#651 protonmsg: don't send rpm.sign messages when the sigkey is empty
Merged 4 years ago by mikem. Opened 4 years ago by mikeb.

@@ -196,6 +196,8 @@ 

  @convert_datetime

  @callback('postRPMSign')

  def prep_rpm_sign(cbtype, *args, **kws):

+     if not kws['sigkey']:

+         return

      address = 'sign.rpm'

      props = {'type': cbtype[4:],

               'sigkey': kws['sigkey'],

@@ -123,6 +123,18 @@ 

                         rpm_version=rpm['version'], rpm_release=rpm['release'],

                         **build)

  

+     def test_prep_rpm_sign_no_sigkey(self):

+         build = {'name': 'test-pkg',

+                  'version': '1.0',

+                  'release': '1'}

+         rpm = {'name': 'test-pkg-subpkg',

+                'version': '2.0',

+                'release': '2'}

+         sigkey = ''

+         protonmsg.prep_rpm_sign('postRPMSign', sigkey=sigkey, sighash='fedcba9876543210',

+                                 build=build, rpm=rpm)

+         self.assertFalse(hasattr(context, 'protonmsg_msgs'))

+ 

      def test_prep_tag(self):

          build = {'name': 'test-pkg', 'version': '1.0', 'release': '1'}

          protonmsg.prep_tag('postTag', tag={'name': 'test-tag'},

When a build completes, we store the original, unsigned rpm headers
to disk. This results in the postRPMSign callback being called, and
a rpm.sign message being sent with an empty sigkey. The intended
sematics of the rpm.sign message is to notify a service when an rpm
has been signed. Therefore, we should not be sending a message when
the sigkey is empty.

Commit aa7a507 fixes this pull-request

Pull-Request has been merged by mikem@redhat.com

4 years ago