sundowndev
/
dctlenv
mirror of https://github.com/sundowndev/dctlenv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix PGP signature check

main v0.1.5
William Beuil 2021-06-23 15:02:44 +02:00
parent da31ae863b
commit 558a584df1
No known key found for this signature in database
GPG Key ID: BED2072C5C2BF537
3 changed files with 93 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libexec/dctlenv-install
View File

@ -65,14 +65,16 @@ $(curlw -s -f -L -o "$dst_path/driftctl_SHA256SUMS" "$driftctl_url/v$version/dri
if [[ -f "$dst_path/driftctl_SHA256SUMS" ]]; then if [[ -f "$dst_path/driftctl_SHA256SUMS" ]]; then
sha256sum_bin="$(command -v sha256sum 2>/dev/null)" sha256sum_bin="$(command -v sha256sum 2>/dev/null)"
if [[ -n "$sha256sum_bin" && -x "$sha256sum_bin" ]]; then if [[ -n "$sha256sum_bin" ]]; then
(cd "$dst_path"; grep "driftctl_$os" "driftctl_SHA256SUMS" | "$sha256sum_bin" -c) &>/dev/null \ (cd "$dst_path"; grep "driftctl_$os" "driftctl_SHA256SUMS" | "$sha256sum_bin" -c) &>/dev/null \
&& echo "SHA256 hash matched!" \ && echo "SHA256 hash matched!" \
|| log_error 'SHA256 hash does not match!' || log_error 'SHA256 hash does not match!'
else else
echo 'No sha256sum tool available. Skipping SHA256 hash validation' echo 'No sha256sum tool available. Skipping SHA256 hash validation'
fi fi
$(rm "$dst_path/driftctl_SHA256SUMS") if [ "${DCTLENV_PGP:-0}" -eq 0 ]; then
$(rm "$dst_path/driftctl_SHA256SUMS")
fi
else else
echo 'No SHA256 hashes file available. Skipping SHA256 hash validation' echo 'No SHA256 hashes file available. Skipping SHA256 hash validation'
fi fi
@ -83,8 +85,8 @@ if [ "${DCTLENV_PGP:-0}" -gt 0 ]; then
if [[ -f "$dst_path/driftctl_SHA256SUMS.gpg" ]]; then if [[ -f "$dst_path/driftctl_SHA256SUMS.gpg" ]]; then
gpg_bin="$(command -v gpg 2>/dev/null)" gpg_bin="$(command -v gpg 2>/dev/null)"
if [[ -n "$gpg_bin" && -x "$gpg_bin" ]]; then if [[ -n "$gpg_bin" ]]; then
"$gpg_bin" --verify "$dst_path/driftctl_SHA256SUMS.gpg" \ ("$gpg_bin" --verify "$dst_path/driftctl_SHA256SUMS.gpg" "$dst_path/driftctl_SHA256SUMS") &>/dev/null \
&& echo "PGP signature matched!" \ && echo "PGP signature matched!" \
|| log_error 'PGP signature rejected!' || log_error 'PGP signature rejected!'
else else
@ -94,6 +96,7 @@ if [ "${DCTLENV_PGP:-0}" -gt 0 ]; then
else else
echo 'No SHA256 hashes signature file available. Skipping signature validation' echo 'No SHA256 hashes signature file available. Skipping signature validation'
fi fi
$(rm "$dst_path/driftctl_SHA256SUMS")
fi fi
$(mv "$dst_path/driftctl_$os" "$dst_path/driftctl") $(mv "$dst_path/driftctl_$os" "$dst_path/driftctl")

2
libexec/dctlenv-version
View File

@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -uo pipefail set -uo pipefail
version="0.1.4" version="0.1.5"
git_revision="" git_revision=""
if cd "${BASH_SOURCE%/*}" 2>/dev/null && git remote -v 2>/dev/null | grep -q dctlenv; then if cd "${BASH_SOURCE%/*}" 2>/dev/null && git remote -v 2>/dev/null | grep -q dctlenv; then

85
test/dctlenv-install.bats
View File

@ -6,6 +6,7 @@ setup() {
export DCTLENV_TMPDIR="$BATS_TMPDIR/dctlenv" export DCTLENV_TMPDIR="$BATS_TMPDIR/dctlenv"
export DCTLENV_TMPDIR="$(mktemp -d "$DCTLENV_TMPDIR.XXX" 2>/dev/null || echo "$DCTLENV_TMPDIR")" export DCTLENV_TMPDIR="$(mktemp -d "$DCTLENV_TMPDIR.XXX" 2>/dev/null || echo "$DCTLENV_TMPDIR")"
export DCTLENV_ROOT="$DCTLENV_TMPDIR" export DCTLENV_ROOT="$DCTLENV_TMPDIR"
export DCTLENV_PGP=0
dctlenv-list-remote() { dctlenv-list-remote() {
echo "0.1.0 echo "0.1.0
@ -84,6 +85,7 @@ Downloading SHA256 hashes file from https://github.com/cloudskiff/driftctl/relea
No SHA256 hashes file available. Skipping SHA256 hash validation No SHA256 hashes file available. Skipping SHA256 hash validation
Fail to make the binary executable Fail to make the binary executable
OUT OUT
refute [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS" ]
} }
@test "dctlenv install [<version>]: prints a success message at the end of the install" { @test "dctlenv install [<version>]: prints a success message at the end of the install" {
@ -105,6 +107,7 @@ Downloading SHA256 hashes file from https://github.com/cloudskiff/driftctl/relea
No SHA256 hashes file available. Skipping SHA256 hash validation No SHA256 hashes file available. Skipping SHA256 hash validation
Installation of driftctl v0.3.1 successful. To make this your default version, run 'dctlenv use 0.3.1' Installation of driftctl v0.3.1 successful. To make this your default version, run 'dctlenv use 0.3.1'
OUT OUT
refute [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS" ]
} }
@test "dctlenv install [<version>]: prints an error message if it failed to check SHA256" { @test "dctlenv install [<version>]: prints an error message if it failed to check SHA256" {
@ -125,6 +128,7 @@ Downloading release tarball from https://github.com/cloudskiff/driftctl/releases
Downloading SHA256 hashes file from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_SHA256SUMS Downloading SHA256 hashes file from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_SHA256SUMS
SHA256 hash does not match! SHA256 hash does not match!
OUT OUT
assert [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS" ]
} }
@test "dctlenv install [<version>]: prints a success message if it can install and check for SHA256" { @test "dctlenv install [<version>]: prints a success message if it can install and check for SHA256" {
@ -146,6 +150,7 @@ Downloading SHA256 hashes file from https://github.com/cloudskiff/driftctl/relea
SHA256 hash matched! SHA256 hash matched!
Installation of driftctl v0.3.1 successful. To make this your default version, run 'dctlenv use 0.3.1' Installation of driftctl v0.3.1 successful. To make this your default version, run 'dctlenv use 0.3.1'
OUT OUT
refute [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS" ]
} }
@test "dctlenv install [<version>]: prints a success message if it can install v0.3.1" { @test "dctlenv install [<version>]: prints a success message if it can install v0.3.1" {
@ -167,6 +172,7 @@ Downloading SHA256 hashes file from https://github.com/cloudskiff/driftctl/relea
SHA256 hash matched! SHA256 hash matched!
Installation of driftctl v0.3.1 successful. To make this your default version, run 'dctlenv use 0.3.1' Installation of driftctl v0.3.1 successful. To make this your default version, run 'dctlenv use 0.3.1'
OUT OUT
refute [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS" ]
} }
@test "dctlenv install [<version>]: prints a success message if it can install the latest version" { @test "dctlenv install [<version>]: prints a success message if it can install the latest version" {
@ -188,6 +194,85 @@ Downloading SHA256 hashes file from https://github.com/cloudskiff/driftctl/relea
SHA256 hash matched! SHA256 hash matched!
Installation of driftctl v0.3.1 successful. To make this your default version, run 'dctlenv use 0.3.1' Installation of driftctl v0.3.1 successful. To make this your default version, run 'dctlenv use 0.3.1'
OUT OUT
refute [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS" ]
}
@test "dctlenv install [<version>]: prints a missing hashes signature file" {
uname() { echo "Linux"; }; export -f uname;
curlw() {
mkdir -p "$DCTLENV_TMPDIR/versions/0.3.1"
touch "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_linux_amd64"
(cd "$DCTLENV_TMPDIR/versions/0.3.1"; sha256sum * > "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS")
exit 0
}; export -f curlw;
DCTLENV_PGP=1 run dctlenv install 0.3.1
assert_success
assert_output <<OUT
Installing driftctl v0.3.1
Downloading release tarball from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_linux_amd64
Downloading SHA256 hashes file from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_SHA256SUMS
SHA256 hash matched!
Downloading SHA256 hashes signature file from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_SHA256SUMS.gpg
No SHA256 hashes signature file available. Skipping signature validation
Installation of driftctl v0.3.1 successful. To make this your default version, run 'dctlenv use 0.3.1'
OUT
refute [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS" ]
refute [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS.gpg" ]
}
@test "dctlenv install [<version>]: prints an error message if the PGP signature check fails" {
uname() { echo "Linux"; }; export -f uname;
curlw() {
mkdir -p "$DCTLENV_TMPDIR/versions/0.3.1"
touch "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_linux_amd64"
(cd "$DCTLENV_TMPDIR/versions/0.3.1"; sha256sum * > "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS")
touch "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS.gpg"
exit 0
}; export -f curlw;
gpg() { exit 1; }; export -f gpg;
DCTLENV_PGP=1 run dctlenv install 0.3.1
assert_failure
assert_output <<OUT
Installing driftctl v0.3.1
Downloading release tarball from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_linux_amd64
Downloading SHA256 hashes file from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_SHA256SUMS
SHA256 hash matched!
Downloading SHA256 hashes signature file from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_SHA256SUMS.gpg
PGP signature rejected!
OUT
assert [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS" ]
assert [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS.gpg" ]
}
@test "dctlenv install [<version>]: prints a success message if the PGP signature check matches" {
uname() { echo "Linux"; }; export -f uname;
curlw() {
mkdir -p "$DCTLENV_TMPDIR/versions/0.3.1"
touch "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_linux_amd64"
(cd "$DCTLENV_TMPDIR/versions/0.3.1"; sha256sum * > "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS")
touch "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS.gpg"
exit 0
}; export -f curlw;
gpg() { exit 0; }; export -f gpg;
DCTLENV_PGP=1 run dctlenv install 0.3.1
assert_success
assert_output <<OUT
Installing driftctl v0.3.1
Downloading release tarball from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_linux_amd64
Downloading SHA256 hashes file from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_SHA256SUMS
SHA256 hash matched!
Downloading SHA256 hashes signature file from https://github.com/cloudskiff/driftctl/releases/download/v0.3.1/driftctl_SHA256SUMS.gpg
PGP signature matched!
Installation of driftctl v0.3.1 successful. To make this your default version, run 'dctlenv use 0.3.1'
OUT
refute [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS" ]
refute [ -e "$DCTLENV_TMPDIR/versions/0.3.1/driftctl_SHA256SUMS.gpg" ]
} }
teardown() { teardown() {