rupert 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 41a2074b3a0e08e088990219f5659323705498e3
+  data.tar.gz: 810e02415872bb758efa3b109f70e5d264f8455f
+SHA512:
+  metadata.gz: 3b351ae5740f728a267a41afc8a474921aaf072d3141209cc86d743e4011ebe223adb5c6fb45db7c3bb29d4b67d5cbae99d6748c564264f97b2160508db7f626
+  data.tar.gz: 1585d64649df3e91617ddb3b4b88464d8a4f3aac419e18c862ee1009de1915554502be5c793257d79d4a0f39164008d98170bb79bbe59787f3a9ff75e2eba24f

data/.gitignore

@@ -0,0 +1,9 @@
+.DS_Store
+*.gem
+*.swo
+*.swp
+.bundle
+Gemfile.lock
+coverage
+pkg
+vendor

data/.ruby-version

@@ -0,0 +1 @@
+2.0.0-p247

data/.travis.yml

@@ -0,0 +1,11 @@
+---
+language: ruby
+
+rvm:
+  - 1.9.3
+  - 2.0.0
+
+bundler_args: --path vendor/bundle
+
+script:
+  - bundle exec rake test

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rupture.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Stefano Zanella
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,42 @@
+[![Build Status](https://travis-ci.org/stefanozanella/rupert.png?branch=master)](https://travis-ci.org/stefanozanella/rupert)
+[![Code Climate](https://codeclimate.com/github/stefanozanella/rupert.png)](https://codeclimate.com/github/stefanozanella/rupert)
+[![Coverage Status](https://coveralls.io/repos/stefanozanella/rupert/badge.png?branch=master)](https://coveralls.io/r/stefanozanella/rupert?branch=master)
+[![Dependency Status](https://gemnasium.com/stefanozanella/rupert.png)](https://gemnasium.com/stefanozanella/rupert)
+
+# Rupert
+
+Pure Ruby RPM Library
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'rupert'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rupert
+
+## Usage
+
+You can read an RPM simply with:
+
+    rpm = Rupert::RPM.load('rpm-4.8.0-32.el6.x86_64.rpm')
+
+or just check if a specific file is an RPM with:
+
+    Rupert::RPM.rpm? 'iamtrollingyou' # false
+
+(note that loading a file that is not an RPM generates an exception)
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,34 @@
+require 'rake/testtask'
+require 'coveralls/rake/task'
+
+namespace :gem do
+  require "bundler/gem_tasks"
+end
+
+Rake::TestTask.new do |t|
+  t.verbose = true
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+namespace :test do
+  %w{end_to_end unit}.each do |suite|
+    Rake::TestTask.new(suite.to_sym) do |t|
+      t.verbose = true
+      t.libs << 'lib'
+      t.libs << 'test'
+      t.test_files = FileList["test/#{suite}/**/*_test.rb"]
+    end
+  end
+end
+
+desc "Analyze code duplication"
+task :flay do
+  system "flay lib/*.rb"
+end
+
+desc "Analyze code complexity"
+task :flog do
+  system "find lib -name \*.rb | xargs flog"
+end

data/TODO.md

@@ -0,0 +1,39 @@
+# TODO (Features, Tests et al.)
+
+* If a file is not an RPM, every attempt to read anything should misreably
+  fail.
+* Add control logic to verify if a file exists before creating a new RPM in
+  Rupture::RPM#load
+* describe RPM::Lead it fails nicely when architecture is unknown -> def arch
+  return @@arch_map[@archnum] || "unknown"
+* Recognize all architectures
+* Edge case: verify correct idenfitication of `noarch`
+* Recognize all the OSes (maybe also add `osnum` method?)
+* How to fail when os is not recognized?
+* Document references to RPM spec docs and source code
+* Document Rupture::RPM::Lead (summarize structure and purpose from rpm file
+  format document)
+* Return nil or "" as md5 if no signature found (this means not creating the
+  signature if lead says no). Consider also this: if a signature is found and
+  md5 is not present, then mandatory rules are not violated. Finally, I'm not
+  sure it's so optional to include a signature; I suspect it's mandatory
+  (perhaps because md5 is mandatory?).
+* Document Rupture::RPM::Signature::Index::Entry class (in particular, how the
+  meaning of the `count` field changes with data type
+* Store#get error handling. Pass nil, out of bound address, non-numerical
+  address
+* Use actual size contained in the signature to calculate checksum?
+* Remember that signature is not mandatory in RPM!
+* It looks like size is also a form of signature, in the sense that RPM uses
+  the stored value to check actual size of header + payload (or did I
+  understood wrong?).
+* I18N ???
+
+# Roadmap
+
+* Pick the entry type table. For each type, pick a meaningful header tag (like
+  name, file list, etc.) to derive a feature to be implemented. At the end, all
+  types should be correctly handled
+* Decide a sensible behaviour for missing mandatory tags. Then, pick all
+  mandatory header tags and build a feature for them if not already covered
+  with previous method.

data/lib/rupert/errors.rb

@@ -0,0 +1,3 @@
+module Rupert
+  class NotAnRPM < StandardError; end
+end

data/lib/rupert/parser.rb

@@ -0,0 +1,60 @@
+require 'rupert/rpm/lead'
+require 'rupert/rpm/signature'
+
+module Rupert
+  class Parser
+    def initialize(raw_io)
+      @raw_io = raw_io
+    end
+
+    def parse
+      # TODO Fit to current design (i.e. no parsing in Lead c'tor?)
+      lead = RPM::Lead.new(@raw_io)
+
+      entry_count, store_size = parse_header
+      entries = parse_entries(entry_count)
+
+      store = parse_store(store_size)
+      content = parse_content
+
+      signature = RPM::Signature.new(RPM::Signature::Index.new(entries, store))
+
+      RPM.new(lead, signature, content)
+    end
+
+    private
+
+    def parse_header
+      header_size = 16
+      header_format =  "@8NN"
+
+      @raw_io.read(header_size).unpack(header_format)
+    end
+
+    def parse_entries(count)
+      entry_size = 16
+      entry_format = "NNNN"
+
+      entries = Hash.new
+      count.times do
+        tag, type, offset, count = @raw_io.read(entry_size).unpack(entry_format)
+        entry = RPM::Signature::Entry.new tag, type, offset, count
+        entries[entry.tag] = entry
+      end
+
+      entries
+    end
+
+    def parse_store(size)
+      RPM::Signature::Store.new(StringIO.new(@raw_io.read(nearest_multiple(size, 8))))
+    end
+
+    def parse_content
+      @raw_io.read
+    end
+
+    def nearest_multiple(size, modulo)
+      (size / modulo.to_f).ceil * modulo
+    end
+  end
+end

data/lib/rupert/rpm/lead.rb

@@ -0,0 +1,143 @@
+module Rupert
+  class RPM
+    class Lead
+      # Lead has a fixed length
+      LEAD_LENGTH = 96.freeze # byte
+
+      # The magic header that identifies an RPM beyond a shadow of a doubt, as
+      # every good RPM starts with hex `ed ab ee db`.
+      MAGIC = "\xed\xab\xee\xdb".force_encoding(Encoding::ASCII_8BIT).freeze
+
+      # RPM of type binary
+      TYPE_BINARY = 0.freeze
+
+      # RPM of type source
+      TYPE_SOURCE = 1.freeze
+
+      @@arch_map = {
+        1 => "i386/x86_64"
+      }.freeze
+
+      @@os_map = {
+        1 => "Linux"
+      }.freeze
+
+      # Only valid and recognized signature type
+      SIGNATURE_TYPE_HEADER = 5.freeze
+
+      # Chomps given IO, producing a `Lead` object and returning the remaining
+      # part for subsequent processing.
+      #
+      # Lead data is expected to begin at IO start, so returned scrap is
+      # basically the input IO without its first
+      # `Rupert::RPM::Lead::LEAD_LENGTH` bytes.
+      #
+      # @param io [IO] IO object containing lead data at its start, possibly
+      #           with additional bytes at the end 
+      #
+      # @return [Rupert::RPM::Lead, IO] the lead object corresponding to the
+      #         data at the beginning of the IO, and the part of the input remaining
+      #         after parsing.
+      def self.chomp(io)
+        [ self.new(io), io ]
+      end
+
+      # Initializes a lead section, parsing given IO
+      #
+      # @param lead [IO] An IO containing the lead information at the start
+      def initialize(lead)
+        lead_data = lead.read(LEAD_LENGTH)
+        parse(lead_data) if lead_data
+      end
+
+      # Major number of the RPM version used to format the package
+      #
+      # @return [Fixnum] RPM major version number 
+      def rpm_version_major
+        @rpm_major
+      end
+
+      # Minor number of the RPM version used to format the package
+      #
+      # @return [Fixnum] RPM minor version number 
+      def rpm_version_minor
+        @rpm_minor
+      end
+
+      # RPM version used to format the package
+      #
+      # @return [String] RPM version in <major>.<minor> format
+      def rpm_version
+        "#{rpm_version_major}.#{rpm_version_minor}"
+      end
+
+      # Tells if the file is recognized as an RPM or not
+      #
+      # @return `true` if magic number is found at lead's start, `false`
+      #          otherwise
+      def rpm?
+        @magic == MAGIC
+      end
+
+      # @return `true` if lead reports RPM as of binary type
+      def binary_type?
+        @type == TYPE_BINARY
+      end
+
+      # @return `true` if lead reports RPM as of source type
+      def source_type?
+        @type == TYPE_SOURCE
+      end
+
+      # The architecture the package was built for. A list of supported
+      # architectures can be found in `/usr/lib/rpm/rpmrc` on RedHat based
+      # systems.
+      #
+      # @return [String] a string representing the architecture name(s)
+      def arch
+        @@arch_map[@archnum]
+      end
+
+      # The name of the package
+      #
+      # @return [String] package name in the form <name>-<version>-<rev>.<suffix>
+      def name
+        @name
+      end
+
+      # OS for which the package was built
+      #
+      # @return [String] OS canonical name as defined in `/usr/lib/rpm/rpmrc`
+      def os
+        @@os_map[@osnum]
+      end
+
+      # @return `true` if the RPM is recognized as being signed, `false` otherwise
+      def signed?
+        @signature_type == SIGNATURE_TYPE_HEADER
+      end
+
+      # String of reserved bits. It's here for completeness of the lead's
+      # implementation but it isn't intended to be actually used
+      #
+      # @return [String] the raw 16 bytes long reserved string at the end of
+      #         the lead
+      def reserved
+        @reserved
+      end
+
+      private
+
+      # :nodoc
+      # The format string passed to `unpack` to parse the lead
+      LEAD_FORMAT = "A4CCnnZ66nna16".freeze
+
+      # :nodoc
+      # Unpacks lead raw bytes into its semantic components
+      def parse(lead_data)
+        @magic, @rpm_major, @rpm_minor, @type, @archnum, @name, @osnum,
+            @signature_type, @reserved = lead_data.unpack(LEAD_FORMAT)
+      end
+    end
+  end
+end

data/lib/rupert/rpm/signature/entry.rb

@@ -0,0 +1,19 @@
+module Rupert
+  class RPM
+    class Signature
+      class Entry
+        # Initializes a new index entry.
+        #
+        # @param tag [String] 4 byte entry tag (semantic data type)
+        # @param type [String] 4 byte entry data format
+        # @param offset [String] 4 byte pointer to data in the index store
+        # @param count [String] 4 byte number of data items held by the entry
+        def initialize(tag, type, offset, count)
+          @tag, @type, @offset, @count = tag, type, offset, count
+        end
+
+        attr_accessor :tag, :type, :offset, :count
+      end
+    end
+  end
+end

data/lib/rupert/rpm/signature/index.rb

@@ -0,0 +1,32 @@
+require 'rupert/rpm/signature/entry'
+require 'rupert/rpm/signature/store'
+
+module Rupert
+  class RPM
+    class Signature
+      class Index
+        # Initializes a new signature index, given the header's entries and the
+        # store containing actual data.
+        #
+        # @param entries [Hash] a map of
+        #                Rupert::RPM::Signature::Entry, indexed by tag
+        # @param store [Rupert::RPM::Signature::Store] store containing
+        #              data pointed by entries
+        def initialize(entries, store)
+          @entries = entries
+          @store = store
+        end
+
+        # Retrieves data pointed by given tag.
+        #
+        # @param tag [Fixnum] data type
+        # @return [Object] data associated to given tag, with variable format
+        #         depending on how it's stored
+        def get(tag)
+          entry = @entries[tag]
+          @store.fetch(entry)
+        end
+      end
+    end
+  end
+end

data/lib/rupert/rpm/signature/store.rb

@@ -0,0 +1,35 @@
+module Rupert
+class RPM
+  class Signature
+    # Package information is mostly contained in headers. Headers are composed
+    # of an index and a store.
+    # The (raw) store holds semantic RPM information in an undefined
+    # order and without any structure (i.e. by concatenating all pieces
+    # together). Addressing of resources in the store is handled by header
+    # entries, which define data format, position and size. Responsibility
+    # of the store is to take care of extracting these pieces given proper
+    # addressing information.
+    class Store
+      # Creates a new store by wrapping given chunck of raw data into a Store
+      # object.
+      #
+      # @param io [IO] raw binary data carved from RPM header. Must be an IO
+      #           containing only store's data (i.e. entry addresses are considered
+      #           relative to 0)
+      def initialize(io)
+        @io = io
+      end
+
+      # Fetches data pointed by given entry.
+      #
+      # @param entry [Rupert::RPM::Signature::Entry] entry containing address
+      #              and type of needed information
+      # @return [String] binary string containing asked data
+      def fetch(entry)
+        @io.seek(entry.offset, IO::SEEK_SET)
+        @io.read(entry.count)
+      end
+    end
+  end
+end
+end

data/lib/rupert/rpm/signature.rb

@@ -0,0 +1,43 @@
+require 'rupert/rpm/signature/index'
+
+module Rupert
+  class RPM
+    class Signature
+      # Tag holding 128-bit MD5 checksum of header and payload
+      MD5_TAG = 1004.freeze
+
+      # Creates a new signature given its components.
+      #
+      # @param index [Rupert::RPM::Signature::Index] the signature index
+      #              containing actual signature data
+      def initialize(index)
+        @index = index
+      end
+
+      # MD5 checksum contained in the RPM.
+      #
+      # @return [String] 128-bit MD5 checksum of RPM's header and payload, in
+      #         raw binary form.
+      def md5
+        @index.get MD5_TAG
+      end
+
+      # Verifies if stored MD5 checksum corresponds to digest calculated over
+      # given content.
+      #
+      # @return `true` if stored MD5 checksum corresponds to MD5 calculated
+      #         over given content, `false` otherwise
+      def verify_checksum(content)
+        md5 == md5_checksum(content)
+      end
+
+      private
+
+      # :nodoc
+      # MD5 checksum of given string
+      def md5_checksum(str)
+        Digest::MD5.digest(str)
+      end
+    end
+  end
+end

data/lib/rupert/rpm.rb

@@ -0,0 +1,118 @@
+require 'rupert/errors'
+require 'rupert/parser'
+require 'rupert/rpm/lead'
+require 'rupert/rpm/signature'
+
+require 'base64'
+
+module Rupert
+  class RPM
+    class << self
+      # Loads a RPM file and parses its structure
+      #
+      # @param filename [String] filename of the RPM to load
+      # @return [Rupert::RPM] the parsed RPM
+      def load(filename)
+        raise NotAnRPM, 
+          "File #{filename} isn't a valid RPM" unless rpm?(filename)
+
+        raw_io = File.open(filename, 'r')
+        rpm = Parser.new(raw_io).parse
+        raw_io.close
+
+        return rpm
+      end
+
+      # Tells whether given filename points to a valid RPM or not.
+      #
+      # @param filename [String] filename to inspect
+      # @return `true` if file starts with the correct magic header
+      def rpm?(filename)
+        Lead.new(File.open(filename, 'r')).rpm?
+      end
+    end
+
+    # Initialize the RPM object, given its components.
+    #
+    # This method is not intended to be used to instantiate RPM objects
+    # directly. Instead, use Rupert::RPM::load for a more straightforward
+    # alternative.
+    #
+    # @param lead [Rupert::RPM::Lead] RPM lead section
+    # @param signature [Rupert::RPM::Signature] RPM signature section
+    # @param content [String] Raw content found after the signature structure
+    def initialize(lead, signature, content)
+      @lead = lead
+      @signature = signature
+      @content = content
+    end
+
+    # RPM version used to encode the package.
+    #
+    # @return [String] the RPM version in `<major>.<minor>` format
+    def rpm_version
+      @lead.rpm_version
+    end
+
+    # @return `true` if the RPM is of type binary, `false` otherwise
+    def binary?
+      @lead.binary_type?
+    end
+
+    # @return `true` if the RPM is of type source, `false` otherwise
+    def source?
+      @lead.source_type?
+    end
+
+    # Which architecture the package was built for, e.g. `i386/x86_64` or
+    # `arm`
+    #
+    # @return [String] package architecture name
+    def rpm_arch
+     @lead.arch
+    end
+
+    # Full package name
+    #
+    # @return [String] package name in the form <name>-<version>-<rev>.<suffix>
+    def name
+      @lead.name
+    end
+
+    # OS for which the package was built
+    #
+    # @return [String] as defined in /usr/lib/rpm/rpmrc under the canonical OS
+    #         names section
+    def os
+      @lead.os
+    end
+
+    # @return `true` if the package is signed, `false` otherwise
+    def signed?
+      @lead.signed?
+    end
+
+    # MD5 checksum stored in the package (base64 encoded). To be used to check
+    # package integrity.
+    #
+    # NOTE: This is not the MD5 of the whole package; rather, the digest is
+    # calculated over the header and payload, leaving out the lead and the
+    # signature header. I.e., running `md5sum <myrpm>` won't held the same
+    # result as `Rupert::RPM.load('<myrpm>').md5`.
+    #
+    # @return [String] Base64-encoded MD5 checksum of package's header and
+    #         payload, stored in the RPM itself
+    def md5
+      Base64.strict_encode64(@signature.md5)
+    end
+
+    # Verifies package integrity. Compares MD5 checksum stored in the package
+    # with checksum calculated over header(s) and payload (archive).
+    #
+    # @return `true` if package is intact, `false` if package (either stored MD5 or
+    # payload) is corrupted
+    def intact?
+      @signature.verify_checksum(@content)      
+    end
+  end
+end

data/lib/rupert/version.rb

@@ -0,0 +1,3 @@
+module Rupert
+  VERSION = "0.0.1"
+end

data/lib/rupert.rb

@@ -0,0 +1,2 @@
+require "rupert/version"
+require "rupert/rpm"

data/rupert.gemspec

@@ -0,0 +1,34 @@
+# coding: utf-8
+$:.unshift('lib') unless $:.include?('lib')
+require 'rupert/version'
+
+Gem::Specification.new do |spec|
+  spec.name             = "rupert"
+  spec.version          = Rupert::VERSION
+  spec.authors          = ["Stefano Zanella"]
+  spec.email            = ["zanella.stefano@gmail.com"]
+  spec.summary          = %q{Pure Ruby RPM Library}
+  spec.homepage         = ""
+  spec.license          = "MIT"
+
+  spec.files            = `git ls-files`.split($/)
+  spec.executables      = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files       = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths    = ["lib"]
+
+  spec.extra_rdoc_files = ["README.md"]
+  spec.rdoc_options     = ["--charset=UTF-8"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "minitest", "~> 5"
+  spec.add_development_dependency "minitest-spec-context"
+  spec.add_development_dependency "mocha", "~> 0"
+  spec.add_development_dependency "coveralls"
+  spec.add_development_dependency "flog"
+  spec.add_development_dependency "flay"
+
+  spec.description = %s{
+    Rupert allows to manipulate RPM files independently from availability of rpmlib.
+  }
+end

data/test/end_to_end/rpm_signature_test.rb

@@ -0,0 +1,14 @@
+require 'test_helper'
+
+describe Rupert::RPM do
+  let(:valid_rpm)   { fixture('rpm-4.8.0-32.el6.x86_64.rpm') }
+  let(:rpm)         { Rupert::RPM.load(valid_rpm) }
+
+  it "reads the package checksum" do
+    rpm.md5.must_equal "jvA7YQW9TICIGWjaSLF/sA=="
+  end
+
+  it "verifies package (non-cryptographic) integrity" do
+    assert rpm.intact?, "expected package to be intact, but it was not."
+  end
+end

data/test/end_to_end/rpm_test.rb

@@ -0,0 +1,50 @@
+require 'test_helper'
+
+describe Rupert::RPM do
+  let(:valid_rpm)   { fixture('rpm-4.8.0-32.el6.x86_64.rpm') }
+  let(:invalid_rpm) { fixture('notanrpm-0.0.1-1.el6.noarch.rpm') }
+  let(:bin_rpm)     { fixture('rpm-4.8.0-32.el6.x86_64.rpm') }
+  let(:src_rpm)     { fixture('redhat-lsb-4.0-7.el6.centos.src.rpm') }
+
+  let(:rpm)         { Rupert::RPM.load(valid_rpm) }
+  let(:binary_rpm)  { Rupert::RPM.load(bin_rpm) }
+  let(:source_rpm)  { Rupert::RPM.load(src_rpm) }
+
+  it "correctly loads a valid RPM" do
+    Rupert::RPM.load(valid_rpm)
+  end
+
+  it "raises an error if the RPM is not in valid format" do
+    proc {
+      Rupert::RPM.load(invalid_rpm)
+    }.must_raise Rupert::NotAnRPM
+  end
+
+  it "knows which version of RPM the file is" do
+    rpm.rpm_version.must_equal "3.0"
+  end
+
+  it "tells which architecture the package is built for" do
+    rpm.rpm_arch.must_equal "i386/x86_64"
+  end
+
+  it "tells if the file is a binary or source RPM" do
+    assert binary_rpm.binary?, "failed to recognize RPM as binary"
+    refute binary_rpm.source?, "RPM misrecognized as of source type"
+
+    assert source_rpm.source?, "failed to recognize RPM as source"
+    refute source_rpm.binary?, "RPM misrecognized as of binary type"
+  end
+
+  it "tells the package's name" do
+    rpm.name.must_equal "rpm-4.8.0-32.el6"
+  end
+
+  it "tells the operating system for which the package has been built" do
+    rpm.os.must_equal "Linux"
+  end
+
+  it "tells if package is signed" do
+    assert rpm.signed?, "expected the package to be signed, but it was not"
+  end
+end

data/test/fixtures/README.md

@@ -0,0 +1,6 @@
+# Test Fixtures
+
+## Here lie some RPMs used to test rupture against the real world.
+
+RPM have been downloaded from http://yum.singlehop.com/CentOS/6.4/os/x86_64/Packages/.
+Source RPM have been downloaded from http://vault.centos.org/6.4/os/Source/SPackages/.

data/test/test_helper.rb

@@ -0,0 +1,65 @@
+require 'coveralls'
+Coveralls.wear!
+
+require 'minitest/autorun'
+require 'minitest/pride'
+require 'minitest/spec'
+require 'minitest-spec-context'
+require 'mocha/setup'
+
+require 'rupert'
+require 'rupert/errors'
+
+# Returns the absolute path for the given fixture filename, or the path of
+# fixture directory if no argument present.
+def fixture(filename='')
+  File.join(File.dirname(__FILE__), 'fixtures', filename)
+end
+
+# Forces the string to be encoded as 8 bit ASCII (instead of, for example,
+# UTF-8). This is to be used whenever a (binary) string is manually hardcoded
+# in tests, since using a different encoding (e.g. UTF-8) breaks
+# parsing/generating the IO stream.
+def ascii(string)
+  string.force_encoding(Encoding::ASCII_8BIT)
+end
+
+# Pads a string with nulls to fill given length
+def pad(string, length)
+  ("%-#{length}.#{length}s" % string).gsub(" ", "\x00")
+end
+
+# A string of nulls of given length
+def null(length)
+  pad("", length)
+end
+
+# Returns 128-bit MD5 checksum of given string
+def md5(str)
+  Digest::MD5.digest(str)
+end
+
+# Transforms given string into an IO object.
+def io(string)
+  StringIO.new(string)
+end
+
+# Helpers that builds a lead header from a plain string. Use it to make tests
+# more readable.
+def lead_from(string)
+  Rupert::RPM::Lead.new(io(string))
+end
+
+def lead_with(string)
+  lead_from(string)
+end
+
+# Helpers that builds a signature header from a plain string. Use it to make tests
+# more readable.
+def signature_from(string)
+  Rupert::RPM::Signature.new(io(string))
+end
+
+def signature_with(string)
+  signature_from(string)
+end

data/test/unit/rpm/lead_test.rb

@@ -0,0 +1,100 @@
+require 'test_helper'
+
+describe Rupert::RPM::Lead do
+  context "when reading a proper RPM" do
+    let(:rpm_version_raw)         { ascii("\x02\x01") }
+    let(:binary_type_raw)         { ascii("\x00\x00") }
+    let(:source_type_raw)         { ascii("\x00\x01") }
+    let(:archnum_raw)             { ascii("\x00\x01") }
+    let(:pkg_name_raw)            { ascii(pad("awesomepkg-1.0-127.fedora19", 66)) }
+    let(:os_raw)                  { ascii("\x00\x01") }
+    let(:sig_type_header_raw)     { ascii("\x00\x05") }
+    let(:unknown_sig_type_raw)    { ascii("\x03\x03") }
+    let(:reserved_string_raw)     { ascii(null(16)) }
+
+    let(:rpm_version)             { "#{Rupert::RPM::Lead::MAGIC}#{rpm_version_raw}" }
+    let(:binary_type)             { "#{rpm_version}#{binary_type_raw}" }
+    let(:source_type)             { "#{rpm_version}#{source_type_raw}" }
+    let(:arch)                    { "#{binary_type}#{archnum_raw}" }
+    let(:pkg_name)                { "#{arch}#{pkg_name_raw}" }
+    let(:os)                      { "#{pkg_name}#{os_raw}" }
+    let(:signature_type_header)   { "#{os}#{sig_type_header_raw}" }
+    let(:unknown_signature_type)  { "#{os}#{unknown_sig_type_raw}" }
+    let(:reserved_bits)           { "#{signature_type_header}#{reserved_string_raw}" }
+    let(:additional_content)      { "#{reserved_bits}this_is_not_part_of_the_lead" }
+  
+    it "parses RPM major and minor version numbers" do
+      lead_with(rpm_version).rpm_version_major.must_equal 2
+      lead_with(rpm_version).rpm_version_minor.must_equal 1
+    end
+  
+    it "outputs RPM version number if common string format" do
+      lead_with(rpm_version).rpm_version.must_equal "2.1"
+    end 
+  
+    it "tells if a file is recognized as an RPM or not" do
+      assert lead_with(rpm_version).rpm?,
+             "failed to recognize the file as an RPM"
+    end
+
+    it "recognizes RPM as binary" do
+      assert lead_with(binary_type).binary_type?,
+             "failed to recognize RPM as of binary type"
+    end
+
+    it "recognizes RPM as source" do
+      assert lead_with(source_type).source_type?,
+             "failed to recognize RPM as of source type"
+    end
+
+    it "tells which architecture the package is built for" do
+      lead_with(arch).arch.must_equal "i386/x86_64"
+    end
+
+    it "tells the package name" do
+      lead_with(pkg_name).name.must_equal "awesomepkg-1.0-127.fedora19"
+    end
+
+    it "tells the os for which the package was built" do
+      lead_with(os).os.must_equal "Linux"
+    end
+
+    it "tells whether the package is signed or not" do
+      assert lead_with(signature_type_header).signed?,
+             "expected to recognize the RPM as signed, but it was not"
+
+      refute lead_with(unknown_signature_type).signed?,
+             "expected to recognize the RPM as NOT signed, but it was"
+    end
+
+    it "exposes the reserved bits at the end of the lead" do
+      lead_with(reserved_bits).reserved.length.must_equal 16
+    end
+
+    it "can parse an incoming IO returning itself and the remaining part for
+        subsequent elaboration" do
+      lead, scrap = Rupert::RPM::Lead.chomp(io(additional_content))
+
+      lead.must_be_instance_of Rupert::RPM::Lead
+      scrap.read.must_equal "this_is_not_part_of_the_lead"
+    end
+  end
+
+  context "when reading an invalid RPM" do
+    let(:invalid_magic) { "\x00\x01\x02\x03" }
+  
+    it "recognizes the file is not an RPM" do
+      refute lead_with(invalid_magic).rpm?,
+             "failed to recognize the file as NOT an RPM"
+    end
+  end
+
+  context "when reading an empty file" do
+    let(:empty_lead) { lead_from "" }
+  
+    it "recognizes the file is not an RPM" do
+      refute empty_lead.rpm?,
+             "failed to recognize the file as NOT an RPM"
+    end
+  end
+end

data/test/unit/rpm/signature/index_test.rb

@@ -0,0 +1,14 @@
+require 'test_helper'
+
+describe Rupert::RPM::Signature::Index do
+  let(:entry)   { Rupert::RPM::Signature::Entry.new(1234, 7, 567, 890) }
+  let(:entries) { { entry.tag => entry } } 
+  let(:store)   { mock }
+  let(:index)   { Rupert::RPM::Signature::Index.new(entries, store) }
+
+  it "retrieves binary data marked with a specific tag from the store" do
+    store.expects(:fetch).once.with(entry)
+    
+    index.get(entry.tag)
+  end
+end

data/test/unit/rpm/signature/store_test.rb

@@ -0,0 +1,12 @@
+require 'test_helper'
+
+describe Rupert::RPM::Signature::Store do
+  let(:raw_io)  { io(ascii("\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a")) }
+  let(:entry)   { Rupert::RPM::Signature::Entry.new(nil, 7, 4, 5) }
+  let(:store)   { Rupert::RPM::Signature::Store.new(raw_io) }
+
+  it "fetches a raw chunck of data given the entry that points to it" do
+    data = store.fetch(entry)
+    data.must_equal ascii("\x04\x05\x06\x07\x08")
+  end
+end

data/test/unit/rpm/signature_test.rb

@@ -0,0 +1,25 @@
+require 'test_helper'
+
+describe Rupert::RPM::Signature do
+  let(:md5_signature_tag) { Rupert::RPM::Signature::MD5_TAG }
+  let(:index)             { mock }
+  let(:signature)         { Rupert::RPM::Signature.new(index) }
+  let(:pristine_content)  { ascii("\x01\x02\x03\x04") }
+  let(:corrupted_content) { ascii("\xf4\x04\x57\x1e") }
+
+  it "fetches the MD5 from its index" do
+    index.expects(:get).once.with(md5_signature_tag) 
+
+    signature.md5
+  end
+
+  it "correctly verifies integrity of pristine and corrupted packages" do
+    index.stubs(:get).returns(md5(pristine_content))
+
+    assert signature.verify_checksum(pristine_content),
+           "expected pristine content to be verified correctly, but it was not"
+
+    refute signature.verify_checksum(corrupted_content),
+           "expected corrupted content not to be verified correctly, but it was"
+  end
+end

data/test/unit/rpm_test.rb

@@ -0,0 +1,19 @@
+require 'test_helper'
+
+describe Rupert::RPM do
+  let(:signature)      { mock }
+  let(:rpm)            { Rupert::RPM.new(nil, signature, signed_content) }
+  let(:signed_content) { ascii("\x01\x02\x03\x04") }
+
+  it "exposes the MD5 digest held by the signature" do
+    signature.expects(:md5).once.returns("abc")
+
+    rpm.md5
+  end
+
+  it "asks the signature to verify content integrity" do
+    signature.expects(:verify_checksum).once.with(signed_content)
+
+    rpm.intact?
+  end
+end

metadata

@@ -0,0 +1,208 @@
+--- !ruby/object:Gem::Specification
+name: rupert
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Stefano Zanella
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-08-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: minitest-spec-context
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: flog
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: flay
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: "\n    Rupert allows to manipulate RPM files independently from availability
+  of rpmlib.\n  "
+email:
+- zanella.stefano@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.md
+files:
+- .gitignore
+- .ruby-version
+- .travis.yml
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- TODO.md
+- lib/rupert.rb
+- lib/rupert/errors.rb
+- lib/rupert/parser.rb
+- lib/rupert/rpm.rb
+- lib/rupert/rpm/lead.rb
+- lib/rupert/rpm/signature.rb
+- lib/rupert/rpm/signature/entry.rb
+- lib/rupert/rpm/signature/index.rb
+- lib/rupert/rpm/signature/store.rb
+- lib/rupert/version.rb
+- rupert.gemspec
+- test/end_to_end/rpm_signature_test.rb
+- test/end_to_end/rpm_test.rb
+- test/fixtures/README.md
+- test/fixtures/notanrpm-0.0.1-1.el6.noarch.rpm
+- test/fixtures/redhat-lsb-4.0-7.el6.centos.src.rpm
+- test/fixtures/rpm-4.8.0-32.el6.x86_64.rpm
+- test/fixtures/rpm-libs-4.8.0-32.el6.i686.rpm
+- test/fixtures/rpm-libs-4.8.0-32.el6.x86_64.rpm
+- test/fixtures/rpmdevtools-7.5-2.el6.noarch.rpm
+- test/test_helper.rb
+- test/unit/rpm/lead_test.rb
+- test/unit/rpm/signature/index_test.rb
+- test/unit/rpm/signature/store_test.rb
+- test/unit/rpm/signature_test.rb
+- test/unit/rpm_test.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options:
+- --charset=UTF-8
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Pure Ruby RPM Library
+test_files:
+- test/end_to_end/rpm_signature_test.rb
+- test/end_to_end/rpm_test.rb
+- test/fixtures/README.md
+- test/fixtures/notanrpm-0.0.1-1.el6.noarch.rpm
+- test/fixtures/redhat-lsb-4.0-7.el6.centos.src.rpm
+- test/fixtures/rpm-4.8.0-32.el6.x86_64.rpm
+- test/fixtures/rpm-libs-4.8.0-32.el6.i686.rpm
+- test/fixtures/rpm-libs-4.8.0-32.el6.x86_64.rpm
+- test/fixtures/rpmdevtools-7.5-2.el6.noarch.rpm
+- test/test_helper.rb
+- test/unit/rpm/lead_test.rb
+- test/unit/rpm/signature/index_test.rb
+- test/unit/rpm/signature/store_test.rb
+- test/unit/rpm/signature_test.rb
+- test/unit/rpm_test.rb