diff options
author | Daiki Ueno <ueno@gnu.org> | 2013-10-03 16:11:27 +0900 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2013-10-03 16:11:27 +0900 |
commit | acbadd0046cb1643eeaf8595ede1a69cc25d3158 (patch) | |
tree | f1b7ffc2d37226d1f20d53b879e008b400f545ae /test | |
parent | 0a858ebfc57a072ae8ab65f509d8a4901a2ec073 (diff) | |
download | emacs-acbadd0046cb1643eeaf8595ede1a69cc25d3158.tar.gz |
Add support for package signature checking.
* lisp/emacs-lisp/package.el (url-http-file-exists-p)
(epg-make-context, epg-context-set-home-directory)
(epg-verify-string, epg-context-result-for)
(epg-signature-status, epg-signature-to-string)
(epg-check-configuration, epg-configuration)
(epg-import-keys-from-file): Declare.
(package-check-signature): New user option.
(package-unsigned-archives): New user option.
(package-desc): Add `signed' field.
(package-load-descriptor): Set `signed' field if .signed file exists.
(package--archive-file-exists-p): New function.
(package--check-signature): New function.
(package-install-from-archive): Check package signature.
(package--download-one-archive): Check archive signature.
(package-delete): Remove .signed file.
(package-import-keyring): New command.
(package-refresh-contents): Import default keyring.
(package-desc-status): Add "unsigned" status.
(describe-package-1, package-menu--print-info)
(package-menu-mark-delete, package-menu--find-upgrades)
(package-menu--status-predicate): Support "unsigned" status.
* test/automated/data/package/signed/archive-contents:
* test/automated/data/package/signed/archive-contents.sig:
* test/automated/data/package/signed/signed-good-1.0.el:
* test/automated/data/package/signed/signed-good-1.0.el.sig:
* test/automated/data/package/signed/signed-bad-1.0.el:
* test/automated/data/package/signed/signed-bad-1.0.el.sig:
* test/automated/data/package/key.pub:
* test/automated/data/package/key.sec: New files.
* test/automated/package-test.el (package-test-update-listing)
(package-test-update-archives, package-test-describe-package):
Adjust to package.el change.
(package-test-signed): New test.
Diffstat (limited to 'test')
-rw-r--r-- | test/ChangeLog | 16 | ||||
-rw-r--r-- | test/automated/data/package/key.pub | 18 | ||||
-rw-r--r-- | test/automated/data/package/key.sec | 33 | ||||
-rw-r--r-- | test/automated/data/package/signed/archive-contents | 7 | ||||
-rw-r--r-- | test/automated/data/package/signed/archive-contents.sig | bin | 0 -> 287 bytes | |||
-rw-r--r-- | test/automated/data/package/signed/signed-bad-1.0.el | 33 | ||||
-rw-r--r-- | test/automated/data/package/signed/signed-bad-1.0.el.sig | bin | 0 -> 287 bytes | |||
-rw-r--r-- | test/automated/data/package/signed/signed-good-1.0.el | 33 | ||||
-rw-r--r-- | test/automated/data/package/signed/signed-good-1.0.el.sig | bin | 0 -> 287 bytes | |||
-rw-r--r-- | test/automated/package-test.el | 39 |
10 files changed, 175 insertions, 4 deletions
diff --git a/test/ChangeLog b/test/ChangeLog index bf8ecbcb9eb..00a49eea936 100644 --- a/test/ChangeLog +++ b/test/ChangeLog @@ -1,3 +1,19 @@ +2013-10-03 Daiki Ueno <ueno@gnu.org> + + * automated/data/package/signed/archive-contents: + * automated/data/package/signed/archive-contents.sig: + * automated/data/package/signed/signed-good-1.0.el: + * automated/data/package/signed/signed-good-1.0.el.sig: + * automated/data/package/signed/signed-bad-1.0.el: + * automated/data/package/signed/signed-bad-1.0.el.sig: + * automated/data/package/key.pub: + * automated/data/package/key.sec: New files. + + * automated/package-test.el (package-test-update-listing) + (package-test-update-archives, package-test-describe-package): + Adjust to package.el change. + (package-test-signed): New test. + 2013-10-01 Dmitry Gutov <dgutov@yandex.ru> * automated/package-test.el: Update all cases to use :url instead diff --git a/test/automated/data/package/key.pub b/test/automated/data/package/key.pub new file mode 100644 index 00000000000..a326d34e54f --- /dev/null +++ b/test/automated/data/package/key.pub @@ -0,0 +1,18 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.14 (GNU/Linux) + +mQENBFJNB8gBCACfbtpvYrM8V1HM0KFlIwatcEJugHqwOHpr/Z9mrCW0fxyQAW/d +2L+3QVNsN9Tz/K9lLcBUgeR7rhVEzHNqhmhNj/HnikwGqXbIofhp+QbZmBKnAlCz +d77kg8K9lozHtfTkm1gX/7DdPzQKmgi7WOzzi2395wGubeqJLvYaEcqVbI0Eob+E +3CzRjNy/e/Tf3TJRW5etTcdZN6LVuIY7tNCHqlQZTwyycON/hfLTX6cLCnzDsqm/ +NxCuwn9aqP9aGRGfIu7Y+If3zTymvrXEPUN98OEID814bOKdx0uVTZRiSMbvuTGI +8uMa/kpGX/78rqI61gbZV51RFoU7pT2tzwY/ABEBAAG0HkouIFIuIEhhY2tlciA8 +anJoQGV4YW1wbGUuY29tPokBOAQTAQIAIgUCUk0HyAIbAwYLCQgHAwIGFQgCCQoL +BBYCAwECHgECF4AACgkQtpVAhgkYletuhQf+JAyHYhTZNxjq0UYlikuLX8EtYbXX +PB+03J0B73SMzEai5XsiTU2ADxqxwr7pveVK1INf+IGLiiXBlQq+4DSOvQY4xLfp +58jTOYRV1ECvlXK/JtvVOwufXREADaydf9l/MUxA5G2PPBWIuQknh3ysPSsx68OJ +SzNHFwklLn0DKc4WloE/GLDpTzimnCg7QGzuUo3Iilpjdy8EvTdI5d3jx/mGJIwI +goB+YZgyxSPM+GjDwh5DEwD7OexNqqa7RynnmU0epmlYyi9UufCHLwgiiEIzjpWi +6+iF+CQ45ZAKncovByenIUv73J3ImOudrsskeAHBmahljv1he6uV9Egj2Q== +=b5Kg +-----END PGP PUBLIC KEY BLOCK----- diff --git a/test/automated/data/package/key.sec b/test/automated/data/package/key.sec new file mode 100644 index 00000000000..d21e6ae9a45 --- /dev/null +++ b/test/automated/data/package/key.sec @@ -0,0 +1,33 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.14 (GNU/Linux) + +lQO+BFJNB8gBCACfbtpvYrM8V1HM0KFlIwatcEJugHqwOHpr/Z9mrCW0fxyQAW/d +2L+3QVNsN9Tz/K9lLcBUgeR7rhVEzHNqhmhNj/HnikwGqXbIofhp+QbZmBKnAlCz +d77kg8K9lozHtfTkm1gX/7DdPzQKmgi7WOzzi2395wGubeqJLvYaEcqVbI0Eob+E +3CzRjNy/e/Tf3TJRW5etTcdZN6LVuIY7tNCHqlQZTwyycON/hfLTX6cLCnzDsqm/ +NxCuwn9aqP9aGRGfIu7Y+If3zTymvrXEPUN98OEID814bOKdx0uVTZRiSMbvuTGI +8uMa/kpGX/78rqI61gbZV51RFoU7pT2tzwY/ABEBAAH+AwMCKCCpPNXkXuVgF7cz +eByuvgIO7wImDYGOdJqsASSzV4q0u1acnGtlxg7WphKDF9RnC5+1ZZ1ZcrBcv2uJ +xZm2jHdjqM3FmgQTN70GVzO1nKEur2wxlKotG4Q+8BtaRDwHdKpQFk+QW9aInH3C +BkNWTK97iFwZaoUGxKuRJb35qjMe3SsDE7kdbtOqO+tOeppRVeOOZCn7F33ir/6i +j2gmIME6LFDzvBi6YAyMBSh90Ak70HJINt0QfXlZf5MtX1NaxaEcnsRmwwcNqxh9 +JvcC9q4WrR92NhHCHI+lOsAe7hbwo/VkwRjSSx0HdKkx6kvdcNj/9LeX/jykzLvg +kEqvAqT4Jmk57W2seqvpNcAO+eUVrJ5D1OR6khsUtikPp2pQH5MDXJDGcie+ZAFb +w6BwoWBDBjooKtfuP0LKqrdtJG2JLe6yhBhWvfqHPBlUU1SsA7a5aTCLo8FiqgEI +Kyy60zMx/2Mi48oN1a/mAoV1MTWLhOVUWJlIHM7nVLj1OaX0316LcLX/uTLTq40p +apHKwERanzY7f8ROiv/Fa/J+9cCsfOLKfjFAjpBVUVoOb39HsyS/vvkGMY4kgaD6 +K6r9JPdsaoYvsLkxk5HyHF7Mk2uS1z1EIArD2/3lRiX6ag+IU1Nl3XDkgfZj06K3 +juS84dGF8CmN49uOEjzAJAQZH9jTs5OKzUuZhGJF+gt0L78vLOoKRr8bu1N1GPqU +wnS908HWruXzjJl1CAhnuCa8FnDaU+tmEKjYpWuelx85kolpMW7LT5gOFZr84MIj +Kq3Rt2hU6qQ7Cdy1ep531YKkmyh9Y4l/Tgir1OtnQQqtNuwHI497l7qAUnKZBBHZ +guApjS9BoHsRXkw2mgDssZ+khOwj/xJm876nFSiQeCD0aIbU/4zJ9e2HUOJAZI1r +d7QeSi4gUi4gSGFja2VyIDxqcmhAZXhhbXBsZS5jb20+iQE4BBMBAgAiBQJSTQfI +AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRC2lUCGCRiV626FB/4kDIdi +FNk3GOrRRiWKS4tfwS1htdc8H7TcnQHvdIzMRqLleyJNTYAPGrHCvum95UrUg1/4 +gYuKJcGVCr7gNI69BjjEt+nnyNM5hFXUQK+Vcr8m29U7C59dEQANrJ1/2X8xTEDk +bY88FYi5CSeHfKw9KzHrw4lLM0cXCSUufQMpzhaWgT8YsOlPOKacKDtAbO5SjciK +WmN3LwS9N0jl3ePH+YYkjAiCgH5hmDLFI8z4aMPCHkMTAPs57E2qprtHKeeZTR6m +aVjKL1S58IcvCCKIQjOOlaLr6IX4JDjlkAqdyi8HJ6chS/vcnciY652uyyR4AcGZ +qGWO/WF7q5X0SCPZ +=5FZK +-----END PGP PRIVATE KEY BLOCK----- diff --git a/test/automated/data/package/signed/archive-contents b/test/automated/data/package/signed/archive-contents new file mode 100644 index 00000000000..2a773ecba6a --- /dev/null +++ b/test/automated/data/package/signed/archive-contents @@ -0,0 +1,7 @@ +(1 + (signed-good . + [(1 0) + nil "A package with good signature" single]) + (signed-bad . + [(1 0) + nil "A package with bad signature" single])) diff --git a/test/automated/data/package/signed/archive-contents.sig b/test/automated/data/package/signed/archive-contents.sig Binary files differnew file mode 100644 index 00000000000..658edd3f60e --- /dev/null +++ b/test/automated/data/package/signed/archive-contents.sig diff --git a/test/automated/data/package/signed/signed-bad-1.0.el b/test/automated/data/package/signed/signed-bad-1.0.el new file mode 100644 index 00000000000..3734823876e --- /dev/null +++ b/test/automated/data/package/signed/signed-bad-1.0.el @@ -0,0 +1,33 @@ +;;; signed-bad.el --- A single-file package with bad signature + +;; Author: J. R. Hacker <jrh@example.com> +;; Version: 1.0 +;; Keywords: frobnicate +;; URL: http://doodles.au + +;;; Commentary: + +;; This package provides a minor mode to frobnicate and/or bifurcate +;; any flanges you desire. To activate it, type "C-M-r M-3 butterfly" +;; and all your dreams will come true. + +;;; Code: + +(defgroup signed-bad nil "Simply a file" + :group 'lisp) + +(defcustom signed-bad-super-sunday t + "How great is this?" + :type 'boolean + :group 'signed-bad) + +(defvar signed-bad-sudo-sandwich nil + "Make a sandwich?") + +;;;###autoload +(define-minor-mode signed-bad-mode + "It does good things to stuff") + +(provide 'signed-bad) + +;;; signed-bad.el ends here diff --git a/test/automated/data/package/signed/signed-bad-1.0.el.sig b/test/automated/data/package/signed/signed-bad-1.0.el.sig Binary files differnew file mode 100644 index 00000000000..747918794ca --- /dev/null +++ b/test/automated/data/package/signed/signed-bad-1.0.el.sig diff --git a/test/automated/data/package/signed/signed-good-1.0.el b/test/automated/data/package/signed/signed-good-1.0.el new file mode 100644 index 00000000000..22718df2763 --- /dev/null +++ b/test/automated/data/package/signed/signed-good-1.0.el @@ -0,0 +1,33 @@ +;;; signed-good.el --- A single-file package with good signature + +;; Author: J. R. Hacker <jrh@example.com> +;; Version: 1.0 +;; Keywords: frobnicate +;; URL: http://doodles.au + +;;; Commentary: + +;; This package provides a minor mode to frobnicate and/or bifurcate +;; any flanges you desire. To activate it, type "C-M-r M-3 butterfly" +;; and all your dreams will come true. + +;;; Code: + +(defgroup signed-good nil "Simply a file" + :group 'lisp) + +(defcustom signed-good-super-sunday t + "How great is this?" + :type 'boolean + :group 'signed-good) + +(defvar signed-good-sudo-sandwich nil + "Make a sandwich?") + +;;;###autoload +(define-minor-mode signed-good-mode + "It does good things to stuff") + +(provide 'signed-good) + +;;; signed-good.el ends here diff --git a/test/automated/data/package/signed/signed-good-1.0.el.sig b/test/automated/data/package/signed/signed-good-1.0.el.sig Binary files differnew file mode 100644 index 00000000000..747918794ca --- /dev/null +++ b/test/automated/data/package/signed/signed-good-1.0.el.sig diff --git a/test/automated/package-test.el b/test/automated/package-test.el index 84f520df9bc..ec85432b637 100644 --- a/test/automated/package-test.el +++ b/test/automated/package-test.el @@ -254,7 +254,7 @@ Must called from within a `tar-mode' buffer." (should (package-installed-p 'simple-single)) (switch-to-buffer "*Packages*") (goto-char (point-min)) - (should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+installed" nil t)) + (should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+unsigned" nil t)) (goto-char (point-min)) (should-not (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+\\(available\\|new\\)" nil t)) (kill-buffer buf)))) @@ -276,7 +276,7 @@ Must called from within a `tar-mode' buffer." ;; New version should be available and old version should be installed (goto-char (point-min)) (should (re-search-forward "^\\s-+simple-single\\s-+1.4\\s-+new" nil t)) - (should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+installed" nil t)) + (should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+unsigned" nil t)) (goto-char (point-min)) (should (re-search-forward "^\\s-+new-pkg\\s-+1.0\\s-+\\(available\\|new\\)" nil t)) @@ -307,9 +307,9 @@ Must called from within a `tar-mode' buffer." (with-fake-help-buffer (describe-package 'simple-single) (goto-char (point-min)) - (should (search-forward "simple-single is an installed package." nil t)) + (should (search-forward "simple-single is an unsigned package." nil t)) (should (search-forward - (format "Status: Installed in `%s/'." + (format "Status: Installed in `%s/' (unsigned)." (expand-file-name "simple-single-1.3" package-user-dir)) nil t)) (should (search-forward "Version: 1.3" nil t)) @@ -347,6 +347,37 @@ Must called from within a `tar-mode' buffer." (should (search-forward "This is a bare-bones readme file for the multi-file" nil t))))) +(ert-deftest package-test-signed () + "Test verifying package signature." + :expected-result (condition-case nil + (progn + (epg-check-configuration (epg-configuration)) + :passed) + (error :failed)) + (let* ((keyring (expand-file-name "key.pub" package-test-data-dir)) + (package-test-data-dir + (expand-file-name "data/package/signed" package-test-file-dir))) + (with-package-test () + (package-initialize) + (package-import-keyring keyring) + (package-refresh-contents) + (should (package-install 'signed-good)) + (should-error (package-install 'signed-bad)) + ;; Check if the installed package status is updated. + (let ((buf (package-list-packages))) + (package-menu-refresh) + (should (re-search-forward "^\\s-+signed-good\\s-+1\\.0\\s-+installed" + nil t))) + ;; Check if the package description is updated. + (with-fake-help-buffer + (describe-package 'signed-good) + (goto-char (point-min)) + (should (search-forward "signed-good is an installed package." nil t)) + (should (search-forward + (format "Status: Installed in `%s/'." + (expand-file-name "signed-good-1.0" package-user-dir)) + nil t)))))) + (provide 'package-test) ;;; package-test.el ends here |