projects / apt.git / blame
| Commit | Line | Data |
|---|---|---|
| 80f3aeb0 DK |
1 | #!/bin/sh |
| 2 | set -e | |
| 3 | ||
| bc8f83a5 DK |
4 | # apt-key is a shell script, so relatively prune to be effected by 'crazy' things: |
| 5 | # confuses config parser as there exists no way of escaping " currently. | |
| 6 | #TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!" | |
| 7 | # gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program | |
| 8 | #TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!" | |
| 9 | TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!" | |
| 10 | ||
| 3abb6a6a DK |
11 | TESTDIR="$(readlink -f "$(dirname "$0")")" |
| 12 | . "$TESTDIR/framework" | |
| 80f3aeb0 DK |
13 | |
| 14 | setupenvironment | |
| 15 | configarchitecture 'amd64' | |
| 16 | ||
| 93d0d08c DK |
17 | # start from a clean plate again |
| 18 | cleanplate() { | |
| 0cfec3ab DK |
19 | rm -rf "${ROOTDIR}/etc/apt/trusted.gpg.d/" "${ROOTDIR}/etc/apt/trusted.gpg" |
| 20 | mkdir "${ROOTDIR}/etc/apt/trusted.gpg.d/" | |
| 93d0d08c | 21 | } |
| fb7b11eb DK |
22 | testmultigpg() { |
| 23 | testfailure --nomsg aptkey --quiet --readonly "$@" | |
| 0cfec3ab DK |
24 | testsuccess grep "^gpgv: Can't check signature" "${ROOTDIR}/tmp/testfailure.output" |
| 25 | testsuccess grep '^gpgv: Good signature from' "${ROOTDIR}/tmp/testfailure.output" | |
| fb7b11eb | 26 | } |
| 80f3aeb0 | 27 | |
| 93d0d08c | 28 | testrun() { |
| 0cfec3ab DK |
29 | echo "APT::Key::ArchiveKeyring \"${KEYDIR}/joesixpack.pub\"; |
| 30 | APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub\";" > "${ROOTDIR}/etc/apt/apt.conf.d/aptkey.conf" | |
| 31 | ||
| 93d0d08c | 32 | cleanplate |
| 0cfec3ab DK |
33 | ln -sf "$(readlink -f "${KEYDIR}/joesixpack.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 34 | testaptkeys 'Joe Sixpack' | |
| 80f3aeb0 | 35 | |
| 0cfec3ab | 36 | testsuccess aptkey list |
| 93d0d08c | 37 | msgtest 'Check that paths in list output are not' 'double-slashed' |
| 0cfec3ab | 38 | testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output" |
| 80f3aeb0 | 39 | |
| 0cfec3ab | 40 | testsuccess aptkey finger |
| 93d0d08c | 41 | msgtest 'Check that paths in finger output are not' 'double-slashed' |
| 0cfec3ab | 42 | testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output" |
| 80f3aeb0 | 43 | |
| 19fdf93d DK |
44 | testequalor2 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed |
| 45 | gpg: Total number processed: 1 | |
| 46 | gpg: unchanged: 1' 'gpg: key 5A90D141DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed | |
| 93d0d08c DK |
47 | gpg: Total number processed: 1 |
| 48 | gpg: unchanged: 1' aptkey --fakeroot update | |
| 80f3aeb0 | 49 | |
| f14cde2c | 50 | testaptkeys 'Joe Sixpack' |
| 0cfec3ab | 51 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg" |
| f14cde2c | 52 | |
| 0cfec3ab DK |
53 | testsuccess aptkey --fakeroot add "${KEYDIR}/rexexpired.pub" |
| 54 | testfilestats "${ROOTDIR}/etc/apt/trusted.gpg" '%a' '=' '644' | |
| 04937adc | 55 | |
| f14cde2c | 56 | testaptkeys 'Rex Expired' 'Joe Sixpack' |
| 04937adc | 57 | |
| 38005d8b | 58 | msgtest 'Check that Sixpack key can be' 'exported' |
| 0cfec3ab DK |
59 | aptkey export 'Sixpack' > "${TMPWORKINGDIRECTORY}/aptkey.export" |
| 60 | aptkey --keyring "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" exportall > "${TMPWORKINGDIRECTORY}/aptkey.exportall" | |
| 61 | testsuccess --nomsg cmp "${TMPWORKINGDIRECTORY}/aptkey.export" "${TMPWORKINGDIRECTORY}/aptkey.exportall" | |
| 62 | testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.export" | |
| 63 | testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.exportall" | |
| 38005d8b | 64 | |
| 93d0d08c DK |
65 | msgtest 'Execute update again to trigger removal of' 'Rex Expired key' |
| 66 | testsuccess --nomsg aptkey --fakeroot update | |
| 67 | ||
| f14cde2c | 68 | testaptkeys 'Joe Sixpack' |
| 93d0d08c DK |
69 | |
| 70 | msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring' | |
| 0cfec3ab | 71 | testsuccess --nomsg aptkey --fakeroot --keyring "${ROOTDIR}/etc/apt/trusted.gpg" del DBAC8DAE |
| 93d0d08c | 72 | |
| f14cde2c | 73 | testaptkeys 'Joe Sixpack' |
| 93d0d08c DK |
74 | |
| 75 | testsuccess aptkey --fakeroot del DBAC8DAE | |
| 76 | testempty aptkey list | |
| 77 | ||
| b0d40854 | 78 | msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short |
| 05f64ca2 | 79 | cleanplate |
| 0cfec3ab | 80 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 05f64ca2 DK |
81 | testsuccess --nomsg aptkey --fakeroot del d141dbac8dae |
| 82 | testempty aptkey list | |
| 83 | ||
| 105503b4 DK |
84 | if [ "$(id -u)" != '0' ]; then |
| 85 | msgtest 'Test key removal with' 'unreadable key' | |
| 86 | cleanplate | |
| 87 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" | |
| 88 | echo 'foobar' > "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" | |
| 89 | chmod 000 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" | |
| 90 | testwarning --nomsg aptkey --fakeroot del d141dbac8dae | |
| 91 | testwarning aptkey list | |
| 92 | chmod 644 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" | |
| 93 | rm -f "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" | |
| 94 | grep -v '^W: ' "${ROOTDIR}/tmp/testwarning.output" > "${ROOTDIR}/aptkeylist.output" || true | |
| 95 | testempty cat "${ROOTDIR}/aptkeylist.output" | |
| 96 | fi | |
| 97 | ||
| 93d0d08c DK |
98 | msgtest 'Test key removal with' 'single key in real file' |
| 99 | cleanplate | |
| 0cfec3ab | 100 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 93d0d08c DK |
101 | testsuccess --nomsg aptkey --fakeroot del DBAC8DAE |
| 102 | testempty aptkey list | |
| 0cfec3ab DK |
103 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 104 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 93d0d08c | 105 | |
| 031a3f25 DK |
106 | msgtest 'Test key removal with' 'different key specs' |
| 107 | cleanplate | |
| 0cfec3ab DK |
108 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 109 | cp -a "${KEYDIR}/marvinparanoid.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.gpg" | |
| 031a3f25 DK |
110 | testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2 |
| 111 | testempty aptkey list | |
| 0cfec3ab DK |
112 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 113 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 114 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.gpg" | |
| 115 | testsuccess cmp "${KEYDIR}/marvinparanoid.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.gpg~" | |
| 031a3f25 | 116 | |
| 29f1b977 JM |
117 | msgtest 'Test key removal with' 'long key ID' |
| 118 | cleanplate | |
| 0cfec3ab | 119 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 29f1b977 JM |
120 | testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE |
| 121 | testempty aptkey list | |
| 0cfec3ab DK |
122 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 123 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 29f1b977 | 124 | |
| ba72845c DK |
125 | msgtest 'Test key removal with' 'fingerprint' |
| 126 | cleanplate | |
| 0cfec3ab | 127 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| ba72845c DK |
128 | testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE |
| 129 | testempty aptkey list | |
| 0cfec3ab DK |
130 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 131 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| ba72845c | 132 | |
| e289907f DK |
133 | msgtest 'Test key removal with' 'spaced fingerprint' |
| 134 | cleanplate | |
| 135 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" | |
| 136 | testsuccess --nomsg aptkey --fakeroot del '34A8 E9D1 8DB3 20F3 67E8 EAA0 5A90 D141 DBAC 8DAE' | |
| 137 | testempty aptkey list | |
| 138 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" | |
| 139 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 140 | ||
| 93d0d08c DK |
141 | msgtest 'Test key removal with' 'single key in softlink' |
| 142 | cleanplate | |
| 0cfec3ab | 143 | ln -s "$(readlink -f "${KEYDIR}/joesixpack.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 93d0d08c DK |
144 | testsuccess --nomsg aptkey --fakeroot del DBAC8DAE |
| 145 | testempty aptkey list | |
| 0cfec3ab DK |
146 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 147 | testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 93d0d08c DK |
148 | |
| 149 | cleanplate | |
| 0cfec3ab DK |
150 | testsuccess aptkey --fakeroot add "${KEYDIR}/joesixpack.pub" |
| 151 | ln -sf "$(readlink -f "${KEYDIR}/marvinparanoid.pub")" "${KEYDIR}/marvin paránöid.pub" | |
| 152 | testsuccess aptkey --fakeroot add "${KEYDIR}/marvin paránöid.pub" | |
| f14cde2c | 153 | testaptkeys 'Joe Sixpack' 'Marvin Paranoid' |
| 0cfec3ab | 154 | cp -a "${ROOTDIR}/etc/apt/trusted.gpg" "${KEYDIR}/testcase-multikey.pub" # store for reuse |
| 93d0d08c DK |
155 | |
| 156 | msgtest 'Test key removal with' 'multi key in real file' | |
| 157 | cleanplate | |
| 0cfec3ab | 158 | cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" |
| 93d0d08c | 159 | testsuccess --nomsg aptkey --fakeroot del DBAC8DAE |
| f14cde2c | 160 | testaptkeys 'Marvin Paranoid' |
| 0cfec3ab | 161 | testsuccess cmp "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~" |
| 93d0d08c DK |
162 | |
| 163 | msgtest 'Test key removal with' 'multi key in softlink' | |
| 164 | cleanplate | |
| 0cfec3ab | 165 | ln -s "$(readlink -f "${KEYDIR}/testcase-multikey.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" |
| 93d0d08c | 166 | testsuccess --nomsg aptkey --fakeroot del DBAC8DAE |
| f14cde2c | 167 | testaptkeys 'Marvin Paranoid' |
| 0cfec3ab DK |
168 | testsuccess cmp "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~" |
| 169 | testfailure test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" | |
| 170 | testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~" | |
| 93d0d08c DK |
171 | |
| 172 | msgtest 'Test key removal with' 'multiple files including key' | |
| 173 | cleanplate | |
| 0cfec3ab DK |
174 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 175 | cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" | |
| 93d0d08c | 176 | testsuccess --nomsg aptkey --fakeroot del DBAC8DAE |
| f14cde2c | 177 | testaptkeys 'Marvin Paranoid' |
| 0cfec3ab DK |
178 | testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 179 | testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~" | |
| 180 | testsuccess cmp "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~" | |
| 0dae96a2 DK |
181 | |
| 182 | cleanplate | |
| 0cfec3ab DK |
183 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 184 | cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" | |
| f14cde2c | 185 | testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid' |
| 0dae96a2 | 186 | msgtest 'Test merge-back of' 'added keys' |
| 0cfec3ab | 187 | testsuccess --nomsg aptkey adv --batch --yes --import "${KEYDIR}/rexexpired.pub" |
| f14cde2c | 188 | testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid' |
| 0dae96a2 DK |
189 | |
| 190 | msgtest 'Test merge-back of' 'removed keys' | |
| 191 | testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9 | |
| f14cde2c | 192 | testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid' |
| 0dae96a2 DK |
193 | |
| 194 | msgtest 'Test merge-back of' 'removed duplicate keys' | |
| 195 | testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE | |
| f14cde2c | 196 | testaptkeys 'Marvin Paranoid' |
| b0d40854 DK |
197 | |
| 198 | cleanplate | |
| 0cfec3ab DK |
199 | cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" |
| 200 | cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" | |
| 201 | local SIGNATURE="${TMPWORKINGDIRECTORY}/signature" | |
| b0d40854 | 202 | msgtest 'Test signing a file' 'with a key' |
| 0cfec3ab DK |
203 | echo 'Verify me. This is my signature.' > "$SIGNATURE" |
| 204 | echo 'lalalalala' > "${SIGNATURE}2" | |
| 205 | testsuccess --nomsg aptkey --quiet --keyring "${KEYDIR}/marvinparanoid.pub" --secret-keyring "${KEYDIR}/marvinparanoid.sec" --readonly \ | |
| 206 | adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}" | |
| 207 | testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}" | |
| b0d40854 | 208 | |
| 2fac0dd5 | 209 | msgtest 'Test verify a file' 'with no sig' |
| 0cfec3ab | 210 | testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}" "${SIGNATURE}2" |
| 2fac0dd5 | 211 | |
| 19fdf93d | 212 | for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do |
| 0cfec3ab | 213 | echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" |
| 19fdf93d | 214 | if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi |
| f14cde2c DK |
215 | |
| 216 | msgtest 'Test verify a file' 'with all keys' | |
| 0cfec3ab | 217 | testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| b0d40854 | 218 | |
| 105503b4 DK |
219 | if [ "$(id -u)" != '0' ]; then |
| 220 | msgtest 'Test verify a file' 'with unreadable key' | |
| 221 | echo 'foobar' > "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" | |
| 222 | chmod 000 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" | |
| 223 | testwarning --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" | |
| 224 | testwarning aptkey list | |
| 225 | chmod 644 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" | |
| 226 | rm -f "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" | |
| 227 | fi | |
| 228 | ||
| f14cde2c | 229 | msgtest 'Test verify a file' 'with good keyring' |
| 0cfec3ab | 230 | testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| b0d40854 | 231 | |
| f14cde2c | 232 | msgtest 'Test fail verify a file' 'with bad keyring' |
| 0cfec3ab | 233 | testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/joesixpack.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| b0d40854 | 234 | |
| f14cde2c | 235 | msgtest 'Test fail verify a file' 'with non-existing keyring' |
| 0cfec3ab DK |
236 | testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/does-not-exist.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| 237 | testfailure test -e "${KEYDIR}/does-not-exist.pub" | |
| b0d40854 | 238 | |
| 4e03c47d | 239 | # note: this isn't how apts gpgv method implements keyid for verify |
| f14cde2c | 240 | msgtest 'Test verify a file' 'with good keyid' |
| 0cfec3ab | 241 | testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| b0d40854 | 242 | |
| f14cde2c | 243 | msgtest 'Test fail verify a file' 'with bad keyid' |
| 0cfec3ab | 244 | testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| b0d40854 | 245 | |
| f14cde2c | 246 | msgtest 'Test fail verify a file' 'with non-existing keyid' |
| 0cfec3ab | 247 | testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| f14cde2c DK |
248 | |
| 249 | msgtest 'Test verify fails on' 'bad file' | |
| 0cfec3ab | 250 | testfailure --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}2" |
| f14cde2c | 251 | done |
| 0cfec3ab | 252 | rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" |
| fb7b11eb DK |
253 | |
| 254 | msgtest 'Test verify a file' 'with good keyring' | |
| 0cfec3ab | 255 | testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
256 | |
| 257 | cleanplate | |
| 0cfec3ab DK |
258 | cat "${KEYDIR}/joesixpack.pub" "${KEYDIR}/marvinparanoid.pub" > "${KEYDIR}/double.pub" |
| 259 | cat "${KEYDIR}/joesixpack.sec" "${KEYDIR}/marvinparanoid.sec" > "${KEYDIR}/double.sec" | |
| 260 | cp -a "${KEYDIR}/double.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/double.gpg" | |
| 261 | cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg" | |
| 262 | rm -f "${SIGNATURE}.gpg" | |
| 263 | testsuccess aptkey --quiet --keyring "${KEYDIR}/double.pub" --secret-keyring "${KEYDIR}/double.sec" --readonly \ | |
| 264 | adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}" | |
| 265 | testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}" | |
| fb7b11eb | 266 | |
| 19fdf93d | 267 | for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do |
| 0cfec3ab | 268 | echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" |
| 19fdf93d | 269 | if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi |
| fb7b11eb DK |
270 | |
| 271 | msgtest 'Test verify a doublesigned file' 'with all keys' | |
| 0cfec3ab | 272 | testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
273 | |
| 274 | msgtest 'Test verify a doublesigned file' 'with good keyring joe' | |
| 0cfec3ab | 275 | testmultigpg --keyring "${KEYDIR}/joesixpack.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
276 | |
| 277 | msgtest 'Test verify a doublesigned file' 'with good keyring marvin' | |
| 0cfec3ab | 278 | testmultigpg --keyring "${KEYDIR}/marvinparanoid.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
279 | |
| 280 | msgtest 'Test fail verify a doublesigned file' 'with bad keyring' | |
| 0cfec3ab | 281 | testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/rexexpired.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
282 | |
| 283 | msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring' | |
| 0cfec3ab DK |
284 | testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/does-not-exist.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| 285 | testfailure test -e "${KEYDIR}/does-not-exist.pub" | |
| fb7b11eb DK |
286 | |
| 287 | # note: this isn't how apts gpgv method implements keyid for verify | |
| 288 | msgtest 'Test verify a doublesigned file' 'with good keyid' | |
| 0cfec3ab | 289 | testmultigpg --keyid 'Paranoid' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
290 | |
| 291 | msgtest 'Test fail verify a doublesigned file' 'with bad keyid' | |
| 0cfec3ab | 292 | testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
293 | |
| 294 | msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid' | |
| 0cfec3ab | 295 | testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify "${SIGNATURE}.gpg" "${SIGNATURE}" |
| fb7b11eb DK |
296 | |
| 297 | msgtest 'Test verify fails on' 'bad doublesigned file' | |
| 0cfec3ab | 298 | testfailure --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}2" |
| fb7b11eb | 299 | done |
| 0cfec3ab | 300 | rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" |
| 93d0d08c | 301 | } |
| 04937adc | 302 | |
| 93d0d08c | 303 | setupgpgcommand() { |
| 19fdf93d DK |
304 | local GPGEXE; |
| 305 | if command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then | |
| 306 | if [ "$1" = '1' ]; then | |
| 307 | GPGEXE='gpg1' | |
| 308 | else | |
| 309 | GPGEXE='gpg' | |
| 310 | fi | |
| 311 | else | |
| 312 | if [ "$1" = '1' ]; then | |
| 313 | GPGEXE='gpg' | |
| 314 | else | |
| 315 | GPGEXE='gpg2' | |
| 316 | fi | |
| 317 | fi | |
| 318 | msgmsg 'Force tests to be run with' "$GPGEXE" | |
| 319 | echo "APT::Key::GPGCommand \"$GPGEXE\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd" | |
| f14cde2c | 320 | testsuccess aptkey --readonly adv --version |
| 0cfec3ab | 321 | cp "${ROOTDIR}/tmp/testsuccess.output" "${TMPWORKINGDIRECTORY}/aptkey.version" |
| 19fdf93d | 322 | testsuccess grep "^gpg (GnuPG) $1\." "${TMPWORKINGDIRECTORY}/aptkey.version" |
| 04937adc DK |
323 | } |
| 324 | ||
| 0cfec3ab DK |
325 | # run with default (whatever this is) in current CWD with relative paths |
| 326 | ROOTDIR="./rootdir" | |
| 327 | KEYDIR="./keys" | |
| 93d0d08c | 328 | testrun |
| 0cfec3ab DK |
329 | |
| 330 | # run with … and up the game with a strange CWD & absolute paths | |
| 331 | ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir" | |
| 332 | KEYDIR="${TMPWORKINGDIRECTORY}/keys" | |
| 333 | mkdir inaccessible | |
| 334 | cd inaccessible | |
| 335 | chmod 600 ../inaccessible | |
| 336 | testfilestats "${TMPWORKINGDIRECTORY}/inaccessible" '%a' '=' '600' | |
| 337 | ||
| 19fdf93d | 338 | setupgpgcommand '1' |
| 93d0d08c | 339 | testrun |
| 19fdf93d | 340 | setupgpgcommand '2' |
| 93d0d08c | 341 | testrun |