#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
#
from . import testutils
if __name__ == "__main__":
import pkg5unittest
import hashlib
import os
import shutil
import six
import tempfile
import unittest
# Tests in this suite use the read only data directory.
# Dummy package
foo1 = """
open foo@1,5.11-0
close """
# This test suite needs actual depots.
""" pkg bogus option checks """
"""pkg: add and remove a publisher"""
exit=1)
# Verify that a publisher can be added initially disabled.
# Now verify that partial success (3) or complete failure (1)
# is properly returned if an attempt to remove one or more
# publishers only results in some of them being removed:
# ...when one of two provided is unknown.
# ...when all provided are unknown.
# Now verify that success occurs when attempting to remove
# one or more publishers:
# ...when one is provided and not preferred.
# ...when two are provided and not preferred.
# Ensure that some package manifests are cached for the
# publisher.
# Now verify that success occurs when attempting to remove a
# publisher that has already had its private directory removed
"cache", "publisher", "test")
"cache", "publisher")))
"""verify uuid is set manually and automatically for a
publisher"""
"""pkg: more insidious option abuse for set-publisher"""
"set-publisher -O http://{0}1 test1 -O http://{1}2 test2".format(
exit=1)
exit=1)
# Set key for test1.
# This should fail since test2 doesn't have any SSL origins or
# mirrors.
exit=2)
# Listing publishers should succeed even if key file is gone.
# This test relies on using the same implementation used in
# image.py __store_publisher_ssl() which sets the paths to the
# This should fail since key has been removed even though test2
# has an https origin.
# Reset for next test.
# Set cert for test1.
# This should fail since test2 doesn't have any SSL origins or
# mirrors.
exit=2)
# Listing publishers should be possible if cert file is gone.
# This should fail since cert has been removed even though test2
# has an https origin.
# Reset for next test.
# Expect partial failure since cert file is gone for test1.
# Now verify that setting ssl_cert or ssl_key to "" works.
exit=2)
"signature-policy=ignore test1")
"test1")
exit=1)
exit=1)
"""Verify that we catch poorly formed auth prefixes and URL"""
exit=1)
exit=1)
# Verify single character in hostname is valid publisher
"a.example.com")
"""Verify graceful failure if certificates are unreadable by
unprivileged users."""
# Now change the first publisher to a https URL so that
# certificate failure cases can be tested.
# This test relies on using the same implementation used in
# image.py __store_publisher_ssl() which sets the paths to the
# Verify that an unreadable certificate results in a
# partial failure when displaying publisher information.
# partial failure when displaying publisher information.
"""Ensure tsv formatted output is correct."""
base_string = ("test\ttrue\tfalse\ttrue\torigin\tonline\t"
"{0}/\t-\n"
"test1\ttrue\tfalse\ttrue\torigin\tonline\t"
"https://{1}1/\t-\n"
"test2\ttrue\tfalse\ttrue\torigin\tonline\t"
# With headers
expected = "PUBLISHER\tSTICKY\tSYSPUB\tENABLED" \
"\tTYPE\tSTATUS\tURI\tPROXY\n" + base_string
# Without headers
"""Check that approving and revoking CA certs is reflected in
the output of pkg publisher and that setting the CA certs when
setting an existing publisher works correctly."""
"signing_certs", "produced", "chain_certs")
"--approve-ca-cert {0} "
"--approve-ca-cert {1} --revoke-ca-cert {2} "
"--revoke-ca-cert {3} test ".format(
r1 = " Approved CAs: {0}"
r2 = " : {0}"
r3 = " Revoked CAs: {0}"
if "Approved CAs" in ls[i]:
raise RuntimeError("Expected to see "
"{0} and {1} as approved certs. "
elif "Revoked CAs" in ls[i]:
raise RuntimeError("Expected to see "
"{0} and {1} as revoked certs. "
"""Test that properties set on publishers are correctly
displayed in the output of pkg publisher <publisher name>."""
exit=1)
"signature-policy=require-names --add-property-value "
"signature-required-names=n1 test")
"signature-required-names=n2 test")
"""Test that pkg(1) client does not traceback if no publisher
configured and we try to get preferred publisher"""
"""Tests that set-publisher can add and remove proxy values
per origin."""
# we can't proxy file repositories
"--proxy http://foo test".format(
# we can set the proxy for http repos
"--proxy http://foo test".format(
# remove the file-based repository and ensure we still
# have a proxied http-based publisher
# ensure we can't add duplicate proxied or unproxied
# repositories
"--proxy http://foo test".format(
# we should have 1 proxied occurrence of our http url
# when removing a proxied url, then adding the same url
# unproxied, the proxy configuration does get removed
exit=0)
"{url} test".format(
# when we add multiple urls, and they all get the same
# proxy value, leaving an existing non-proxied url
# as non-proxied.
"{add} http://c --proxy http://foo test".format(
"""Tests that set-publisher can use the repository name with
special characters."""
# "%" is a special character in SafeConfigParser, but needs
# to be supported anyway.
"prefix": "test1" } })
# "+" will be converted into "%2B" by URL quoting routines.
# "%" is a special character in SafeConfigParser, but we need
# to support it here.
"prefix": "test2" } })
# "%()" is the syntax of expansion language in SafeConfigParser
# but needs to be raw characters here.
"prefix": "test3" } })
"""Ensure that unused client certificate files are removed."""
# Set the first publisher to a https URL
# cert and key should exist
# Now change test1 to http URL to check whether
# certificate and key are removed
test1".format(self.bogus_url))
# cert and key should not exist.
# Now test if cert and key is still in use
# we should not remove them
# cert and key should exist
# Remove ssl for test1
foo".format(self.bogus_url))
# cert and key should still exist.
# Test unset-publisher
# cert and key should exist.
# cert and key should still exist.
# cert and key should not exist.
# Tests in this suite use the read only data directory.
foo1 = """
open foo@1,5.11-0
close """
bar1 = """
open bar@1,5.11-0
close """
baz1 = """
open baz@1,5.11-0
close """
origin_1 = """
open origin1@1,5.11-0
close """
origin_2 = """
open origin2@1,5.11-0
close """
test3_pub_cfg = {
"publisher": {
"alias": "t3",
"prefix": "test3",
},
"repository": {
"collection_type": "supplemental",
"description": "This repository serves packages for test3.",
"legal_uris": [
],
"name": "The Test3 Repository",
"refresh_seconds": 86400,
"registration_uri": "",
"related_uris": [
],
},
}
# This test suite needs actual depots.
"test3", "test1", "test1", "test3", "test4", "test5",
# Test single add; --no-refresh must be used here since the URI
# being added is for a non-existent repository.
if etype == "origin":
# Test single remove.
# URIs to remove not specified using options, so they are seen
# as publisher names -- only one publisher name may be
# specified at a time.
# publisher name specified to remove as URI.
# URI already removed or never existed.
# Test a combined add and remove.
remove_opt, durl4))
if etype == "origin":
# Verify that if one of multiple URLs is not a valid URL, pkg
# will exit with an error, and does not add the valid one.
# Verify that multiple can be added at one time.
# Verify that multiple can be removed at one time.
remove_opt, durl5))
"""Private helper method to verify publisher configuration."""
# pretend like the Image object is being allocated from
# a pkg command run from within the target image.
if section == "publisher":
else:
"related_uris"):
# The publisher will have these as lists,
# so transform both sets of data first
# for reliable comparison. Remove any
# trailing slashes so comparison can
# succeed.
if not val:
else:
new_pub_val = set()
for u in pub_val:
"""Private helper method to update a repository's publisher
configuration based on the provided dictionary structure."""
props = ""
continue
else:
"""Verify that set-publisher -p works as expected."""
# Should fail because test3 publisher does not exist.
# Should fail because repository is for test3 not test2.
# Verify that a publisher can be configured even if the
# the repository's publisher configuration does not
# include origin information. In this case, the client
# will assume that the provided repository URI for
# auto-configuration is also the origin to use for
# all configured publishers.
t3cfg = {
"publisher": {
"prefix": "test3",
},
"repository": {
"origins": [durl3],
},
}
# Load image configuration to verify publisher was configured
# as expected.
# Update configuration of just this depot with more information
# for comparison basis.
# Origin and mirror info wasn't known until this point, so add
# it to the test configuration.
# Should succeed and configure test3 publisher.
# Load image configuration to verify publisher was configured
# as expected.
# Now test the update case. This verifies that the existing,
# configured origins and mirrors will not be lost (only added
# to) and that new data will be accepted.
t6cfg = {}
if prop == "refresh_seconds":
val = 1800
elif prop == "collection_type":
val = "core"
# Clear all other props.
val = ""
# Load image configuration to verify publisher was configured
# as expected.
# Test multi-publisher add case.
# Determine publisher order from output and then verify it
# matches expected.
def get_pubs():
pubs = []
return pubs
# Since -P was used, new publishers should be set first in
# search order alphabetically.
# Now change search order and verify that using -P and -p again
# won't change it since publishers already exist.
# Check that --proxy arguments are set on all auto-configured
# publishers. We use $no_proxy='*' in the environment so that
# we can persist a dummy --proxy value to the image
# configuration, yet still reach the test depot to obtain the
# publisher/ response.
# Verify that only test2 and test3 have proxies set, since
# test1 already existed, it should not use a proxy. The proxy
# column is the last one printed on each line.
l.split()[-1])
else:
"""Test set-publisher functionality for mirrors and origins."""
# Verify that https origins can be mixed with other types
# of origins.
"test1")
# Verify that a cert and key can be set even when non-https
# origins are present.
# This test relies on using the same implementation used in
# image.py __store_publisher_ssl() which sets the paths to the
# Verify that removing all SSL origins does not leave key
# and cert information intact.
# Verify that https mirrors can be mixed with other types of
# origins.
"test1")
# Verify that removing all SSL mirrors does not leave key
# and cert information intact.
# Test short options for mirrors.
# Test long options for mirrors.
"--remove-mirror")
# Test short options for origins.
# Test long options for origins.
"--remove-origin")
# Verify that if multiple origins are present that -O will
# discard all others.
# Verify that if a publisher is set to use a file repository
# that removing that repository will not prevent the pkg(1)
# command from operating or the set-publisher commands
# from working.
"prefix": "test1" } })
# Now verify that publishers using origins or mirrors that have
# IPv6 addresses can be added and removed.
"-m http://[::FFFF:129.144.52.38]:80 "
"-m http://[2010:836B:4179::836B:4179] "
"-g http://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]:80 "
"--no-refresh testipv6")
"grep 'http://\[::FFFF:129.144.52.38\]:80/'")
"-M http://[::FFFF:129.144.52.38]:80 "
"-M http://[2010:836B:4179::836B:4179] "
"-G http://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]:80 "
"-g http://[::192.9.5.5]/dev "
"--no-refresh testipv6")
"""Test enable and disable."""
"""Test enable and disable origins."""
# Test invalid usages.
# Test adding an enabled unknown origin.
# Test adding a disabled origin. Since we do not try to
# contact the repo, it should succeed.
"http://unknown"))
# Try to enable it will fail.
# Test adding an enabled origin.
# List and info will succeed.
# Install will succeed.
# Disable that origin.
# Enable it again.
# Disable the entire publisher.
# The status of the origin should still be enabled.
# Test adding a disabled origin.
# Install will fail.
# Remove the origin but do not remove the publisher.
# Then add the origin back and disable it.
# Install will fail.
# Test wildcard.
# Install will fail.
# Test two origins case for one publisher.
# Disable one of origins for test4.
# (disabled) indicating publisher level disable should not be
# in the output.
# Test installing package from a disabled origin should fail.
# Even after refresh, contents for disabled origin should still
# remain unavailable.
# Test installing package from the other enabled origin should
# succeed.
# Disable the other origin.
# Install origin2 will fail.
# List and info will also fail.
# Enable both origins.
# Installing package from an enabled unreachable origin will
# still fail.
# Disable both origins.
# Even after refresh, contents for disabled origin should still
# remain unavailable.
# Test -g, -G and --disable.
+ " --disable test4")
# Removing an non-existing origin fails the operation.
# Remove all origins and add a new one.
+ " --disable test4")
# Removing an unknown origin for a publisher not set yet will
# fail.
# Add a new publisher with a disabled origin, plus removing any
# possible origins (actually no origin exists).
+ "test5")
"""Test moving search order around"""
# The expected publisher order is test1, test2, test3, with all
# publishers enabled and sticky.
# make test2 disabled, make sure order is preserved
# make test3 preferred
# move test3 after test1
# move test2 before test3
# make sure we cannot get ahead or behind of ourselves
# make sure that setting search order while adding a publisher
# works
"""Test that get_highest_rank_publisher works when there are
installed packages but no configured publishers."""
# set publishers to expected configuration
"""Test that having a unset publisher with packages installed
doesn't break adding a publisher with the -P option."""
# Test what happens when another publisher is configured.
# Test what happens when no publishers are configured
# set publishers to expected configuration
foo1 = """
open foo@1,5.11-0
close """
bar1 = """
open bar@1,5.11-0
close """
baz1 = """
open pkg://another-pub/baz@1,5.11-0
close """
# This test suite needs actual depots.
"""Test that using search before and -p on a multipublisher
repository works."""
"""Verify that providing multiple repositories using
-p option fails"""
# Tests in this suite use the read only data directory.
# This test suite needs actual depots.
"""Check that approving and revoking CA certs is reflected in
the output of pkg publisher and that setting the CA certs when
setting a new publisher works correctly."""
"signing_certs", "produced", "chain_certs")
"--approve-ca-cert {1} "
"--approve-ca-cert {2} --revoke-ca-cert {3} "
r1 = " Approved CAs: {0}"
r2 = " : {0}"
r3 = " Revoked CAs: {0}"
if "Approved CAs" in ls[i]:
raise RuntimeError("Expected to see "
"{0} and {1} as approved certs. "
elif "Revoked CAs" in ls[i]:
raise RuntimeError("Expected to see "
"{0} and {1} as revoked certs. "
"""Check that approving and revoking CA certs is reflected in
the output of pkg publisher and that setting the CA certs when
setting a new publisher works correctly."""
"signing_certs", "produced", "chain_certs")
"--approve-ca-cert {1} "
"--approve-ca-cert {2} --revoke-ca-cert {3} "
r1 = " Approved CAs: {0}"
r2 = " : {0}"
r3 = " Revoked CAs: {0}"
if "Approved CAs" in ls[i]:
raise RuntimeError("Expected to see "
"{0} and {1} as approved certs. "
elif "Revoked CAs" in ls[i]:
raise RuntimeError("Expected to see "
"{0} and {1} as revoked certs. "
if __name__ == "__main__":