aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar David Leverton <levertond@googlemail.com> 2008-01-17 17:10:48 +0000
committerAvatar David Leverton <levertond@googlemail.com> 2008-01-17 17:10:48 +0000
commite3a1ec73f35f837d3c625938c8dc9b379d60e7db (patch)
tree67de9c0b37bd17011f2d0ef230b6271cb84de11a
parent0907be07ef324e9eb14573f65481ad7168ec12f9 (diff)
downloadpaludis-e3a1ec73f35f837d3c625938c8dc9b379d60e7db.tar.gz
paludis-e3a1ec73f35f837d3c625938c8dc9b379d60e7db.tar.xz
Restore gpg check.
-rw-r--r--paludis/repositories/e/qa/Makefile.am21
-rw-r--r--paludis/repositories/e/qa/gpg.cc86
-rw-r--r--paludis/repositories/e/qa/gpg.hh37
-rw-r--r--paludis/repositories/e/qa/gpg_TEST.cc90
-rwxr-xr-xpaludis/repositories/e/qa/gpg_TEST_cleanup.sh8
-rwxr-xr-xpaludis/repositories/e/qa/gpg_TEST_setup.sh9
-rw-r--r--paludis/repositories/e/qa/qa_checks.cc4
7 files changed, 253 insertions, 2 deletions
diff --git a/paludis/repositories/e/qa/Makefile.am b/paludis/repositories/e/qa/Makefile.am
index 707c200..4fc9dce 100644
--- a/paludis/repositories/e/qa/Makefile.am
+++ b/paludis/repositories/e/qa/Makefile.am
@@ -45,6 +45,7 @@ paludis_repositories_e_include_HEADERS = \
visibility.hh \
whitespace.hh \
header.hh \
+ gpg.hh \
misc_files.hh \
files_dir_size.hh \
repo_name.hh
@@ -70,6 +71,7 @@ libpaludiserepositoryqa_la_SOURCES = \
visibility.cc \
whitespace.cc \
header.cc \
+ gpg.cc \
misc_files.cc \
files_dir_size.cc \
repo_name.cc \
@@ -88,7 +90,9 @@ dist_check_SCRIPTS = \
visibility_TEST_setup.sh \
visibility_TEST_cleanup.sh \
misc_files_TEST_setup.sh \
- misc_files_TEST_cleanup.sh
+ misc_files_TEST_cleanup.sh \
+ gpg_TEST_setup.sh \
+ gpg_TEST_cleanup.sh
endif
@@ -123,7 +127,8 @@ TESTS = \
default_functions_TEST \
kv_variables_TEST \
visibility_TEST \
- misc_files_TEST
+ misc_files_TEST \
+ gpg_TEST
check_PROGRAMS = $(TESTS)
@@ -223,6 +228,18 @@ misc_files_TEST_LDADD = \
$(top_builddir)/paludis/environments/test/libpaludistestenvironment.la \
$(top_builddir)/test/libtest.a
+gpg_TEST_SOURCES = gpg_TEST.cc
+gpg_TEST_LDADD = \
+ libpaludiserepositoryqa.la \
+ test_extras.o \
+ $(top_builddir)/paludis/repositories/e/libpaludiserepository.la \
+ $(top_builddir)/paludis/repositories/fake/libpaludisfakerepository.la \
+ $(top_builddir)/paludis/util/libpaludisutil.la \
+ $(top_builddir)/paludis/util/test_extras.o \
+ $(top_builddir)/paludis/libpaludis.la \
+ $(top_builddir)/paludis/environments/test/libpaludistestenvironment.la \
+ $(top_builddir)/test/libtest.a
+
endif
built-sources : $(BUILT_SOURCES)
diff --git a/paludis/repositories/e/qa/gpg.cc b/paludis/repositories/e/qa/gpg.cc
new file mode 100644
index 0000000..c751a8a
--- /dev/null
+++ b/paludis/repositories/e/qa/gpg.cc
@@ -0,0 +1,86 @@
+/* vim: set sw=4 sts=4 et foldmethod=syntax : */
+
+/*
+ * Copyright (c) 2006 Fernando J. Pereda
+ *
+ * This file is part of the Paludis package manager. Paludis is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include "gpg.hh"
+#include <paludis/qa.hh>
+#include <paludis/util/log.hh>
+#include <paludis/util/system.hh>
+#include <paludis/util/fd_holder.hh>
+#include <fstream>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+using namespace paludis;
+using namespace paludis::erepository;
+
+bool
+paludis::erepository::gpg_check(
+ QAReporter & reporter,
+ const FSEntry & dir,
+ const std::string & name
+ )
+{
+ Context context("When performing check '" + name + "' using gpg_check on directory '" + stringify(dir) + "':");
+ Log::get_instance()->message(ll_debug, lc_context) << "gpg_check '"
+ << dir << "', " << name << "'";
+
+ FSEntry manifest(dir / "Manifest");
+
+ if (! manifest.is_regular_file())
+ {
+ reporter.message(QAMessage(manifest, qaml_normal, name, "Manifest is missing or not a regular file"));
+ return true;
+ }
+
+ bool is_signed(false);
+ {
+ std::ifstream ff(stringify(manifest).c_str());
+ if (! ff)
+ {
+ reporter.message(QAMessage(manifest, qaml_normal, name, "Can't read Manifest file"));
+ return true;
+ }
+
+ std::string s;
+ if (std::getline(ff, s))
+ is_signed = (0 == s.compare("-----BEGIN PGP SIGNED MESSAGE-----"));
+ }
+
+ if (is_signed)
+ {
+ FDHolder dev_null(::open("/dev/null", O_WRONLY));
+
+ set_run_command_stdout_fds(dev_null, -1);
+ set_run_command_stderr_fds(dev_null, -1);
+
+ int status(run_command("gpg --verify " + stringify(manifest)));
+
+ if (1 == status)
+ reporter.message(QAMessage(manifest, qaml_normal, name, "Broken Manifest signature"));
+ else if (2 == status)
+ reporter.message(QAMessage(manifest, qaml_maybe, name, "Manifest signature cannot be verified"));
+ }
+ else
+ reporter.message(QAMessage(manifest, qaml_minor, name, "Manifest not signed"));
+
+ return true;
+}
+
diff --git a/paludis/repositories/e/qa/gpg.hh b/paludis/repositories/e/qa/gpg.hh
new file mode 100644
index 0000000..c4764e9
--- /dev/null
+++ b/paludis/repositories/e/qa/gpg.hh
@@ -0,0 +1,37 @@
+/* vim: set sw=4 sts=4 et foldmethod=syntax : */
+
+/*
+ * Copyright (c) 2007 Ciaran McCreesh
+ *
+ * This file is part of the Paludis package manager. Paludis is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PALUDIS_GUARD_PALUDIS_REPOSITORIES_E_QA_GPG_HH
+#define PALUDIS_GUARD_PALUDIS_REPOSITORIES_E_QA_GPG_HH 1
+
+#include <paludis/repositories/e/qa/qa_controller.hh>
+
+namespace paludis
+{
+ namespace erepository
+ {
+ bool gpg_check(
+ QAReporter &,
+ const FSEntry & dir,
+ const std::string & s
+ ) PALUDIS_VISIBLE;
+ }
+}
+
+#endif
diff --git a/paludis/repositories/e/qa/gpg_TEST.cc b/paludis/repositories/e/qa/gpg_TEST.cc
new file mode 100644
index 0000000..35a5b2a
--- /dev/null
+++ b/paludis/repositories/e/qa/gpg_TEST.cc
@@ -0,0 +1,90 @@
+/* vim: set sw=4 sts=4 et foldmethod=syntax : */
+
+/*
+ * Copyright (c) 2006 Fernando J. Pereda
+ *
+ * This file is part of the Paludis package manager. Paludis is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include "gpg.hh"
+#include <paludis/qa.hh>
+#include <paludis/util/system.hh>
+#include <paludis/util/fd_holder.hh>
+#include <paludis/util/fs_entry.hh>
+#include <test/test_framework.hh>
+#include <test/test_runner.hh>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+using namespace paludis;
+using namespace paludis::erepository;
+using namespace test;
+
+namespace
+{
+ struct TestReporter :
+ QAReporter
+ {
+ unsigned count;
+
+ TestReporter() :
+ count(0)
+ {
+ }
+
+ void message(const QAMessage &)
+ {
+ ++count;
+ }
+
+ void status(const std::string &)
+ {
+ }
+ };
+}
+
+namespace test_cases
+{
+ struct GPGCheckTest : TestCase
+ {
+ GPGCheckTest() : TestCase("signed Manifest") { }
+
+ bool skip() const
+ {
+ FDHolder dev_null(::open("/dev/null", O_WRONLY));
+ set_run_command_stdout_fds(dev_null, -1);
+ set_run_command_stderr_fds(dev_null, -1);
+
+ return (0 != run_command("gpg --help"));
+ }
+
+ void run()
+ {
+ FSEntry e("gpg_TEST_dir");
+ TEST_CHECK(e.exists());
+ TEST_CHECK(e.is_directory());
+
+ FSEntry package(e / "cat" / "not-signed");
+ TEST_CHECK(package.exists());
+ TEST_CHECK(package.is_directory());
+
+ TestReporter r;
+ TEST_CHECK(gpg_check(r, package, "gpg"));
+ TEST_CHECK_EQUAL(r.count, 1u);
+
+ }
+ } test_gpg_check;
+}
diff --git a/paludis/repositories/e/qa/gpg_TEST_cleanup.sh b/paludis/repositories/e/qa/gpg_TEST_cleanup.sh
new file mode 100755
index 0000000..0bc4985
--- /dev/null
+++ b/paludis/repositories/e/qa/gpg_TEST_cleanup.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# vim: set ft=sh sw=4 sts=4 et :
+
+if [ -d gpg_TEST_dir ] ; then
+ rm -fr gpg_TEST_dir
+else
+ true
+fi
diff --git a/paludis/repositories/e/qa/gpg_TEST_setup.sh b/paludis/repositories/e/qa/gpg_TEST_setup.sh
new file mode 100755
index 0000000..ce9c7f8
--- /dev/null
+++ b/paludis/repositories/e/qa/gpg_TEST_setup.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+# vim: set ft=sh sw=4 sts=4 et :
+
+mkdir gpg_TEST_dir || exit 2
+cd gpg_TEST_dir || exit 3
+
+mkdir "cat" || exit 4
+mkdir "cat/not-signed" || exit 5
+touch "cat/not-signed/Manifest" || exit 6
diff --git a/paludis/repositories/e/qa/qa_checks.cc b/paludis/repositories/e/qa/qa_checks.cc
index d9fa5ed..fab3843 100644
--- a/paludis/repositories/e/qa/qa_checks.cc
+++ b/paludis/repositories/e/qa/qa_checks.cc
@@ -22,6 +22,7 @@
#include <paludis/util/instantiation_policy-impl.hh>
#include <paludis/repositories/e/qa/stray_files.hh>
+#include <paludis/repositories/e/qa/gpg.hh>
#include <paludis/repositories/e/qa/misc_files.hh>
#include <paludis/repositories/e/qa/files_dir_size.hh>
#include <paludis/repositories/e/qa/eapi_supported.hh>
@@ -80,6 +81,9 @@ QAChecks::QAChecks() :
_imp->category_dir_checks_group->add_check("stray_category_dir_files",
tr1::bind(stray_files_check, _2, _4, _1, is_stray_at_category_dir, "stray_category_dir_files"));
+ _imp->package_dir_checks_group->add_check("gpg",
+ tr1::bind(gpg_check, _2, _1, "gpg"));
+
_imp->package_dir_checks_group->add_check("misc_files",
tr1::bind(misc_files_check, _2, _1, "misc_files"));