summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2018-08-17 16:33:41 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2018-09-11 13:16:11 +0200
commit8375d5b58038fc026098dcccc3de87cd9d740334 (patch)
treea7a746154a32e6370293c4bc693692dcdc796dc7 /test
parentff8fa4ab4b80384a9240f0df63181f71077a8d83 (diff)
Support multiple keyrings in sources.list Signed-By
A user can specify multiple fingerprints for a while now, so its seems counter-intuitive to support only one keyring, especially if this isn't really checked or enforced and while unlikely mixtures of both should work properly, too, instead of a kinda random behaviour.
Diffstat (limited to 'test')
-rwxr-xr-xtest/integration/test-apt-key16
-rwxr-xr-xtest/integration/test-method-gpgv16
-rwxr-xr-xtest/integration/test-releasefile-verification31
3 files changed, 55 insertions, 8 deletions
diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key
index d690a9026..a1e633ca3 100755
--- a/test/integration/test-apt-key
+++ b/test/integration/test-apt-key
@@ -89,6 +89,14 @@ gpg: unchanged: 1' aptkey --fakeroot update
testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.export"
testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.exportall"
+ msgtest 'Check that multiple keys can be' 'exported'
+ aptkey export 'Sixpack' 'Expired' > "${TMPWORKINGDIRECTORY}/aptkey.export" 2>/dev/null
+ aptkey --keyring "${KEYDIR}/rexexpired.pub.${EXT}" \
+ --keyring "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" exportall > "${TMPWORKINGDIRECTORY}/aptkey.exportall"
+ testsuccess --nomsg cmp "${TMPWORKINGDIRECTORY}/aptkey.export" "${TMPWORKINGDIRECTORY}/aptkey.exportall"
+ testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.export"
+ testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.exportall"
+
msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
${TESTSTATE} --nomsg aptkey --fakeroot update
@@ -274,6 +282,14 @@ gpg: unchanged: 1' aptkey --fakeroot update
msgtest 'Test verify a file' 'with good keyring'
testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
+ msgtest 'Test verify a file' 'with good keyrings 1'
+ testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/joesixpack.pub.${EXT}" \
+ --keyring "${KEYDIR}/marvinparanoid.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
+
+ msgtest 'Test verify a file' 'with good keyrings 2'
+ testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/marvinparanoid.pub.${EXT}" \
+ --keyring "${KEYDIR}/joesixpack.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
+
msgtest 'Test fail verify a file' 'with bad keyring'
testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/joesixpack.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
diff --git a/test/integration/test-method-gpgv b/test/integration/test-method-gpgv
index 2b53648f0..b7cf11bdc 100755
--- a/test/integration/test-method-gpgv
+++ b/test/integration/test-method-gpgv
@@ -92,7 +92,21 @@ Config-Item: APT::Hashes::SHA1::Weak=true
600 URI Acquire
URI: file:///dev/null
Filename: /dev/zero
-Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
+Signed-By: /dev/null,34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
+' | runapt "${METHODSDIR}/gpgv"
+}
+testrun
+
+gpgvmethod() {
+ echo '601 Configuration
+Config-Item: Debug::Acquire::gpgv=1
+Config-Item: Dir::Bin::apt-key=./faked-apt-key
+Config-Item: APT::Hashes::SHA1::Weak=true
+
+600 URI Acquire
+URI: file:///dev/null
+Filename: /dev/zero
+Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE,/dev/null
' | runapt "${METHODSDIR}/gpgv"
}
testrun
diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index f61d93f79..382d89ecd 100755
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -233,22 +233,39 @@ runtest() {
" aptcache show apt
installaptnew
- msgmsg 'Cold archive signed by good keyring' 'Marvin Paranoid'
- prepare "${PKGFILE}"
+ msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
- signreleasefiles 'Marvin Paranoid'
local MARVIN="$(readlink -f keys/marvinparanoid.pub)"
sed -i "s#^\(deb\(-src\)\?\) #\1 [signed-by=$MARVIN] #" rootdir/etc/apt/sources.list.d/*
+ updatewithwarnings '^W: .* NO_PUBKEY'
+
+ msgmsg 'Cold archive signed by good keyring' 'Marvin Paranoid'
+ prepare "${PKGFILE}"
+ signreleasefiles 'Marvin Paranoid'
+ rm -rf rootdir/var/lib/apt/lists
successfulaptgetupdate
testsuccessequal "$(cat "${PKGFILE}")
" aptcache show apt
installaptold
- msgmsg 'Cold archive signed by bad keyring' 'Joe Sixpack'
+ msgmsg 'Cold archive signed by good keyrings' 'Marvin Paranoid, Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
- signreleasefiles 'Joe Sixpack'
- updatewithwarnings '^W: .* NO_PUBKEY'
- sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/*
+ local SIXPACK="$(readlink -f keys/joesixpack.pub)"
+ sed -i "s# \[signed-by=[^]]\+\] # [signed-by=$MARVIN,$SIXPACK] #" rootdir/etc/apt/sources.list.d/*
+ successfulaptgetupdate
+ testsuccessequal "$(cat "${PKGFILE}")
+" aptcache show apt
+ installaptold
+
+ msgmsg 'Cold archive signed by good keyrings' 'Joe Sixpack, Marvin Paranoid'
+ rm -rf rootdir/var/lib/apt/lists
+ local SIXPACK="$(readlink -f keys/joesixpack.pub)"
+ sed -i "s# \[signed-by=[^]]\+\] # [signed-by=$SIXPACK,$MARVIN] #" rootdir/etc/apt/sources.list.d/*
+ successfulaptgetupdate
+ testsuccessequal "$(cat "${PKGFILE}")
+" aptcache show apt
+ installaptold
+ sed -i "s# \[signed-by=[^]]\+\] # #" rootdir/etc/apt/sources.list.d/*
local MARVIN="$(aptkey --keyring $MARVIN finger --with-colons | grep '^fpr' | cut -d':' -f 10)"
msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack'