4 # apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
5 # confuses config parser as there exists no way of escaping " currently.
6 #TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!"
7 # gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program
8 #TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!"
9 TMPDIR_ADD
="This is fü\$\$ing cràzy, \$(apt -v)\$!"
11 TESTDIR
="$(readlink -f "$(dirname "$0")")"
12 . "$TESTDIR/framework
"
15 configarchitecture 'amd64'
17 # start from a clean plate again
19 rm -rf "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/" "${ROOTDIR}/etc
/apt
/trusted.gpg
"
20 mkdir "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/"
23 testfailure --nomsg aptkey --quiet --readonly "$@
"
24 testsuccess grep "^gpgv
: Can
't check signature" "${ROOTDIR}/tmp/testfailure.output"
25 testsuccess grep '^gpgv
: Good signature from
' "${ROOTDIR}/tmp/testfailure.output"
29 echo "APT::Key::ArchiveKeyring \"${KEYDIR}/joesixpack.pub\";
30 APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub\";" > "${ROOTDIR}/etc/apt/apt.conf.d/aptkey.conf"
33 ln -sf "$(readlink -f "${KEYDIR}/joesixpack.pub")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg"
34 testaptkeys 'Joe Sixpack
'
36 testsuccess aptkey list
37 msgtest 'Check that paths
in list output are not
' 'double
-slashed'
38 testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output"
40 testsuccess aptkey finger
41 msgtest 'Check that paths
in finger output are not
' 'double
-slashed'
42 testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output"
44 testequalor2 'gpg
: key DBAC8DAE
: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
45 gpg
: Total number processed
: 1
46 gpg
: unchanged
: 1' 'gpg
: key
5A90D141DBAC8DAE
: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
47 gpg
: Total number processed
: 1
48 gpg
: unchanged
: 1' aptkey --fakeroot update
50 testaptkeys 'Joe Sixpack
'
51 testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg"
53 testsuccess aptkey --fakeroot add "${KEYDIR}/rexexpired.pub"
54 testfilestats "${ROOTDIR}/etc/apt/trusted.gpg" '%a
' '=' '644'
56 testaptkeys 'Rex Expired
' 'Joe Sixpack
'
58 msgtest 'Check that Sixpack key can be
' 'exported
'
59 aptkey export 'Sixpack
' > "${TMPWORKINGDIRECTORY}/aptkey.export"
60 aptkey --keyring "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" exportall > "${TMPWORKINGDIRECTORY}/aptkey.exportall"
61 testsuccess --nomsg cmp "${TMPWORKINGDIRECTORY}/aptkey.export" "${TMPWORKINGDIRECTORY}/aptkey.exportall"
62 testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.export"
63 testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.exportall"
65 msgtest 'Execute update again to trigger removal of
' 'Rex Expired key
'
66 testsuccess --nomsg aptkey --fakeroot update
68 testaptkeys 'Joe Sixpack
'
70 msgtest "Try to remove a key which exists, but isn't
in the
" 'forced keyring'
71 testsuccess --nomsg aptkey --fakeroot --keyring "${ROOTDIR}/etc
/apt
/trusted.gpg
" del DBAC8DAE
73 testaptkeys 'Joe Sixpack'
75 testsuccess aptkey --fakeroot del DBAC8DAE
78 msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
80 cp -a "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
81 testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
84 msgtest 'Test key removal with' 'single key in real file'
86 cp -a "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
87 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
89 testfailure test -e "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
90 testsuccess cmp "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg~
"
92 msgtest 'Test key removal with' 'different key specs'
94 cp -a "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
95 cp -a "${KEYDIR}/marvinparanoid.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/marvinparanoid.gpg
"
96 testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2
98 testfailure test -e "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
99 testsuccess cmp "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg~
"
100 testfailure test -e "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/marvinparanoid.gpg
"
101 testsuccess cmp "${KEYDIR}/marvinparanoid.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/marvinparanoid.gpg~
"
103 msgtest 'Test key removal with' 'long key ID'
105 cp -a "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
106 testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
107 testempty aptkey list
108 testfailure test -e "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
109 testsuccess cmp "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg~
"
111 msgtest 'Test key removal with' 'fingerprint'
113 cp -a "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
114 testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
115 testempty aptkey list
116 testfailure test -e "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
117 testsuccess cmp "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg~
"
119 msgtest 'Test key removal with' 'single key in softlink'
121 ln -s "$(readlink -f "${KEYDIR}/joesixpack.pub")" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
122 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
123 testempty aptkey list
124 testfailure test -e "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
125 testsuccess test -L "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg~
"
128 testsuccess aptkey --fakeroot add "${KEYDIR}/joesixpack.pub
"
129 ln -sf "$(readlink -f "${KEYDIR}/marvinparanoid.pub")" "${KEYDIR}/marvin paránöid.pub
"
130 testsuccess aptkey --fakeroot add "${KEYDIR}/marvin paránöid.pub
"
131 testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
132 cp -a "${ROOTDIR}/etc
/apt
/trusted.gpg
" "${KEYDIR}/testcase
-multikey.pub
" # store for reuse
134 msgtest 'Test key removal with' 'multi key in real file'
136 cp -a "${KEYDIR}/testcase
-multikey.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg
"
137 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
138 testaptkeys 'Marvin Paranoid'
139 testsuccess cmp "${KEYDIR}/testcase
-multikey.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg~
"
141 msgtest 'Test key removal with' 'multi key in softlink'
143 ln -s "$(readlink -f "${KEYDIR}/testcase-multikey.pub")" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg
"
144 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
145 testaptkeys 'Marvin Paranoid'
146 testsuccess cmp "${KEYDIR}/testcase
-multikey.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg~
"
147 testfailure test -L "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg
"
148 testsuccess test -L "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg~
"
150 msgtest 'Test key removal with' 'multiple files including key'
152 cp -a "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
153 cp -a "${KEYDIR}/testcase
-multikey.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg
"
154 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
155 testaptkeys 'Marvin Paranoid'
156 testfailure test -e "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
157 testsuccess cmp "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg~
"
158 testsuccess cmp "${KEYDIR}/testcase
-multikey.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg~
"
161 cp -a "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
162 cp -a "${KEYDIR}/testcase
-multikey.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg
"
163 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
164 msgtest 'Test merge-back of' 'added keys'
165 testsuccess --nomsg aptkey adv --batch --yes --import "${KEYDIR}/rexexpired.pub
"
166 testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
168 msgtest 'Test merge-back of' 'removed keys'
169 testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
170 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
172 msgtest 'Test merge-back of' 'removed duplicate keys'
173 testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
174 testaptkeys 'Marvin Paranoid'
177 cp -a "${KEYDIR}/joesixpack.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/joesixpack.gpg
"
178 cp -a "${KEYDIR}/testcase
-multikey.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg
"
179 local SIGNATURE="${TMPWORKINGDIRECTORY}/signature
"
180 msgtest 'Test signing a file' 'with a key'
181 echo 'Verify me. This is my signature.' > "$SIGNATURE"
182 echo 'lalalalala' > "${SIGNATURE}2"
183 testsuccess --nomsg aptkey --quiet --keyring "${KEYDIR}/marvinparanoid.pub
" --secret-keyring "${KEYDIR}/marvinparanoid.sec
" --readonly \
184 adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output "${SIGNATURE}.gpg
" "${SIGNATURE}"
185 testsuccess test -s "${SIGNATURE}.gpg
" -a -s "${SIGNATURE}"
187 msgtest 'Test verify a file' 'with no sig'
188 testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase
-multikey.pub
" verify "${SIGNATURE}" "${SIGNATURE}2"
190 for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do
191 echo "APT
::Key
::GPGVCommand
\"$GPGV\";" > "${ROOTDIR}/etc
/apt
/apt.conf.d
/00gpgvcmd
"
192 if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi
194 msgtest 'Test verify a file' 'with all keys'
195 testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
197 msgtest 'Test verify a file' 'with good keyring'
198 testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase
-multikey.pub
" verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
200 msgtest 'Test fail verify a file' 'with bad keyring'
201 testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/joesixpack.pub
" verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
203 msgtest 'Test fail verify a file' 'with non-existing keyring'
204 testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/does
-not-exist.pub
" verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
205 testfailure test -e "${KEYDIR}/does
-not-exist.pub
"
207 # note: this isn't how apts gpgv method implements keyid for verify
208 msgtest 'Test verify a file' 'with good keyid'
209 testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
211 msgtest 'Test fail verify a file' 'with bad keyid'
212 testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
214 msgtest 'Test fail verify a file' 'with non-existing keyid'
215 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
217 msgtest 'Test verify fails on' 'bad file'
218 testfailure --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg
" "${SIGNATURE}2"
220 rm -f "${ROOTDIR}/etc
/apt
/apt.conf.d
/00gpgvcmd
"
222 msgtest 'Test verify a file' 'with good keyring'
223 testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase
-multikey.pub
" verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
226 cat "${KEYDIR}/joesixpack.pub
" "${KEYDIR}/marvinparanoid.pub
" > "${KEYDIR}/double.pub
"
227 cat "${KEYDIR}/joesixpack.sec
" "${KEYDIR}/marvinparanoid.sec
" > "${KEYDIR}/double.sec
"
228 cp -a "${KEYDIR}/double.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/double.gpg
"
229 cp -a "${KEYDIR}/testcase
-multikey.pub
" "${ROOTDIR}/etc
/apt
/trusted.gpg.d
/multikey.gpg
"
230 rm -f "${SIGNATURE}.gpg
"
231 testsuccess aptkey --quiet --keyring "${KEYDIR}/double.pub
" --secret-keyring "${KEYDIR}/double.sec
" --readonly \
232 adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output "${SIGNATURE}.gpg
" "${SIGNATURE}"
233 testsuccess test -s "${SIGNATURE}.gpg
" -a -s "${SIGNATURE}"
235 for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do
236 echo "APT
::Key
::GPGVCommand
\"$GPGV\";" > "${ROOTDIR}/etc
/apt
/apt.conf.d
/00gpgvcmd
"
237 if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi
239 msgtest 'Test verify a doublesigned file' 'with all keys'
240 testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
242 msgtest 'Test verify a doublesigned file' 'with good keyring joe'
243 testmultigpg --keyring "${KEYDIR}/joesixpack.pub
" verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
245 msgtest 'Test verify a doublesigned file' 'with good keyring marvin'
246 testmultigpg --keyring "${KEYDIR}/marvinparanoid.pub
" verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
248 msgtest 'Test fail verify a doublesigned file' 'with bad keyring'
249 testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/rexexpired.pub
" verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
251 msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring'
252 testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/does
-not-exist.pub
" verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
253 testfailure test -e "${KEYDIR}/does
-not-exist.pub
"
255 # note: this isn't how apts gpgv method implements keyid for verify
256 msgtest 'Test verify a doublesigned file' 'with good keyid'
257 testmultigpg --keyid 'Paranoid' verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
259 msgtest 'Test fail verify a doublesigned file' 'with bad keyid'
260 testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
262 msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid'
263 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify "${SIGNATURE}.gpg
" "${SIGNATURE}"
265 msgtest 'Test verify fails on' 'bad doublesigned file'
266 testfailure --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg
" "${SIGNATURE}2"
268 rm -f "${ROOTDIR}/etc
/apt
/apt.conf.d
/00gpgvcmd
"
273 if command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then
274 if [ "$1" = '1' ]; then
280 if [ "$1" = '1' ]; then
286 msgmsg 'Force tests to be run with' "$GPGEXE"
287 echo "APT
::Key
::GPGCommand
\"$GPGEXE\";" > "${ROOTDIR}/etc
/apt
/apt.conf.d
/00gpgcmd
"
288 testsuccess aptkey --readonly adv --version
289 cp "${ROOTDIR}/tmp
/testsuccess.output
" "${TMPWORKINGDIRECTORY}/aptkey.version
"
290 testsuccess grep "^gpg
(GnuPG
) $1\.
" "${TMPWORKINGDIRECTORY}/aptkey.version
"
293 # run with default (whatever this is) in current CWD with relative paths
298 # run with … and up the game with a strange CWD & absolute paths
299 ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir
"
300 KEYDIR="${TMPWORKINGDIRECTORY}/keys
"
303 chmod 600 ../inaccessible
304 testfilestats "${TMPWORKINGDIRECTORY}/inaccessible
" '%a' '=' '600'