hscript: Implement SigningKey, add tests

author: A. Wilcox <AWilcox@Wilcox-Tech.com> 2019-10-31 20:38:27 -0500
committer: A. Wilcox <AWilcox@Wilcox-Tech.com> 2019-10-31 20:38:27 -0500
commit: 7ab44372d81e86df99b3aefa114a5003df98bc61 (patch)
tree: a376b212f73518f7633925bf77d403fc33792953
parent: bc96edb1c20b0031479cbf23055651c2c92f7afe (diff)
download: horizon-7ab44372d81e86df99b3aefa114a5003df98bc61.tar.gz
horizon-7ab44372d81e86df99b3aefa114a5003df98bc61.tar.bz2
horizon-7ab44372d81e86df99b3aefa114a5003df98bc61.tar.xz
horizon-7ab44372d81e86df99b3aefa114a5003df98bc61.zip
7 files changed, 89 insertions, 2 deletions
diff --git a/hscript/meta.cc b/hscript/meta.cc
index 5885c1e..640743c 100644
--- a/hscript/meta.cc
+++ b/hscript/meta.cc
@@ -466,3 +466,24 @@ bool Repository::execute(ScriptOptions opts) const {
     return false;
 #endif /* HAS_INSTALL_ENV */
 }
+
+
+Key *SigningKey::parseFromData(const std::string &data, int lineno,
+                               int *errors, int *) {
+    if(data.empty() || (data[0] != '/' && data.compare(0, 8, "https://"))) {
+        if(errors) *errors += 1;
+        output_error("installfile:" + std::to_string(lineno),
+                     "signingkey: must be absolute path or HTTPS URL");
+        return nullptr;
+    }
+
+    return new SigningKey(lineno, data);
+}
+
+bool SigningKey::validate(ScriptOptions) const {
+    return true;
+}
+
+bool SigningKey::execute(ScriptOptions) const {
+    return false;
+}
diff --git a/hscript/meta.hh b/hscript/meta.hh
index dad4cf3..547349d 100644
--- a/hscript/meta.hh
+++ b/hscript/meta.hh
@@ -88,7 +88,14 @@ public:
     bool execute(ScriptOptions) const override;
 };
 
-class SigningKey : public Key {
+class SigningKey : public StringKey {
+private:
+    SigningKey(int _line, const std::string &_path) :
+        StringKey(_line, _path) {}
+public:
+    static Key *parseFromData(const std::string &, int, int *, int *);
+    bool validate(ScriptOptions) const override;
+    bool execute(ScriptOptions) const override;
 };
 
 }
diff --git a/hscript/script.cc b/hscript/script.cc
index 319ba14..ea083a8 100644
--- a/hscript/script.cc
+++ b/hscript/script.cc
@@ -173,6 +173,10 @@ struct Script::ScriptPrivate {
             std::unique_ptr<Repository> repo(dynamic_cast<Repository *>(obj));
             this->repos.push_back(std::move(repo));
             return true;
+        } else if(key_name == "signingkey") {
+            std::unique_ptr<SigningKey> key(dynamic_cast<SigningKey *>(obj));
+            this->repo_keys.push_back(std::move(key));
+            return true;
         } else if(key_name == "username") {
             return store_username(obj, lineno, errors, warnings, opts);
         } else if(key_name == "useralias") {
@@ -808,7 +812,19 @@ bool Script::validate() const {
                      "You may only specify up to 10 repositories.");
     }
 
-    /* signingkey */
+    /* REQ: Runner.Validate.signingkey */
+    for(auto &key : this->internal->repo_keys) {
+        if(!key->validate(this->opts)) {
+            failures++;
+        }
+    }
+    if(this->internal->repo_keys.size() > 10) {
+        failures++;
+        output_error("installfile:" +
+                     std::to_string(this->internal->repo_keys[11]->lineno()),
+                     "signingkey: too many keys specified",
+                     "You may only specify up to 10 repository keys.");
+    }
 
     for(auto &acct : this->internal->accounts) {
         UserDetail *detail = acct.second.get();
diff --git a/tests/fixtures/0186-signingkey-basic.installfile b/tests/fixtures/0186-signingkey-basic.installfile
new file mode 100644
index 0000000..c81ec32
--- /dev/null
+++ b/tests/fixtures/0186-signingkey-basic.installfile
@@ -0,0 +1,8 @@
+network false
+hostname test.machine
+pkginstall adelie-base
+rootpw $6$gumtLGmHwOVIRpQR$2M9PUO24hy5mofzWWf9a.YLbzOgOlUby1g0hDj.wG67E2wrrvys59fq02PPdxBdbgkLZFtjfEx6MHZwMBamwu/
+mount /dev/sda1 /
+repository https://distfiles.adelielinux.org/adelie/current/system
+repository https://distfiles.adelielinux.org/adelie/current/user
+signingkey https://distfiles.adelielinux.org/adelie/packages@adelielinux.org.pub
diff --git a/tests/fixtures/0187-signingkey-local.installfile b/tests/fixtures/0187-signingkey-local.installfile
new file mode 100644
index 0000000..1af18b5
--- /dev/null
+++ b/tests/fixtures/0187-signingkey-local.installfile
@@ -0,0 +1,8 @@
+network false
+hostname test.machine
+pkginstall adelie-base
+rootpw $6$gumtLGmHwOVIRpQR$2M9PUO24hy5mofzWWf9a.YLbzOgOlUby1g0hDj.wG67E2wrrvys59fq02PPdxBdbgkLZFtjfEx6MHZwMBamwu/
+mount /dev/sda1 /
+repository https://distfiles.adelielinux.org/adelie/current/system
+repository https://distfiles.adelielinux.org/adelie/current/user
+signingkey /etc/apk/keys/packages@adelielinux.org.pub
diff --git a/tests/fixtures/0188-signingkey-insec.installfile b/tests/fixtures/0188-signingkey-insec.installfile
new file mode 100644
index 0000000..185894d
--- /dev/null
+++ b/tests/fixtures/0188-signingkey-insec.installfile
@@ -0,0 +1,8 @@
+network false
+hostname test.machine
+pkginstall adelie-base
+rootpw $6$gumtLGmHwOVIRpQR$2M9PUO24hy5mofzWWf9a.YLbzOgOlUby1g0hDj.wG67E2wrrvys59fq02PPdxBdbgkLZFtjfEx6MHZwMBamwu/
+mount /dev/sda1 /
+repository https://distfiles.adelielinux.org/adelie/current/system
+repository https://distfiles.adelielinux.org/adelie/current/user
+signingkey http://distfiles.adelielinux.org/adelie/packages@adelielinux.org.pub
diff --git a/tests/spec/validator_spec.rb b/tests/spec/validator_spec.rb
index 96a2caf..5c78f36 100644
--- a/tests/spec/validator_spec.rb
+++ b/tests/spec/validator_spec.rb
@@ -562,6 +562,25 @@ RSpec.describe 'HorizonScript validation', :type => :aruba do
                     expect(last_command_started).to have_output(/error: .*repository/)
                 end
             end
+            context "for 'signingkey' key" do
+                it "succeeds with secure key URL" do
+                    use_fixture '0186-signingkey-basic.installfile'
+                    run_validate
+                    expect(last_command_started).to have_output(PARSER_SUCCESS)
+                    expect(last_command_started).to have_output(VALIDATOR_SUCCESS)
+                end
+                it "succeeds with local key URL" do
+                    use_fixture '0187-signingkey-local.installfile'
+                    run_validate
+                    expect(last_command_started).to have_output(PARSER_SUCCESS)
+                    expect(last_command_started).to have_output(VALIDATOR_SUCCESS)
+                end
+                it "fails with insecure key URL" do
+                    use_fixture '0188-signingkey-insec.installfile'
+                    run_validate
+                    expect(last_command_started).to have_output(/error: .*signingkey/)
+                end
+            end
             context "for 'diskid' key" do
                 it "succeeds with basic disk identification" do
                     use_fixture '0076-diskid-basic.installfile'
author	A. Wilcox <AWilcox@Wilcox-Tech.com>	2019-10-31 20:38:27 -0500
committer	A. Wilcox <AWilcox@Wilcox-Tech.com>	2019-10-31 20:38:27 -0500
commit	7ab44372d81e86df99b3aefa114a5003df98bc61 (patch)
tree	a376b212f73518f7633925bf77d403fc33792953
parent	bc96edb1c20b0031479cbf23055651c2c92f7afe (diff)
download	horizon-7ab44372d81e86df99b3aefa114a5003df98bc61.tar.gz horizon-7ab44372d81e86df99b3aefa114a5003df98bc61.tar.bz2 horizon-7ab44372d81e86df99b3aefa114a5003df98bc61.tar.xz horizon-7ab44372d81e86df99b3aefa114a5003df98bc61.zip