]> git.saurik.com Git - apt.git/blob - test/integration/test-apt-key
tests: allow to disable generation of InRelease/Release.gpg file
[apt.git] / test / integration / test-apt-key
1 #!/bin/sh
2 set -e
3
4 # apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
5 # confuses config parser as there exists no way of escaping " currently.
6 #TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!"
7 # gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program
8 #TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!"
9 TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
10
11 TESTDIR="$(readlink -f "$(dirname "$0")")"
12 . "$TESTDIR/framework"
13
14 setupenvironment
15 configarchitecture 'amd64'
16
17 # start from a clean plate again
18 cleanplate() {
19 rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg
20 mkdir rootdir/etc/apt/trusted.gpg.d/
21 }
22 testmultigpg() {
23 testfailure --nomsg aptkey --quiet --readonly "$@"
24 testsuccess grep "^gpgv: Can't check signature" rootdir/tmp/testfailure.output
25 testsuccess grep '^gpgv: Good signature from' rootdir/tmp/testfailure.output
26 }
27
28 echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub";
29 APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf
30
31 testrun() {
32 cleanplate
33 ln -sf "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
34
35 msgtest 'Check that paths in list output are not' 'double-slashed'
36 aptkey list 2>&1 | grep -q '//' && msgfail || msgpass
37
38 msgtest 'Check that paths in finger output are not' 'double-slashed'
39 aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass
40 testaptkeys 'Joe Sixpack'
41
42 testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
43 gpg: Total number processed: 1
44 gpg: unchanged: 1' aptkey --fakeroot update
45
46 testaptkeys 'Joe Sixpack'
47 testfailure test -e rootdir/etc/apt/trusted.gpg
48
49 testsuccess aptkey --fakeroot add ./keys/rexexpired.pub
50 msgtest 'Check if trusted.gpg is created with permissions set to' '0644'
51 if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then
52 msgpass
53 else
54 msgfail
55 fi
56
57 testaptkeys 'Rex Expired' 'Joe Sixpack'
58
59 msgtest 'Check that Sixpack key can be' 'exported'
60 aptkey export 'Sixpack' > aptkey.export
61 aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall
62 testsuccess --nomsg cmp aptkey.export aptkey.exportall
63 testsuccess test -s aptkey.export
64 testsuccess test -s aptkey.exportall
65
66 msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
67 testsuccess --nomsg aptkey --fakeroot update
68
69 testaptkeys 'Joe Sixpack'
70
71 msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
72 testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE
73
74 testaptkeys 'Joe Sixpack'
75
76 testsuccess aptkey --fakeroot del DBAC8DAE
77 testempty aptkey list
78
79 msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
80 cleanplate
81 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
82 testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
83 testempty aptkey list
84
85 msgtest 'Test key removal with' 'single key in real file'
86 cleanplate
87 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
88 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
89 testempty aptkey list
90 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
91 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
92
93 msgtest 'Test key removal with' 'different key specs'
94 cleanplate
95 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
96 cp -a keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
97 testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2
98 testempty aptkey list
99 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
100 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
101 testfailure test -e rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
102 testsuccess cmp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg~
103
104 msgtest 'Test key removal with' 'long key ID'
105 cleanplate
106 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
107 testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
108 testempty aptkey list
109 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
110 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
111
112 msgtest 'Test key removal with' 'fingerprint'
113 cleanplate
114 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
115 testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
116 testempty aptkey list
117 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
118 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
119
120 msgtest 'Test key removal with' 'single key in softlink'
121 cleanplate
122 ln -s "$(readlink -f ./keys/joesixpack.pub)" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
123 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
124 testempty aptkey list
125 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
126 testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
127
128 cleanplate
129 testsuccess aptkey --fakeroot add ./keys/joesixpack.pub
130 ln -sf "$(readlink -f ./keys/marvinparanoid.pub)" "./keys/marvin paránöid.pub"
131 testsuccess aptkey --fakeroot add "./keys/marvin paránöid.pub"
132 testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
133 cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse
134
135 msgtest 'Test key removal with' 'multi key in real file'
136 cleanplate
137 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
138 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
139 testaptkeys 'Marvin Paranoid'
140 testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
141
142 msgtest 'Test key removal with' 'multi key in softlink'
143 cleanplate
144 ln -s "$(readlink -f ./keys/testcase-multikey.pub)" rootdir/etc/apt/trusted.gpg.d/multikey.gpg
145 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
146 testaptkeys 'Marvin Paranoid'
147 testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
148 testfailure test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg
149 testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
150
151 msgtest 'Test key removal with' 'multiple files including key'
152 cleanplate
153 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
154 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
155 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
156 testaptkeys 'Marvin Paranoid'
157 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
158 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
159 testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
160
161 cleanplate
162 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
163 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
164 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
165 msgtest 'Test merge-back of' 'added keys'
166 testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub
167 testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
168
169 msgtest 'Test merge-back of' 'removed keys'
170 testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
171 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
172
173 msgtest 'Test merge-back of' 'removed duplicate keys'
174 testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
175 testaptkeys 'Marvin Paranoid'
176
177 cleanplate
178 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
179 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
180 msgtest 'Test signing a file' 'with a key'
181 echo 'Verify me. This is my signature.' > signature
182 testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
183 adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature
184 testsuccess test -s signature.gpg -a -s signature
185
186 for GPGV in '' 'gpgv' 'gpgv2'; do
187 echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
188
189 msgtest 'Test verify a file' 'with all keys'
190 testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
191
192 msgtest 'Test verify a file' 'with good keyring'
193 testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
194
195 msgtest 'Test fail verify a file' 'with bad keyring'
196 testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature
197
198 msgtest 'Test fail verify a file' 'with non-existing keyring'
199 testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
200 testfailure test -e keys/does-not-exist.pub
201
202 # note: this isn't how apts gpgv method implements keyid for verify
203 msgtest 'Test verify a file' 'with good keyid'
204 testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature
205
206 msgtest 'Test fail verify a file' 'with bad keyid'
207 testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature
208
209 msgtest 'Test fail verify a file' 'with non-existing keyid'
210 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
211
212 msgtest 'Test verify fails on' 'bad file'
213 echo 'lalalalala' > signature2
214 testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
215 done
216 rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
217
218 msgtest 'Test verify a file' 'with good keyring'
219 testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
220
221 cleanplate
222 cat keys/joesixpack.pub keys/marvinparanoid.pub > keys/double.pub
223 cat keys/joesixpack.sec keys/marvinparanoid.sec > keys/double.sec
224 cp -a keys/double.pub rootdir/etc/apt/trusted.gpg.d/double.gpg
225 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
226 testsuccess aptkey --quiet --keyring keys/double.pub --secret-keyring keys/double.sec --readonly \
227 adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output signature.gpg signature
228 testsuccess test -s signature.gpg -a -s signature
229
230 for GPGV in '' 'gpgv' 'gpgv2'; do
231 echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
232
233 msgtest 'Test verify a doublesigned file' 'with all keys'
234 testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
235
236 msgtest 'Test verify a doublesigned file' 'with good keyring joe'
237 testmultigpg --keyring keys/joesixpack.pub verify signature.gpg signature
238
239 msgtest 'Test verify a doublesigned file' 'with good keyring marvin'
240 testmultigpg --keyring keys/marvinparanoid.pub verify signature.gpg signature
241
242 msgtest 'Test fail verify a doublesigned file' 'with bad keyring'
243 testfailure --nomsg aptkey --quiet --readonly --keyring keys/rexexpired.pub verify signature.gpg signature
244
245 msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring'
246 testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
247 testfailure test -e keys/does-not-exist.pub
248
249 # note: this isn't how apts gpgv method implements keyid for verify
250 msgtest 'Test verify a doublesigned file' 'with good keyid'
251 testmultigpg --keyid 'Paranoid' verify signature.gpg signature
252
253 msgtest 'Test fail verify a doublesigned file' 'with bad keyid'
254 testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify signature.gpg signature
255
256 msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid'
257 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
258
259 msgtest 'Test verify fails on' 'bad doublesigned file'
260 echo 'lalalalala' > signature2
261 testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
262 done
263 rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
264 }
265
266 setupgpgcommand() {
267 echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd
268 msgmsg 'Force tests to be run with' "$1"
269 testsuccess aptkey --readonly adv --version
270 cp rootdir/tmp/testsuccess.output aptkey.version
271 testsuccess grep "^gpg (GnuPG) $2\." aptkey.version
272 }
273
274 # run with default (whatever this is)
275 testrun
276 # run with …
277 setupgpgcommand 'gpg' '1'
278 testrun
279 setupgpgcommand 'gpg2' '2'
280 testrun