]> git.saurik.com Git - apt.git/blob - test/integration/test-apt-key
Strip trailing commas for created signed-by fingerprint lists
[apt.git] / test / integration / test-apt-key
1 #!/bin/sh
2 set -e
3
4 # apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
5 # confuses config parser as there exists no way of escaping " currently.
6 #TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!"
7 # gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program
8 #TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!"
9 TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
10
11 TESTDIR="$(readlink -f "$(dirname "$0")")"
12 . "$TESTDIR/framework"
13
14 setupenvironment
15 configarchitecture 'amd64'
16
17 # start from a clean plate again
18 cleanplate() {
19 rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg
20 mkdir rootdir/etc/apt/trusted.gpg.d/
21 }
22 testmultigpg() {
23 testfailure --nomsg aptkey --quiet --readonly "$@"
24 testsuccess grep "^gpgv: Can't check signature" rootdir/tmp/testfailure.output
25 testsuccess grep '^gpgv: Good signature from' rootdir/tmp/testfailure.output
26 }
27
28 echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub";
29 APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf
30
31 testrun() {
32 cleanplate
33 ln -sf "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
34
35 msgtest 'Check that paths in list output are not' 'double-slashed'
36 aptkey list 2>&1 | grep -q '//' && msgfail || msgpass
37
38 msgtest 'Check that paths in finger output are not' 'double-slashed'
39 aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass
40 testaptkeys 'Joe Sixpack'
41
42 testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
43 gpg: Total number processed: 1
44 gpg: unchanged: 1' aptkey --fakeroot update
45
46 testaptkeys 'Joe Sixpack'
47 testfailure test -e rootdir/etc/apt/trusted.gpg
48
49 testsuccess aptkey --fakeroot add ./keys/rexexpired.pub
50 msgtest 'Check if trusted.gpg is created with permissions set to' '0644'
51 if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then
52 msgpass
53 else
54 msgfail
55 fi
56
57 testaptkeys 'Rex Expired' 'Joe Sixpack'
58
59 msgtest 'Check that Sixpack key can be' 'exported'
60 aptkey export 'Sixpack' > aptkey.export
61 aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall
62 testsuccess --nomsg cmp aptkey.export aptkey.exportall
63 testsuccess test -s aptkey.export
64 testsuccess test -s aptkey.exportall
65
66 msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
67 testsuccess --nomsg aptkey --fakeroot update
68
69 testaptkeys 'Joe Sixpack'
70
71 msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
72 testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE
73
74 testaptkeys 'Joe Sixpack'
75
76 testsuccess aptkey --fakeroot del DBAC8DAE
77 testempty aptkey list
78
79 msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
80 cleanplate
81 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
82 testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
83 testempty aptkey list
84
85 msgtest 'Test key removal with' 'single key in real file'
86 cleanplate
87 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
88 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
89 testempty aptkey list
90 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
91 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
92
93 msgtest 'Test key removal with' 'different key specs'
94 cleanplate
95 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
96 cp -a keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
97 testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2
98 testempty aptkey list
99 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
100 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
101 testfailure test -e rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
102 testsuccess cmp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg~
103
104 msgtest 'Test key removal with' 'long key ID'
105 cleanplate
106 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
107 testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
108 testempty aptkey list
109 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
110 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
111
112 msgtest 'Test key removal with' 'fingerprint'
113 cleanplate
114 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
115 testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
116 testempty aptkey list
117 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
118 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
119
120 msgtest 'Test key removal with' 'single key in softlink'
121 cleanplate
122 ln -s "$(readlink -f ./keys/joesixpack.pub)" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
123 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
124 testempty aptkey list
125 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
126 testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
127
128 cleanplate
129 testsuccess aptkey --fakeroot add ./keys/joesixpack.pub
130 ln -sf "$(readlink -f ./keys/marvinparanoid.pub)" "./keys/marvin paránöid.pub"
131 testsuccess aptkey --fakeroot add "./keys/marvin paránöid.pub"
132 testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
133 cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse
134
135 msgtest 'Test key removal with' 'multi key in real file'
136 cleanplate
137 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
138 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
139 testaptkeys 'Marvin Paranoid'
140 testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
141
142 msgtest 'Test key removal with' 'multi key in softlink'
143 cleanplate
144 ln -s "$(readlink -f ./keys/testcase-multikey.pub)" rootdir/etc/apt/trusted.gpg.d/multikey.gpg
145 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
146 testaptkeys 'Marvin Paranoid'
147 testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
148 testfailure test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg
149 testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
150
151 msgtest 'Test key removal with' 'multiple files including key'
152 cleanplate
153 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
154 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
155 testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
156 testaptkeys 'Marvin Paranoid'
157 testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
158 testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
159 testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
160
161 cleanplate
162 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
163 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
164 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
165 msgtest 'Test merge-back of' 'added keys'
166 testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub
167 testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
168
169 msgtest 'Test merge-back of' 'removed keys'
170 testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
171 testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
172
173 msgtest 'Test merge-back of' 'removed duplicate keys'
174 testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
175 testaptkeys 'Marvin Paranoid'
176
177 cleanplate
178 cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
179 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
180 msgtest 'Test signing a file' 'with a key'
181 echo 'Verify me. This is my signature.' > signature
182 echo 'lalalalala' > signature2
183 testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
184 adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature
185 testsuccess test -s signature.gpg -a -s signature
186
187 msgtest 'Test verify a file' 'with no sig'
188 testfailure --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature signature2
189
190 for GPGV in '' 'gpgv' 'gpgv2'; do
191 echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
192
193 msgtest 'Test verify a file' 'with all keys'
194 testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
195
196 msgtest 'Test verify a file' 'with good keyring'
197 testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
198
199 msgtest 'Test fail verify a file' 'with bad keyring'
200 testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature
201
202 msgtest 'Test fail verify a file' 'with non-existing keyring'
203 testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
204 testfailure test -e keys/does-not-exist.pub
205
206 # note: this isn't how apts gpgv method implements keyid for verify
207 msgtest 'Test verify a file' 'with good keyid'
208 testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature
209
210 msgtest 'Test fail verify a file' 'with bad keyid'
211 testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature
212
213 msgtest 'Test fail verify a file' 'with non-existing keyid'
214 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
215
216 msgtest 'Test verify fails on' 'bad file'
217 testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
218 done
219 rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
220
221 msgtest 'Test verify a file' 'with good keyring'
222 testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
223
224 cleanplate
225 cat keys/joesixpack.pub keys/marvinparanoid.pub > keys/double.pub
226 cat keys/joesixpack.sec keys/marvinparanoid.sec > keys/double.sec
227 cp -a keys/double.pub rootdir/etc/apt/trusted.gpg.d/double.gpg
228 cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
229 testsuccess aptkey --quiet --keyring keys/double.pub --secret-keyring keys/double.sec --readonly \
230 adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output signature.gpg signature
231 testsuccess test -s signature.gpg -a -s signature
232
233 for GPGV in '' 'gpgv' 'gpgv2'; do
234 echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
235
236 msgtest 'Test verify a doublesigned file' 'with all keys'
237 testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
238
239 msgtest 'Test verify a doublesigned file' 'with good keyring joe'
240 testmultigpg --keyring keys/joesixpack.pub verify signature.gpg signature
241
242 msgtest 'Test verify a doublesigned file' 'with good keyring marvin'
243 testmultigpg --keyring keys/marvinparanoid.pub verify signature.gpg signature
244
245 msgtest 'Test fail verify a doublesigned file' 'with bad keyring'
246 testfailure --nomsg aptkey --quiet --readonly --keyring keys/rexexpired.pub verify signature.gpg signature
247
248 msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring'
249 testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
250 testfailure test -e keys/does-not-exist.pub
251
252 # note: this isn't how apts gpgv method implements keyid for verify
253 msgtest 'Test verify a doublesigned file' 'with good keyid'
254 testmultigpg --keyid 'Paranoid' verify signature.gpg signature
255
256 msgtest 'Test fail verify a doublesigned file' 'with bad keyid'
257 testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify signature.gpg signature
258
259 msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid'
260 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
261
262 msgtest 'Test verify fails on' 'bad doublesigned file'
263 testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
264 done
265 rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
266 }
267
268 setupgpgcommand() {
269 echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd
270 msgmsg 'Force tests to be run with' "$1"
271 testsuccess aptkey --readonly adv --version
272 cp rootdir/tmp/testsuccess.output aptkey.version
273 testsuccess grep "^gpg (GnuPG) $2\." aptkey.version
274 }
275
276 # run with default (whatever this is)
277 testrun
278 # run with …
279 setupgpgcommand 'gpg' '1'
280 testrun
281 setupgpgcommand 'gpg2' '2'
282 testrun