Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
.. abi.sh add.sh alias.sh annotate.sh audit.sh autoremove.sh autoupgrade.sh backup_lib.sh check.sh clean.sh config.sh configmerge.sh conflicts-multirepo.sh conflicts.sh create-parsebin.sh create.sh delete.sh dfly.binin extract.sh fetch.sh fingerprint.sh force_reinstall_shlib.sh formula.sh freebsd-aarch64.binin freebsd-amd64.binin freebsd-armv6.binin freebsd-armv7.binin freebsd-i386.binin freebsd-powerpc.binin freebsd-powerpc64.binin freebsd-powerpc64le.binin freebsd-riscv64.binin http.sh info.sh install.sh issue1374.sh issue1425.sh issue1440.sh issue1445.sh jpeg.sh key.sh libfoo.so.1in libtest2fbsd.so.1in libtestfbsd.so.1in linux.binin lock.sh lua.sh macos.binin macos106.binin macos150.binin macosfat.binin macosfatlib.binin messages.sh multipleprovider.sh packagemerge.sh packagesplit.sh php-pr.sh pkg.sh png.ucl pubkey.sh query.sh register.sh repo.sh repositories.sh requires.sh rootdir.sh rquery.sh rubypuppet.sh rwhich.sh search.sh set.sh shellscript.sh sqlite3.ucl test_environment.sh.in test_subr.sh triggers.sh unregister.sh update.sh updating.sh upgrade.sh version.sh vital.sh which.sh
S
Shawn Webb
Merge remote-tracking branch 'upstream/main' 1 year ago c3b674e History
HardenedBSD-pkg tests frontend key.sh 
#! /usr/bin/env atf-sh

. $(atf_get_srcdir)/test_environment.sh

tests_init \
	key_create \
	key_pubout \
	key_sign

key_create_head() {
	atf_set "require.progs" "openssl"
}
key_create_body() {
	echo "secure msg" > msg

	atf_check -o save:repo.pub -e ignore -x pkg key --create -t rsa \
	    repo.key

	# Group permissions are OK, but let's strive for limited to the user.
	# This doesn't use stat(1) to side-step the differences between
	# platforms in how to request specific fields; the ls(1) mode
	# representation is usually consistent enough.
	atf_check -o match:'-{6}$' -x 'ls -l repo.key | cut -c1-10'
	# Should have also output the corresponding pub key.
	atf_check test -s repo.pub

	# Make sure it's functional.
	atf_check -o save:msg.sign openssl dgst -sign repo.key -sha256 \
	    -binary msg
	atf_check -o ignore openssl dgst -sha256 -verify repo.pub \
	    -signature msg.sign msg

	for signer in ecc ecdsa eddsa; do
		rm -f repo.key repo.pub
		atf_check -o save:repo.pub -e ignore -x pkg key --create \
		    -t "$signer" repo.key

		atf_check -o match:'-{6}$' -x 'ls -l repo.key | cut -c1-10'
		atf_check test -s repo.pub
	done
}

key_pubout_head() {
	atf_set "require.progs" "openssl"
}
key_pubout_body() {
	echo "secure msg" > msg

	atf_check -o ignore -e ignore -x pkg key --create -t rsa repo
	# Oops, we lost the public key.
	rm repo.pub
	atf_check test ! -f repo.pub
	atf_check -o save:repo.pub pkg key --public -t rsa repo

	# Make sure it's functional.
	atf_check -o save:msg.sign openssl dgst -sign repo -sha256 -binary msg
	atf_check -o ignore openssl dgst -sha256 -verify repo.pub -signature msg.sign msg
}

key_sign_head() {
	atf_set "require.progs" "openssl"
}
key_sign_body() {
	echo "secure msg" > msg

	for signer in rsa ecdsa; do
		rm -f repo.key repo.pub msg.sig

		# Generate a key with pkg
		atf_check -o save:repo.pub -e ignore \
		    pkg key --create -t "$signer" repo.key
		
		atf_check -o save:msg.sig \
		    pkg key --sign -t "$signer" repo.key < msg

		if [ $signer = ecdsa ]; then
			keyform="-keyform DER"
		else
			keyform=""
		fi

		atf_check -o ignore openssl dgst -sha256 $keyform -verify repo.pub \
		    -signature msg.sig msg
	done
}