Allow --sigkey-file to be a symlink

Also adds the first tests (using pytest) & a short paragraph to the README on how to run them.
author: Grégoire Détrez <gregoire@mullvad.net> 2022-06-28 16:46:42 +0200
committer: Grégoire Détrez <gregoire@mullvad.net> 2022-06-28 17:28:42 +0200
commit: 5e6b83d17629fb8e8ae81638b2056a37364ec703 (patch)
tree: c8e89bb254f3a73122535fb472aa6776b164e0f4
parent: b614c855be543b5acc1873fc13454893b08718ef (diff)
3 files changed, 95 insertions, 8 deletions
diff --git a/README.md b/README.md
index ed9a389..65a8b37 100644
--- a/README.md
+++ b/README.md
@@ -9,3 +9,13 @@ The full license text can be found in the file LICENSE.
 
 This license is also known as the BSD-2-Clause and the Simplified BSD
 License.
+
+## Hacking
+
+### Running tests
+
+Use [`pytest`](https://docs.pytest.org/) to run the automated tests:
+
+```
+$ pytest .
+```
diff --git a/sigsum-witness.py b/sigsum-witness.py
index 15bfb07..ef63c4c 100755
--- a/sigsum-witness.py
+++ b/sigsum-witness.py
@@ -386,14 +386,10 @@ def generate_and_store_sigkey(fn):
         f.write(signing_key.encode(encoder=nacl.encoding.HexEncoder).decode('ascii'))
 
 def read_sigkeyfile(fn):
-    s = os.stat(fn, follow_symlinks=False)
-    if not S_ISREG(s.st_mode):
-        return None, (ERR_SIGKEYFILE,
-                      "ERROR: Signing key file {} must be a regular file".format(fn))
-    if S_IMODE(s.st_mode) & 0o077 != 0:
-        return None, (ERR_SIGKEYFILE,
-                      "ERROR: Signing key file {} permissions too lax: {:04o}".format(fn, S_IMODE(s.st_mode)))
-
+    try:
+        check_sigkeyfile(fn)
+    except SigKeyFileError as err:
+        return None, (ERR_SIGKEYFILE, str(err))
     with open(fn, 'r') as f:
         try:
             signing_key = nacl.signing.SigningKey(f.readline().strip(), nacl.encoding.HexEncoder)
@@ -405,6 +401,21 @@ def read_sigkeyfile(fn):
     return signing_key, None
 
 
+def check_sigkeyfile(fn):
+    try:
+        s = os.stat(fn, follow_symlinks=True)
+    except FileNotFoundError:
+        raise SigKeyFileError(f"ERROR: File not found: {fn}")
+    if not S_ISREG(s.st_mode):
+        raise SigKeyFileError(f"ERROR: Signing key file {fn} must be a regular file")
+    if S_IMODE(s.st_mode) & 0o077 != 0:
+        raise SigKeyFileError(f"ERROR: Signing key file {fn} permissions too lax: {S_IMODE(s.st_mode):04o}")
+
+
+class SigKeyFileError(Exception):
+    pass
+
+
 # Read signature key from file, or generate one and write it to file.
 def ensure_sigkey(fn):
     try:
diff --git a/sigsum-witness_test.py b/sigsum-witness_test.py
new file mode 100644
index 0000000..3c0241b
--- /dev/null
+++ b/sigsum-witness_test.py
@@ -0,0 +1,66 @@
+import importlib
+
+import pytest
+
+witness = importlib.import_module("sigsum-witness")  # To import a module with a '-'
+
+
+class Test_check_sigkeyfile:
+    def test_file_ok(self, tmp_path):
+        path = tmp_path / "key"
+        path.touch(mode=0o700)
+        witness.check_sigkeyfile(path)
+
+    def test_file_notfound(self, tmp_path):
+        path = tmp_path / "key"
+        with pytest.raises(
+            witness.SigKeyFileError,
+            match=f"ERROR: File not found: {path}",
+        ):
+            witness.check_sigkeyfile(path)
+
+    def test_notafile(self, tmp_path):
+        path = tmp_path / "key"
+        path.mkdir()
+        with pytest.raises(
+            witness.SigKeyFileError,
+            match=f"ERROR: Signing key file {path} must be a regular file",
+        ):
+            witness.check_sigkeyfile(path)
+
+    def test_file_badmode(self, tmp_path):
+        path = tmp_path / "key"
+        path.touch(mode=0o755)
+        with pytest.raises(
+            witness.SigKeyFileError,
+            match=f"ERROR: Signing key file {path} permissions too lax: 0755",
+        ):
+            witness.check_sigkeyfile(path)
+
+    def test_symlink_ok(self, tmp_path):
+        filepath = tmp_path / "thekey"
+        filepath.touch(mode=0o700)
+        linkpath = tmp_path / "key"
+        linkpath.symlink_to(filepath)
+        assert witness.check_sigkeyfile(linkpath) is None
+
+    def test_symlink_badmode(self, tmp_path):
+        filepath = tmp_path / "thekey"
+        filepath.touch(mode=0o755)
+        linkpath = tmp_path / "key"
+        linkpath.symlink_to(filepath)
+        with pytest.raises(
+            witness.SigKeyFileError,
+            match=f"ERROR: Signing key file {linkpath} permissions too lax: 0755",
+        ):
+            witness.check_sigkeyfile(linkpath)
+
+    def test_symlink_dangling(self, tmp_path):
+        filepath = tmp_path / "thekey"
+        linkpath = tmp_path / "key"
+        linkpath.symlink_to(filepath)
+        with pytest.raises(
+            witness.SigKeyFileError,
+            match=f"ERROR: File not found: {linkpath}",
+        ):
+            witness.check_sigkeyfile(linkpath)
author	Grégoire Détrez <gregoire@mullvad.net>	2022-06-28 16:46:42 +0200
committer	Grégoire Détrez <gregoire@mullvad.net>	2022-06-28 17:28:42 +0200
commit	5e6b83d17629fb8e8ae81638b2056a37364ec703 (patch)
tree	c8e89bb254f3a73122535fb472aa6776b164e0f4
parent	b614c855be543b5acc1873fc13454893b08718ef (diff)