[PKGS-7387] check all repositories for usage of gpg signing

2017-03-13 19:47:06 +01:00 · 2017-03-13 19:47:06 +01:00 · e4474320ee
parent cd63e2389e
commit e4474320ee
1 changed files with 18 additions and 1 deletions
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@ -866,9 +866,26 @@
 #
    # Test        : PKGS-7387
    # Description : Search for YUM GPG check
-    if [ -x /usr/bin/yum -a "${DNFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    if [ -x /usr/bin/yum -a -z "${DNFBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no PKGS-7387 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --category security --description "Check for GPG signing in YUM security package"
    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ! -z "${PYTHONBINARY}" ]; then
+            REPOS=$(${PYTHONBINARY} -c 'import yum ; yb = yum.YumBase() ; print [(r.id + "=" + str(r.gpgcheck)) for r in yb.repos.listEnabled()]' | ${GREPBINARY} "^\[" | ${TRBINARY} -d '[] ' ${TRBINARY} -d "'" | ${SEDBINARY} 's/,/ /g')
+            for I in ${REPOS}; do
+                REPO=$(echo ${I} | ${AWKBINARY} -F= '{print $1}')
+                GPGSIGNED=$(echo ${I} | ${AWKBINARY} -F= '{print $2}')
+                if [ "${GPGSIGNED}" = "False" ]; then
+                    LogText "Result: software repository '${REPO}' is NOT signed"
+                    Report "software_repository_unsigned[]=${REPO}"
+                    AddHP 3 4
+                elif [ "${GPGSIGNED}" = "True" ]; then
+                    LogText "Result: software repository '${REPO}' is signed"
+                    AddHP 4 4
+                else
+                    LogText "Result: unknown status for repository (data: ${I})"
+                fi
+            done
+        fi
        FOUND=0
        FileExists /etc/yum.conf
        if [ ${FILE_FOUND} -eq 1 ]; then