zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-01 20:47:52 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/javatests/google/registry/testing/GpgSystemCommandRule.java
jianglai 6bd0fc58de Fix some GPG related test issues 
We were running FOSS tests on an old version of Ubuntu (14.04) which comes with a rather old gpg version 1.4.16 compared to the current version 2.1.22 (https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000411.html). As a result some default settings have changed between these versions, leading to test failures when tests are run on newer platforms. In this CL several of the settings are made explicit, no longer depending on default values, which makes them work on either platform.

1. "--no-mdc-error" is set. We do not have mdc integrity protection for the test keys, which results in a non-zero return value for newer versions of GPG. Setting this flag makes return value zero again.

2. "--keyid-format" long is set. GPG key IDs are the last 16 (long key id) or 8 (short key id) octets of the key fingerprint (https://security.stackexchange.com/questions/84280/short-openpgp-key-ids-are-insecure-how-to-configure-gnupg-to-use-long-key-ids-i). Older version uses the short id as default, whereas newer versions defaults to long id. Also change the expected key ID to 16 bytes accordingly.

3. Output stderr in GpgSystemCommandRule when failure occurs during key import. This help debug key import failure due to too long gpg root path. Note: this failure itself is not fixed and still would occur on newer Debian or macOS systems.

4. Set gpg root folder permission correctly to 700, otherwise the newer version gpg will return non-zero value. Previously used method set it to 755.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=178163297
2017-12-13 12:43:45 -05:00

126 lines
4.3 KiB
Java
Raw Blame History

// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.testing;
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
import static com.google.common.base.Preconditions.checkState;
import static com.google.common.truth.Truth.assertWithMessage;
import static java.nio.charset.StandardCharsets.UTF_8;
import com.google.common.io.ByteSource;
import com.google.common.io.CharStreams;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.Objects;
import org.junit.rules.ExternalResource;
/**
* GnuPG system command JUnit rule.
*
* <p>This rule creates a isolated environment for running the {@code gpg} command inside system
* integration tests. It reduces a lot of the boilerplate of setting up the shell environment and
* importing your keyrings into a temporary config folder.
*
* @see ExternalResource
*/
public final class GpgSystemCommandRule extends ExternalResource {
private static final File DEV_NULL = new File("/dev/null");
private static final String TEMP_FILE_PREFIX = "gpgtest";
private File cwd = DEV_NULL;
private File conf = DEV_NULL;
private String[] env = {};
private final ByteSource publicKeyring;
private final ByteSource privateKeyring;
private final Runtime runtime = Runtime.getRuntime();
/** Constructs a new {@link GpgSystemCommandRule} instance. */
public GpgSystemCommandRule(ByteSource publicKeyring, ByteSource privateKeyring) {
this.publicKeyring = checkNotNull(publicKeyring, "publicKeyring");
this.privateKeyring = checkNotNull(privateKeyring, "privateKeyring");
}
/** Returns the temporary directory from which commands are run. */
public File getCwd() {
checkState(!Objects.equals(cwd, DEV_NULL));
return cwd;
}
/** Returns the temporary directory in which GnuPG configs are stored. */
public File getConf() {
checkState(!Objects.equals(conf, DEV_NULL));
return conf;
}
/**
* Runs specified system command and arguments within the GPG testing environment.
*
* @see Runtime#exec(String[])
*/
public final Process exec(String... args) throws IOException {
checkState(!Objects.equals(cwd, DEV_NULL));
checkArgument(args.length > 0, "args");
return runtime.exec(args, env, cwd);
}
@Override
protected void before() throws IOException, InterruptedException {
checkState(Objects.equals(cwd, DEV_NULL));
cwd = File.createTempFile(TEMP_FILE_PREFIX, "", null);
cwd.delete();
cwd.mkdir();
conf = new File(cwd, ".gnupg");
conf.mkdir();
Files.setPosixFilePermissions(conf.toPath(), PosixFilePermissions.fromString("rwx------"));
env =
new String[] {
"PATH=" + System.getenv("PATH"), "GNUPGHOME=" + conf.getAbsolutePath(),
};
Process pid = exec("gpg", "--import");
publicKeyring.copyTo(pid.getOutputStream());
pid.getOutputStream().close();
int returnValue = pid.waitFor();
assertWithMessage(
String.format("Failed to import public keyring: \n%s", slurp(pid.getErrorStream())))
.that(returnValue)
.isEqualTo(0);
pid = exec("gpg", "--allow-secret-key-import", "--import");
privateKeyring.copyTo(pid.getOutputStream());
pid.getOutputStream().close();
returnValue = pid.waitFor();
assertWithMessage(
String.format("Failed to import private keyring: \n%s", slurp(pid.getErrorStream())))
.that(returnValue)
.isEqualTo(0);
}
@Override
protected void after() {
cwd = DEV_NULL;
conf = DEV_NULL;
}
private String slurp(InputStream is) throws IOException {
return CharStreams.toString(new InputStreamReader(is, UTF_8));
}
}
Reference in a new issue View git blame Copy permalink