diff options
author | Colin Walters <walters@verbum.org> | 2020-04-14 22:18:13 +0000 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2020-04-14 22:18:13 +0000 |
commit | b6040143e521d16fb2ea4e390232bae8ea5c26a6 (patch) | |
tree | 8324f251cd870270e067fa338efcee1ac118b438 /tests/test-signed-commit.sh | |
parent | 8baee5cd0471807edcfef16b54842e4c71abcb37 (diff) | |
download | ostree-b6040143e521d16fb2ea4e390232bae8ea5c26a6.tar.gz |
Only enable "dummy" signature type with opt-in env variable
I don't want to even have to think about people using
this in production.
Diffstat (limited to 'tests/test-signed-commit.sh')
-rwxr-xr-x | tests/test-signed-commit.sh | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/tests/test-signed-commit.sh b/tests/test-signed-commit.sh index 6730a6df..3ac3f3c1 100755 --- a/tests/test-signed-commit.sh +++ b/tests/test-signed-commit.sh @@ -23,7 +23,10 @@ set -euo pipefail . $(dirname $0)/libtest.sh -echo "1..10" +echo "1..11" + +# This is explicitly opt in for testing +export OSTREE_DUMMY_SIGN_ENABLED=1 mkdir ${test_tmpdir}/repo ostree_repo_init repo --mode="archive" @@ -51,6 +54,14 @@ COMMIT="$(ostree --repo=${test_tmpdir}/repo rev-parse main)" ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} echo "ok commit with dummy signing" +if ${CMD_PREFIX} env -u OSTREE_DUMMY_SIGN_ENABLED ostree --repo=${test_tmpdir}/repo sign --sign-type=dummy --verify ${COMMIT} ${DUMMYSIGN} 2>err.txt; then + fatal "verified dummy signature without env" +fi +# FIXME the error message here is broken +#assert_file_has_content_literal err.txt 'dummy signature type is only for ostree testing' +assert_file_has_content_literal err.txt ' No valid signatures found' +echo "ok dummy sig requires env" + # tests below require libsodium support if ! has_libsodium; then echo "ok Detached ed25519 signature # SKIP due libsodium unavailability" |