aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Fernando J. Pereda <ferdy@ferdyx.org> 2006-09-28 18:57:16 +0000
committerAvatar Fernando J. Pereda <ferdy@ferdyx.org> 2006-09-28 18:57:16 +0000
commit7fcc0e8f78b12a958f967b42c10a1f405e2ba95d (patch)
tree4fdae2c79b02f1df77cbeb0f669c5fae65b5501f
parentf296289c0686ed045842717a97ab88b1eae91db9 (diff)
downloadpaludis-7fcc0e8f78b12a958f967b42c10a1f405e2ba95d.tar.gz
paludis-7fcc0e8f78b12a958f967b42c10a1f405e2ba95d.tar.xz
Add a QA check to test Manifest signatures and infraestructure to make it possible (FDHolder and return exit status in real_run_command).
-rw-r--r--ebuild/utils/merge.cc33
-rw-r--r--paludis/qa/files.m42
-rw-r--r--paludis/qa/gpg_check.cc62
-rw-r--r--paludis/qa/gpg_check.hh51
-rw-r--r--paludis/qa/gpg_check_TEST.cc50
-rw-r--r--paludis/qa/gpg_check_TEST_cleanup.sh8
-rw-r--r--paludis/qa/gpg_check_TEST_setup.sh9
-rw-r--r--paludis/util/fd_holder.hh60
-rw-r--r--paludis/util/files.m41
-rw-r--r--paludis/util/system.cc2
-rw-r--r--paludis/util/system_TEST.cc1
11 files changed, 245 insertions, 34 deletions
diff --git a/ebuild/utils/merge.cc b/ebuild/utils/merge.cc
index 1681daa..10ae7e8 100644
--- a/ebuild/utils/merge.cc
+++ b/ebuild/utils/merge.cc
@@ -29,6 +29,7 @@
#include <paludis/util/strip.hh>
#include <paludis/util/system.hh>
#include <paludis/util/tokeniser.hh>
+#include <paludis/util/fd_holder.hh>
#include <paludis/selinux/security_context.hh>
#include <algorithm>
@@ -99,38 +100,6 @@ namespace
}
}
- /**
- * RAII holder for a file descriptor.
- */
- class FDHolder
- {
- private:
- const int _fd;
- const bool _sync;
-
- public:
- FDHolder(const int fd, bool sync = true) :
- _fd(fd),
- _sync(sync)
- {
- }
-
- ~FDHolder()
- {
- if (-1 != _fd)
- {
- if (_sync)
- ::fsync(_fd);
- ::close(_fd);
- }
- }
-
- operator int () const
- {
- return _fd;
- }
- };
-
void
do_dir(const FSEntry & root, const FSEntry & src_dir,
const FSEntry & dst_dir, ofstream * const contents)
diff --git a/paludis/qa/files.m4 b/paludis/qa/files.m4
index fee6f9c..ddd609d 100644
--- a/paludis/qa/files.m4
+++ b/paludis/qa/files.m4
@@ -28,6 +28,7 @@ add(`filename_check', `hh', `cc')
add(`file_permissions_check', `hh', `cc', `test', `testscript')
add(`files_dir_size_check', `hh', `cc')
add(`glep_31_check', `hh', `cc', `test')
+add(`gpg_check', `hh', `cc', `test', `testscript')
add(`has_ebuilds_check', `hh', `cc', `test', `testscript')
add(`has_misc_files_check', `hh', `cc', `test', `testscript')
add(`homepage_check', `hh', `cc')
@@ -47,4 +48,3 @@ add(`pdepend_overlap_check', `hh', `cc')
add(`qa', `hh', `cc')
add(`slot_check', `hh', `cc')
add(`whitespace_check', `hh', `cc')
-
diff --git a/paludis/qa/gpg_check.cc b/paludis/qa/gpg_check.cc
new file mode 100644
index 0000000..c93e2cc
--- /dev/null
+++ b/paludis/qa/gpg_check.cc
@@ -0,0 +1,62 @@
+/* vim: set sw=4 sts=4 et foldmethod=syntax : */
+
+/*
+ * Copyright (c) 2006 Fernando J. Pereda <ferdy@gentoo.org>
+ *
+ * This file is part of the Paludis package manager. Paludis is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <paludis/qa/gpg_check.hh>
+#include <paludis/util/system.hh>
+#include <paludis/util/fd_holder.hh>
+
+#include <iostream>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+using namespace paludis;
+using namespace paludis::qa;
+
+GPGCheck::GPGCheck()
+{
+}
+
+CheckResult
+GPGCheck::operator() (const FSEntry & d) const
+{
+ CheckResult result(d, identifier());
+ FSEntry manifest(d / "Manifest");
+ FDHolder dev_null(::open("/dev/null", O_WRONLY));
+
+ set_run_command_stdout_fds(dev_null, -1);
+ set_run_command_stderr_fds(dev_null, -1);
+
+ int status(run_command("gpg --verify " + stringify(manifest)));
+
+ if (1 == status)
+ result << Message(qal_major, "Broken Manifest signature");
+ else if (2 == status)
+ result << Message(qal_minor, "Manifest not signed");
+
+ return result;
+}
+
+const std::string &
+GPGCheck::identifier()
+{
+ static const std::string id("gpg");
+ return id;
+}
diff --git a/paludis/qa/gpg_check.hh b/paludis/qa/gpg_check.hh
new file mode 100644
index 0000000..7ada6eb
--- /dev/null
+++ b/paludis/qa/gpg_check.hh
@@ -0,0 +1,51 @@
+/* vim: set sw=4 sts=4 et foldmethod=syntax : */
+
+/*
+ * Copyright (c) 2006 Fernando J. Pereda <ferdy@gentoo.org>
+ *
+ * This file is part of the Paludis package manager. Paludis is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PALUDIS_GUARD_PALUDIS_QA_GPG_CHECK_HH
+#define PALUDIS_GUARD_PALUDIS_QA_GPG_CHECK_HH 1
+
+#include <paludis/qa/package_dir_check.hh>
+#include <string>
+
+namespace paludis
+{
+ namespace qa
+ {
+ class GPGCheck :
+ public PackageDirCheck
+ {
+ public:
+ GPGCheck();
+
+ CheckResult operator() (const FSEntry &) const;
+
+ static const std::string & identifier();
+
+ virtual std::string describe() const
+ {
+ return "Checks whether the Manifest is signed";
+ }
+ };
+
+ static const PackageDirCheckMaker::RegisterMaker register_gpg_check(
+ GPGCheck::identifier(), &MakePackageDirCheck<GPGCheck>::make_package_dir_check);
+ }
+}
+
+#endif
diff --git a/paludis/qa/gpg_check_TEST.cc b/paludis/qa/gpg_check_TEST.cc
new file mode 100644
index 0000000..1094f15
--- /dev/null
+++ b/paludis/qa/gpg_check_TEST.cc
@@ -0,0 +1,50 @@
+/* vim: set sw=4 sts=4 et foldmethod=syntax : */
+
+/*
+ * Copyright (c) 2006 Fernando J. Pereda <ferdy@gentoo.org>
+ *
+ * This file is part of the Paludis package manager. Paludis is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <paludis/qa/gpg_check.hh>
+#include <test/test_framework.hh>
+#include <test/test_runner.hh>
+
+using namespace paludis;
+using namespace paludis::qa;
+using namespace test;
+
+namespace test_cases
+{
+ struct GPGCheckTest : TestCase
+ {
+ GPGCheckTest() : TestCase("signed Manifest") { }
+
+ void run()
+ {
+ FSEntry e("gpg_check_TEST_dir");
+ TEST_CHECK(e.exists());
+ TEST_CHECK(e.is_directory());
+
+ FSEntry package(e / "cat" / "not-signed");
+ TEST_CHECK(package.exists());
+ TEST_CHECK(package.is_directory());
+
+ CheckResult r((*(*PackageDirCheckMaker::get_instance()->find_maker(
+ GPGCheck::identifier()))())(package));
+ TEST_CHECK(! r.empty());
+
+ }
+ } test_gpg_check;
+}
diff --git a/paludis/qa/gpg_check_TEST_cleanup.sh b/paludis/qa/gpg_check_TEST_cleanup.sh
new file mode 100644
index 0000000..ed3dd8e
--- /dev/null
+++ b/paludis/qa/gpg_check_TEST_cleanup.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# vim: set ft=sh sw=4 sts=4 et :
+
+if [ -d gpg_check_TEST_dir ] ; then
+ rm -fr gpg_check_TEST_dir
+else
+ true
+fi
diff --git a/paludis/qa/gpg_check_TEST_setup.sh b/paludis/qa/gpg_check_TEST_setup.sh
new file mode 100644
index 0000000..88bc065
--- /dev/null
+++ b/paludis/qa/gpg_check_TEST_setup.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+# vim: set ft=sh sw=4 sts=4 et :
+
+mkdir gpg_check_TEST_dir || exit 2
+cd gpg_check_TEST_dir || exit 3
+
+mkdir "cat" || exit 4
+mkdir "cat/not-signed" || exit 5
+touch "cat/not-signed/Manifest" || exit 6
diff --git a/paludis/util/fd_holder.hh b/paludis/util/fd_holder.hh
new file mode 100644
index 0000000..40676c8
--- /dev/null
+++ b/paludis/util/fd_holder.hh
@@ -0,0 +1,60 @@
+/* vim: set sw=4 sts=4 et foldmethod=syntax : */
+
+/*
+ * Copyright (c) 2006 Ciaran McCreesh <ciaranm@ciaranm.org>
+ *
+ * This file is part of the Paludis package manager. Paludis is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PALUDIS_GUARD_PALUDIS_FD_HOLDER_HH
+#define PALUDIS_GUARD_PALUDIS_FD_HOLDER_HH 1
+
+#include <unistd.h>
+
+namespace paludis
+{
+ /**
+ * RAII holder for a file descriptor.
+ */
+ class FDHolder
+ {
+ private:
+ const int _fd;
+ const bool _sync;
+
+ public:
+ FDHolder(const int fd, bool sync = true) :
+ _fd(fd),
+ _sync(sync)
+ {
+ }
+
+ ~FDHolder()
+ {
+ if (-1 != _fd)
+ {
+ if (_sync)
+ ::fsync(_fd);
+ ::close(_fd);
+ }
+ }
+
+ operator int () const
+ {
+ return _fd;
+ }
+ };
+}
+
+#endif
diff --git a/paludis/util/files.m4 b/paludis/util/files.m4
index 0f2fdeb..47e50b2 100644
--- a/paludis/util/files.m4
+++ b/paludis/util/files.m4
@@ -20,6 +20,7 @@ add(`exception', `hh', `cc')
add(`fast_unique_copy', `hh', `test')
add(`fd_output_stream', `hh')
add(`fs_entry', `hh', `cc', `test', `testscript')
+add(`fd_holder', `hh')
add(`iterator', `hh', `test')
add(`instantiation_policy', `hh', `test')
add(`is_file_with_extension', `hh', `cc', `test', `testscript')
diff --git a/paludis/util/system.cc b/paludis/util/system.cc
index 706b11b..d88198b 100644
--- a/paludis/util/system.cc
+++ b/paludis/util/system.cc
@@ -97,7 +97,7 @@ namespace
int status(-1);
if (-1 == wait(&status))
throw RunCommandError("wait failed: " + stringify(strerror(errno)));
- return status;
+ return ((status & 0xff00) >> 8);
}
throw InternalError(PALUDIS_HERE, "should never be reached");
diff --git a/paludis/util/system_TEST.cc b/paludis/util/system_TEST.cc
index 97990ad..e3fd16a 100644
--- a/paludis/util/system_TEST.cc
+++ b/paludis/util/system_TEST.cc
@@ -105,6 +105,7 @@ namespace test_cases
{
TEST_CHECK(0 == run_command("true"));
TEST_CHECK(0 != run_command("false"));
+ TEST_CHECK_EQUAL(77, run_command("exit 77"));
}
} test_run_command;