[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r18120 - in gnunet-update: bin doc gnunet_update test test/
From: |
gnunet |
Subject: |
[GNUnet-SVN] r18120 - in gnunet-update: bin doc gnunet_update test test/confs/user-home test/confs/user-home/.gnunet-update test/keys |
Date: |
Sat, 12 Nov 2011 15:52:34 +0100 |
Author: harsha
Date: 2011-11-12 15:52:34 +0100 (Sat, 12 Nov 2011)
New Revision: 18120
Added:
gnunet-update/test/__init__.py
gnunet-update/test/keys/
gnunet-update/test/keys/test.pub
gnunet-update/test/keys/test.sec
Modified:
gnunet-update/bin/gnunet-update
gnunet-update/doc/metadata.txt
gnunet-update/gnunet_update/metadata.py
gnunet-update/gnunet_update/package.py
gnunet-update/gnunet_update/util.py
gnunet-update/test/confs/user-home/
gnunet-update/test/confs/user-home/.gnunet-update/gnunet-update.conf
gnunet-update/test/test_config.py
gnunet-update/test/test_util.py
Log:
added signing in packaging and few new test cases
Modified: gnunet-update/bin/gnunet-update
===================================================================
--- gnunet-update/bin/gnunet-update 2011-11-12 09:22:12 UTC (rev 18119)
+++ gnunet-update/bin/gnunet-update 2011-11-12 14:52:34 UTC (rev 18120)
@@ -47,4 +47,6 @@
echo "We need python for executing gnunet-update"
exit 1
fi
+
+export GNUNET_UPDATE_HOME=$GNUNET_UPDATE_HOME
$PYTHON $GNUNET_UPDATE_HOME/gnunet_update $@
\ No newline at end of file
Modified: gnunet-update/doc/metadata.txt
===================================================================
--- gnunet-update/doc/metadata.txt 2011-11-12 09:22:12 UTC (rev 18119)
+++ gnunet-update/doc/metadata.txt 2011-11-12 14:52:34 UTC (rev 18120)
@@ -41,7 +41,9 @@
value: `Linux'. On a system running FreeBSD, this key will have
the value: `FreeBSD'
- * PKEY: Public key of the packager in hexadecimal digits
+ * PKEY: Public key fingerprint of the packager. This is used to identify
+ the packager who distributed the update package and also to verify the
+ authenticity of the package contents
* RELEASE: Release number for the package. This is independent of Gnunet
release and is intended for packagers and maintainers to identify their
Modified: gnunet-update/gnunet_update/metadata.py
===================================================================
--- gnunet-update/gnunet_update/metadata.py 2011-11-12 09:22:12 UTC (rev
18119)
+++ gnunet-update/gnunet_update/metadata.py 2011-11-12 14:52:34 UTC (rev
18120)
@@ -46,7 +46,10 @@
path is a string representing the path of the file to be
written. If the file doesn't exist a new one is created. If
path is None (which is default) then the contents are written
- to a temporary file and whose path is returned
+ to a temporary file whose path is returned
+
+ Returns the path name of the file into which the metadata has been
+ written
"""
file_name = None
tmp_file = None
@@ -65,7 +68,7 @@
#write the header
if self.machine != None: writeln_("MACHINE:" + self.machine)
if self.system != None: writeln_("SYSTEM:" + self.system)
- if self.pkey != None: writeln_("PKEY:" + self.pkey)
+ if self.pkey != None: writeln_("PKEY:" + self.pkey.replace(" ",'',))
if self.release != None: writeln_("RELEASE:" + self.release)
#write the metadata body
Modified: gnunet-update/gnunet_update/package.py
===================================================================
--- gnunet-update/gnunet_update/package.py 2011-11-12 09:22:12 UTC (rev
18119)
+++ gnunet-update/gnunet_update/package.py 2011-11-12 14:52:34 UTC (rev
18120)
@@ -40,6 +40,7 @@
import util
from dependency import Dependency, BinaryObject
from metadata import Metadata
+from config import GnunetUpdateConfig
#global variables
gnunet_src = ""
@@ -177,6 +178,7 @@
def run(action):
"""control procedure."""
+ config = GnunetUpdateConfig();
#change the directory to gnunet_src
if "build" == action:
current_dir = os.getcwd()
@@ -192,6 +194,7 @@
metadata = Metadata(machine=platform.machine(),
system=platform.system(),
+ pkey=config.get('SECURITY', 'PGP_SIGN_KEY'),
release="0")
metadata.binary_objects = binary_objects
metadata.dependencies = dependencies
@@ -202,6 +205,23 @@
#generate the metadata file and add it to tar
metadata_file = metadata.write_to_file(package_file + ".meta")
+ #generate the metadata file signature
+ metadata_fd = open(metadata_file, "rb")
+ metadata_sig_fd = open(metadata_file + ".asc", "wb")
+ skey_passphrase = config.get('SECURITY', 'PGP_SIGN_KEY_PASSWORD')
+ if skey_passphrase is None:
+ # FIXME: Hide the characters while typing password
+ skey_passphrase = raw_input("Enter password for your PGP Private key:
")
+ # FIXME: Add error handling??
+ util.gpg_sign_file(metadata_fd,
+ metadata_sig_fd,
+ config.get('SECURITY', 'PGP_SIGN_KEY'),
+ passphrase=skey_passphrase,
+ detached=True)
+ metadata_sig_fd.flush()
+ metadata_fd.close()
+ metadata_sig_fd.close()
+
tar_file.add(metadata_file, "metadata.dat")
print "Here are the dependencies:"
Modified: gnunet-update/gnunet_update/util.py
===================================================================
--- gnunet-update/gnunet_update/util.py 2011-11-12 09:22:12 UTC (rev 18119)
+++ gnunet-update/gnunet_update/util.py 2011-11-12 14:52:34 UTC (rev 18120)
@@ -22,6 +22,8 @@
# Utility function library
from hashlib import sha512
+import gpgme
+import os
def parse_ldd_output(ldd_output, splitted_input=False):
"""Parses ldd output.
@@ -47,7 +49,7 @@
def parse_ldconfig_output(ldconfig_output):
"""Parses ldconfig output.
- ldconfig_output : Output of `ldconfig -p' to indentify installed/existing
+ ldconfig_output: Output of `ldconfig -p' to indentify installed/existing
dependencies
Returns a list of 2 element lists having the dependency name as the first
@@ -80,3 +82,27 @@
hash_obj.update(data)
object_file.close()
return hexdigest
+
+def gpg_sign_file(plain_fd, sign_fd, key_fpr, passphrase, detached=False):
+ """Signs the given file with a gpg clearsign signature.
+
+ plain_fd: A file like object of the data that has to be signed
+ sign_fd: A file like object into which the cleartext signature will be
written
+ key_fpr: The fingerprint of the key that has to be used for signing
+ passphrase: The password for the secret key associated to key_fpr
+
+ Returns the signature information structure
+ """
+ ctx = gpgme.Context()
+ ctx.armor = True
+ key = ctx.get_key(key_fpr.replace(' ',''))
+ ctx.signers = [key]
+ def passphrase_cb(uid_hint, passphrase_info, prev_was_bad, fd):
+ os.write(fd, passphrase + '\n')
+
+ ctx.passphrase_cb = passphrase_cb
+ new_sigs = ctx.sign(plain_fd,
+ sign_fd,
+ gpgme.SIG_MODE_CLEAR if detached is False
+ else gpgme.SIG_MODE_DETACH)
+ return new_sigs
Added: gnunet-update/test/__init__.py
===================================================================
--- gnunet-update/test/__init__.py (rev 0)
+++ gnunet-update/test/__init__.py 2011-11-12 14:52:34 UTC (rev 18120)
@@ -0,0 +1,28 @@
+# This file is part of GNUnet.
+# (C) 2001--2011 Christian Grothoff (and other contributing authors)
+#
+# GNUnet is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation; either version 2, or (at your
+# option) any later version.
+#
+# GNUnet is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNUnet; see the file COPYING. If not, write to the
+# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+#
+# File: gnunet_update/tests/__init__.py
+# Author: Sree Harsha Totakura
+#
+# Unit tests package initialization file.
+
+import sys
+import os
+
+# Add the gnunet_update to the os.sys so that it can be loaded
+sys.path.append(os.path.join(os.path.dirname(__file__),'../'))
Property changes on: gnunet-update/test/confs/user-home
___________________________________________________________________
Added: svn:ignore
+ .gnupg
Modified: gnunet-update/test/confs/user-home/.gnunet-update/gnunet-update.conf
===================================================================
--- gnunet-update/test/confs/user-home/.gnunet-update/gnunet-update.conf
2011-11-12 09:22:12 UTC (rev 18119)
+++ gnunet-update/test/confs/user-home/.gnunet-update/gnunet-update.conf
2011-11-12 14:52:34 UTC (rev 18120)
@@ -1,6 +1,6 @@
[SECURITY]
-PGP_SIGN_KEY = ABCDEFGHIJKLMNOPQRSTUV
+PGP_SIGN_KEY = 38D6 5A4C 06DB 8BF5 28D6 FFA9 4BE3 A0A0 D9CA 26A1
PGP_SIGN_KEY_PASSWORD = test
[TEST]
Added: gnunet-update/test/keys/test.pub
===================================================================
--- gnunet-update/test/keys/test.pub (rev 0)
+++ gnunet-update/test/keys/test.pub 2011-11-12 14:52:34 UTC (rev 18120)
@@ -0,0 +1,25 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+mQGiBE66XbgRBACDtaWpRSFp2goNd+qUkw1AmAhU4fPOxx0UpWDou+2R4vi2VcMD
+4MFKl++3A9dJXwE+dX1ghLQfRu/YJkq1IabZuNHtkQzDJFRzs5fV5rv4U0kuvi/W
+5sBOaIVmPf+atgTj97GnYINw2VXfHTY1Gd/tNYc5KDX33vLldVNw8Cs8vwCgx6wR
+Y9Z4kttODTfG2DvEUOli8u8D/2JrBlpqlzID8WFI3O/IPZFDnvhqCumo6HmvWxIE
+/ktcVxO6FfinNHbY9+iajUVXxA0OGyl13PT40oEU70CBtKBQrFejN8LmKDuIHdbE
+jaY6UssuuI39VrshzmsoN5ZGfoENSZFfKoCWr9hMTEdYHNaFikCROxjWvoSZ0gKj
+uhSsA/9D1CoG8oAJbLBN13yCBFPVnBhZ8U8QFkSwpNcKR480fUGP5X9QgteJdHD5
+ObJNK4UXCts7a4+SZaSRfbFIAQkot73oz36efWESUvc2ws8zfjxC4hRAY7Ai5W0v
++nW+HGpk35++OxB5L1gbtfNEUNxJoZLqGEM5c4IKkgU7U8af67Q1VGVzdGVyIChn
+bnVuZXQtdXBkYXRlIHBhY2thZ2Ugc2lnbmVyKSA8dGVzdEB0ZXN0LmNvbT6IYgQT
+EQIAIgUCTrpduAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQS+OgoNnK
+JqFAmQCfQoVgan23VYsOxRveME2aoGEcHekAnjATa2btIFD9esLEMu0Ivh2hjYKk
+uQENBE66XbgQBACotDZqONj0HUpNxtudO1eGCol4MCt994JtZQ+sqxzis+5MK1d+
+4GSH6gvoJdNCTZi/w5K7lwMv9n3wN9mpu4Uy771t+CI5zjDef1HAI7h8v0QCKjWa
+LY0pafUIeC+lXxVjc1YggzuCcLREmuZ4BfgcJuX2hb7NTnkXmWwiqtCCfwADBQP+
+MVAAwPqQBJkHa+XdaRuD/czzsSKiyBxoyyRK+ifFb6wWrFvF4y6ScuZl88cymily
+cHZ/MBKNPVcvO12oiVOAInv335vqwf8dvzAoxlIJv1sUchnCmu7FTevnTYawPiua
+HyzsnhyfMBCdEsH8jIZJMj7gj8N4bisFxuONrPGukZiISQQYEQIACQUCTrpduAIb
+DAAKCRBL46Cg2comocpCAJ9WffksDJcvpIBbZvq49mXcwUL6uwCfTqRbZAxayTUx
+ICtuPHbG/4BBN0g=
+=M29l
+-----END PGP PUBLIC KEY BLOCK-----
Added: gnunet-update/test/keys/test.sec
===================================================================
--- gnunet-update/test/keys/test.sec (rev 0)
+++ gnunet-update/test/keys/test.sec 2011-11-12 14:52:34 UTC (rev 18120)
@@ -0,0 +1,28 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+lQHhBE66XbgRBACDtaWpRSFp2goNd+qUkw1AmAhU4fPOxx0UpWDou+2R4vi2VcMD
+4MFKl++3A9dJXwE+dX1ghLQfRu/YJkq1IabZuNHtkQzDJFRzs5fV5rv4U0kuvi/W
+5sBOaIVmPf+atgTj97GnYINw2VXfHTY1Gd/tNYc5KDX33vLldVNw8Cs8vwCgx6wR
+Y9Z4kttODTfG2DvEUOli8u8D/2JrBlpqlzID8WFI3O/IPZFDnvhqCumo6HmvWxIE
+/ktcVxO6FfinNHbY9+iajUVXxA0OGyl13PT40oEU70CBtKBQrFejN8LmKDuIHdbE
+jaY6UssuuI39VrshzmsoN5ZGfoENSZFfKoCWr9hMTEdYHNaFikCROxjWvoSZ0gKj
+uhSsA/9D1CoG8oAJbLBN13yCBFPVnBhZ8U8QFkSwpNcKR480fUGP5X9QgteJdHD5
+ObJNK4UXCts7a4+SZaSRfbFIAQkot73oz36efWESUvc2ws8zfjxC4hRAY7Ai5W0v
++nW+HGpk35++OxB5L1gbtfNEUNxJoZLqGEM5c4IKkgU7U8af6/4DAwIS2ayp1qKH
+tWCoC6yP0WW/Yer4n0C1X9nd1c3FDJnBEY1zMf91oK411GHaybDEup/9LhqQKZdg
+RKINm7Q1VGVzdGVyIChnbnVuZXQtdXBkYXRlIHBhY2thZ2Ugc2lnbmVyKSA8dGVz
+dEB0ZXN0LmNvbT6IYgQTEQIAIgUCTrpduAIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC
+HgECF4AACgkQS+OgoNnKJqFAmQCfQoVgan23VYsOxRveME2aoGEcHekAnjATa2bt
+IFD9esLEMu0Ivh2hjYKknQFYBE66XbgQBACotDZqONj0HUpNxtudO1eGCol4MCt9
+94JtZQ+sqxzis+5MK1d+4GSH6gvoJdNCTZi/w5K7lwMv9n3wN9mpu4Uy771t+CI5
+zjDef1HAI7h8v0QCKjWaLY0pafUIeC+lXxVjc1YggzuCcLREmuZ4BfgcJuX2hb7N
+TnkXmWwiqtCCfwADBQP+MVAAwPqQBJkHa+XdaRuD/czzsSKiyBxoyyRK+ifFb6wW
+rFvF4y6ScuZl88cymilycHZ/MBKNPVcvO12oiVOAInv335vqwf8dvzAoxlIJv1sU
+chnCmu7FTevnTYawPiuaHyzsnhyfMBCdEsH8jIZJMj7gj8N4bisFxuONrPGukZj+
+AwMCEtmsqdaih7VgOjUtvTh6s7xWsxh9l9u6475sCYxYnavGgxODzkRiTaST5nfN
+CdF3Okqb3anVLwzP5l4+7MgD0qk73G0jqMaISQQYEQIACQUCTrpduAIbDAAKCRBL
+46Cg2comocpCAKCVn3NOkHPv4OBitc1XM4ncY5+z3ACggaMagOnXWW5dX5u4MpoP
+mtw7WBc=
+=k0kN
+-----END PGP PRIVATE KEY BLOCK-----
Modified: gnunet-update/test/test_config.py
===================================================================
--- gnunet-update/test/test_config.py 2011-11-12 09:22:12 UTC (rev 18119)
+++ gnunet-update/test/test_config.py 2011-11-12 14:52:34 UTC (rev 18120)
@@ -36,7 +36,7 @@
def setUp(self):
# Modify HOME to point to testing home
os.environ['HOME'] = os.path.join(pwd, 'confs/user-home')
- # Modify
+ # Modify GNUNET_UPDATE_HOME path
os.environ['GNUNET_UPDATE_HOME'] = os.path.join(pwd,
'confs/gnunet-update-home')
@@ -57,7 +57,7 @@
"""Test if values added by recent configuration are available."""
config = GnunetUpdateConfig()
self.assertEqual(config.get('SECURITY', 'PGP_SIGN_KEY'),
- 'ABCDEFGHIJKLMNOPQRSTUV')
+ '38D6 5A4C 06DB 8BF5 28D6 FFA9 4BE3 A0A0 D9CA 26A1')
def test_config_exception(self):
"""Test if exception is raised for non existing sections and
options."""
Modified: gnunet-update/test/test_util.py
===================================================================
--- gnunet-update/test/test_util.py 2011-11-12 09:22:12 UTC (rev 18119)
+++ gnunet-update/test/test_util.py 2011-11-12 14:52:34 UTC (rev 18120)
@@ -24,11 +24,16 @@
import unittest
import os
import tempfile
+from StringIO import StringIO
from textwrap import dedent
+import gpgme
+import shutil
import __init__
import gnunet_update.util as util
+from gnunet_update.config import GnunetUpdateConfig
+pwd = os.path.dirname(__file__)
class TestUtil(unittest.TestCase):
@@ -111,6 +116,67 @@
self.assertEqual(tmp_file.file.closed, True)
os.remove(tmp_file.name)
+ def test_gpg_sign_file(self):
+ """Test gpg file signing."""
+
+ # Modify HOME to point to testing home
+ os.environ['HOME'] = os.path.join(pwd, 'confs/user-home')
+ # Modify GNUNET_UPDATE_HOME path
+ os.environ['GNUNET_UPDATE_HOME'] = os.path.join(pwd,
+
'confs/gnunet-update-home')
+ temp_gpghome = tempfile.mkdtemp(prefix='tmp.gpghome')
+ os.environ['GNUPGHOME'] = temp_gpghome
+ import_keys = ['test.pub', 'test.sec']
+ ctx = gpgme.Context()
+ for key in import_keys:
+ ctx.import_(open(os.path.join(pwd, 'keys/' + key), "rb"))
+
+ config = GnunetUpdateConfig()
+ plaintext = StringIO();
+ plaintext.write(self.sample_test_data);
+ plaintext.flush();
+ plaintext.seek(0);
+ signature = StringIO();
+ # test gpg_sign_file
+ key_fpr = config.get('SECURITY', 'PGP_SIGN_KEY').replace(' ','')
+ sigs = util.gpg_sign_file(plaintext,
+ signature,
+ key_fpr,
+ passphrase=config.get('SECURITY',
+
'PGP_SIGN_KEY_PASSWORD'))
+ self.assertEqual(len(sigs),1)
+ self.assertEqual(sigs[0].type, gpgme.SIG_MODE_CLEAR)
+ self.assertEqual(sigs[0].fpr, key_fpr)
+ # Now verify the signature
+ signature.seek(0)
+ plaintext = StringIO()
+ sigs = ctx.verify(signature, None, plaintext)
+ self.assertEqual(plaintext.getvalue(), self.sample_test_data)
+ self.assertEqual(len(sigs),1)
+ self.assertEqual(sigs[0].fpr, key_fpr)
+ self.assertEqual(sigs[0].status, None)
+ self.assertEqual(sigs[0].wrong_key_usage, False)
+ # Verify detached signature
+ plaintext.seek(0)
+ signature = StringIO()
+ sigs = util.gpg_sign_file(plaintext,
+ signature,
+ key_fpr,
+ passphrase=config.get('SECURITY',
+
'PGP_SIGN_KEY_PASSWORD'),
+ detached=True)
+ self.assertEqual(len(sigs),1)
+ self.assertEqual(sigs[0].type, gpgme.SIG_MODE_DETACH)
+ self.assertEqual(sigs[0].fpr, key_fpr)
+ # Now verify the signature
+ signature.seek(0)
+ plaintext.seek(0)
+ sigs = ctx.verify(signature, plaintext, None)
+ self.assertEqual(len(sigs),1)
+ self.assertEqual(sigs[0].fpr, key_fpr)
+ self.assertEqual(sigs[0].status, None)
+ self.assertEqual(sigs[0].wrong_key_usage, False)
+ shutil.rmtree(temp_gpghome);
if __name__ == '__main__':
unittest.main()
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r18120 - in gnunet-update: bin doc gnunet_update test test/confs/user-home test/confs/user-home/.gnunet-update test/keys,
gnunet <=