Clean up and expand tests #115
Conversation
dralley
force-pushed
the
update-tests
branch
5 times, most recently
from
95a745a to
2fbfb1a
Compare
| @@ -0,0 +1,77 @@ | |||
| Name: rpm-feature-coverage | |||
There was a problem hiding this comment.
@DemiMarie I would like to build some nice test RPMs to use (which you are also welcome to use), do you have any recommendations of other things to exercise? e.g.
- symlinks
- patches
- scriptlets
- triggers
Or overall feedback, or if you know of a good set of existing ones that won't cause licensing issues.
There was a problem hiding this comment.
Some of the things that should be rejected during parsing:
INT32_MINtrailer offset- Dribbles in the main header
- Immutable region is not self-consistent
- Wrong amount of padding (too large or too small)
- Misaligned header tag data entry
- Header tag data entry with count 0
- Header tag data entry count too large
- Tag appears in both signature and main headers
- Too many header tag data entries
- Header too large
- Tag that should only be in the signature header is found in the main header (this was an exploit in the past)
- Header-only signature but neither a header+payload signature nor a payload digest (another exploit)
- Invalid tag (such as the one used by RPM internally for public keys) in the signature or main header
- Tag data entry of wrong type
Some things that I reject but librpm does not:
- Dribbles in the signature header.
- Header tags not sorted
- Padding not zeroed
- i18nstring tag has a length more than the i18ntable
- Weak hash algorithms
- Invalid UTF-8 in a string tag
- Suspicious OpenPGP signature
- Non-ASCII string in the signature header
Things that rpm-oxide should reject:
- Inconsistent fsverity or IMA signatures (invalid base64, largest one too big, etc)
A simple way to implement this would be to use rpm-oxide for parsing; its API should be able to handle all of this.
There was a problem hiding this comment.
I was thinking more about the happy path at the moment. Basically - assuming the file is well constructed, how should I exercise as much surface area as possible in terms of parsing and then querying information about the package.
It will make sense to test invalid packages too but it's not my immediate focus.
There was a problem hiding this comment.
That makes sense. rpm-oxide was initially written to make sure that invalid packages cannot exploit a potentially-vulnerable version of RPM, so rejecting invalid packages was the single highest priority. As a result, it follows the “when in doubt, error out” approach, with large-scale testing on entire repositories used to ensure that it really does accept valid packages. On the other hand, rpm-oxide does not implement package building or installation, as that is simply out of scope for it. From my perspective, it would make sense for rpm-rs to use rpm-oxide for parsing and cryptographic tasks, while implementing a higher-level API itself. rpm-oxide does require librpm for cryptography but I am happy to make that configurable via a trait.
As far as package installation is concerned, I suspect the three trickiest parts are likely to be Lua scriptlets, chroot, and dependency solving, but I have never implemented this code myself so I have no idea. You would be better off asking the rpm-ostree developers, as they have (or in the case of Lua scriptlets, need to) implement this. This would also be a very good opportunity for cooperation.
There was a problem hiding this comment.
Well rpm-rs doesn't (and might not ever) handle package installation, because that would involve working with the system rpmdb, which is a lot more scope given that details may differ between operating systems and across long timeframes. I think it actually makes a lot of sense to just use bindings to librpm in that case.
Anyway, to the original question, we don't need to be concerned with e.g. running scriptlets or doing dependency solving (etc.), but we do want to produce and parse packages with scriptlets or %ghost files or %config or %defattr or patches or different kinds of signatures or all different kinds of dependencies ... (etc.) So along those lines, any ideas of what to add to the spec file and tests?
dralley
force-pushed
the
update-tests
branch
2 times, most recently
from
9dbb7b8 to
74a46ea
Compare
dralley
force-pushed
the
update-tests
branch
3 times, most recently
from
6751d16 to
ada4c22
Compare
|
@drahnr This is ready for a review pass. It could be merged as-is but I think I would like to address a few of the things I called out in comments first. Also open to feedback on the questions I asked |
|
I just rebased your PR in |
|
@drahnr Could you just |
|
|
dralley
force-pushed
the
update-tests
branch
2 times, most recently
from
557de3b to
7a0ecce
Compare
dralley
force-pushed
the
update-tests
branch
7 times, most recently
from
ec201e4 to
929a51a
Compare
| # symlinks to a file and directory | ||
| mkdir -p %{buildroot}/opt/%{name}/symlink_dir/ | ||
| ln -s ./normal %{buildroot}/opt/%{name}/symlink | ||
| ln -s ../dir %{buildroot}/opt/%{name}/symlink_dir/ |
There was a problem hiding this comment.
To add a bit more specificity to what was going wrong earlier,
without the "mkdir" it yields an error "No such file or directory" if there is a trailing slash, or "Not a directory" if there is not. With the "mkdir" it succeeds but the symlink is placed inside of "symlink_dir" instead of at that path.
I still find this confusing, because when I create that symlink manually without "mkdir" it works fine. Only inside of rpm does it seem to fail. 🤷
There was a problem hiding this comment.
Could you add that as an information nugget, it will be lost if it's only in the PR
|
I've cleaned up the commits a bit and made some adjustments to the specfiles. There are a few other simple cleanups as well but nothing significant. |
dralley
force-pushed
the
update-tests
branch
4 times, most recently
from
a29dc0e to
ffcac7f
Compare
dralley
force-pushed
the
update-tests
branch
6 times, most recently
from
1d8ebf4 to
807ed12
Compare
* Add a roundtrip test * Move comparison tests to tests/building.rs and extend them * Use fixture RPMs for new tests in tests/parsing.rs * Consolidate fixture generation scripts * Add IMA signing to fixtures * Create dedicated specfiles for exercising various advanced features * Add more tests for file attrs and capabilities * Move test_assets/ to tests/assets/
dralley
force-pushed
the
update-tests
branch
from
807ed12 to
bbe6d06
Compare
| pub digest: String, | ||
| pub algo: DigestAlgorithm, |
There was a problem hiding this comment.
Please provide accessor methods and mark these as pub(crate)
| @@ -575,7 +575,7 @@ impl IndexHeader { | |||
| } | |||
|
|
|||
| /// A single entry within the [`IndexHeader`](self::IndexHeader) | |||
| #[derive(PartialEq)] | |||
| #[derive(Clone, PartialEq, Eq)] | |||
There was a problem hiding this comment.
I don't think we should add these unless necessary, particularly because the type is internal. For external types I think they're valid addenda
| // REG = 8, /*!< regular file */ | ||
| // LINK = 10, /*!< hard link */ | ||
| // SOCK = 12 /*!< socket */ | ||
| // } rpmFileTypes; |
There was a problem hiding this comment.
Can we represent this as another bitfield?
|
Oh, I just rebased this PR, it's not ready for merging yet or anything. |
📜 Checklist
--all-featuresenabled