gpgv: handle expired sig as worthless

[apt.git] / test / integration / test-releasefile-verification

diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index c349c44283b5de8d434c01b1face6b8a4ff0ee93..a061832b632dc2e3f0ad902bf85b8bbd42380653 100755 (executable)
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -123,12 +123,35 @@ runtest() {
        cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
        signreleasefiles 'Rex Expired'
        find aptarchive/ -name "$DELETEFILE" -delete
-       updatewithwarnings '^W: .* KEYEXPIRED'
+       updatewithwarnings '^W: .* EXPKEYSIG'
        testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
        failaptold
        rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
 
+       msgmsg 'Cold archive expired signed by' 'Joe Sixpack'
+       if dpkg --compare-versions "$(aptkey adv --version | head -n 2 | tail -n 1 | cut -d' ' -f 3)" '>=' '2.1' >/dev/null 2>&1; then
+               touch rootdir/etc/apt/apt.conf.d/99gnupg2
+       elif gpg2 --version >/dev/null 2>&1; then
+               echo 'Apt::Key::gpgcommand "gpg2";' > rootdir/etc/apt/apt.conf.d/99gnupg2
+               if ! dpkg --compare-versions "$(aptkey adv --version | head -n 2 | tail -n 1 | cut -d' ' -f 3)" '>=' '2.1' >/dev/null 2>&1; then
+                       rm rootdir/etc/apt/apt.conf.d/99gnupg2
+               fi
+       fi
+       if [ -e rootdir/etc/apt/apt.conf.d/99gnupg2 ]; then
+               prepare "${PKGFILE}"
+               rm -rf rootdir/var/lib/apt/lists
+               signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01
+               find aptarchive/ -name "$DELETEFILE" -delete
+               updatewithwarnings '^W: .* EXPSIG'
+               testsuccessequal "$(cat "${PKGFILE}")
+" aptcache show apt
+               failaptold
+               rm -f rootdir/etc/apt/apt.conf.d/99gnupg2
+       else
+               msgskip 'Not a new enough gpg available providing --fake-system-time'
+       fi
+
        msgmsg 'Cold archive signed by' 'Marvin Paranoid'
        prepare "${PKGFILE}"
        rm -rf rootdir/var/lib/apt/lists
@@ -172,7 +195,7 @@ runtest() {
        cp keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
        signreleasefiles 'Rex Expired'
        find aptarchive/ -name "$DELETEFILE" -delete
-       updatewithwarnings '^W: .* KEYEXPIRED'
+       updatewithwarnings '^W: .* EXPKEYSIG'
        testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
        installaptold