 seek=7777 count=6 2> /dev/null
|
|
runroot rpmkeys -Kv /tmp/${pkg}
|
|
],
|
|
[1],
|
|
[/tmp/hello-2.0-1.x86_64.rpm:
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
|
|
Payload SHA256 ALT digest: NOTFOUND
|
|
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
|
|
# ------------------------------
|
|
# Test corrupted package verification (corrupted header)
|
|
AT_SETUP([rpmkeys -Kv <corrupted unsigned> 4])
|
|
AT_KEYWORDS([rpmkeys digest])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
pkg="hello-2.0-1.x86_64.rpm"
|
|
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
|
|
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
|
|
conv=notrunc bs=1 seek=4750 count=4 2> /dev/null
|
|
runroot rpmkeys -Kv /tmp/${pkg}
|
|
],
|
|
[1],
|
|
[/tmp/hello-2.0-1.x86_64.rpm:
|
|
],
|
|
[error: /tmp/hello-2.0-1.x86_64.rpm: tag[[13]]: BAD, tag 1028 type 0 offset 116 count 5 len 7]
|
|
)
|
|
AT_CLEANUP
|
|
# ------------------------------
|
|
# Reproducably build and verify a package
|
|
AT_SETUP([rpmkeys -Kv <unsigned> 2])
|
|
AT_KEYWORDS([rpmkeys digest])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
runroot rpmbuild -bb --quiet \
|
|
--define "%optflags -O2 -g" \
|
|
--define "%_target_platform noarch-linux" \
|
|
--define "%_binary_payload w.ufdio" \
|
|
--define "%_buildhost localhost" \
|
|
--define "%use_source_date_epoch_as_buildtime 1" \
|
|
--define "%source_date_epoch_from_changelog 1" \
|
|
--define "%clamp_mtime_to_source_date_epoch 1" \
|
|
/data/SPECS/attrtest.spec
|
|
for v in SHA256HEADER SHA1HEADER SIGMD5 PAYLOADDIGEST PAYLOADDIGESTALT; do
|
|
runroot rpm -q --qf "${v}: %{${v}}\n" /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm
|
|
done
|
|
runroot rpmkeys -Kv /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm
|
|
],
|
|
[0],
|
|
[SHA256HEADER: ecdd12545e76512430e4e54f5aedbf5373f45e5ad1bd7235ffc2c30f40a607ca
|
|
SHA1HEADER: be3a99867782903e25814dd88ea5b78c622f6ff0
|
|
SIGMD5: 774288509de3b5cff29562557b9efdd9
|
|
PAYLOADDIGEST: ba951e9327654ed94e5261315ef8a74269ccf7ae93412ce9627d02e34247f9bc
|
|
PAYLOADDIGESTALT: ba951e9327654ed94e5261315ef8a74269ccf7ae93412ce9627d02e34247f9bc
|
|
/build/RPMS/noarch/attrtest-1.0-1.noarch.rpm:
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 ALT digest: OK
|
|
Payload SHA256 digest: OK
|
|
MD5 digest: OK
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
|
|
# ------------------------------
|
|
# Import a public RSA key
|
|
AT_SETUP([rpmkeys --import rsa])
|
|
AT_KEYWORDS([rpmkeys import])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
|
|
runroot rpm -qi gpg-pubkey-1964c5fc-58e63918|grep -v Date|grep -v Version:
|
|
runroot rpm -q --provides gpg-pubkey-1964c5fc-58e63918
|
|
],
|
|
[0],
|
|
[Name : gpg-pubkey
|
|
Version : 1964c5fc
|
|
Release : 58e63918
|
|
Architecture: (none)
|
|
Group : Public Keys
|
|
Size : 0
|
|
License : pubkey
|
|
Signature : (none)
|
|
Source RPM : (none)
|
|
Build Host : localhost
|
|
Packager : rpm.org RSA testkey <rsa@rpm.org>
|
|
Summary : rpm.org RSA testkey <rsa@rpm.org> public key
|
|
Description :
|
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
|
|
mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
|
|
HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
|
|
91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
|
|
eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
|
|
7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
|
|
1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
|
|
c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
|
|
CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
|
|
Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
|
|
BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
|
|
XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
|
|
fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
|
|
+mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
|
|
BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
|
|
zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
|
|
iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
|
|
Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
|
|
KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
|
|
L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAGJAR8EGAEIAAkFAljmORgCGwwA
|
|
CgkQQ0RZHhlkxfzwDQf/Y5on5o+s/xD3tDyRYa6SErfT44lEArdCD7Yi+cygJFox
|
|
3jyM8ovtJAkwRegwyxcaLN7zeG1p1Sk9ZAYWQEJT6qSU4Ppu+CVGHgxgnTcfUiu6
|
|
EZZQE6srvua53IMY1lT50M7vx0T5VicHFRWBFV2C/Mc32p7cEE6nn45nEZgUXQNl
|
|
ySEyvoRlsAJq6gFsfqucVz2vMJDTMVczUtq1CjvUqFbif8JVL36EoZCf1SeRw6d6
|
|
s1Kp3AA33Rjd+Uw87HJ4EIB75zMFQX2H0ggAVdYTQcqGXHP5MZK1jJrHfxJyMi3d
|
|
UNW2iqnN3BA7guhOv6OMiROF1+I7Q5nWT63mQC7IgQ==
|
|
=Z6nu
|
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
|
|
gpg(rpm.org RSA testkey <rsa@rpm.org>) = 4:4344591e1964c5fc-58e63918
|
|
gpg(1964c5fc) = 4:4344591e1964c5fc-58e63918
|
|
gpg(4344591e1964c5fc) = 4:4344591e1964c5fc-58e63918
|
|
gpg(f00650f8) = 4:185e6146f00650f8-58e63918
|
|
gpg(185e6146f00650f8) = 4:185e6146f00650f8-58e63918
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
|
|
# ------------------------------
|
|
# Test pre-built package verification
|
|
AT_SETUP([rpmkeys -K <signed> 1])
|
|
AT_KEYWORDS([rpmkeys digest signature])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
runroot rpmkeys -K /data/RPMS/hello-2.0-1.x86_64-signed.rpm
|
|
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
|
|
runroot rpmkeys -K /data/RPMS/hello-2.0-1.x86_64-signed.rpm
|
|
],
|
|
[0],
|
|
[[/data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests SIGNATURES NOT OK
|
|
/data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests signatures OK
|
|
]],
|
|
[])
|
|
AT_CLEANUP
|
|
|
|
# ------------------------------
|
|
# Test pre-built package verification
|
|
AT_SETUP([rpmkeys -Kv <signed> 1])
|
|
AT_KEYWORDS([rpmkeys digest signature])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $?
|
|
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub; echo $?
|
|
runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $?
|
|
runroot rpmkeys -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $?
|
|
runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $?
|
|
],
|
|
[0],
|
|
[/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: OK
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
|
|
MD5 digest: OK
|
|
1
|
|
0
|
|
/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: OK
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
|
|
MD5 digest: OK
|
|
0
|
|
/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
|
|
0
|
|
/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: OK
|
|
MD5 digest: OK
|
|
0
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
|
|
# ------------------------------
|
|
# Test pre-built corrupted package verification (corrupted signature)
|
|
AT_SETUP([rpmkeys -Kv <corrupted signed> 1])
|
|
AT_KEYWORDS([rpmkeys digest signature])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
pkg="hello-2.0-1.x86_64-signed.rpm"
|
|
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
|
|
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
|
|
conv=notrunc bs=1 seek=264 count=6 2> /dev/null
|
|
|
|
runroot rpmkeys -Kv /tmp/${pkg}
|
|
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
|
|
runroot rpmkeys -Kv /tmp/${pkg}
|
|
],
|
|
[1],
|
|
[/tmp/hello-2.0-1.x86_64-signed.rpm:
|
|
Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: OK
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
|
|
MD5 digest: OK
|
|
/tmp/hello-2.0-1.x86_64-signed.rpm:
|
|
Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: OK
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
|
|
MD5 digest: OK
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
# ------------------------------
|
|
# Test pre-built corrupted package verification (corrupted header)
|
|
AT_SETUP([rpmkeys -Kv <corrupted signed> 2])
|
|
AT_KEYWORDS([rpmkeys digest signature])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
pkg="hello-2.0-1.x86_64-signed.rpm"
|
|
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
|
|
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
|
|
conv=notrunc bs=1 seek=5555 count=6 2> /dev/null
|
|
|
|
runroot rpmkeys -Kv /tmp/${pkg}
|
|
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
|
|
runroot rpmkeys -Kv /tmp/${pkg}
|
|
],
|
|
[1],
|
|
[/tmp/hello-2.0-1.x86_64-signed.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
|
|
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
|
|
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
|
|
Payload SHA256 digest: OK
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
|
|
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e)
|
|
/tmp/hello-2.0-1.x86_64-signed.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
|
|
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
|
|
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
|
|
Payload SHA256 digest: OK
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
|
|
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e)
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
|
|
# ------------------------------
|
|
# Test pre-built corrupted package verification (corrupted payload)
|
|
AT_SETUP([rpmkeys -Kv <corrupted signed> 3])
|
|
AT_KEYWORDS([rpmkeys digest signature])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
pkg="hello-2.0-1.x86_64-signed.rpm"
|
|
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
|
|
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
|
|
conv=notrunc bs=1 seek=7777 count=6 2> /dev/null
|
|
|
|
runroot rpmkeys -Kv /tmp/${pkg}
|
|
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
|
|
runroot rpmkeys -Kv /tmp/${pkg}
|
|
],
|
|
[1],
|
|
[/tmp/hello-2.0-1.x86_64-signed.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
|
|
Payload SHA256 ALT digest: NOTFOUND
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
|
|
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
|
|
/tmp/hello-2.0-1.x86_64-signed.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
|
|
Payload SHA256 ALT digest: NOTFOUND
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
|
|
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
|
|
],
|
|
[])
|
|
AT_CLEANUP
|
|
|
|
# ------------------------------
|
|
# Test --addsign
|
|
AT_SETUP([rpmsign --addsign])
|
|
AT_KEYWORDS([rpmsign signature])
|
|
RPMDB_INIT
|
|
gpg2 --import ${RPMTEST}/data/keys/*.secret
|
|
# Our keys have no passphrases to be asked, silence GPG_TTY warning
|
|
export GPG_TTY=""
|
|
|
|
# rpmsign --addsign --rpmv3 <unsigned>
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
|
|
run rpmsign --key-id 1964C5FC --rpmv3 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
|
|
echo PRE-IMPORT
|
|
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
|
|
echo POST-IMPORT
|
|
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
|
|
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
|
|
run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
|
|
echo POST-DELSIGN
|
|
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
|
|
],
|
|
[0],
|
|
[PRE-IMPORT
|
|
/tmp/hello-2.0-1.x86_64.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
|
|
POST-IMPORT
|
|
/tmp/hello-2.0-1.x86_64.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
|
|
POST-DELSIGN
|
|
/tmp/hello-2.0-1.x86_64.rpm:
|
|
],
|
|
[])
|
|
|
|
# rpmsign --addsign <unsigned>
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
|
|
run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
|
|
echo PRE-IMPORT
|
|
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
|
|
echo POST-IMPORT
|
|
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
|
|
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
|
|
run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
|
|
echo POST-DELSIGN
|
|
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
|
|
],
|
|
[0],
|
|
[PRE-IMPORT
|
|
/tmp/hello-2.0-1.x86_64.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
|
|
POST-IMPORT
|
|
/tmp/hello-2.0-1.x86_64.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
|
|
POST-DELSIGN
|
|
/tmp/hello-2.0-1.x86_64.rpm:
|
|
],
|
|
[])
|
|
|
|
# rpmsign --addsign <signed>
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/
|
|
run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping"
|
|
],
|
|
[0],
|
|
[],
|
|
[])
|
|
|
|
# rpmsign --addsign <corrupted>
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
pkg="hello-2.0-1.x86_64.rpm"
|
|
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
|
|
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
|
|
conv=notrunc bs=1 seek=333 count=4 2> /dev/null
|
|
run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}/tmp/${pkg}" >/dev/null 2> stderr
|
|
echo $?
|
|
grep -c "error: not signing corrupt package " stderr
|
|
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm
|
|
echo $?
|
|
],
|
|
[],
|
|
[1
|
|
1
|
|
/tmp/hello-2.0-1.x86_64.rpm:
|
|
Header SHA256 digest: OK
|
|
Header SHA1 digest: OK
|
|
Payload SHA256 digest: OK
|
|
MD5 digest: BAD (Expected 007ca1d8b35cca02a1854ba301c5432e != 137ca1d8b35cca02a1854ba301c5432e)
|
|
1
|
|
],
|
|
[])
|
|
gpgconf --kill gpg-agent
|
|
AT_CLEANUP
|
|
|
|
# ------------------------------
|
|
# Test --delsign
|
|
AT_SETUP([rpmsign --delsign])
|
|
AT_KEYWORDS([rpmsign signature])
|
|
AT_CHECK([
|
|
RPMDB_INIT
|
|
|
|
cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/
|
|
echo PRE-DELSIGN
|
|
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm|grep -v digest
|
|
echo POST-DELSIGN
|
|
run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm > /dev/null
|
|
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm|grep -v digest
|
|
],
|
|
[0],
|
|
[PRE-DELSIGN
|
|
/tmp/hello-2.0-1.x86_64-signed.rpm:
|
|
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
|
|
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
|
|
POST-DELSIGN
|
|
/tmp/hello-2.0-1.x86_64-signed.rpm:
|
|
],
|
|
[])
|
|
AT_CLEANUP
|