Skip to content
This repository has been archived by the owner on May 21, 2024. It is now read-only.

Commit

Permalink
Test for target match verification failure.
Browse files Browse the repository at this point in the history
Covers that we correctly reject the target and then can continue to get
new updates. Also checks that no updates are reported if any one update
is invalid.

Signed-off-by: Patrick Vacek <[email protected]>
  • Loading branch information
pattivacek committed Jan 8, 2020
1 parent b4cfa49 commit bf5666b
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 24 deletions.
27 changes: 3 additions & 24 deletions src/libaktualizr/primary/aktualizr_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -24,27 +24,6 @@
boost::filesystem::path uptane_repos_dir;
boost::filesystem::path fake_meta_dir;

void verifyNothingInstalled(const Json::Value& manifest) {
// Verify nothing has installed for the primary.
EXPECT_EQ(
manifest["ecu_version_manifests"]["CA:FE:A6:D2:84:9D"]["signed"]["custom"]["operation_result"]["id"].asString(),
"");
EXPECT_EQ(
manifest["ecu_version_manifests"]["CA:FE:A6:D2:84:9D"]["signed"]["custom"]["operation_result"]["result_code"]
.asInt(),
static_cast<int>(data::ResultCode::Numeric::kOk));
EXPECT_EQ(
manifest["ecu_version_manifests"]["CA:FE:A6:D2:84:9D"]["signed"]["custom"]["operation_result"]["result_text"]
.asString(),
"");
EXPECT_EQ(manifest["ecu_version_manifests"]["CA:FE:A6:D2:84:9D"]["signed"]["installed_image"]["filepath"].asString(),
"unknown");
// Verify nothing has installed for the secondary.
EXPECT_EQ(
manifest["ecu_version_manifests"]["secondary_ecu_serial"]["signed"]["installed_image"]["filepath"].asString(),
"noimage");
}

static Primary::VirtualSecondaryConfig virtual_configuration(const boost::filesystem::path& client_dir) {
Primary::VirtualSecondaryConfig ecu_config;

Expand Down Expand Up @@ -123,7 +102,7 @@ TEST(Aktualizr, FullNoUpdates) {
FAIL() << "Timed out waiting for metadata to be fetched.";
}

verifyNothingInstalled(aktualizr.uptane_client()->AssembleManifest());
UptaneTestCommon::verifyNothingInstalled(aktualizr.uptane_client()->AssembleManifest());
}

/*
Expand Down Expand Up @@ -1291,7 +1270,7 @@ TEST(Aktualizr, CheckNoUpdates) {
FAIL() << "Timed out waiting for metadata to be fetched.";
}

verifyNothingInstalled(aktualizr.uptane_client()->AssembleManifest());
UptaneTestCommon::verifyNothingInstalled(aktualizr.uptane_client()->AssembleManifest());
}

/*
Expand Down Expand Up @@ -1383,7 +1362,7 @@ TEST(Aktualizr, DownloadWithUpdates) {
FAIL() << "Timed out waiting for downloads to complete.";
}

verifyNothingInstalled(aktualizr.uptane_client()->AssembleManifest());
UptaneTestCommon::verifyNothingInstalled(aktualizr.uptane_client()->AssembleManifest());
}

class HttpDownloadFailure : public HttpFake {
Expand Down
53 changes: 53 additions & 0 deletions src/libaktualizr/primary/empty_targets_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,59 @@ TEST(Aktualizr, EmptyTargets) {
}
}

/* Check that Aktualizr switches back to empty targets after failing to verify
* the Target matching. Also check that no updates are reported if any are
* invalid. */
TEST(Aktualizr, EmptyTargetsAfterVerification) {
TemporaryDirectory temp_dir;
TemporaryDirectory meta_dir;
auto http = std::make_shared<HttpRejectEmptyCorrId>(temp_dir.Path(), meta_dir.Path() / "repo");
Config conf = UptaneTestCommon::makeTestConfig(temp_dir, http->tls_server);
logger_set_threshold(boost::log::trivial::trace);

// Add two images: a valid one for the Primary and an invalid for the
// Secondary. The Primary will get verified first and should succeed.
Process uptane_gen(uptane_generator_path.string());
uptane_gen.run({"generate", "--path", meta_dir.PathString(), "--correlationid", "abc123"});
uptane_gen.run({"image", "--path", meta_dir.PathString(), "--filename", "tests/test_data/firmware.txt",
"--targetname", "firmware.txt", "--hwid", "primary_hw"});
uptane_gen.run({"addtarget", "--path", meta_dir.PathString(), "--targetname", "firmware.txt", "--hwid", "primary_hw",
"--serial", "CA:FE:A6:D2:84:9D"});
uptane_gen.run({"image", "--path", meta_dir.PathString(), "--filename", "tests/test_data/firmware_name.txt",
"--targetname", "firmware_name.txt", "--hwid", "bad"});
uptane_gen.run({"addtarget", "--path", meta_dir.PathString(), "--targetname", "firmware_name.txt", "--hwid",
"secondary_hw", "--serial", "secondary_ecu_serial"});
uptane_gen.run({"signtargets", "--path", meta_dir.PathString(), "--correlationid", "abc123"});

// failing verification
auto storage = INvStorage::newStorage(conf.storage);
{
UptaneTestCommon::TestAktualizr aktualizr(conf, storage, http);
aktualizr.Initialize();

result::UpdateCheck update_result = aktualizr.CheckUpdates().get();
EXPECT_EQ(update_result.status, result::UpdateStatus::kError);
EXPECT_EQ(update_result.ecus_count, 0);
EXPECT_TRUE(update_result.updates.empty());

// Also confirm that nothing was installed.
UptaneTestCommon::verifyNothingInstalled(aktualizr.uptane_client()->AssembleManifest());
}

// Backend reacts to failure: no need to install the target anymore
uptane_gen.run({"emptytargets", "--path", meta_dir.PathString()});
uptane_gen.run({"signtargets", "--path", meta_dir.PathString(), "--correlationid", "abc123"});

// check that no update is available
{
UptaneTestCommon::TestAktualizr aktualizr(conf, storage, http);
aktualizr.Initialize();

result::UpdateCheck update_result = aktualizr.CheckUpdates().get();
EXPECT_EQ(update_result.status, result::UpdateStatus::kNoUpdatesAvailable);
}
}

#ifdef FIU_ENABLE

/* Check that Aktualizr switches back to empty targets after failing a
Expand Down
1 change: 1 addition & 0 deletions src/libaktualizr/primary/sotauptaneclient.h
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ class SotaUptaneClient {
FRIEND_TEST(Aktualizr, FullMultipleSecondaries);
FRIEND_TEST(Aktualizr, CheckNoUpdates);
FRIEND_TEST(Aktualizr, DownloadWithUpdates);
FRIEND_TEST(Aktualizr, EmptyTargetsAfterVerification);
FRIEND_TEST(Aktualizr, FinalizationFailure);
FRIEND_TEST(Aktualizr, InstallationFailure);
FRIEND_TEST(Aktualizr, AutoRebootAfterUpdate);
Expand Down
22 changes: 22 additions & 0 deletions tests/uptane_test_common.h
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,28 @@ struct UptaneTestCommon {
packages_to_install.emplace_back(serial, ot_json);
return packages_to_install;
}

static void verifyNothingInstalled(const Json::Value& manifest) {
// Verify nothing has installed for the primary.
EXPECT_EQ(
manifest["ecu_version_manifests"]["CA:FE:A6:D2:84:9D"]["signed"]["custom"]["operation_result"]["id"].asString(),
"");
EXPECT_EQ(
manifest["ecu_version_manifests"]["CA:FE:A6:D2:84:9D"]["signed"]["custom"]["operation_result"]["result_code"]
.asInt(),
static_cast<int>(data::ResultCode::Numeric::kOk));
EXPECT_EQ(
manifest["ecu_version_manifests"]["CA:FE:A6:D2:84:9D"]["signed"]["custom"]["operation_result"]["result_text"]
.asString(),
"");
EXPECT_EQ(manifest["ecu_version_manifests"]["CA:FE:A6:D2:84:9D"]["signed"]["installed_image"]["filepath"].asString(),
"unknown");
// Verify nothing has installed for the secondary.
EXPECT_EQ(
manifest["ecu_version_manifests"]["secondary_ecu_serial"]["signed"]["installed_image"]["filepath"].asString(),
"noimage");
}

};

#endif // UPTANE_TEST_COMMON_H_
Expand Down

0 comments on commit bf5666b

Please sign in to comment.