use apt-key to wrap gpg calls in testcases

beside testing apt-key a bit it also avoids duplicating gpghome setup
code in apt-key and the test framework

Git-Dch: Ignore

diff --git a/test/integration/framework b/test/integration/framework
index a9ba0014f5e34547917422112ac9b5ec638cadcd..1ab01b20a151d1dd2bdcee8ab4e26875703fcbd4 100644 (file)
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -133,13 +133,6 @@ gdb() {
        shift
        runapt command gdb --quiet -ex run "${BUILDDIRECTORY}/$CMD" --args "${BUILDDIRECTORY}/$CMD" "$@"
 }
        shift
        runapt command gdb --quiet -ex run "${BUILDDIRECTORY}/$CMD" --args "${BUILDDIRECTORY}/$CMD" "$@"
 }

-gpg() {
-       # see apt-key for the whole trickery. Setup is done in setupenvironment
-       command gpg --ignore-time-conflict --no-options --no-default-keyring \
-               --homedir "${TMPWORKINGDIRECTORY}/gnupghome" \
-               --no-auto-check-trustdb --trust-model always \
-               "$@"
-}

 
 exitwithstatus() {
         # error if we about to overflow, but ...
 
 exitwithstatus() {
         # error if we about to overflow, but ...


@@ -239,19 +232,6 @@ setupenvironment() {
         echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
        configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
 
         echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
        configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
 

-       # gpg needs a trustdb to function, but it can't be invalid (not even empty)
-       # see also apt-key where this trickery comes from:
-       local TRUSTDBDIR="${TMPWORKINGDIRECTORY}/gnupghome"
-       mkdir "$TRUSTDBDIR"
-       chmod 700 "$TRUSTDBDIR"
-       # We also don't use a secret keyring, of course, but gpg panics and
-       # implodes if there isn't one available - and writeable for imports
-       local SECRETKEYRING="${TRUSTDBDIR}/secring.gpg"
-       touch $SECRETKEYRING
-       # now create the trustdb with an (empty) dummy keyring
-       # newer gpg versions are fine without it, but play it safe for now
-       gpg --quiet --check-trustdb --secret-keyring $SECRETKEYRING --keyring $SECRETKEYRING >/dev/null 2>&1
-

        # cleanup the environment a bit
         # prefer our apt binaries over the system apt binaries
        export PATH="${BUILDDIRECTORY}:${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
        # cleanup the environment a bit
         # prefer our apt binaries over the system apt binaries
        export PATH="${BUILDDIRECTORY}:${PATH}:/usr/local/sbin:/usr/sbin:/sbin"


@@ -449,8 +429,8 @@ Package: $NAME" >> ${BUILDDIR}/debian/control
                | while read SRC; do
                echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist
 #              if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then
                | while read SRC; do
                echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist
 #              if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then

-#                      gpg --yes --secret-keyring ./keys/joesixpack.sec \
-#                              --keyring ./keys/joesixpack.pub --default-key 'Joe Sixpack' \
+#                      aptkey --keyring ./keys/joesixpack.pub --quiet adv --yes \
+#                              --secret-keyring ./keys/joesixpack.sec --default-key 'Joe Sixpack' \

 #                              --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
 #                      mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
 #              fi
 #                              --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
 #                      mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC"
 #              fi


@@ -835,8 +815,9 @@ setupaptarchive() {
 
 signreleasefiles() {
        local SIGNER="${1:-Joe Sixpack}"
 
 signreleasefiles() {
        local SIGNER="${1:-Joe Sixpack}"

-       local GPG="gpg --batch --yes"
-       msgninfo "\tSign archive with $SIGNER key… "
+       local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
+       local GPG="aptkey --quiet --keyring ${KEY}.pub adv --batch --yes --secret-keyring ${KEY}.sec"
+       msgninfo "\tSign archive with $SIGNER key $KEY… "

        local REXKEY='keys/rexexpired'
        local SECEXPIREBAK="${REXKEY}.sec.bak"
        local PUBEXPIREBAK="${REXKEY}.pub.bak"
        local REXKEY='keys/rexexpired'
        local SECEXPIREBAK="${REXKEY}.sec.bak"
        local PUBEXPIREBAK="${REXKEY}.pub.bak"


@@ -852,17 +833,14 @@ signreleasefiles() {
                        cp $SECUNEXPIRED ${REXKEY}.sec
                        cp $PUBUNEXPIRED ${REXKEY}.pub
                else
                        cp $SECUNEXPIRED ${REXKEY}.sec
                        cp $PUBUNEXPIRED ${REXKEY}.pub
                else

-                       printf "expire\n1w\nsave\n" | $GPG --keyring ${REXKEY}.pub --secret-keyring ${REXKEY}.sec --command-fd 0 --edit-key "${SIGNER}" >/dev/null 2>&1 || true
+                       if ! printf "expire\n1w\nsave\n" | $GPG --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then
+                               cat setexpire.gpg
+                               exit 1
+                       fi

                        cp ${REXKEY}.sec $SECUNEXPIRED
                        cp ${REXKEY}.pub $PUBUNEXPIRED
                fi
        fi
                        cp ${REXKEY}.sec $SECUNEXPIRED
                        cp ${REXKEY}.pub $PUBUNEXPIRED
                fi
        fi

-       for KEY in $(find keys/ -name '*.sec'); do
-               GPG="$GPG --secret-keyring $KEY"
-       done
-       for KEY in $(find keys/ -name '*.pub'); do
-               GPG="$GPG --keyring $KEY"
-       done

        for RELEASE in $(find aptarchive/ -name Release); do
                $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output ${RELEASE}.gpg ${RELEASE}
                local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
        for RELEASE in $(find aptarchive/ -name Release); do
                $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output ${RELEASE}.gpg ${RELEASE}
                local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"