test/integration/test-apt-key

   1 #!/bin/sh
   2 set -e
   3
   4 TESTDIR=$(readlink -f $(dirname $0))
   5 . $TESTDIR/framework
   6
   7 setupenvironment
   8 configarchitecture 'amd64'
   9
  10 # start from a clean plate again
  11 cleanplate() {
  12         rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg
  13         mkdir rootdir/etc/apt/trusted.gpg.d/
  14 }
  15
  16 createlistofkeys() {
  17         while [ -n "$1" ]; do
  18                 # gpg 2.1 has a slightly different output format
  19                 if grep -q ' rsa2048/' aptkey.list; then
  20                         case "$1" in
  21                                 *Joe*|*Sixpack*) echo 'pub   rsa2048/DBAC8DAE 2010-08-18';;
  22                                 *Rex*|*Expired*) echo 'pub   rsa2048/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
  23                                 *Marvin*|*Paranoid*) echo 'pub   rsa2048/528144E2 2011-01-16';;
  24                                 *) echo 'UNKNOWN KEY';;
  25                         esac
  26                 else
  27                         case "$1" in
  28                                 *Joe*|*Sixpack*) echo 'pub   2048R/DBAC8DAE 2010-08-18';;
  29                                 *Rex*|*Expired*) echo 'pub   2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
  30                                 *Marvin*|*Paranoid*) echo 'pub   2048R/528144E2 2011-01-16';;
  31                                 *) echo 'UNKNOWN KEY';;
  32                         esac
  33                 fi
  34                 shift
  35         done
  36 }
  37
  38 testaptkeys() {
  39         if ! aptkey list | grep '^pub' > aptkey.list; then
  40                 echo -n > aptkey.list
  41         fi
  42         testfileequal './aptkey.list' "$(createlistofkeys "$@")"
  43 }
  44
  45 echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub";
  46 APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf
  47
  48 testrun() {
  49         cleanplate
  50         ln -sf "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
  51
  52         msgtest 'Check that paths in list output are not' 'double-slashed'
  53         aptkey list 2>&1 | grep -q '//' && msgfail || msgpass
  54
  55         msgtest 'Check that paths in finger output are not' 'double-slashed'
  56         aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass
  57         testaptkeys 'Joe Sixpack'
  58
  59         testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
  60 gpg: Total number processed: 1
  61 gpg:              unchanged: 1' aptkey --fakeroot update
  62
  63         testaptkeys 'Joe Sixpack'
  64         testfailure test -e rootdir/etc/apt/trusted.gpg
  65
  66         testsuccess aptkey --fakeroot add ./keys/rexexpired.pub
  67         msgtest 'Check if trusted.gpg is created with permissions set to' '0644'
  68         if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then
  69                 msgpass
  70         else
  71                 msgfail
  72         fi
  73
  74         testaptkeys 'Rex Expired' 'Joe Sixpack'
  75
  76         msgtest 'Check that Sixpack key can be' 'exported'
  77         aptkey export 'Sixpack' > aptkey.export
  78         aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall
  79         testsuccess --nomsg cmp aptkey.export aptkey.exportall
  80         testsuccess test -s aptkey.export
  81         testsuccess test -s aptkey.exportall
  82
  83         msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
  84         testsuccess --nomsg aptkey --fakeroot update
  85
  86         testaptkeys 'Joe Sixpack'
  87
  88         msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
  89         testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE
  90
  91         testaptkeys 'Joe Sixpack'
  92
  93         testsuccess aptkey --fakeroot del DBAC8DAE
  94         testempty aptkey list
  95
  96         msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
  97         cleanplate
  98         cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
  99         testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
 100         testempty aptkey list
 101
 102         msgtest 'Test key removal with' 'single key in real file'
 103         cleanplate
 104         cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 105         testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
 106         testempty aptkey list
 107         testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 108         testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
 109
 110         msgtest 'Test key removal with' 'long key ID'
 111         cleanplate
 112         cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 113         testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
 114         testempty aptkey list
 115         testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 116         testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
 117
 118         msgtest 'Test key removal with' 'fingerprint'
 119         cleanplate
 120         cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 121         testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
 122         testempty aptkey list
 123         testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 124         testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
 125
 126         msgtest 'Test key removal with' 'single key in softlink'
 127         cleanplate
 128         ln -s "$(readlink -f ./keys/joesixpack.pub)" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 129         testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
 130         testempty aptkey list
 131         testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 132         testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
 133
 134         cleanplate
 135         testsuccess aptkey --fakeroot add ./keys/joesixpack.pub
 136         ln -sf "$(readlink -f ./keys/marvinparanoid.pub)" "./keys/marvin paránöid.pub"
 137         testsuccess aptkey --fakeroot add "./keys/marvin paránöid.pub"
 138         testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
 139         cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse
 140
 141         msgtest 'Test key removal with' 'multi key in real file'
 142         cleanplate
 143         cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
 144         testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
 145         testaptkeys 'Marvin Paranoid'
 146         testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
 147
 148         msgtest 'Test key removal with' 'multi key in softlink'
 149         cleanplate
 150         ln -s "$(readlink -f ./keys/testcase-multikey.pub)" rootdir/etc/apt/trusted.gpg.d/multikey.gpg
 151         testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
 152         testaptkeys 'Marvin Paranoid'
 153         testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
 154         testfailure test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg
 155         testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
 156
 157         msgtest 'Test key removal with' 'multiple files including key'
 158         cleanplate
 159         cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 160         cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
 161         testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
 162         testaptkeys 'Marvin Paranoid'
 163         testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 164         testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
 165         testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
 166
 167         cleanplate
 168         cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 169         cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
 170         testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
 171         msgtest 'Test merge-back of' 'added keys'
 172         testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub
 173         testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
 174
 175         msgtest 'Test merge-back of' 'removed keys'
 176         testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
 177         testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
 178
 179         msgtest 'Test merge-back of' 'removed duplicate keys'
 180         testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
 181         testaptkeys 'Marvin Paranoid'
 182
 183         cleanplate
 184         cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
 185         cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
 186         msgtest 'Test signing a file' 'with a key'
 187         echo 'Verify me. This is my signature.' > signature
 188         testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
 189                 adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature
 190
 191
 192         for GPGV in '' 'gpgv' 'gpgv2'; do
 193                 echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
 194
 195                 msgtest 'Test verify a file' 'with all keys'
 196                 testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
 197
 198                 msgtest 'Test verify a file' 'with good keyring'
 199                 testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
 200
 201                 msgtest 'Test fail verify a file' 'with bad keyring'
 202                 testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature
 203
 204                 msgtest 'Test fail verify a file' 'with non-existing keyring'
 205                 testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
 206                 testfailure test -e keys/does-not-exist.pub
 207
 208                 # note: this isn't how apts gpgv method implements keyid for verify
 209                 msgtest 'Test verify a file' 'with good keyid'
 210                 testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature
 211
 212                 msgtest 'Test fail verify a file' 'with bad keyid'
 213                 testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature
 214
 215                 msgtest 'Test fail verify a file' 'with non-existing keyid'
 216                 testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
 217
 218                 msgtest 'Test verify fails on' 'bad file'
 219                 echo 'lalalalala' > signature2
 220                 testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
 221         done
 222 }
 223
 224 setupgpgcommand() {
 225         echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd
 226         msgmsg 'Force tests to be run with' "$1"
 227         testsuccess aptkey --readonly adv --version
 228         cp rootdir/tmp/testsuccess.output aptkey.version
 229         testsuccess grep "^gpg (GnuPG) $2\." aptkey.version
 230 }
 231
 232 # run with default (whatever this is)
 233 testrun
 234 # run with …
 235 setupgpgcommand 'gpg' '1'
 236 testrun
 237 setupgpgcommand 'gpg2' '2'
 238 testrun