fi
runapt command gdb --quiet -ex run "$CMD" --args "$CMD" "$@"
}
+lastmodification() {
+ date -u -d "@$(stat -c '%Y' "${TMPWORKINGDIRECTORY}/$1")" '+%a, %d %b %Y %H:%M:%S GMT'
+}
+releasefiledate() {
+ grep "^${2:-Date}:" "$1" | cut -d' ' -f 2- | sed -e 's#UTC#GMT#'
+}
exitwithstatus() {
# error if we about to overflow, but ...
echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1
fi
+ # most tests just need one signed Release file, not both
+ export APT_DONT_SIGN='Release.gpg'
+
msgdone "info"
}
mkdir -p ${BUILDDIR}/debian/source
cd ${BUILDDIR}
echo "* most suckless software product ever" > FEATURES
- test -e debian/copyright || echo "Copyleft by Joe Sixpack $(date +%Y)" > debian/copyright
+ test -e debian/copyright || echo "Copyleft by Joe Sixpack $(date -u +%Y)" > debian/copyright
test -e debian/changelog || echo "$NAME ($VERSION) $RELEASE; urgency=low
* Initial release
- -- Joe Sixpack <joe@example.org> $(date -R)" > debian/changelog
+ -- Joe Sixpack <joe@example.org> $(date -u -R)" > debian/changelog
test -e debian/control || echo "Source: $NAME
Section: $SECTION
Priority: optional
echo "#!/bin/sh
echo '$NAME says \"Hello!\"'" > "${BUILDDIR}/${NAME}"
- echo "Copyleft by Joe Sixpack $(date +%Y)" > "${BUILDDIR}/debian/copyright"
+ echo "Copyleft by Joe Sixpack $(date -u +%Y)" > "${BUILDDIR}/debian/copyright"
echo "$NAME ($VERSION) $RELEASE; urgency=low
* Initial release
- -- Joe Sixpack <joe@example.org> $(date -R)" > "${BUILDDIR}/debian/changelog"
+ -- Joe Sixpack <joe@example.org> $(date -u -R)" > "${BUILDDIR}/debian/changelog"
{
echo "Source: $NAME
Priority: $PRIORITY
fi
if [ -n "$DATE" -a "$DATE" != "now" ]; then
for release in $(find ./aptarchive -name 'Release'); do
- sed -i "s/^Date: .*$/Date: $(date -d "$DATE" '+%a, %d %b %Y %H:%M:%S %Z')/" "$release"
+ sed -i "s/^Date: .*$/Date: $(date -u -d "$DATE" '+%a, %d %b %Y %H:%M:%S %Z')/" "$release"
touch -d "$DATE" "$release"
done
fi
if [ -n "$VALIDUNTIL" ]; then
sed -i "/^Date: / a\
-Valid-Until: $(date -d "$VALIDUNTIL" '+%a, %d %b %Y %H:%M:%S %Z')" $(find ./aptarchive -name 'Release')
+Valid-Until: $(date -u -d "$VALIDUNTIL" '+%a, %d %b %Y %H:%M:%S %Z')" $(find ./aptarchive -name 'Release')
fi
msgdone "info"
}
}
signreleasefiles() {
- local SIGNER="${1:-Joe Sixpack}"
+ local SIGNERS="${1:-Joe Sixpack}"
local REPODIR="${2:-aptarchive}"
- local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
- local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}"
- msgninfo "\tSign archive with $SIGNER key $KEY… "
+ if [ -n "$1" ]; then shift; fi
+ if [ -n "$1" ]; then shift; fi
+ local KEY="keys/$(echo "$SIGNERS" | tr 'A-Z' 'a-z' | tr -d ' ,')"
+ msgninfo "\tSign archive with $SIGNERS key $KEY… "
local REXKEY='keys/rexexpired'
local SECEXPIREBAK="${REXKEY}.sec.bak"
local PUBEXPIREBAK="${REXKEY}.pub.bak"
- if [ "${SIGNER}" = 'Rex Expired' ]; then
- # the key is expired, so gpg doesn't allow to sign with and the --faked-system-time
- # option doesn't exist anymore (and using faketime would add a new obscure dependency)
- # therefore we 'temporary' make the key not expired and restore a backup after signing
- cp "${REXKEY}.sec" "$SECEXPIREBAK"
- cp "${REXKEY}.pub" "$PUBEXPIREBAK"
- local SECUNEXPIRED="${REXKEY}.sec.unexpired"
- local PUBUNEXPIRED="${REXKEY}.pub.unexpired"
- if [ -f "$SECUNEXPIRED" ] && [ -f "$PUBUNEXPIRED" ]; then
- cp "$SECUNEXPIRED" "${REXKEY}.sec"
- cp "$PUBUNEXPIRED" "${REXKEY}.pub"
- else
- if ! printf "expire\n1w\nsave\n" | $GPG --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then
- cat setexpire.gpg
- exit 1
+ local SIGUSERS=""
+ while [ -n "${SIGNERS%%,*}" ]; do
+ local SIGNER="${SIGNERS%%,*}"
+ if [ "${SIGNERS}" = "${SIGNER}" ]; then
+ SIGNERS=""
+ fi
+ SIGNERS="${SIGNERS#*,}"
+ # FIXME: This should be the full name, but we can't encode the space properly currently
+ SIGUSERS="${SIGUSERS} -u ${SIGNER#* }"
+ if [ "${SIGNER}" = 'Rex Expired' ]; then
+ # the key is expired, so gpg doesn't allow to sign with and the --faked-system-time
+ # option doesn't exist anymore (and using faketime would add a new obscure dependency)
+ # therefore we 'temporary' make the key not expired and restore a backup after signing
+ cp "${REXKEY}.sec" "$SECEXPIREBAK"
+ cp "${REXKEY}.pub" "$PUBEXPIREBAK"
+ local SECUNEXPIRED="${REXKEY}.sec.unexpired"
+ local PUBUNEXPIRED="${REXKEY}.pub.unexpired"
+ if [ -f "$SECUNEXPIRED" ] && [ -f "$PUBUNEXPIRED" ]; then
+ cp "$SECUNEXPIRED" "${REXKEY}.sec"
+ cp "$PUBUNEXPIRED" "${REXKEY}.pub"
+ else
+ if ! printf "expire\n1w\nsave\n" | aptkey --quiet --keyring "${REXKEY}.pub" --secret-keyring "${REXKEY}.sec" \
+ --readonly adv --batch --yes --digest-algo "${APT_TESTS_DIGEST_ALGO:-SHA512}" \
+ --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then
+ cat setexpire.gpg
+ exit 1
+ fi
+ cp "${REXKEY}.sec" "$SECUNEXPIRED"
+ cp "${REXKEY}.pub" "$PUBUNEXPIRED"
fi
- cp "${REXKEY}.sec" "$SECUNEXPIRED"
- cp "${REXKEY}.pub" "$PUBUNEXPIRED"
fi
+ if [ ! -e "${KEY}.pub" ]; then
+ local K="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | tr -d ' ,')"
+ cat "${K}.pub" >> "${KEY}.new.pub"
+ cat "${K}.sec" >> "${KEY}.new.sec"
+ fi
+ done
+ if [ ! -e "${KEY}.pub" ]; then
+ mv "${KEY}.new.pub" "${KEY}.pub"
+ mv "${KEY}.new.sec" "${KEY}.sec"
fi
+ local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}"
for RELEASE in $(find "${REPODIR}/" -name Release); do
- testsuccess $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
- local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
- testsuccess $GPG --default-key "$SIGNER" --clearsign --output "$INRELEASE" "$RELEASE"
# we might have set a specific date for the Release file, so copy it
- touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}"
+ local DATE="$(stat --format "%y" "${RELEASE}")"
+ if [ "$APT_DONT_SIGN" = 'Release.gpg' ]; then
+ rm -f "${RELEASE}.gpg"
+ else
+ testsuccess $GPG "$@" $SIGUSERS --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
+ touch -d "$DATE" "${RELEASE}.gpg"
+ fi
+ local INRELEASE="${RELEASE%/*}/InRelease"
+ if [ "$APT_DONT_SIGN" = 'InRelease' ]; then
+ rm -f "$INRELEASE"
+ else
+ testsuccess $GPG "$@" $SIGUSERS --clearsign --output "$INRELEASE" "$RELEASE"
+ touch -d "$DATE" "${INRELEASE}"
+ fi
done
if [ -f "$SECEXPIREBAK" ] && [ -f "$PUBEXPIREBAK" ]; then
mv -f "$SECEXPIREBAK" "${REXKEY}.sec"
}
redatereleasefiles() {
- local DATE="$(date -d "$1" '+%a, %d %b %Y %H:%M:%S %Z')"
+ local DATE="$(date -u -d "$1" '+%a, %d %b %Y %H:%M:%S %Z')"
for release in $(find aptarchive/ -name 'Release'); do
sed -i "s/^Date: .*$/Date: ${DATE}/" "$release"
touch -d "$DATE" "$release"
local EXITCODE=$?
if expr match "$1" '^apt.*' >/dev/null; then
if [ "$1" = 'aptkey' ]; then
- if grep -q -E " Can't check signature: " "$OUTPUT" || \
- grep -q -E " BAD signature from " "$OUTPUT"; then
+ if grep -q " Can't check signature:
+ BAD signature from
+ signature could not be verified" "$OUTPUT"; then
msgpass
else
msgfailoutput "run failed with exitcode ${EXITCODE}, but no signature error" "$OUTPUT" "$@"
projects / apt.git / blobdiff