diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-04-28 22:02:50 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-05-01 10:50:24 +0200 |
commit | 1af227c2eaad386f0917fc4f36c84fd5999b884e (patch) | |
tree | b497994bda9566413ed517eebba22eb3226f49e7 /test/integration | |
parent | f13b413a3bb1f03886ba7d8c43b08bd13836a663 (diff) |
gpgv: handle expired sig as worthless
Signatures on data can have an expiration date, too, which we hadn't
handled previously explicitly (no problem – gpg still has a non-zero
exit code so apt notices the invalid signature) so the error message
wasn't as helpful as it could be (aka mentioning the key signing it).
Diffstat (limited to 'test/integration')
-rw-r--r-- | test/integration/framework | 6 | ||||
-rwxr-xr-x | test/integration/test-releasefile-verification | 23 |
2 files changed, 27 insertions, 2 deletions
diff --git a/test/integration/framework b/test/integration/framework index a68209326..a5cc842ba 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1084,6 +1084,8 @@ setupaptarchive() { signreleasefiles() { local SIGNER="${1:-Joe Sixpack}" local REPODIR="${2:-aptarchive}" + if [ -n "$1" ]; then shift; fi + if [ -n "$1" ]; then shift; fi local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes --digest-algo ${APT_TESTS_DIGEST_ALGO:-SHA512}" msgninfo "\tSign archive with $SIGNER key $KEY… " @@ -1111,9 +1113,9 @@ signreleasefiles() { fi fi for RELEASE in $(find "${REPODIR}/" -name Release); do - testsuccess $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" + testsuccess $GPG "$@" --default-key "$SIGNER" --armor --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')" - testsuccess $GPG --default-key "$SIGNER" --clearsign --output "$INRELEASE" "$RELEASE" + testsuccess $GPG "$@" --default-key "$SIGNER" --clearsign --output "$INRELEASE" "$RELEASE" # we might have set a specific date for the Release file, so copy it touch -d "$(stat --format "%y" ${RELEASE})" "${RELEASE}.gpg" "${INRELEASE}" done diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 10b830449..a061832b6 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -129,6 +129,29 @@ runtest() { failaptold rm rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg + msgmsg 'Cold archive expired signed by' 'Joe Sixpack' + if dpkg --compare-versions "$(aptkey adv --version | head -n 2 | tail -n 1 | cut -d' ' -f 3)" '>=' '2.1' >/dev/null 2>&1; then + touch rootdir/etc/apt/apt.conf.d/99gnupg2 + elif gpg2 --version >/dev/null 2>&1; then + echo 'Apt::Key::gpgcommand "gpg2";' > rootdir/etc/apt/apt.conf.d/99gnupg2 + if ! dpkg --compare-versions "$(aptkey adv --version | head -n 2 | tail -n 1 | cut -d' ' -f 3)" '>=' '2.1' >/dev/null 2>&1; then + rm rootdir/etc/apt/apt.conf.d/99gnupg2 + fi + fi + if [ -e rootdir/etc/apt/apt.conf.d/99gnupg2 ]; then + prepare "${PKGFILE}" + rm -rf rootdir/var/lib/apt/lists + signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01 + find aptarchive/ -name "$DELETEFILE" -delete + updatewithwarnings '^W: .* EXPSIG' + testsuccessequal "$(cat "${PKGFILE}") +" aptcache show apt + failaptold + rm -f rootdir/etc/apt/apt.conf.d/99gnupg2 + else + msgskip 'Not a new enough gpg available providing --fake-system-time' + fi + msgmsg 'Cold archive signed by' 'Marvin Paranoid' prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists |