diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index c772b0d43..eae7df79d 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -293,7 +293,6 @@ jobs: - name: Check the Supervisor code sign if: needs.init.outputs.publish == 'true' run: | - exit 0 echo "Enable Content-Trust" test=$(docker exec hassio_cli ha security options --content-trust=true --no-progress --raw-json | jq -r '.result') if [ "$test" != "ok" ]; then diff --git a/supervisor/resolution/checks/core_trust.py b/supervisor/resolution/checks/core_trust.py index 8f43508f5..f1a99acf9 100644 --- a/supervisor/resolution/checks/core_trust.py +++ b/supervisor/resolution/checks/core_trust.py @@ -4,7 +4,7 @@ from typing import Optional from ...const import CoreState from ...coresys import CoreSys -from ...exceptions import CodeNotaryBackendError, CodeNotaryError, CodeNotaryUntrusted +from ...exceptions import CodeNotaryError, CodeNotaryUntrusted from ..const import ContextType, IssueType, UnhealthyReason from .base import CheckBase @@ -32,8 +32,6 @@ class CheckCoreTrust(CheckBase): except CodeNotaryUntrusted: self.sys_resolution.unhealthy = UnhealthyReason.UNTRUSTED self.sys_resolution.create_issue(IssueType.TRUST, ContextType.CORE) - except CodeNotaryBackendError: - _LOGGER.warning("CAS backend issue, skipping check") except CodeNotaryError: pass diff --git a/supervisor/resolution/checks/plugin_trust.py b/supervisor/resolution/checks/plugin_trust.py index 38179a45f..a660a2fd2 100644 --- a/supervisor/resolution/checks/plugin_trust.py +++ b/supervisor/resolution/checks/plugin_trust.py @@ -4,7 +4,7 @@ from typing import Optional from ...const import CoreState from ...coresys import CoreSys -from ...exceptions import CodeNotaryBackendError, CodeNotaryError, CodeNotaryUntrusted +from ...exceptions import CodeNotaryError, CodeNotaryUntrusted from ..const import ContextType, IssueType, UnhealthyReason from .base import CheckBase @@ -35,9 +35,6 @@ class CheckPluginTrust(CheckBase): self.sys_resolution.create_issue( IssueType.TRUST, ContextType.PLUGIN, reference=plugin.slug ) - except CodeNotaryBackendError: - _LOGGER.warning("CAS backend issue, skipping check") - return except CodeNotaryError: pass diff --git a/supervisor/security.py b/supervisor/security.py index b71914d36..5fcda97d0 100644 --- a/supervisor/security.py +++ b/supervisor/security.py @@ -1,6 +1,5 @@ """Fetch last versions from webserver.""" import logging -from typing import Awaitable from .const import ( ATTR_CONTENT_TRUST, @@ -71,9 +70,11 @@ class Security(FileConfiguration, CoreSysAttributes): raise return - def verify_own_content(self, checksum: str) -> Awaitable[None]: + async def verify_own_content(self, checksum: str) -> None: """Verify content from HA org.""" - return self.verify_content("notary@home-assistant.io", checksum) + return + # pylint: disable=unreachable + return await self.verify_content("notary@home-assistant.io", checksum) async def verify_secret(self, pwned_hash: str) -> None: """Verify pwned state of a secret.""" diff --git a/supervisor/utils/codenotary.py b/supervisor/utils/codenotary.py index 9eea12fc3..78b5560b3 100644 --- a/supervisor/utils/codenotary.py +++ b/supervisor/utils/codenotary.py @@ -44,8 +44,6 @@ async def cas_validate( checksum: str, ) -> None: """Validate data against CodeNotary.""" - return - # pylint: disable=unreachable if (checksum, signer) in _CACHE: return diff --git a/tests/test_security.py b/tests/test_security.py index 79d614995..0211a35d4 100644 --- a/tests/test_security.py +++ b/tests/test_security.py @@ -7,7 +7,6 @@ from supervisor.coresys import CoreSys from supervisor.exceptions import CodeNotaryError -@pytest.mark.skip() async def test_content_trust(coresys: CoreSys): """Test Content-Trust.""" @@ -16,15 +15,7 @@ async def test_content_trust(coresys: CoreSys): assert cas_validate.called cas_validate.assert_called_once_with("test@mail.com", "ffffffffffffff") - with patch("supervisor.security.cas_validate", AsyncMock()) as cas_validate: - await coresys.security.verify_own_content("ffffffffffffff") - assert cas_validate.called - cas_validate.assert_called_once_with( - "notary@home-assistant.io", "ffffffffffffff" - ) - -@pytest.mark.skip() async def test_disabled_content_trust(coresys: CoreSys): """Test Content-Trust.""" coresys.security.content_trust = False @@ -33,12 +24,7 @@ async def test_disabled_content_trust(coresys: CoreSys): await coresys.security.verify_content("test@mail.com", "ffffffffffffff") assert not cas_validate.called - with patch("supervisor.security.cas_validate", AsyncMock()) as cas_validate: - await coresys.security.verify_own_content("ffffffffffffff") - assert not cas_validate.called - -@pytest.mark.skip() async def test_force_content_trust(coresys: CoreSys): """Force Content-Trust tests.""" diff --git a/tests/utils/test_codenotary.py b/tests/utils/test_codenotary.py index f30b4edb4..68d8617da 100644 --- a/tests/utils/test_codenotary.py +++ b/tests/utils/test_codenotary.py @@ -46,7 +46,6 @@ def fixture_subprocess_exec(request): yield subprocess_exec -@pytest.mark.skip() def test_checksum_calc(): """Calc Checkusm as test.""" assert calc_checksum("test") == calc_checksum(b"test") @@ -56,7 +55,6 @@ def test_checksum_calc(): ) -@pytest.mark.skip() async def test_valid_checksum(): """Test a valid autorization.""" await cas_validate( @@ -65,7 +63,6 @@ async def test_valid_checksum(): ) -@pytest.mark.skip() async def test_invalid_checksum(): """Test a invalid autorization.""" with pytest.raises(CodeNotaryUntrusted): @@ -75,7 +72,6 @@ async def test_invalid_checksum(): ) -@pytest.mark.skip() @pytest.mark.parametrize( "subprocess_exec", [ @@ -93,7 +89,6 @@ async def test_cas_backend_error(subprocess_exec): ) -@pytest.mark.skip() @pytest.mark.parametrize( "subprocess_exec", [SubprocessResponse(returncode=0, data='{"status":1}')], @@ -108,7 +103,6 @@ async def test_cas_notarized_untrusted(subprocess_exec): ) -@pytest.mark.skip() @pytest.mark.parametrize( "subprocess_exec", [SubprocessResponse(exception=OSError())], indirect=True )