diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-13 21:47:06 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-13 21:47:06 +0300 |
| commit | e4474320ee09d2919262d3d3c2346025be8c2026 (patch) | |
| tree | f8ee65d59e39fae03b1abbd5c8134dcdbdc19cd9 | |
| parent | cd63e2389ef9aef5b8d2e12f472243d243c6ce1e (diff) | |
[PKGS-7387] check all repositories for usage of gpg signing
| -rw-r--r-- | include/tests_ports_packages | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/include/tests_ports_packages b/include/tests_ports_packages index c96eee4b..df34dd04 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -866,9 +866,26 @@ # # Test : PKGS-7387 # Description : Search for YUM GPG check - if [ -x /usr/bin/yum -a "${DNFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ -x /usr/bin/yum -a -z "${DNFBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PKGS-7387 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --category security --description "Check for GPG signing in YUM security package" if [ ${SKIPTEST} -eq 0 ]; then + if [ ! -z "${PYTHONBINARY}" ]; then + REPOS=$(${PYTHONBINARY} -c 'import yum ; yb = yum.YumBase() ; print [(r.id + "=" + str(r.gpgcheck)) for r in yb.repos.listEnabled()]' | ${GREPBINARY} "^\[" | ${TRBINARY} -d '[] ' ${TRBINARY} -d "'" | ${SEDBINARY} 's/,/ /g') + for I in ${REPOS}; do + REPO=$(echo ${I} | ${AWKBINARY} -F= '{print $1}') + GPGSIGNED=$(echo ${I} | ${AWKBINARY} -F= '{print $2}') + if [ "${GPGSIGNED}" = "False" ]; then + LogText "Result: software repository '${REPO}' is NOT signed" + Report "software_repository_unsigned[]=${REPO}" + AddHP 3 4 + elif [ "${GPGSIGNED}" = "True" ]; then + LogText "Result: software repository '${REPO}' is signed" + AddHP 4 4 + else + LogText "Result: unknown status for repository (data: ${I})" + fi + done + fi FOUND=0 FileExists /etc/yum.conf if [ ${FILE_FOUND} -eq 1 ]; then |