From a12d345deb1bf0e7e17477959ced0484d50cd7b0 Mon Sep 17 00:00:00 2001 From: Oliver Smith Date: Tue, 30 May 2017 20:47:19 +0200 Subject: [PATCH] Fix #6: Make testcases run with Python 3.4 (Debian Jessie) For some reason, it was not possible to create the .tar.gz archives with Python 3.4, that are used to simulate broken or malicious apk downloads. I've rewritten the testcase, so it creates the .tar.gz files inside the native Alpine Linux chroot. --- test/test_apk_static.py | 41 +++++++++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 10 deletions(-) diff --git a/test/test_apk_static.py b/test/test_apk_static.py index 4334e154..22215e7d 100644 --- a/test/test_apk_static.py +++ b/test/test_apk_static.py @@ -39,29 +39,50 @@ def args(request): return args -def test_read_signature_info(tmpdir): - with tarfile.open(tmpdir + "/test.apk", "w:gz") as tar: - # No signature found +def test_read_signature_info(args): + # Tempfolder inside chroot for fake apk files + tmp_path = "/tmp/test_read_signature_info" + tmp_path_chroot = args.work + "/chroot_native" + tmp_path + if os.path.exists(tmp_path_chroot): + pmb.chroot.root(args, ["rm", "-r", tmp_path]) + pmb.chroot.user(args, ["mkdir", "-p", tmp_path]) + + # No signature found + pmb.chroot.user(args, ["tar", "-czf", tmp_path + "/no_sig.apk", + "/etc/issue"]) + with tarfile.open(tmp_path_chroot + "/no_sig.apk", "r:gz") as tar: with pytest.raises(RuntimeError) as e: pmb.chroot.apk_static.read_signature_info(tar) assert "Could not find signature" in str(e.value) - # Add signature file with invalid name - tar.add(__file__, "sbin/apk.static.SIGN.RSA.invalid.pub") + # Signature file with invalid name + pmb.chroot.user(args, ["mkdir", "-p", tmp_path + "/sbin"]) + pmb.chroot.user(args, ["cp", "/etc/issue", tmp_path + + "/sbin/apk.static.SIGN.RSA.invalid.pub"]) + pmb.chroot.user(args, ["tar", "-czf", tmp_path + "/invalid_sig.apk", + "sbin/apk.static.SIGN.RSA.invalid.pub"], + working_dir=tmp_path) + with tarfile.open(tmp_path_chroot + "/invalid_sig.apk", "r:gz") as tar: with pytest.raises(RuntimeError) as e: pmb.chroot.apk_static.read_signature_info(tar) assert "Invalid signature key" in str(e.value) - # Add signature file with realistic name + # Signature file with realistic name path = glob.glob(pmb_src + "/keys/*.pub")[0] name = os.path.basename(path) path_archive = "sbin/apk.static.SIGN.RSA." + name - with tarfile.open(tmpdir + "/test2.apk", "w:gz") as tar: - tar.add(__file__, path_archive) + pmb.chroot.user(args, ["mv", tmp_path + "/sbin/apk.static.SIGN.RSA.invalid.pub", + tmp_path + "/" + path_archive]) + pmb.chroot.user(args, ["tar", "-czf", tmp_path + "/realistic_name_sig.apk", + path_archive], working_dir=tmp_path) + with tarfile.open(tmp_path_chroot + "/realistic_name_sig.apk", "r:gz") as tar: sigfilename, sigkey_path = pmb.chroot.apk_static.read_signature_info( tar) - assert sigfilename == path_archive - assert sigkey_path == path + assert sigfilename == path_archive + assert sigkey_path == path + + # Clean up + pmb.chroot.user(args, ["rm", "-r", tmp_path]) def test_successful_extraction(args, tmpdir):