diff options
author | Lars Wirzenius <liw@liw.fi> | 2014-01-12 13:36:45 +0000 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2014-01-12 13:36:45 +0000 |
commit | f9e7a6522af273346d77debce154dedd5e14c5a8 (patch) | |
tree | 732f8f1602c79633f4b7388716f5b4be73e50115 | |
parent | 699670b2d671a7e0379eb6540ec02b67efdb634f (diff) | |
download | obnam-f9e7a6522af273346d77debce154dedd5e14c5a8.tar.gz |
Basic encrypted backup/restore test
This sets up a whole lot of infrastructure, too.
-rw-r--r-- | test-data/keyring-1/pubring.gpg | bin | 0 -> 1171 bytes | |||
-rw-r--r-- | test-data/keyring-1/random_seed | bin | 0 -> 600 bytes | |||
-rw-r--r-- | test-data/keyring-1/secring.gpg | bin | 0 -> 2472 bytes | |||
-rw-r--r-- | test-data/keyring-1/trustdb.gpg | bin | 0 -> 1280 bytes | |||
-rw-r--r-- | test-data/keyring-2/pubring.gpg | bin | 0 -> 1171 bytes | |||
-rw-r--r-- | test-data/keyring-2/random_seed | bin | 0 -> 600 bytes | |||
-rw-r--r-- | test-data/keyring-2/secring.gpg | bin | 0 -> 2473 bytes | |||
-rw-r--r-- | test-data/keyring-2/trustdb.gpg | bin | 0 -> 1280 bytes | |||
-rw-r--r-- | yarns/0060-encryption.yarn | 84 | ||||
-rw-r--r-- | yarns/9000-implements.yarn | 19 | ||||
-rw-r--r-- | yarns/obnam.sh | 45 |
11 files changed, 144 insertions, 4 deletions
diff --git a/test-data/keyring-1/pubring.gpg b/test-data/keyring-1/pubring.gpg Binary files differnew file mode 100644 index 00000000..9fc124ab --- /dev/null +++ b/test-data/keyring-1/pubring.gpg diff --git a/test-data/keyring-1/random_seed b/test-data/keyring-1/random_seed Binary files differnew file mode 100644 index 00000000..cb95177b --- /dev/null +++ b/test-data/keyring-1/random_seed diff --git a/test-data/keyring-1/secring.gpg b/test-data/keyring-1/secring.gpg Binary files differnew file mode 100644 index 00000000..06774fde --- /dev/null +++ b/test-data/keyring-1/secring.gpg diff --git a/test-data/keyring-1/trustdb.gpg b/test-data/keyring-1/trustdb.gpg Binary files differnew file mode 100644 index 00000000..1d791d71 --- /dev/null +++ b/test-data/keyring-1/trustdb.gpg diff --git a/test-data/keyring-2/pubring.gpg b/test-data/keyring-2/pubring.gpg Binary files differnew file mode 100644 index 00000000..824a4aca --- /dev/null +++ b/test-data/keyring-2/pubring.gpg diff --git a/test-data/keyring-2/random_seed b/test-data/keyring-2/random_seed Binary files differnew file mode 100644 index 00000000..0cd528db --- /dev/null +++ b/test-data/keyring-2/random_seed diff --git a/test-data/keyring-2/secring.gpg b/test-data/keyring-2/secring.gpg Binary files differnew file mode 100644 index 00000000..fe31d9b3 --- /dev/null +++ b/test-data/keyring-2/secring.gpg diff --git a/test-data/keyring-2/trustdb.gpg b/test-data/keyring-2/trustdb.gpg Binary files differnew file mode 100644 index 00000000..224649f2 --- /dev/null +++ b/test-data/keyring-2/trustdb.gpg diff --git a/yarns/0060-encryption.yarn b/yarns/0060-encryption.yarn new file mode 100644 index 00000000..6903de8f --- /dev/null +++ b/yarns/0060-encryption.yarn @@ -0,0 +1,84 @@ +Encrypted repositories +====================== + +Obnam repositories may be encrypted. The encryption is based on public +keys, using GnuPG specifically. Internally, symmetric encryption is +also used, but that is not visible, nor relevant, to the user. All +encryption requires some level of key management, so the encryption +plugin in Obnam provides a number of subcommands for that. + +We need to test, at minimum, that key management works. Ideally, we'd +also test that encryption works, but that's trickier to achieve +without making assumptions about the repository format. + +Test setup +---------- + +We need two PGP keys for these tests, and they need to be independent +of each other so that tests can meaningfully use the different keys to +pretend they're different users. We have, in the Obnam source tree, +two GnuPG keyrings (`test-data/keyring-1` and `test-data/keyring-2`), +which we use for this purpose. We use pre-generated keys instead of +generating new ones for each test run, since key generation is a +fairly heavy operation that easily depletes the host of entropy. + +However, to avoid inadvertent changes to the keys, keyrings, random +data seeds, or other files, we make a copy of the data into `$DATADIR` +for the duration of the test. + +The keys have usernames `Test Key One` and `Test Key Two` (no e-mail +addresses). They have no passphrase. Otherwise, they are generated +using GnuPG defaults (as of 1.4.12 in Debian wheezy). + +Encrypted backup and restore +---------------------------- + +We'll make a simple backup and restore using encryption. If this +works, we can probably assume that any other normal repository +operations (those not part of encryption management) also work, given +that encryption is done at the I/O abstraction level. + + SCENARIO basic encrypted backup and restore + GIVEN user U uses encryption key "Test Key One" from test-data/keyring-1 + AND directory L with interesting filesystem objects + AND a manifest of directory L in M + WHEN user U backs up directory L to repository R + AND user U restores their latest generation in repository R into X + THEN L, restored to X, matches manifest M + +Adding and removing keys to clients +----------------------------------- + +Each client specifies the key they want to use with the +`--encrypt-with` setting. This is the primary key for the client. The +client may additionally use other keys to encrypt to: this allows, for +example, having a repository-wide encryption key that can run fsck or +forget. + +We test these by having two keys: one for the primary one, and a +second one, and verifying that we can, or can't, access the backup +with the second key, depending on whether it has or hasn't been added +to the client. + +# obnam [options] client-keys +# obnam [options] add-key [CLIENT-NAME]... +# obnam [options] remove-key [CLIENT-NAME]... + +Key queries +----------- + +Obnam has a couple of commands to list the keys in the repository and +what they have access to. + +# obnam [options] list-keys +# obnam [options] list-toplevels + +Removing a client +----------------- + +Obnam currently has a `obnam remove-client` command which only works +when encryption is used. This is a wart, a bug, and a disgrace. +However, it will be fixed some day, and until then the command is +tested in this chapter. + +# obnam [options] remove-client [CLIENT-NAME]... diff --git a/yarns/9000-implements.yarn b/yarns/9000-implements.yarn index 1de44c15..144b7245 100644 --- a/yarns/9000-implements.yarn +++ b/yarns/9000-implements.yarn @@ -82,6 +82,25 @@ We may also need to check two manifests against each other. IMPLEMENTS THEN manifests (\S+) and (\S+) match diff -u "$DATADIR/$MATCH_1" "$DATADIR/$MATCH_2" +Obnam configuration management +------------------------------ + +In some scenarios, it is easier to maintain a configuration file than +to pass in all the options to `run_obnam` every time. This section +contains steps to do that. + +Scenarios involving encryption need to specify the encryption key to +use. We store that. + + IMPLEMENTS GIVEN user (\S+) uses encryption key "(.*)" from (\S+) + if [ ! -e "$DATADIR/$MATCH_1.gnupg" ] + then + mkdir "$DATADIR/$MATCH_1.gnupg" + cp -a "$SRCDIR/$MATCH_3/." "$DATADIR/$MATCH_1.gnupg/." + add_to_env "$MATCH_1" GNUPGHOME "$DATADIR/$MATCH_1.gnupg" + fi + add_to_config "$DATADIR/$MATCH_1.conf" encrypt-with "$MATCH_2" + Backing up ---------- diff --git a/yarns/obnam.sh b/yarns/obnam.sh index 09319b37..7abdae23 100644 --- a/yarns/obnam.sh +++ b/yarns/obnam.sh @@ -16,15 +16,52 @@ # =*= License: GPL-3+ =*= -# Run Obnam in a safe way that ignore's any configuration files outside -# the test. The first argument MUST be the client name. +# Run Obnam in a safe way that ignore's any configuration files +# outside the test. The first argument MUST be the client name. The +# configuration file $DATADIR/$1.conf is used, if it exists. In addition, +# the environment variables specified in $DATADIR/$1.env are added for +# the duration of running Obnam. run_obnam() { local name="$1" shift - "$SRCDIR/obnam" --no-default-config --quiet --client-name="$name" \ - --log-level debug --log "$DATADIR/obnam.log" "$@" + ( + if [ -e "$DATADIR/$name.env" ] + then + . "$DATADIR/$name.env" + fi + "$SRCDIR/obnam" --no-default-config --config "$DATADIR/$name.conf" \ + --quiet --client-name="$name" \ + --log-level debug --log "$DATADIR/obnam.log" "$@" + ) +} + + +# Add an environment variable to the Obnam run. + +add_to_env() +{ + local user="$1" + local var="$2" + local value="$3" + printf 'export %s=%s\n' "$var" "$value" >> "$DATADIR/$user.env" +} + + +# Add a setting to an Obnam configuration file. + +add_to_config() +{ + local filename="$1" + local key="$2" + local value="$3" + + if [ ! -e "$filename" ] + then + printf '[config]\n' > "$filename" + fi + printf '%s = %s\n' "$key" "$value" >> "$filename" } |