]> git.saurik.com Git - apt.git/blame - test/integration/test-apt-key
support Signed-By in Release files as a sort of HPKP
[apt.git] / test / integration / test-apt-key
CommitLineData
80f3aeb0
DK
1#!/bin/sh
2set -e
3
bc8f83a5
DK
4# apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
5# confuses config parser as there exists no way of escaping " currently.
6#TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!"
7# gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program
8#TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!"
9TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
10
3abb6a6a
DK
11TESTDIR="$(readlink -f "$(dirname "$0")")"
12. "$TESTDIR/framework"
80f3aeb0
DK
13
14setupenvironment
15configarchitecture 'amd64'
16
93d0d08c
DK
17# start from a clean plate again
18cleanplate() {
19 rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg
20 mkdir rootdir/etc/apt/trusted.gpg.d/
21}
fb7b11eb
DK
22testmultigpg() {
23 testfailure --nomsg aptkey --quiet --readonly "$@"
24 testsuccess grep "^gpgv: Can't check signature" rootdir/tmp/testfailure.output
25 testsuccess grep '^gpgv: Good signature from' rootdir/tmp/testfailure.output
26}
80f3aeb0
DK
27
28echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub";
29APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf
30
93d0d08c
DK
31testrun() {
32 cleanplate
fecfbf2e 33 ln -sf "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
80f3aeb0 34
93d0d08c
DK
35 msgtest 'Check that paths in list output are not' 'double-slashed'
36 aptkey list 2>&1 | grep -q '//' && msgfail || msgpass
80f3aeb0 37
93d0d08c
DK
38 msgtest 'Check that paths in finger output are not' 'double-slashed'
39 aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass
f14cde2c 40 testaptkeys 'Joe Sixpack'
80f3aeb0 41
25b86db1 42 testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
93d0d08c
DK
43gpg: Total number processed: 1
44gpg: unchanged: 1' aptkey --fakeroot update
80f3aeb0 45
f14cde2c 46 testaptkeys 'Joe Sixpack'
e52aad52 47 testfailure test -e rootdir/etc/apt/trusted.gpg
f14cde2c 48
93d0d08c 49 testsuccess aptkey --fakeroot add ./keys/rexexpired.pub
8b32e72c
DK
50 msgtest 'Check if trusted.gpg is created with permissions set to' '0644'
51 if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then
52 msgpass
53 else
54 msgfail
55 fi
04937adc 56
f14cde2c 57 testaptkeys 'Rex Expired' 'Joe Sixpack'
04937adc 58
38005d8b
DK
59 msgtest 'Check that Sixpack key can be' 'exported'
60 aptkey export 'Sixpack' > aptkey.export
61 aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall
62 testsuccess --nomsg cmp aptkey.export aptkey.exportall
63 testsuccess test -s aptkey.export
64 testsuccess test -s aptkey.exportall
65
93d0d08c
DK
66 msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
67 testsuccess --nomsg aptkey --fakeroot update
68
f14cde2c 69 testaptkeys 'Joe Sixpack'
93d0d08c
DK
70
71 msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
72 testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE
73
f14cde2c 74 testaptkeys 'Joe Sixpack'
93d0d08c
DK
75
76 testsuccess aptkey --fakeroot del DBAC8DAE
77 testempty aptkey list
78
b0d40854 79 msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
05f64ca2
DK
80 cleanplate
81 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
82 testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
83 testempty aptkey list
84
93d0d08c
DK
85 msgtest 'Test key removal with' 'single key in real file'
86 cleanplate
87 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
88 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
89 testempty aptkey list
e52aad52 90 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
93d0d08c
DK
91 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
92
031a3f25
DK
93 msgtest 'Test key removal with' 'different key specs'
94 cleanplate
95 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
96 cp -a keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
97 testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2
98 testempty aptkey list
99 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
100 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
101 testfailure test -e rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
102 testsuccess cmp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg~
103
29f1b977
JM
104 msgtest 'Test key removal with' 'long key ID'
105 cleanplate
106 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
107 testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
108 testempty aptkey list
e52aad52 109 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
29f1b977
JM
110 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
111
ba72845c
DK
112 msgtest 'Test key removal with' 'fingerprint'
113 cleanplate
114 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
115 testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
116 testempty aptkey list
e52aad52 117 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
ba72845c
DK
118 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
119
93d0d08c
DK
120 msgtest 'Test key removal with' 'single key in softlink'
121 cleanplate
fecfbf2e 122 ln -s "$(readlink -f ./keys/joesixpack.pub)" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
93d0d08c
DK
123 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
124 testempty aptkey list
e52aad52 125 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
93d0d08c
DK
126 testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
127
128 cleanplate
129 testsuccess aptkey --fakeroot add ./keys/joesixpack.pub
fecfbf2e
DK
130 ln -sf "$(readlink -f ./keys/marvinparanoid.pub)" "./keys/marvin paránöid.pub"
131 testsuccess aptkey --fakeroot add "./keys/marvin paránöid.pub"
f14cde2c 132 testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
93d0d08c
DK
133 cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse
134
135 msgtest 'Test key removal with' 'multi key in real file'
136 cleanplate
137 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
138 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
f14cde2c 139 testaptkeys 'Marvin Paranoid'
93d0d08c
DK
140 testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
141
142 msgtest 'Test key removal with' 'multi key in softlink'
143 cleanplate
fecfbf2e 144 ln -s "$(readlink -f ./keys/testcase-multikey.pub)" rootdir/etc/apt/trusted.gpg.d/multikey.gpg
93d0d08c 145 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
f14cde2c 146 testaptkeys 'Marvin Paranoid'
93d0d08c 147 testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
e52aad52 148 testfailure test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg
93d0d08c
DK
149 testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
150
151 msgtest 'Test key removal with' 'multiple files including key'
152 cleanplate
153 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
154 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
155 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
f14cde2c 156 testaptkeys 'Marvin Paranoid'
e52aad52 157 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
93d0d08c
DK
158 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
159 testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
0dae96a2
DK
160
161 cleanplate
162 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
163 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
f14cde2c 164 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
0dae96a2
DK
165 msgtest 'Test merge-back of' 'added keys'
166 testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub
f14cde2c 167 testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
0dae96a2
DK
168
169 msgtest 'Test merge-back of' 'removed keys'
170 testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
f14cde2c 171 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
0dae96a2
DK
172
173 msgtest 'Test merge-back of' 'removed duplicate keys'
174 testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
f14cde2c 175 testaptkeys 'Marvin Paranoid'
b0d40854
DK
176
177 cleanplate
178 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
179 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
180 msgtest 'Test signing a file' 'with a key'
181 echo 'Verify me. This is my signature.' > signature
182 testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
183 adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature
bc8f83a5 184 testsuccess test -s signature.gpg -a -s signature
b0d40854 185
25f27319 186 for GPGV in '' 'gpgv' 'gpgv2'; do
f14cde2c
DK
187 echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
188
189 msgtest 'Test verify a file' 'with all keys'
190 testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
b0d40854 191
f14cde2c
DK
192 msgtest 'Test verify a file' 'with good keyring'
193 testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
b0d40854 194
f14cde2c
DK
195 msgtest 'Test fail verify a file' 'with bad keyring'
196 testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature
b0d40854 197
f14cde2c
DK
198 msgtest 'Test fail verify a file' 'with non-existing keyring'
199 testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
200 testfailure test -e keys/does-not-exist.pub
b0d40854 201
4e03c47d 202 # note: this isn't how apts gpgv method implements keyid for verify
f14cde2c
DK
203 msgtest 'Test verify a file' 'with good keyid'
204 testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature
b0d40854 205
f14cde2c
DK
206 msgtest 'Test fail verify a file' 'with bad keyid'
207 testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature
b0d40854 208
f14cde2c
DK
209 msgtest 'Test fail verify a file' 'with non-existing keyid'
210 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
211
212 msgtest 'Test verify fails on' 'bad file'
213 echo 'lalalalala' > signature2
214 testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
215 done
fb7b11eb
DK
216 rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
217
218 msgtest 'Test verify a file' 'with good keyring'
219 testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
220
221 cleanplate
222 cat keys/joesixpack.pub keys/marvinparanoid.pub > keys/double.pub
223 cat keys/joesixpack.sec keys/marvinparanoid.sec > keys/double.sec
224 cp -a keys/double.pub rootdir/etc/apt/trusted.gpg.d/double.gpg
225 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
226 testsuccess aptkey --quiet --keyring keys/double.pub --secret-keyring keys/double.sec --readonly \
227 adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output signature.gpg signature
228 testsuccess test -s signature.gpg -a -s signature
229
230 for GPGV in '' 'gpgv' 'gpgv2'; do
231 echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
232
233 msgtest 'Test verify a doublesigned file' 'with all keys'
234 testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
235
236 msgtest 'Test verify a doublesigned file' 'with good keyring joe'
237 testmultigpg --keyring keys/joesixpack.pub verify signature.gpg signature
238
239 msgtest 'Test verify a doublesigned file' 'with good keyring marvin'
240 testmultigpg --keyring keys/marvinparanoid.pub verify signature.gpg signature
241
242 msgtest 'Test fail verify a doublesigned file' 'with bad keyring'
243 testfailure --nomsg aptkey --quiet --readonly --keyring keys/rexexpired.pub verify signature.gpg signature
244
245 msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring'
246 testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
247 testfailure test -e keys/does-not-exist.pub
248
249 # note: this isn't how apts gpgv method implements keyid for verify
250 msgtest 'Test verify a doublesigned file' 'with good keyid'
251 testmultigpg --keyid 'Paranoid' verify signature.gpg signature
252
253 msgtest 'Test fail verify a doublesigned file' 'with bad keyid'
254 testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify signature.gpg signature
255
256 msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid'
257 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
258
259 msgtest 'Test verify fails on' 'bad doublesigned file'
260 echo 'lalalalala' > signature2
261 testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
262 done
263 rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
93d0d08c 264}
04937adc 265
93d0d08c
DK
266setupgpgcommand() {
267 echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd
f14cde2c
DK
268 msgmsg 'Force tests to be run with' "$1"
269 testsuccess aptkey --readonly adv --version
270 cp rootdir/tmp/testsuccess.output aptkey.version
fecfbf2e 271 testsuccess grep "^gpg (GnuPG) $2\." aptkey.version
04937adc
DK
272}
273
93d0d08c
DK
274# run with default (whatever this is)
275testrun
276# run with …
fecfbf2e 277setupgpgcommand 'gpg' '1'
93d0d08c 278testrun
fecfbf2e 279setupgpgcommand 'gpg2' '2'
93d0d08c 280testrun