File: signature_test.go

package info (click to toggle)
golang-github-cavaliergopher-rpm 1.2.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 704 kB
  • sloc: python: 84; makefile: 4
file content (116 lines) | stat: -rw-r--r-- 2,709 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
package rpm

import (
	"bytes"
	"fmt"
	"io/ioutil"
	"log"
	"os"
	"path/filepath"
	"strings"
	"testing"
)

func TestMD5Check(t *testing.T) {
	files := getTestFiles()

	valid := 0
	for filename, b := range files {
		if err := MD5Check(bytes.NewReader(b)); err != nil {
			t.Errorf("Validation error for %s: %v", filename, err)
		} else {
			valid++
		}
	}

	t.Logf("Validated MD5 checksum for %d packages", valid)
}

func TestGPGCheck(t *testing.T) {
	// read testdata directory
	dir, err := ioutil.ReadDir("testdata")
	if err != nil {
		t.Fatalf(err.Error())
	}

	// filter for gpgkey files
	keyfiles := make([]string, 0)
	for _, fi := range dir {
		if strings.HasPrefix(fi.Name(), "RPM-GPG-KEY-") {
			keyfiles = append(keyfiles, filepath.Join("testdata", fi.Name()))
		}
	}

	// build keyring
	keyring, err := OpenKeyRing(keyfiles...)
	if err != nil {
		t.Fatalf(err.Error())
	}

	// load package file paths
	files := getTestFiles()

	// check each package
	valid := 0
	for filename, b := range files {
		if signer, err := GPGCheck(bytes.NewReader(b), keyring); err != nil {
			t.Errorf("Validation error for %s: %v", filepath.Base(filename), err)
		} else {
			t.Logf("%s signed by '%v'", filepath.Base(filename), signer)
			valid++
		}
	}

	t.Logf("Validated GPG signature for %d packages", valid)
}

// ExampleGPGCheck reads a public GPG key and uses it to validate the signature
// of a local rpm package.
func ExampleGPGCheck() {
	// read public key from gpgkey file
	keyring, err := OpenKeyRing("testdata/RPM-GPG-KEY-CentOS-7")
	if err != nil {
		log.Fatal(err)
	}

	// open a rpm package for reading
	f, err := os.Open("testdata/centos-release-7-2.1511.el7.centos.2.10.x86_64.rpm")
	if err != nil {
		log.Fatal(err)
	}
	defer f.Close()

	// validate gpg signature
	if signer, err := GPGCheck(f, keyring); err == nil {
		fmt.Printf("Package signed by '%s'\n", signer)
	} else if err == ErrGPGCheckFailed {
		fmt.Printf("Package failed GPG signature validation\n")
	} else {
		log.Fatal(err)
	}

	// Output: Package signed by 'CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>'
}

// ExampleMD5Check validates a local rpm package named using the MD5 checksum
// value specified in the package header.
func ExampleMD5Check() {
	// open a rpm package for reading
	f, err := os.Open("testdata/centos-release-7-2.1511.el7.centos.2.10.x86_64.rpm")
	if err != nil {
		log.Fatal(err)
	}

	defer f.Close()

	// validate md5 checksum
	if err := MD5Check(f); err == nil {
		fmt.Printf("Package passed checksum validation\n")
	} else if err == ErrMD5CheckFailed {
		fmt.Printf("Package failed checksum validation\n")
	} else {
		log.Fatal(err)
	}

	// Output: Package passed checksum validation
}