20
20
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21
21
# Licensed under the GNU General Public License Version 2
23
__author__ = "Michael Vogt <michael.vogt@ubuntu.com>"
23
__author__ = "Michael Vogt <michael.vogt@ubuntu.com>"
31
31
from gi.repository import GLib
36
35
import aptdaemon.client
37
import aptdaemon.policykit1
36
from aptdaemon.policykit1 import (
37
PK_ACTION_INSTALL_PACKAGES_FROM_HIGH_TRUST_REPO as PK_ACTION)
38
38
import aptdaemon.test
40
40
from aptdaemon.worker import (
41
41
_read_high_trust_repository_whitelist_file,
42
42
read_high_trust_repository_dir,
43
43
trans_only_installs_pkgs_from_high_trust_repos,
46
45
from aptdaemon.core import Transaction
47
46
from aptdaemon import enums
64
63
class HighTrustRepositoryTestCase(BaseHighTrustTestCase):
65
65
""" Test the worker low-level bits of the high-trust repo implementation"""
69
68
super(HighTrustRepositoryTestCase, self).setUp()
70
69
self.queue = aptdaemon.test.MockQueue()
71
70
self.worker = AptWorker(chroot=self.chroot.path, load_plugins=False)
72
self.worker.connect("transaction-done", lambda w,t: self.loop.quit())
71
self.worker.connect("transaction-done", lambda w, t: self.loop.quit())
73
72
self.worker.connect("transaction-simulated",
74
lambda w,t: self.loop.quit())
73
lambda w, t: self.loop.quit())
76
75
def test_read_high_trust_repository_whitelist_dir(self):
77
76
whitelist = read_high_trust_repository_dir(
78
77
os.path.join(aptdaemon.test.get_tests_dir(),
79
78
"data/high-trust-repository-whitelist.d"))
82
("Ubuntu", "main", "foo.*"),
83
("Debian-Security", "non-free", "^bar$"),
80
whitelist, set([("Ubuntu", "main", "foo.*"),
81
("Debian-Security", "non-free", "^bar$")]))
86
83
def test_read_high_trust_repository_whitelist(self):
87
84
whitelist = _read_high_trust_repository_whitelist_file(
88
85
os.path.join(aptdaemon.test.get_tests_dir(),
89
86
"data/high-trust-repository-whitelist.cfg"))
92
("Ubuntu", "main", "foo.*"),
93
("Debian-Security", "non-free", "^bar$"),
88
whitelist, set([("Ubuntu", "main", "foo.*"),
89
("Debian-Security", "non-free", "^bar$")]))
96
91
@patch("aptdaemon.worker.log")
97
92
def test_read_high_trust_repository_whitelist_broken(self, mock_log):
102
97
self.assertEqual(whitelist, set())
103
98
# ensure we log a error if the config file is broken
104
99
mock_log.error.assert_called()
106
101
@patch("aptdaemon.worker.log")
107
102
def test_read_high_trust_repository_whitelist_not_there(self, mock_log):
108
103
whitelist = _read_high_trust_repository_whitelist_file(
122
117
trans = Transaction(None, enums.ROLE_INSTALL_PACKAGES, self.queue,
123
118
os.getpid(), os.getuid(), sys.argv[0],
124
119
"org.debian.apt.test", connect=False,
125
packages=[["silly-base", "other-pkg"],[],[],[],[], []])
120
packages=[["silly-base", "other-pkg"], [], [], [],
126
122
self.worker.simulate(trans)
128
124
self.assertEqual(trans.high_trust_packages, ["silly-base"])
133
129
trans = Transaction(None, enums.ROLE_INSTALL_PACKAGES, self.queue,
134
130
os.getpid(), os.getuid(), sys.argv[0],
135
131
"org.debian.apt.test", connect=False,
136
packages=[["silly-base"],[],[],[],[], []])
132
packages=[["silly-base"], [], [], [], [], []])
137
133
self.worker.simulate(trans)
153
149
self.chroot.add_repository(os.path.join(aptdaemon.test.get_tests_dir(),
154
150
"repo/whitelisted"))
155
151
whitelist_file = os.path.join(
156
self.chroot.path, "etc", "aptdaemon",
152
self.chroot.path, "etc", "aptdaemon",
157
153
"high-trust-repository-whitelist.d", "test.cfg")
158
154
os.makedirs(os.path.dirname(whitelist_file))
165
161
pkgnames = silly.*
167
163
# *after* that start the aptdaemon
168
164
self.start_session_aptd(self.chroot.path)
170
166
# start policykit and *only* allow from-whitelisted repo pk action
171
self.start_fake_polkitd(
172
aptdaemon.policykit1.PK_ACTION_INSTALL_PACKAGES_FROM_HIGH_TRUST_REPO)
167
self.start_fake_polkitd(PK_ACTION)
175
170
def test_high_trust_polkit_ok(self):
177
172
# test that the high trust whitelist works
178
173
trans = self.client.install_packages(["silly-base"])
180
trans.connect("finished", lambda a,b: self.loop.quit())
175
trans.connect("finished", lambda a, b: self.loop.quit())
183
178
self.assertEqual(trans.exit, aptdaemon.enums.EXIT_SUCCESS)
191
186
# ensure that non-whitelisted packages can not be installed
192
187
trans = self.client.install_packages(["other-pkg"])
194
trans.connect("finished", lambda a,b: self.loop.quit())
189
trans.connect("finished", lambda a, b: self.loop.quit())
195
190
with self.assertRaises(aptdaemon.errors.NotAuthorizedError):
199
194
if __name__ == "__main__":