diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2016-08-25 12:42:36 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2016-08-25 12:42:36 +0200 |
| commit | 105503b4b470c124bc0c271bd8a50e25ecbe9133 (patch) | |
| tree | 49e22d13d56a4555150214e59542160af2cc4f03 /test | |
| parent | 70ff288b98a7aae2c2808112015d34f76f2d5114 (diff) | |
apt-key: warn instead of fail on unreadable keyrings
apt-key has inconsistent behaviour if it can't read a keyring file:
Commands like 'list' skipped silently over such keyrings while 'verify'
failed hard resulting in apt to report cconfusing gpg errors (#834973).
As a first step we teach apt-key to be more consistent here skipping in
all commands over unreadable keyrings, but issuing a warning in the
process, which is as usual for apt commands displayed at the end of the
run.
Diffstat (limited to 'test')
| -rwxr-xr-x | test/integration/test-apt-key | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 759ce1487..96cfe41fa 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -81,6 +81,20 @@ gpg: unchanged: 1' aptkey --fakeroot update testsuccess --nomsg aptkey --fakeroot del d141dbac8dae testempty aptkey list + if [ "$(id -u)" != '0' ]; then + msgtest 'Test key removal with' 'unreadable key' + cleanplate + cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" + echo 'foobar' > "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" + chmod 000 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" + testwarning --nomsg aptkey --fakeroot del d141dbac8dae + testwarning aptkey list + chmod 644 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" + rm -f "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" + grep -v '^W: ' "${ROOTDIR}/tmp/testwarning.output" > "${ROOTDIR}/aptkeylist.output" || true + testempty cat "${ROOTDIR}/aptkeylist.output" + fi + msgtest 'Test key removal with' 'single key in real file' cleanplate cp -a "${KEYDIR}/joesixpack.pub" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.gpg" @@ -202,6 +216,16 @@ gpg: unchanged: 1' aptkey --fakeroot update msgtest 'Test verify a file' 'with all keys' testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" + if [ "$(id -u)" != '0' ]; then + msgtest 'Test verify a file' 'with unreadable key' + echo 'foobar' > "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" + chmod 000 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" + testwarning --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}" + testwarning aptkey list + chmod 644 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" + rm -f "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.gpg" + fi + msgtest 'Test verify a file' 'with good keyring' testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}.gpg" "${SIGNATURE}" |