github
/
ha-supervisor
mirror of https://github.com/home-assistant/supervisor
1
Fork 0
Code Releases Activity

Enable CAS (#3595)

This commit is contained in:
Pascal Vizeli 2022-04-27 15:22:36 +02:00 committed by GitHub
parent 3299772f3c
commit ff08ca5920
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
supervisor/resolution/checks/core_trust.py
View File

@ -56,4 +56,4 @@ class CheckCoreTrust(CheckBase):
@property
def states(self) -> list[CoreState]:
"""Return a list of valid states when this check can run."""
return [CoreState.RUNNING]
return [CoreState.RUNNING, CoreState.STARTUP]

2
supervisor/resolution/checks/plugin_trust.py
View File

@ -62,4 +62,4 @@ class CheckPluginTrust(CheckBase):
@property
def states(self) -> list[CoreState]:
"""Return a list of valid states when this check can run."""
return [CoreState.RUNNING]
return [CoreState.RUNNING, CoreState.STARTUP]

2
supervisor/security.py
View File

@ -72,8 +72,6 @@ class Security(FileConfiguration, CoreSysAttributes):
async def verify_own_content(self, checksum: str) -> None:
"""Verify content from HA org."""
return
# pylint: disable=unreachable
return await self.verify_content("notary@home-assistant.io", checksum)
async def verify_secret(self, pwned_hash: str) -> None:

11
tests/test_security.py
View File

@ -15,6 +15,13 @@ async def test_content_trust(coresys: CoreSys):
assert cas_validate.called
cas_validate.assert_called_once_with("test@mail.com", "ffffffffffffff")
with patch("supervisor.security.cas_validate", AsyncMock()) as cas_validate:
await coresys.security.verify_own_content("ffffffffffffff")
assert cas_validate.called
cas_validate.assert_called_once_with(
"notary@home-assistant.io", "ffffffffffffff"
)
async def test_disabled_content_trust(coresys: CoreSys):
"""Test Content-Trust."""
@ -24,6 +31,10 @@ async def test_disabled_content_trust(coresys: CoreSys):
await coresys.security.verify_content("test@mail.com", "ffffffffffffff")
assert not cas_validate.called
with patch("supervisor.security.cas_validate", AsyncMock()) as cas_validate:
await coresys.security.verify_own_content("ffffffffffffff")
assert not cas_validate.called
async def test_force_content_trust(coresys: CoreSys):
"""Force Content-Trust tests."""