Cradicle Explorer
HardenedBSD-pkg
/ tests / frontend / fingerprint.sh
fingerprint.sh
  1  #! /usr/bin/env atf-sh
  2  
  3  . $(atf_get_srcdir)/test_environment.sh
  4  
  5  tests_init \
  6  	fingerprint_ecc \
  7  	fingerprint_rsa \
  8  	fingerprint_rootdir
  9  
 10  setup() {
 11  	local _root=$1
 12  	local _type=$2
 13  	local _fingerprint
 14  	local _typecmd
 15  
 16  	case "$_type" in
 17  	rsa)
 18  		atf_skip_on Linux Test fails on Linux
 19  		atf_check -o save:repo.pub -e ignore \
 20  			pkg key --create repo.key
 21  		keyform=""
 22  		_typecmd=""
 23  		;;
 24  	ecc)
 25  		atf_skip_on Linux Test fails on Linux
 26  		atf_check -o ignore -e ignore \
 27  			openssl ecparam -genkey -name secp256k1 -out repo.key -outform DER
 28  		chmod 0400 repo.key
 29  		atf_check -o ignore -e ignore \
 30  			openssl ec -inform DER -in repo.key -pubout -out repo.pub -outform DER
 31  		keyform="-keyform DER"
 32  		_typecmd='printf "%s\n%s\n" "TYPE" "ecdsa"'
 33  		;;
 34  	esac
 35  
 36  	rm -rf ${TMPDIR}/keys || :
 37  	mkdir -p ${_root}/${TMPDIR}/keys/trusted
 38  	mkdir -p ${_root}/${TMPDIR}/keys/revoked
 39  	_fingerprint=$(openssl dgst -sha256 -hex repo.pub | sed 's/^.* //')
 40  	echo "function: sha256" > ${_root}/${TMPDIR}/keys/trusted/key
 41  	echo "fingerprint: \"${_fingerprint}\"" >> ${_root}/${TMPDIR}/keys/trusted/key
 42  	mkdir fakerepo
 43  
 44  	cat >> sign.sh << EOF
 45  #!/bin/sh
 46  read -t 2 sum
 47  [ -z "\$sum" ] && exit 1
 48  
 49  $_typecmd
 50  echo SIGNATURE
 51  echo -n \$sum | openssl dgst $keyform -sign repo.key -sha256 -binary
 52  echo
 53  echo CERT
 54  cat repo.pub
 55  echo END
 56  EOF
 57  
 58  	atf_check -s exit:0 sh ${RESOURCEDIR}/test_subr.sh new_pkg "test" "test" "1"
 59  
 60  	atf_check -o ignore -e ignore \
 61  		pkg create -M test.ucl -o fakerepo
 62  	atf_check -o ignore \
 63  		pkg repo fakerepo signing_command: sh sign.sh
 64  
 65  	cat >> repo.conf << EOF
 66  local: {
 67  	url: file:///${TMPDIR}/fakerepo
 68  	enabled: true
 69  	signature_type: FINGERPRINTS
 70  	fingerprints: ${TMPDIR}/keys
 71  }
 72  EOF
 73  }
 74  
 75  fingerprint_ecc_body() {
 76  	setup "" "ecc"
 77  
 78  	atf_check \
 79  		-o ignore \
 80  		-e match:".*extracting signature of repo.*" \
 81  		pkg -dd -o REPOS_DIR="${TMPDIR}" \
 82  		-o PKG_CACHEDIR="${TMPDIR}" update
 83  }
 84  
 85  fingerprint_rsa_body() {
 86  	setup "" "rsa"
 87  
 88  	atf_check \
 89  		-o ignore \
 90  		-e match:".*extracting signature of repo.*" \
 91  		pkg -dd -o REPOS_DIR="${TMPDIR}" \
 92  		-o PKG_CACHEDIR="${TMPDIR}" update
 93  }
 94  
 95  fingerprint_rootdir_body() {
 96  	setup "${TMPDIR}/rootdir" "rsa"
 97  
 98  	atf_check \
 99  		-o ignore \
100  		-e match:".*extracting signature of repo.*" \
101  		pkg -dd -o REPOS_DIR="${TMPDIR}" \
102  		-o PKG_CACHEDIR="${TMPDIR}" -r "${TMPDIR}/rootdir" update
103  }