feat(testing): add integration test against gpg-wks-client
This commit is contained in:
s3lph
parent
f4ea60c057
commit
b396a2c01c
3 changed files with 87 additions and 21 deletions
|
|
@ -3,6 +3,7 @@ image: python:3.9-bullseye
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
- test
|
- test
|
||||||
|
- integration
|
||||||
- build
|
- build
|
||||||
- deploy
|
- deploy
|
||||||
- upload
|
- upload
|
||||||
|
|
@ -20,8 +21,9 @@ test:
|
||||||
script:
|
script:
|
||||||
- pip3 install -e .
|
- pip3 install -e .
|
||||||
- python3 -m coverage run --rcfile=setup.cfg -m unittest discover easywks
|
- python3 -m coverage run --rcfile=setup.cfg -m unittest discover easywks
|
||||||
- python3 -m coverage combine
|
artifacts:
|
||||||
- python3 -m coverage report --rcfile=setup.cfg
|
paths:
|
||||||
|
- ".coverage*"
|
||||||
|
|
||||||
codestyle:
|
codestyle:
|
||||||
stage: test
|
stage: test
|
||||||
|
|
@ -29,23 +31,60 @@ codestyle:
|
||||||
- pip3 install -e .
|
- pip3 install -e .
|
||||||
- pycodestyle easywks
|
- pycodestyle easywks
|
||||||
|
|
||||||
|
easywksserver_gpgwksclient:
|
||||||
|
stage: integration
|
||||||
|
script:
|
||||||
|
- echo "openpgpkey" > /etc/hostname
|
||||||
|
- echo "127.0.0.1 openpgpkey.example.org openpgpkey example.org" > /etc/hosts
|
||||||
|
- pip3 install -e .
|
||||||
|
- apt update; apt install --yes gnupg2 socat ca-certificates
|
||||||
|
- openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/key.pem -out /etc/ssl/cert.pem -sha256 -days 365 -nodes -subj '/CN=openpgpkey.example.org'
|
||||||
|
- cp /etc/ssl/cert.pem /usr/local/share/ca-certificates/local.crt
|
||||||
|
- update-ca-certificates
|
||||||
|
- mkdir -p /tmp/easywks
|
||||||
|
- |
|
||||||
|
cat > /tmp/easywks.yml <<EOF
|
||||||
|
directory: /tmp/easywks
|
||||||
|
permit_unsigned_response: true # required for gpg-wks-client compat
|
||||||
|
httpd:
|
||||||
|
host: 127.0.0.1
|
||||||
|
port: 8080
|
||||||
|
mailing_method: stdout
|
||||||
|
domains:
|
||||||
|
example.org:
|
||||||
|
submission_address: gpgwks@example.org
|
||||||
|
EOF
|
||||||
|
- easywks --config /tmp/easywks.yml init
|
||||||
|
- easywks --config /tmp/easywks.yml webserver &
|
||||||
|
- socat OPENSSL-LISTEN:443,fork,reuseaddr,verify=0,cert=/etc/ssl/cert.pem,key=/etc/ssl/key.pem TCP:127.0.0.1:8080 &
|
||||||
|
- sleep 3
|
||||||
|
- install -m 0700 -d /tmp/gpg /tmp/cleangpg
|
||||||
|
- export GNUPGHOME=/tmp/gpg
|
||||||
|
- test/genkey.sh alice@example.org
|
||||||
|
- >-
|
||||||
|
export FINGERPRINT="$(gpg --with-colons --fingerprint alice@example.org | grep -A1 ^pub | grep ^fpr | cut -d: -f10)"
|
||||||
|
- /usr/lib/gnupg/gpg-wks-client --supported alice@example.org
|
||||||
|
- /usr/lib/gnupg/gpg-wks-client --check gpgwks@example.org
|
||||||
|
- PUBREQ="$(/usr/lib/gnupg/gpg-wks-client --create "${FINGERPRINT}" alice@example.org)"
|
||||||
|
- CONFREQ="$(echo "${PUBREQ}" | easywks --config /tmp/easywks.yml process)"
|
||||||
|
- CONFRESP="$(echo "${CONFREQ}" | /usr/lib/gnupg/gpg-wks-client --receive --verbose)"
|
||||||
|
- PUBRESP="$(echo "${CONFRESP}" | easywks --config /tmp/easywks.yml process)"
|
||||||
|
- echo "${PUBRESP}" | gpg --batch --decrypt
|
||||||
|
- /usr/lib/gnupg/gpg-wks-client --check alice@example.org
|
||||||
|
- export GNUPGHOME=/tmp/gpg
|
||||||
|
- gpg --auto-key-locate=clear,wkd,nodefault --locate-keys alice@example.org
|
||||||
|
- kill %2
|
||||||
|
- kill %1
|
||||||
|
|
||||||
|
|
||||||
# currently not working for some reason
|
coverage:
|
||||||
#build_docker:
|
stage: integration
|
||||||
# stage: build
|
coverage: >-
|
||||||
# script:
|
/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/
|
||||||
# - apt update && apt install --yes docker.io
|
script:
|
||||||
# - docker build -t "registry.gitlab.com/s3lph/easywks:$CI_COMMIT_SHA" -f package/docker/Dockerfile .
|
- python3 -m coverage combine
|
||||||
# - docker tag "registry.gitlab.com/s3lph/easywks:$CI_COMMIT_SHA" "registry.gitlab.com/s3lph/easywks:$CI_COMMIT_REF_NAME"
|
- python3 -m coverage report --rcfile=setup.cfg
|
||||||
# - if [[ -n "$CI_COMMIT_TAG" ]]; then docker tag "registry.gitlab.com/s3lph/easywks:$CI_COMMIT_SHA" "registry.gitlab.com/s3lph/easywks:$CI_COMMIT_TAG"; fi
|
|
||||||
# - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD registry.gitlab.com
|
|
||||||
# - docker push "registry.gitlab.com/s3lph/easywks:$CI_COMMIT_SHA"
|
|
||||||
# - docker push "registry.gitlab.com/s3lph/easywks:$CI_COMMIT_REF_NAME"
|
|
||||||
# - if [[ -n "$CI_COMMIT_TAG" ]]; then docker push "registry.gitlab.com/s3lph/easywks:$CI_COMMIT_TAG"; fi
|
|
||||||
# only:
|
|
||||||
# - staging
|
|
||||||
# - tags
|
|
||||||
|
|
||||||
build_wheel:
|
build_wheel:
|
||||||
stage: build
|
stage: build
|
||||||
|
|
|
||||||
|
|
@ -89,11 +89,14 @@ class ConfirmationRequest:
|
||||||
encrypted = self._key.encrypt(to_encrypt)
|
encrypted = self._key.encrypt(to_encrypt)
|
||||||
mpenc = MIMEApplication(str(encrypted), _subtype='vnd.gnupg.wks')
|
mpenc = MIMEApplication(str(encrypted), _subtype='vnd.gnupg.wks')
|
||||||
mixed = MIMEMultipart(_subtype='mixed', _subparts=[mpplain, mpenc])
|
mixed = MIMEMultipart(_subtype='mixed', _subparts=[mpplain, mpenc])
|
||||||
to_sign = PGPMessage.new(mixed.as_string(policy=default))
|
to_sign = PGPMessage.new(mixed.as_string(policy=default).replace('\n', '\r\n'))
|
||||||
sig = pgp_sign(self.domain, to_sign)
|
sig = pgp_sign(self.domain, to_sign)
|
||||||
mpsig = MIMEApplication(str(sig), _subtype='pgp-signature')
|
mpsig = MIMEApplication(str(sig), _subtype='pgp-signature', name='signature.asc', _encoder=encode_noop)
|
||||||
email = MIMEMultipart(_subtype='signed', _subparts=[mixed, mpsig], policy=default,
|
mpsig['Content-Description'] = 'OpenPGP digital signature'
|
||||||
|
mpsig['Content-Disposition'] = 'attachment; filename="signature"'
|
||||||
|
email = MIMEMultipart(_subtype=f'signed', _subparts=[mixed, mpsig], policy=default,
|
||||||
protocol='application/pgp-signature')
|
protocol='application/pgp-signature')
|
||||||
|
email.set_param('micalg', f'pgp-{str(sig.hash_algorithm).split(".",1)[1].lower()}', requote=False)
|
||||||
email['Subject'] = 'Confirm your key publication'
|
email['Subject'] = 'Confirm your key publication'
|
||||||
email['To'] = self._submitter_addr
|
email['To'] = self._submitter_addr
|
||||||
email['From'] = self._submission_addr
|
email['From'] = self._submission_addr
|
||||||
|
|
@ -184,8 +187,8 @@ class PublishResponse:
|
||||||
submission=self.submission_address)
|
submission=self.submission_address)
|
||||||
mpplain = MIMEText(mail_text, _subtype='plain')
|
mpplain = MIMEText(mail_text, _subtype='plain')
|
||||||
to_encrypt = PGPMessage.new(mpplain.as_string(policy=default))
|
to_encrypt = PGPMessage.new(mpplain.as_string(policy=default))
|
||||||
|
to_encrypt |= pgp_sign(self.domain, to_encrypt)
|
||||||
encrypted: PGPMessage = self.key.encrypt(to_encrypt)
|
encrypted: PGPMessage = self.key.encrypt(to_encrypt)
|
||||||
encrypted |= pgp_sign(self.domain, encrypted)
|
|
||||||
payload = MIMEApplication(str(encrypted), _subtype='octet-stream', _encoder=encode_noop)
|
payload = MIMEApplication(str(encrypted), _subtype='octet-stream', _encoder=encode_noop)
|
||||||
mpenc = MIMEApplication('Version: 1\r\n', _subtype='pgp-encrypted', _encoder=encode_noop)
|
mpenc = MIMEApplication('Version: 1\r\n', _subtype='pgp-encrypted', _encoder=encode_noop)
|
||||||
email = MIMEMultipart(_subtype='encrypted', _subparts=[mpenc, payload], policy=default,
|
email = MIMEMultipart(_subtype='encrypted', _subparts=[mpenc, payload], policy=default,
|
||||||
|
|
|
||||||
24
test/genkey.sh
Executable file
24
test/genkey.sh
Executable file
|
|
@ -0,0 +1,24 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
cat >/tmp/keygen <<EOF
|
||||||
|
%no-protection
|
||||||
|
%no-ask-passphrase
|
||||||
|
%transient-key
|
||||||
|
Key-Type: EDDSA
|
||||||
|
Key-Curve: ed25519
|
||||||
|
Subkey-Type: ECDH
|
||||||
|
Subkey-Curve: cv25519
|
||||||
|
Expire-Date: 0
|
||||||
|
Name-Real: EasyWKS Test User
|
||||||
|
Name-Comment: TEST KEY DO NOT USE
|
||||||
|
Name-Email: ${1}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
gpg --batch --full-gen-key /tmp/keygen
|
||||||
|
for uid in $@; do
|
||||||
|
gpg --batch --quick-add-uid "${1}" "EasyWKS Test User (TEST KEY DO NOT USE) <${uid}>"
|
||||||
|
done
|
||||||
|
gpg --export --armor "${1}" > "/tmp/${1}.asc"
|
||||||
|
for uid in $@; do
|
||||||
|
gpg --export --armor "${uid}" > "/tmp/${uid}.asc"
|
||||||
|
done
|
||||||
Loading…
Reference in a new issue