apt-key: warn instead of fail on unreadable keyrings

[apt.git] / test / integration / test-releasefile-verification

diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index a95c20fd45be3fc1f71ef9e7bb212bba6c593155..20ca613da6467117e13eb084683d159f013a4713 100755 (executable)
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -7,12 +7,11 @@ TESTDIR="$(readlink -f "$(dirname "$0")")"
 setupenvironment
 configarchitecture "i386"
 
+export APT_DONT_SIGN='Release.gpg'
 buildaptarchive
 setupflataptarchive
 changetowebserver
 
-webserverconfig 'aptwebserver::support::range' 'false'
-
 prepare() {
        local DATE="${2:-now}"
        if [ "$DATE" = 'now' ]; then
@@ -238,7 +237,7 @@ runtest() {
        updatewithwarnings '^W: .* NO_PUBKEY'
        sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/*
 
-       local MARVIN="$(aptkey --keyring $MARVIN finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')"
+       local MARVIN="$(aptkey --keyring $MARVIN finger --with-colons | grep '^fpr' | cut -d':' -f 10)"
        msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack'
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Joe Sixpack'
@@ -262,7 +261,7 @@ runtest() {
 " aptcache show apt
        installaptold
 
-       local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')"
+       local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger --with-colons | grep '^fpr' | cut -d':' -f 10)"
        msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
        rm -rf rootdir/var/lib/apt/lists
        signreleasefiles 'Joe Sixpack'
@@ -272,7 +271,6 @@ runtest() {
 " aptcache show apt
        installaptold
 
-       local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')"
        msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
        rm -rf rootdir/var/lib/apt/lists
        sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${SIXPACK},${MARVIN}\] #\1 [signed-by=${MARVIN},${SIXPACK}] #" rootdir/etc/apt/sources.list.d/*
@@ -368,7 +366,7 @@ runtest3() {
                export APT_DONT_SIGN="$DELETEFILE"
                msgmsg "Running test with deletion of $DELETEFILE and $1 digest"
                runtest
-               unset APT_DONT_SIGN
+               export APT_DONT_SIGN='Release.gpg'
        done
 }
 
@@ -378,7 +376,7 @@ cat > rootdir/etc/apt/apt.conf.d/weaken-security <<EOF
 Acquire::AllowInsecureRepositories "1";
 Acquire::AllowDowngradeToInsecureRepositories "1";
 EOF
-# the hash marked as configureable in our gpgv method
+# the hash marked as configurable in our gpgv method
 export APT_TESTS_DIGEST_ALGO='SHA224'
 
 successfulaptgetupdate() {
@@ -413,6 +411,11 @@ runfailure() {
                testnopackage 'apt'
                testwarning aptget update --allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
                failaptold
+               rm -rf rootdir/var/lib/apt/lists
+               sed -i 's#^deb\(-src\)\? #deb\1 [allow-insecure=yes] #' rootdir/etc/apt/sources.list.d/*
+               testwarning aptget update --no-allow-insecure-repositories -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
+               failaptold
+               sed -i 's#^deb\(-src\)\? \[allow-insecure=yes\] #deb\1 #' rootdir/etc/apt/sources.list.d/*
 
                msgmsg 'Cold archive signed by' 'Marvin Paranoid'
                prepare "${PKGFILE}"
@@ -424,7 +427,7 @@ runfailure() {
                testsuccessequal "$(cat "${PKGFILE}")
 " aptcache show apt
                failaptold
-               unset APT_DONT_SIGN
+               export APT_DONT_SIGN='Release.gpg'
        done
 }
 runfailure