]> git.saurik.com Git - apt.git/blame_incremental - test/integration/test-apt-key
projects / apt.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
test: Get rid of debhelper rules.tiny example dep
[apt.git] / test / integration / test-apt-key
... / ...
CommitLineData
1#!/bin/sh
2set -e
3
4# apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
5# confuses config parser as there exists no way of escaping " currently.
6#TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!"
7# gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program
8#TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!"
9TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
10
11TESTDIR="$(readlink -f "$(dirname "$0")")"
12. "$TESTDIR/framework"
13
14setupenvironment
15configarchitecture 'amd64'
16
17# start from a clean plate again
18cleanplate() {
19 rm -rf "${ROOTDIR}/etc/apt/trusted.gpg.d/" "${ROOTDIR}/etc/apt/trusted.gpg"
20 mkdir "${ROOTDIR}/etc/apt/trusted.gpg.d/"
21}
22testmultigpg() {
23 testfailure --nomsg aptkey --quiet --readonly "$@"
24 testsuccess grep "^gpgv: Can't check signature" "${ROOTDIR}/tmp/testfailure.output"
25 testsuccess grep '^gpgv: Good signature from' "${ROOTDIR}/tmp/testfailure.output"
26}
27
28testrun() {
29 echo "APT::Key::ArchiveKeyring \"${KEYDIR}/joesixpack.pub\";
30APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub\";" > "${ROOTDIR}/etc/apt/apt.conf.d/aptkey.conf"
31
32 cleanplate
33 ln -sf "$(readlink -f "${KEYDIR}/joesixpack.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
34 testaptkeys 'Joe Sixpack'
35
36 testsuccess aptkey list
37 msgtest 'Check that paths in list output are not' 'double-slashed'
38 testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output"
39
40 testsuccess aptkey finger
41 msgtest 'Check that paths in finger output are not' 'double-slashed'
42 testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output"
43
44 testequalor2 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
45gpg: Total number processed: 1
46gpg: unchanged: 1' 'gpg: key 5A90D141DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
47gpg: Total number processed: 1
48gpg: unchanged: 1' aptkey --fakeroot update
49
50 testaptkeys 'Joe Sixpack'
51 testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg"
52
53 testsuccess aptkey --fakeroot add "${KEYDIR}/rexexpired.pub"
54 testfilestats "${ROOTDIR}/etc/apt/trusted.gpg" '%a' '=' '644'
55
56 testaptkeys 'Rex Expired' 'Joe Sixpack'
57
58 msgtest 'Check that Sixpack key can be' 'exported'
59 aptkey export 'Sixpack' > "${TMPWORKINGDIRECTORY}/aptkey.export"
60 aptkey --keyring "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" exportall > "${TMPWORKINGDIRECTORY}/aptkey.exportall"
61 testsuccess --nomsg cmp "${TMPWORKINGDIRECTORY}/aptkey.export" "${TMPWORKINGDIRECTORY}/aptkey.exportall"
62 testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.export"
63 testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.exportall"
64
65 msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
66 testsuccess --nomsg aptkey --fakeroot update
67
68 testaptkeys 'Joe Sixpack'
69
70 msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
71 testsuccess --nomsg aptkey --fakeroot --keyring "${ROOTDIR}/etc/apt/trusted.gpg" del DBAC8DAE
72
73 testaptkeys 'Joe Sixpack'
74
75 testsuccess aptkey --fakeroot del DBAC8DAE
76 testempty aptkey list
77
78 msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
79 cleanplate
80 cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
81 testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
82 testempty aptkey list
83
84 msgtest 'Test key removal with' 'single key in real file'
85 cleanplate
86 cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
87 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
88 testempty aptkey list
89 testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
90 testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~"
91
92 msgtest 'Test key removal with' 'different key specs'
93 cleanplate
94 cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
95 cp -a "${KEYDIR}/marvinparanoid.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.gpg"
96 testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2
97 testempty aptkey list
98 testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
99 testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~"
100 testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.gpg"
101 testsuccess cmp "${KEYDIR}/marvinparanoid.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.gpg~"
102
103 msgtest 'Test key removal with' 'long key ID'
104 cleanplate
105 cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
106 testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
107 testempty aptkey list
108 testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
109 testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~"
110
111 msgtest 'Test key removal with' 'fingerprint'
112 cleanplate
113 cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
114 testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
115 testempty aptkey list
116 testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
117 testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~"
118
119 msgtest 'Test key removal with' 'spaced fingerprint'
120 cleanplate
121 cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
122 testsuccess --nomsg aptkey --fakeroot del '34A8 E9D1 8DB3 20F3 67E8 EAA0 5A90 D141 DBAC 8DAE'
123 testempty aptkey list
124 testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
125 testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~"
126
127 msgtest 'Test key removal with' 'single key in softlink'
128 cleanplate
129 ln -s "$(readlink -f "${KEYDIR}/joesixpack.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
130 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
131 testempty aptkey list
132 testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
133 testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~"
134
135 cleanplate
136 testsuccess aptkey --fakeroot add "${KEYDIR}/joesixpack.pub"
137 ln -sf "$(readlink -f "${KEYDIR}/marvinparanoid.pub")" "${KEYDIR}/marvin paránöid.pub"
138 testsuccess aptkey --fakeroot add "${KEYDIR}/marvin paránöid.pub"
139 testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
140 cp -a "${ROOTDIR}/etc/apt/trusted.gpg" "${KEYDIR}/testcase-multikey.pub" # store for reuse
141
142 msgtest 'Test key removal with' 'multi key in real file'
143 cleanplate
144 cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg"
145 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
146 testaptkeys 'Marvin Paranoid'
147 testsuccess cmp "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~"
148
149 msgtest 'Test key removal with' 'multi key in softlink'
150 cleanplate
151 ln -s "$(readlink -f "${KEYDIR}/testcase-multikey.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg"
152 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
153 testaptkeys 'Marvin Paranoid'
154 testsuccess cmp "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~"
155 testfailure test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg"
156 testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~"
157
158 msgtest 'Test key removal with' 'multiple files including key'
159 cleanplate
160 cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
161 cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg"
162 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
163 testaptkeys 'Marvin Paranoid'
164 testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
165 testsuccess cmp "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg~"
166 testsuccess cmp "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg~"
167
168 cleanplate
169 cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
170 cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg"
171 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
172 msgtest 'Test merge-back of' 'added keys'
173 testsuccess --nomsg aptkey adv --batch --yes --import "${KEYDIR}/rexexpired.pub"
174 testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
175
176 msgtest 'Test merge-back of' 'removed keys'
177 testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
178 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
179
180 msgtest 'Test merge-back of' 'removed duplicate keys'
181 testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
182 testaptkeys 'Marvin Paranoid'
183
184 cleanplate
185 cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
186 cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg"
187 local SIGNATURE="${TMPWORKINGDIRECTORY}/signature"
188 msgtest 'Test signing a file' 'with a key'
189 echo 'Verify me. This is my signature.' > "$SIGNATURE"
190 echo 'lalalalala' > "${SIGNATURE}2"
191 testsuccess --nomsg aptkey --quiet --keyring "${KEYDIR}/marvinparanoid.pub" --secret-keyring "${KEYDIR}/marvinparanoid.sec" --readonly \
192 adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}"
193 testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}"
194
195 msgtest 'Test verify a file' 'with no sig'
196 testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}" "${SIGNATURE}2"
197
198 for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do
199 echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd"
200 if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi
201
202 msgtest 'Test verify a file' 'with all keys'
203 testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}"
204
205 msgtest 'Test verify a file' 'with good keyring'
206 testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
207
208 msgtest 'Test fail verify a file' 'with bad keyring'
209 testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/joesixpack.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
210
211 msgtest 'Test fail verify a file' 'with non-existing keyring'
212 testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/does-not-exist.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
213 testfailure test -e "${KEYDIR}/does-not-exist.pub"
214
215 # note: this isn't how apts gpgv method implements keyid for verify
216 msgtest 'Test verify a file' 'with good keyid'
217 testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
218
219 msgtest 'Test fail verify a file' 'with bad keyid'
220 testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
221
222 msgtest 'Test fail verify a file' 'with non-existing keyid'
223 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
224
225 msgtest 'Test verify fails on' 'bad file'
226 testfailure --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}2"
227 done
228 rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd"
229
230 msgtest 'Test verify a file' 'with good keyring'
231 testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
232
233 cleanplate
234 cat "${KEYDIR}/joesixpack.pub" "${KEYDIR}/marvinparanoid.pub" > "${KEYDIR}/double.pub"
235 cat "${KEYDIR}/joesixpack.sec" "${KEYDIR}/marvinparanoid.sec" > "${KEYDIR}/double.sec"
236 cp -a "${KEYDIR}/double.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/double.gpg"
237 cp -a "${KEYDIR}/testcase-multikey.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.gpg"
238 rm -f "${SIGNATURE}.gpg"
239 testsuccess aptkey --quiet --keyring "${KEYDIR}/double.pub" --secret-keyring "${KEYDIR}/double.sec" --readonly \
240 adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}"
241 testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}"
242
243 for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do
244 echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd"
245 if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi
246
247 msgtest 'Test verify a doublesigned file' 'with all keys'
248 testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}"
249
250 msgtest 'Test verify a doublesigned file' 'with good keyring joe'
251 testmultigpg --keyring "${KEYDIR}/joesixpack.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
252
253 msgtest 'Test verify a doublesigned file' 'with good keyring marvin'
254 testmultigpg --keyring "${KEYDIR}/marvinparanoid.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
255
256 msgtest 'Test fail verify a doublesigned file' 'with bad keyring'
257 testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/rexexpired.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
258
259 msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring'
260 testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/does-not-exist.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
261 testfailure test -e "${KEYDIR}/does-not-exist.pub"
262
263 # note: this isn't how apts gpgv method implements keyid for verify
264 msgtest 'Test verify a doublesigned file' 'with good keyid'
265 testmultigpg --keyid 'Paranoid' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
266
267 msgtest 'Test fail verify a doublesigned file' 'with bad keyid'
268 testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
269
270 msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid'
271 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
272
273 msgtest 'Test verify fails on' 'bad doublesigned file'
274 testfailure --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}2"
275 done
276 rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd"
277}
278
279setupgpgcommand() {
280 local GPGEXE;
281 if command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then
282 if [ "$1" = '1' ]; then
283 GPGEXE='gpg1'
284 else
285 GPGEXE='gpg'
286 fi
287 else
288 if [ "$1" = '1' ]; then
289 GPGEXE='gpg'
290 else
291 GPGEXE='gpg2'
292 fi
293 fi
294 msgmsg 'Force tests to be run with' "$GPGEXE"
295 echo "APT::Key::GPGCommand \"$GPGEXE\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd"
296 testsuccess aptkey --readonly adv --version
297 cp "${ROOTDIR}/tmp/testsuccess.output" "${TMPWORKINGDIRECTORY}/aptkey.version"
298 testsuccess grep "^gpg (GnuPG) $1\." "${TMPWORKINGDIRECTORY}/aptkey.version"
299}
300
301# run with default (whatever this is) in current CWD with relative paths
302ROOTDIR="./rootdir"
303KEYDIR="./keys"
304testrun
305
306# run with … and up the game with a strange CWD & absolute paths
307ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir"
308KEYDIR="${TMPWORKINGDIRECTORY}/keys"
309mkdir inaccessible
310cd inaccessible
311chmod 600 ../inaccessible
312testfilestats "${TMPWORKINGDIRECTORY}/inaccessible" '%a' '=' '600'
313
314setupgpgcommand '1'
315testrun
316setupgpgcommand '2'
317testrun
APT (for Cydia)