diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-04-29 10:16:42 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-05-01 10:50:24 +0200 |
commit | 46e00c9062d09a642973e83a334483db1f310397 (patch) | |
tree | 6c498258c3e0ffb7e330c82506bb94e9f749b41a /test/integration | |
parent | 5419a6ce20967902102358a07632ae3688788d62 (diff) |
support multiple fingerprints in signed-by
A keyring file can include multiple keys, so its only fair for
transitions and such to support multiple fingerprints as well.
Diffstat (limited to 'test/integration')
-rwxr-xr-x | test/integration/test-releasefile-verification | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 5da0a8292..e2e1b5b76 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -33,6 +33,7 @@ prepare() { } installaptold() { + rm -rf rootdir/var/cache/apt/archives testsuccessequal "Reading package lists... Building dependency tree... Suggested packages: @@ -249,30 +250,57 @@ runtest() { signreleasefiles 'Joe Sixpack' find aptarchive/ -name "$DELETEFILE" -delete updatewithwarnings '^W: .* NO_PUBKEY' - sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* + local MARVIN="$(aptkey --keyring $MARVIN finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' + rm -rf rootdir/var/lib/apt/lists + signreleasefiles 'Joe Sixpack' + find aptarchive/ -name "$DELETEFILE" -delete + sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/* + updatewithwarnings '^W: .* be verified because the public key is not available: .*' msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid' - prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Marvin Paranoid' find aptarchive/ -name "$DELETEFILE" -delete - sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/* cp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg successfulaptgetupdate testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt installaptold - rm -f rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg - msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' + msgmsg 'Cold archive signed by good keyid' 'Marvin Paranoid,Joe Sixpack' + rm -rf rootdir/var/lib/apt/lists + signreleasefiles 'Marvin Paranoid,Joe Sixpack' + find aptarchive/ -name "$DELETEFILE" -delete + successfulaptgetupdate 'NoPubKey: GOODSIG' + testsuccessequal "$(cat "${PKGFILE}") +" aptcache show apt + installaptold + + local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' rm -rf rootdir/var/lib/apt/lists signreleasefiles 'Joe Sixpack' find aptarchive/ -name "$DELETEFILE" -delete - updatewithwarnings '^W: .* be verified because the public key is not available: .*' + sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 [signed-by=${SIXPACK},${MARVIN}] #" rootdir/etc/apt/sources.list.d/* + successfulaptgetupdate + testsuccessequal "$(cat "${PKGFILE}") +" aptcache show apt + installaptold + + local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')" + msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack' + rm -rf rootdir/var/lib/apt/lists + sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${SIXPACK},${MARVIN}\] #\1 [signed-by=${MARVIN},${SIXPACK}] #" rootdir/etc/apt/sources.list.d/* + successfulaptgetupdate + testsuccessequal "$(cat "${PKGFILE}") +" aptcache show apt + installaptold + rm -f rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg + sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${MARVIN},${SIXPACK}\] #\1 #" rootdir/etc/apt/sources.list.d/* - sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* } runtest2() { |