From 338a8c38b89127172e337f08c453118f1e6cbb5f Mon Sep 17 00:00:00 2001 From: Jacob Bachmeyer Date: Sat, 12 Feb 2022 22:34:25 -0600 Subject: [PATCH] Add test for rejection of future directive signature timestamp --- testsuite/lib/upload.exp | 6 +++++ testsuite/upload.all/03_triplet.exp | 35 +++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/testsuite/lib/upload.exp b/testsuite/lib/upload.exp index 53e2de8..93654f5 100644 --- a/testsuite/lib/upload.exp +++ b/testsuite/lib/upload.exp @@ -753,6 +753,12 @@ proc analyze_log { base_dir name assess } { set A(validate,signature-timestamp) 1 exp_continue } + -re {^ftp-upload\[[0-9]+\]: \(Test\)\ + GPG signed upload from the future - not allowed[^\r\n]+} { + # from read_directive_file, if signature timestamp bad + set A(validate,future-signature-timestamp) 1 + exp_continue + } -re {^ftp-upload\[[0-9]+\]: \(Test\)\ DEBUG: [^ ]+ size is [[:digit:]]+} { diff --git a/testsuite/upload.all/03_triplet.exp b/testsuite/upload.all/03_triplet.exp index ed2e60c..5a95f6b 100644 --- a/testsuite/upload.all/03_triplet.exp +++ b/testsuite/upload.all/03_triplet.exp @@ -419,6 +419,41 @@ check_triplet "bogus: signed but package has no email addresses" setup { } # TODO: should be validate,package-no-email instead of unknown-package here +check_triplet "bogus: directive signature from the future" setup { + packages { + foo { + email { "foo@example.org" } + keys { { id 1000 name "foo " } } + maintainers { "foo " } + } + } +} upload { + foo.bin { + directive { + version 1.2 + directory foo + filename foo.bin + } dsig { good 05 1000 "3 days" } + file { test } fsig { good 06 1000 } + } +} check { + file-tree { + { incoming stage pub archive } empty {} + { in-stage } files { + foo.bin.directive.asc foo.bin.sig foo.bin + } + } log { + found,foo.bin.directive.asc "found directive in triplet" + found-triplet,foo.bin.directive.asc:foo.bin.sig:foo.bin \ + "found triplet" + validate,future-signature-timestamp \ + "reject upload from the future" + } email-to { + ftp-upload-script@gnu.org foo@example.gnu.org + ftp-upload-report@gnu.org foo@example.org foo@example.net + } +} + check_triplet "bogus: signed with wrong key" setup { packages { foo { -- 2.25.1