diff options
| -rw-r--r-- | gemato/manifest.py | 17 | ||||
| -rw-r--r-- | gemato/recursiveloader.py | 5 | ||||
| -rw-r--r-- | tests/test_manifest.py | 2 | ||||
| -rw-r--r-- | tests/test_openpgp.py | 35 |
4 files changed, 50 insertions, 9 deletions
diff --git a/gemato/manifest.py b/gemato/manifest.py index 39a8655..cef8b25 100644 --- a/gemato/manifest.py +++ b/gemato/manifest.py @@ -1,6 +1,6 @@ # gemato: Manifest file objects # vim:fileencoding=utf-8 -# (c) 2017 Michał Górny +# (c) 2017-2018 Michał Górny # Licensed under the terms of 2-clause BSD license import datetime @@ -337,7 +337,7 @@ class ManifestFile(object): from files and writing to them. """ - __slots__ = ['entries', 'openpgp_signed'] + __slots__ = ['entries', 'openpgp_signed', 'openpgp_signature'] def __init__(self, f=None): """ @@ -347,6 +347,7 @@ class ManifestFile(object): self.entries = [] self.openpgp_signed = None + self.openpgp_signature = None if f is not None: self.load(f) @@ -360,14 +361,16 @@ class ManifestFile(object): @openpgp_env needs to be provided. If the verification succeeds, the openpgp_signed property will - be set to True. If it fails or OpenPGP is not available, - an exception will be raised. If the exception is caught, - the caller can continue using the ManifestFile instance - -- it will be loaded completely. + be set to True and openpgp_signature will contain the signature + data. If it fails or OpenPGP is not available, an exception + will be raised. If the exception is caught, the caller + can continue using the ManifestFile instance -- it will + be loaded completely. """ self.entries = [] self.openpgp_signed = False + self.openpgp_signature = None state = ManifestState.DATA openpgp_data = '' @@ -436,7 +439,7 @@ class ManifestFile(object): if verify_openpgp and state == ManifestState.POST_SIGNED_DATA: assert openpgp_env with io.StringIO(openpgp_data) as f: - openpgp_env.verify_file(f) + self.openpgp_signature = openpgp_env.verify_file(f) self.openpgp_signed = True def dump(self, f, sign_openpgp=None, openpgp_keyid=None, diff --git a/gemato/recursiveloader.py b/gemato/recursiveloader.py index 35c304a..6dd456c 100644 --- a/gemato/recursiveloader.py +++ b/gemato/recursiveloader.py @@ -161,6 +161,7 @@ class ManifestRecursiveLoader(object): 'openpgp_keyid', 'hashes', 'openpgp_signed', + 'openpgp_signature', 'sort', 'compress_watermark', 'compress_format', @@ -188,7 +189,8 @@ class ManifestRecursiveLoader(object): @verify_openpgp and @openpgp_env are passed down to ManifestFile. If the top-level Manifest is OpenPGP-signed and the verification succeeds, openpgp_signed property - is set to True. @verify_openpgp is True by default. + is set to True and openpgp_signature will contain the signature + data. @verify_openpgp is True by default. @sign_openpgp is passed down to ManifestFile when writing the top-level Manifest. If it is True, the top-level Manifest @@ -258,6 +260,7 @@ class ManifestRecursiveLoader(object): m = self.load_manifest(self.top_level_manifest_filename, allow_create=allow_create) self.openpgp_signed = m.openpgp_signed + self.openpgp_signature = m.openpgp_signature def load_manifest(self, relpath, verify_entry=None, allow_create=False): diff --git a/tests/test_manifest.py b/tests/test_manifest.py index fe1a060..a9f47c9 100644 --- a/tests/test_manifest.py +++ b/tests/test_manifest.py @@ -1,6 +1,6 @@ # gemato: Manifest file support tests # vim:fileencoding=utf-8 -# (c) 2017 Michał Górny +# (c) 2017-2018 Michał Górny # Licensed under the terms of 2-clause BSD license import datetime diff --git a/tests/test_openpgp.py b/tests/test_openpgp.py index 6f09014..d373e48 100644 --- a/tests/test_openpgp.py +++ b/tests/test_openpgp.py @@ -234,6 +234,7 @@ class SignedManifestTest(unittest.TestCase): self.assertIsNotNone(m.find_timestamp()) self.assertIsNotNone(m.find_path_entry('myebuild-0.ebuild')) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) def test_dash_escaped_manifest_load(self): m = gemato.manifest.ManifestFile() @@ -242,6 +243,7 @@ class SignedManifestTest(unittest.TestCase): self.assertIsNotNone(m.find_timestamp()) self.assertIsNotNone(m.find_path_entry('myebuild-0.ebuild')) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) def test_modified_manifest_load(self): """ @@ -254,6 +256,7 @@ class SignedManifestTest(unittest.TestCase): self.assertIsNotNone(m.find_timestamp()) self.assertIsNotNone(m.find_path_entry('myebuild-0.ebuild')) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) def test_junk_before_manifest_load(self): m = gemato.manifest.ManifestFile() @@ -295,6 +298,7 @@ class SignedManifestTest(unittest.TestCase): os.path.join(d, 'Manifest'), verify_openpgp=False) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) finally: shutil.rmtree(d) @@ -329,6 +333,7 @@ class SignedManifestTest(unittest.TestCase): os.path.join(d, 'Manifest'), verify_openpgp=False) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) m.save_manifest('Manifest') with io.open(os.path.join(d, 'Manifest'), 'r') as f: @@ -385,6 +390,10 @@ class OpenPGPCorrectKeyTest(unittest.TestCase): self.assertIsNotNone(m.find_timestamp()) self.assertIsNotNone(m.find_path_entry('myebuild-0.ebuild')) self.assertTrue(m.openpgp_signed) + self.assertEqual(m.openpgp_signature.fingerprint, KEY_FINGERPRINT) + self.assertEqual(m.openpgp_signature.timestamp, SIG_TIMESTAMP) + self.assertIsNone(m.openpgp_signature.expire_timestamp) + self.assertEqual(m.openpgp_signature.primary_key_fingerprint, KEY_FINGERPRINT) def test_dash_escaped_manifest_load(self): m = gemato.manifest.ManifestFile() @@ -393,6 +402,10 @@ class OpenPGPCorrectKeyTest(unittest.TestCase): self.assertIsNotNone(m.find_timestamp()) self.assertIsNotNone(m.find_path_entry('myebuild-0.ebuild')) self.assertTrue(m.openpgp_signed) + self.assertEqual(m.openpgp_signature.fingerprint, KEY_FINGERPRINT) + self.assertEqual(m.openpgp_signature.timestamp, SIG_TIMESTAMP) + self.assertIsNone(m.openpgp_signature.expire_timestamp) + self.assertEqual(m.openpgp_signature.primary_key_fingerprint, KEY_FINGERPRINT) def test_modified_manifest_load(self): m = gemato.manifest.ManifestFile() @@ -411,6 +424,10 @@ class OpenPGPCorrectKeyTest(unittest.TestCase): verify_openpgp=True, openpgp_env=self.env) self.assertTrue(m.openpgp_signed) + self.assertEqual(m.openpgp_signature.fingerprint, KEY_FINGERPRINT) + self.assertEqual(m.openpgp_signature.timestamp, SIG_TIMESTAMP) + self.assertIsNone(m.openpgp_signature.expire_timestamp) + self.assertEqual(m.openpgp_signature.primary_key_fingerprint, KEY_FINGERPRINT) finally: shutil.rmtree(d) @@ -426,6 +443,10 @@ class OpenPGPCorrectKeyTest(unittest.TestCase): verify_openpgp=True, openpgp_env=self.env) self.assertTrue(m.openpgp_signed) + self.assertEqual(m.openpgp_signature.fingerprint, KEY_FINGERPRINT) + self.assertEqual(m.openpgp_signature.timestamp, SIG_TIMESTAMP) + self.assertIsNone(m.openpgp_signature.expire_timestamp) + self.assertEqual(m.openpgp_signature.primary_key_fingerprint, KEY_FINGERPRINT) finally: shutil.rmtree(d) @@ -500,6 +521,7 @@ class OpenPGPNoKeyTest(unittest.TestCase): self.assertIsNotNone(m.find_timestamp()) self.assertIsNotNone(m.find_path_entry('myebuild-0.ebuild')) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) def test_recursive_manifest_loader(self): d = tempfile.mkdtemp() @@ -711,6 +733,7 @@ class OpenPGPPrivateKeyTest(unittest.TestCase): f.seek(0) m.load(f, openpgp_env=self.env) self.assertTrue(m.openpgp_signed) + self.assertIsNotNone(m.openpgp_signature) def test_dump_signed_manifest_keyid(self): m = gemato.manifest.ManifestFile() @@ -721,17 +744,20 @@ class OpenPGPPrivateKeyTest(unittest.TestCase): f.seek(0) m.load(f, openpgp_env=self.env) self.assertTrue(m.openpgp_signed) + self.assertIsNotNone(m.openpgp_signature) def test_dump_force_signed_manifest(self): m = gemato.manifest.ManifestFile() with io.StringIO(SIGNED_MANIFEST) as f: m.load(f, verify_openpgp=False, openpgp_env=self.env) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) with io.StringIO() as f: m.dump(f, sign_openpgp=True, openpgp_env=self.env) f.seek(0) m.load(f, openpgp_env=self.env) self.assertTrue(m.openpgp_signed) + self.assertIsNotNone(m.openpgp_signature) def test_dump_force_unsigned_manifest(self): m = gemato.manifest.ManifestFile() @@ -743,6 +769,7 @@ class OpenPGPPrivateKeyTest(unittest.TestCase): f.seek(0) m.load(f, openpgp_env=self.env) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) def test_recursive_manifest_loader_save_manifest(self): d = tempfile.mkdtemp() @@ -761,6 +788,7 @@ class OpenPGPPrivateKeyTest(unittest.TestCase): with io.open(os.path.join(d, 'Manifest'), 'r') as f: m2.load(f, openpgp_env=self.env) self.assertTrue(m2.openpgp_signed) + self.assertIsNotNone(m.openpgp_signature) finally: shutil.rmtree(d) @@ -783,6 +811,7 @@ class OpenPGPPrivateKeyTest(unittest.TestCase): os.path.join(d, 'Manifest.gz'), 'r') as cf: m2.load(cf, openpgp_env=self.env) self.assertTrue(m2.openpgp_signed) + self.assertIsNotNone(m.openpgp_signature) finally: shutil.rmtree(d) @@ -798,12 +827,14 @@ class OpenPGPPrivateKeyTest(unittest.TestCase): sign_openpgp=True, openpgp_env=self.env) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) m.save_manifest('Manifest') m2 = gemato.manifest.ManifestFile() with io.open(os.path.join(d, 'Manifest'), 'r') as f: m2.load(f, openpgp_env=self.env) self.assertTrue(m2.openpgp_signed) + self.assertIsNotNone(m2.openpgp_signature) finally: shutil.rmtree(d) @@ -820,6 +851,7 @@ class OpenPGPPrivateKeyTest(unittest.TestCase): sign_openpgp=True, openpgp_env=self.env) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) m.save_manifest('Manifest.gz') m2 = gemato.manifest.ManifestFile() @@ -827,6 +859,7 @@ class OpenPGPPrivateKeyTest(unittest.TestCase): os.path.join(d, 'Manifest.gz'), 'r') as cf: m2.load(cf, openpgp_env=self.env) self.assertTrue(m2.openpgp_signed) + self.assertIsNotNone(m2.openpgp_signature) finally: shutil.rmtree(d) @@ -848,6 +881,7 @@ class OpenPGPPrivateKeyTest(unittest.TestCase): sign_openpgp=True, openpgp_env=self.env) self.assertFalse(m.openpgp_signed) + self.assertIsNone(m.openpgp_signature) m.load_manifest('eclass/Manifest') m.save_manifest('eclass/Manifest') @@ -856,5 +890,6 @@ class OpenPGPPrivateKeyTest(unittest.TestCase): with io.open(os.path.join(d, 'eclass/Manifest'), 'r') as f: m2.load(f, openpgp_env=self.env) self.assertFalse(m2.openpgp_signed) + self.assertIsNone(m2.openpgp_signature) finally: shutil.rmtree(d) |