Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't try to sign if file is missing (bug 1164390) #557

Merged
merged 1 commit into from
May 13, 2015
Merged

Don't try to sign if file is missing (bug 1164390) #557

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
16 changes: 16 additions & 0 deletions apps/versions/tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -457,6 +457,7 @@ def test_sign_files(self, sign_mock):
# Don't sign for anything else than an extension.
for addon_type in no_sign_types:
self.version.addon.update(type=addon_type)
self.version.sign_files()
assert not sign_mock.called, (
'lib.crypto.packaged.sign_file called for addon type {0}'
.format(addon_type))
Expand All @@ -465,6 +466,21 @@ def test_sign_files(self, sign_mock):
self.version.sign_files()
assert sign_mock.called

@mock.patch('lib.crypto.packaged.call_signing')
@mock.patch('lib.crypto.packaged.get_endpoint')
def test_sign_version_missing_files(self, get_endpoint, call_signing_mock):
"""If one of the files is missing the others should still be signed."""
get_endpoint.return_value = 'endpoint' # Fake an endpoint.
self.version.addon.update(type=amo.ADDON_EXTENSION)
# Current file doesn't have a file on disk. We create a file with one.
good_file = amo.tests.file_factory(version=self.version)
with amo.tests.copy_file('apps/files/fixtures/files/jetpack.xpi',
good_file.file_path):
self.version.sign_files()
# 'sign_file' got called twice, but only one was signed.
call_signing_mock.assert_called_once_with(
good_file.file_path, 'endpoint', good_file.version.addon.guid)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see how this test is testing the code. I would expect to remove a file rather than copy one?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's already a file in the fixture, but it doesn't have a real file on the disk (it's just a db fixture).

That's why I'm adding another File with a file on disk. This is the one that needs to get signed (and the original one not having a file on disk shouldn't prevent that).


def test_get_url_path(self):
eq_(self.version.get_url_path(),
'/en-US/firefox/addon/a3615/versions/2.1.072')
Expand Down
5 changes: 5 additions & 0 deletions lib/crypto/packaged.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,11 @@ def sign_file(file_obj):
file_obj.pk))
return

# No file? No signature.
if not os.path.exists(file_obj.file_path):
log.info(u'File {0} doesn\'t exist on disk'.format(file_obj.file_path))
return

# Don't sign hotfixes.
if file_obj.version.addon.guid in settings.HOTFIX_ADDON_GUIDS:
log.info(u'Not signing file {0}: addon is a hotfix'.format(
Expand Down
11 changes: 11 additions & 0 deletions lib/crypto/tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,17 @@ def test_sign_file_non_ascii_filename(self):
assert self.file_.hash
assert packaged.is_signed(self.file_.file_path)

def test_no_sign_missing_file(self):
os.unlink(self.file_.file_path)
assert not self.file_.is_signed
assert not self.file_.cert_serial_num
assert not self.file_.hash
packaged.sign_file(self.file_)
assert not self.file_.is_signed
assert not self.file_.cert_serial_num
assert not self.file_.hash
assert not packaged.is_signed(self.file_.file_path)

def test_no_sign_hotfix_addons(self):
"""Don't sign hotfix addons."""
for hotfix_guid in settings.HOTFIX_ADDON_GUIDS:
Expand Down