projects / apt.git / blame
| Commit | Line | Data |
|---|---|---|
| 80f3aeb0 DK |
1 | #!/bin/sh |
| 2 | set -e | |
| 3 | ||
| bc8f83a5 DK |
4 | # apt-key is a shell script, so relatively prune to be effected by 'crazy' things: |
| 5 | # confuses config parser as there exists no way of escaping " currently. | |
| 6 | #TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!" | |
| 7 | # gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program | |
| 8 | #TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!" | |
| 9 | TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!" | |
| 10 | ||
| 3abb6a6a DK |
11 | TESTDIR="$(readlink -f "$(dirname "$0")")" |
| 12 | . "$TESTDIR/framework" | |
| 80f3aeb0 DK |
13 | |
| 14 | setupenvironment | |
| 15 | configarchitecture 'amd64' | |
| 16 | ||
| 93d0d08c DK |
17 | # start from a clean plate again |
| 18 | cleanplate() { | |
| 0cfec3ab DK |
19 | rm -rf "${ROOTDIR}/etc/apt/trusted.gpg.d/" "${ROOTDIR}/etc/apt/trusted.gpg" |
| 20 | mkdir "${ROOTDIR}/etc/apt/trusted.gpg.d/" | |
| 93d0d08c | 21 | } |
| fb7b11eb DK |
22 | testmultigpg() { |
| 23 | testfailure --nomsg aptkey --quiet --readonly "$@" | |
| 0cfec3ab DK |
24 | testsuccess grep "^gpgv: Can't check signature" "${ROOTDIR}/tmp/testfailure.output" |
| 25 | testsuccess grep '^gpgv: Good signature from' "${ROOTDIR}/tmp/testfailure.output" | |
| fb7b11eb | 26 | } |
| 80f3aeb0 | 27 | |
| 93d0d08c | 28 | testrun() { |
| 0cfec3ab DK |
29 | echo "APT::Key::ArchiveKeyring \"${KEYDIR}/joesixpack.pub\"; |
| 30 | APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub\";" > "${ROOTDIR}/etc/apt/apt.conf.d/aptkey.conf" | |
| 31 | ||
| 93d0d08c | 32 | cleanplate |
| 0cfec3ab DK |
33 | ln -sf "$(readlink -f "${KEYDIR}/joesixpack.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 34 | testaptkeys 'Joe Sixpack' | |
| 80f3aeb0 | 35 | |
| 0cfec3ab | 36 | testsuccess aptkey list |
| 93d0d08c | 37 | msgtest 'Check that paths in list output are not' 'double-slashed' |
| 0cfec3ab | 38 | testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output" |
| 80f3aeb0 | 39 | |
| 0cfec3ab | 40 | testsuccess aptkey finger |
| 93d0d08c | 41 | msgtest 'Check that paths in finger output are not' 'double-slashed' |
| 0cfec3ab | 42 | testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output" |
| 80f3aeb0 | 43 | |
| 19fdf93d DK |
44 | testequalor2 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed |
| 45 | gpg: Total number processed: 1 | |
| 46 | gpg: unchanged: 1' 'gpg: key 5A90D141DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed | |
| 93d0d08c DK |
47 | gpg: Total number processed: 1 |
| 48 | gpg: unchanged: 1' aptkey --fakeroot update | |
| 80f3aeb0 | 49 | |
| f14cde2c | 50 | testaptkeys 'Joe Sixpack' |
| 0cfec3ab | 51 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg" |
| f14cde2c | 52 | |
| 0cfec3ab DK |
53 | testsuccess aptkey --fakeroot add "${KEYDIR}/rexexpired.pub" |
| 54 | testfilestats "${ROOTDIR}/etc/apt/trusted.gpg" '%a' '=' '644' | |
| 04937adc | 55 | |
| f14cde2c | 56 | testaptkeys 'Rex Expired' 'Joe Sixpack' |
| 04937adc | 57 | |
| 38005d8b | 58 | msgtest 'Check that Sixpack key can be' 'exported' |
| 0cfec3ab DK |
59 | aptkey export 'Sixpack' > "${TMPWORKINGDIRECTORY}/aptkey.export" |
| 60 | aptkey --keyring "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" exportall > "${TMPWORKINGDIRECTORY}/aptkey.exportall" | |
| 61 | testsuccess --nomsg cmp "${TMPWORKINGDIRECTORY}/aptkey.export" "${TMPWORKINGDIRECTORY}/aptkey.exportall" | |
| 62 | testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.export" | |
| 63 | testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.exportall" | |
| 38005d8b | 64 | |
| 93d0d08c DK |
65 | msgtest 'Execute update again to trigger removal of' 'Rex Expired key' |
| 66 | testsuccess --nomsg aptkey --fakeroot update | |
| 67 | ||
| f14cde2c | 68 | testaptkeys 'Joe Sixpack' |
| 93d0d08c DK |
69 | |
| 70 | msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring' | |
| 0cfec3ab | 71 | testsuccess --nomsg aptkey --fakeroot --keyring "${ROOTDIR}/etc/apt/trusted.gpg" del DBAC8DAE |
| 93d0d08c | 72 | |
| f14cde2c | 73 | testaptkeys 'Joe Sixpack' |
| 93d0d08c DK |
74 | |
| 75 | testsuccess aptkey --fakeroot del DBAC8DAE | |
| 76 | testempty aptkey list | |
| 77 | ||
| b0d40854 | 78 | msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short |
| 05f64ca2 | 79 | cleanplate |
| 0cfec3ab | 80 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 05f64ca2 DK |
81 | testsuccess --nomsg aptkey --fakeroot del d141dbac8dae |
| 82 | testempty aptkey list | |
| 83 | ||
| 93d0d08c DK |
84 | msgtest 'Test key removal with' 'single key in real file' |
| 85 | cleanplate | |
| 0cfec3ab | 86 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 93d0d08c DK |
87 | testsuccess --nomsg aptkey --fakeroot del DBAC8DAE |
| 88 | testempty aptkey list | |
| 0cfec3ab DK |
89 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 90 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 93d0d08c | 91 | |
| 031a3f25 DK |
92 | msgtest 'Test key removal with' 'different key specs' |
| 93 | cleanplate | |
| 0cfec3ab DK |
94 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 95 | cp -a "${KEYDIR}/marvinparanoid.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.gpg" | |
| 031a3f25 DK |
96 | testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2 |
| 97 | testempty aptkey list | |
| 0cfec3ab DK |
98 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 99 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 100 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.gpg" | |
| 101 | testsuccess cmp "${KEYDIR}/marvinparanoid.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.gpg~" | |
| 031a3f25 | 102 | |
| 29f1b977 JM |
103 | msgtest 'Test key removal with' 'long key ID' |
| 104 | cleanplate | |
| 0cfec3ab | 105 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 29f1b977 JM |
106 | testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE |
| 107 | testempty aptkey list | |
| 0cfec3ab DK |
108 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 109 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 29f1b977 | 110 | |
| ba72845c DK |
111 | msgtest 'Test key removal with' 'fingerprint' |
| 112 | cleanplate | |
| 0cfec3ab | 113 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| ba72845c DK |
114 | testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE |
| 115 | testempty aptkey list | |
| 0cfec3ab DK |
116 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 117 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| ba72845c | 118 | |
| e289907f DK |
119 | msgtest 'Test key removal with' 'spaced fingerprint' |
| 120 | cleanplate | |
| 121 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" | |
| 122 | testsuccess --nomsg aptkey --fakeroot del '34A8 E9D1 8DB3 20F3 67E8 EAA0 5A90 D141 DBAC 8DAE' | |
| 123 | testempty aptkey list | |
| 124 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" | |
| 125 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 126 | ||
| 93d0d08c DK |
127 | msgtest 'Test key removal with' 'single key in softlink' |
| 128 | cleanplate | |
| 0cfec3ab | 129 | ln -s "$(readlink -f "${KEYDIR}/joesixpack.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 93d0d08c DK |
130 | testsuccess --nomsg aptkey --fakeroot del DBAC8DAE |
| 131 | testempty aptkey list | |
| 0cfec3ab DK |
132 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 133 | testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 93d0d08c DK |
134 | |
| 135 | cleanplate | |
| 0cfec3ab DK |
136 | testsuccess aptkey --fakeroot add "${KEYDIR}/joesixpack.pub" |
| 137 | ln -sf "$(readlink -f "${KEYDIR}/marvinparanoid.pub")" "${KEYDIR}/marvin paránöid.pub" | |
| 138 | testsuccess aptkey --fakeroot add "${KEYDIR}/marvin paránöid.pub" | |
| f14cde2c | 139 | testaptkeys 'Joe Sixpack' 'Marvin Paranoid' |
| 0cfec3ab | 140 | cp -a "${ROOTDIR}/etc/apt/trusted.gpg" "${KEYDIR}/testcase-multikey.pub" # store for reuse |
| 93d0d08c DK |
141 | |
| 142 | msgtest 'Test key removal with' 'multi key in real file' | |
| 143 | cleanplate | |
| 0cfec3ab | 144 | cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" |
| 93d0d08c | 145 | testsuccess --nomsg aptkey --fakeroot del DBAC8DAE |
| f14cde2c | 146 | testaptkeys 'Marvin Paranoid' |
| 0cfec3ab | 147 | testsuccess cmp "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~" |
| 93d0d08c DK |
148 | |
| 149 | msgtest 'Test key removal with' 'multi key in softlink' | |
| 150 | cleanplate | |
| 0cfec3ab | 151 | ln -s "$(readlink -f "${KEYDIR}/testcase-multikey.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" |
| 93d0d08c | 152 | testsuccess --nomsg aptkey --fakeroot del DBAC8DAE |
| f14cde2c | 153 | testaptkeys 'Marvin Paranoid' |
| 0cfec3ab DK |
154 | testsuccess cmp "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~" |
| 155 | testfailure test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" | |
| 156 | testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~" | |
| 93d0d08c DK |
157 | |
| 158 | msgtest 'Test key removal with' 'multiple files including key' | |
| 159 | cleanplate | |
| 0cfec3ab DK |
160 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 161 | cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" | |
| 93d0d08c | 162 | testsuccess --nomsg aptkey --fakeroot del DBAC8DAE |
| f14cde2c | 163 | testaptkeys 'Marvin Paranoid' |
| 0cfec3ab DK |
164 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 165 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 166 | testsuccess cmp "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~" | |
| 0dae96a2 DK |
167 | |
| 168 | cleanplate | |
| 0cfec3ab DK |
169 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 170 | cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" | |
| f14cde2c | 171 | testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid' |
| 0dae96a2 | 172 | msgtest 'Test merge-back of' 'added keys' |
| 0cfec3ab | 173 | testsuccess --nomsg aptkey adv --batch --yes --import "${KEYDIR}/rexexpired.pub" |
| f14cde2c | 174 | testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid' |
| 0dae96a2 DK |
175 | |
| 176 | msgtest 'Test merge-back of' 'removed keys' | |
| 177 | testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9 | |
| f14cde2c | 178 | testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid' |
| 0dae96a2 DK |
179 | |
| 180 | msgtest 'Test merge-back of' 'removed duplicate keys' | |
| 181 | testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE | |
| f14cde2c | 182 | testaptkeys 'Marvin Paranoid' |
| b0d40854 DK |
183 | |
| 184 | cleanplate | |
| 0cfec3ab DK |
185 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 186 | cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" | |
| 187 | local SIGNATURE="${TMPWORKINGDIRECTORY}/signature" | |
| b0d40854 | 188 | msgtest 'Test signing a file' 'with a key' |
| 0cfec3ab DK |
189 | echo 'Verify me. This is my signature.' > "$SIGNATURE" |
| 190 | echo 'lalalalala' > "${SIGNATURE}2" | |
| 191 | testsuccess --nomsg aptkey --quiet --keyring "${KEYDIR}/marvinparanoid.pub" --secret-keyring "${KEYDIR}/marvinparanoid.sec" --readonly \ | |
| 192 | adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}" | |
| 193 | testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}" | |
| b0d40854 | 194 | |
| 2fac0dd5 | 195 | msgtest 'Test verify a file' 'with no sig' |
| 0cfec3ab | 196 | testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}" "${SIGNATURE}2" |
| 2fac0dd5 | 197 | |
| 19fdf93d | 198 | for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do |
| 0cfec3ab | 199 | echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" |
| 19fdf93d | 200 | if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi |
| f14cde2c DK |
201 | |
| 202 | msgtest 'Test verify a file' 'with all keys' | |
| 0cfec3ab | 203 | testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| b0d40854 | 204 | |
| f14cde2c | 205 | msgtest 'Test verify a file' 'with good keyring' |
| 0cfec3ab | 206 | testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| b0d40854 | 207 | |
| f14cde2c | 208 | msgtest 'Test fail verify a file' 'with bad keyring' |
| 0cfec3ab | 209 | testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/joesixpack.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| b0d40854 | 210 | |
| f14cde2c | 211 | msgtest 'Test fail verify a file' 'with non-existing keyring' |
| 0cfec3ab DK |
212 | testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/does-not-exist.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| 213 | testfailure test -e "${KEYDIR}/does-not-exist.pub" | |
| b0d40854 | 214 | |
| 4e03c47d | 215 | # note: this isn't how apts gpgv method implements keyid for verify |
| f14cde2c | 216 | msgtest 'Test verify a file' 'with good keyid' |
| 0cfec3ab | 217 | testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| b0d40854 | 218 | |
| f14cde2c | 219 | msgtest 'Test fail verify a file' 'with bad keyid' |
| 0cfec3ab | 220 | testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| b0d40854 | 221 | |
| f14cde2c | 222 | msgtest 'Test fail verify a file' 'with non-existing keyid' |
| 0cfec3ab | 223 | testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| f14cde2c DK |
224 | |
| 225 | msgtest 'Test verify fails on' 'bad file' | |
| 0cfec3ab | 226 | testfailure --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}2" |
| f14cde2c | 227 | done |
| 0cfec3ab | 228 | rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" |
| fb7b11eb DK |
229 | |
| 230 | msgtest 'Test verify a file' 'with good keyring' | |
| 0cfec3ab | 231 | testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
232 | |
| 233 | cleanplate | |
| 0cfec3ab DK |
234 | cat "${KEYDIR}/joesixpack.pub" "${KEYDIR}/marvinparanoid.pub" > "${KEYDIR}/double.pub" |
| 235 | cat "${KEYDIR}/joesixpack.sec" "${KEYDIR}/marvinparanoid.sec" > "${KEYDIR}/double.sec" | |
| 236 | cp -a "${KEYDIR}/double.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/double.gpg" | |
| 237 | cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" | |
| 238 | rm -f "${SIGNATURE}.gpg" | |
| 239 | testsuccess aptkey --quiet --keyring "${KEYDIR}/double.pub" --secret-keyring "${KEYDIR}/double.sec" --readonly \ | |
| 240 | adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}" | |
| 241 | testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}" | |
| fb7b11eb | 242 | |
| 19fdf93d | 243 | for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do |
| 0cfec3ab | 244 | echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" |
| 19fdf93d | 245 | if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi |
| fb7b11eb DK |
246 | |
| 247 | msgtest 'Test verify a doublesigned file' 'with all keys' | |
| 0cfec3ab | 248 | testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
249 | |
| 250 | msgtest 'Test verify a doublesigned file' 'with good keyring joe' | |
| 0cfec3ab | 251 | testmultigpg --keyring "${KEYDIR}/joesixpack.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
252 | |
| 253 | msgtest 'Test verify a doublesigned file' 'with good keyring marvin' | |
| 0cfec3ab | 254 | testmultigpg --keyring "${KEYDIR}/marvinparanoid.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
255 | |
| 256 | msgtest 'Test fail verify a doublesigned file' 'with bad keyring' | |
| 0cfec3ab | 257 | testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/rexexpired.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
258 | |
| 259 | msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring' | |
| 0cfec3ab DK |
260 | testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/does-not-exist.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| 261 | testfailure test -e "${KEYDIR}/does-not-exist.pub" | |
| fb7b11eb DK |
262 | |
| 263 | # note: this isn't how apts gpgv method implements keyid for verify | |
| 264 | msgtest 'Test verify a doublesigned file' 'with good keyid' | |
| 0cfec3ab | 265 | testmultigpg --keyid 'Paranoid' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
266 | |
| 267 | msgtest 'Test fail verify a doublesigned file' 'with bad keyid' | |
| 0cfec3ab | 268 | testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
269 | |
| 270 | msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid' | |
| 0cfec3ab | 271 | testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
272 | |
| 273 | msgtest 'Test verify fails on' 'bad doublesigned file' | |
| 0cfec3ab | 274 | testfailure --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}2" |
| fb7b11eb | 275 | done |
| 0cfec3ab | 276 | rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" |
| 93d0d08c | 277 | } |
| 04937adc | 278 | |
| 93d0d08c | 279 | setupgpgcommand() { |
| 19fdf93d DK |
280 | local GPGEXE; |
| 281 | if command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then | |
| 282 | if [ "$1" = '1' ]; then | |
| 283 | GPGEXE='gpg1' | |
| 284 | else | |
| 285 | GPGEXE='gpg' | |
| 286 | fi | |
| 287 | else | |
| 288 | if [ "$1" = '1' ]; then | |
| 289 | GPGEXE='gpg' | |
| 290 | else | |
| 291 | GPGEXE='gpg2' | |
| 292 | fi | |
| 293 | fi | |
| 294 | msgmsg 'Force tests to be run with' "$GPGEXE" | |
| 295 | echo "APT::Key::GPGCommand \"$GPGEXE\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd" | |
| f14cde2c | 296 | testsuccess aptkey --readonly adv --version |
| 0cfec3ab | 297 | cp "${ROOTDIR}/tmp/testsuccess.output" "${TMPWORKINGDIRECTORY}/aptkey.version" |
| 19fdf93d | 298 | testsuccess grep "^gpg (GnuPG) $1\." "${TMPWORKINGDIRECTORY}/aptkey.version" |
| 04937adc DK |
299 | } |
| 300 | ||
| 0cfec3ab DK |
301 | # run with default (whatever this is) in current CWD with relative paths |
| 302 | ROOTDIR="./rootdir" | |
| 303 | KEYDIR="./keys" | |
| 93d0d08c | 304 | testrun |
| 0cfec3ab DK |
305 | |
| 306 | # run with … and up the game with a strange CWD & absolute paths | |
| 307 | ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir" | |
| 308 | KEYDIR="${TMPWORKINGDIRECTORY}/keys" | |
| 309 | mkdir inaccessible | |
| 310 | cd inaccessible | |
| 311 | chmod 600 ../inaccessible | |
| 312 | testfilestats "${TMPWORKINGDIRECTORY}/inaccessible" '%a' '=' '600' | |
| 313 | ||
| 19fdf93d | 314 | setupgpgcommand '1' |
| 93d0d08c | 315 | testrun |
| 19fdf93d | 316 | setupgpgcommand '2' |
| 93d0d08c | 317 | testrun |