diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2016-08-25 12:42:36 +0200 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2016-11-23 16:21:55 +0100 |
| commit | d6479b781983deba01048cf88f86f7a619cbf1b1 (patch) | |
| tree | cae0f1b3f9699c7f63212980bbde7544110e0c9f /test | |
| parent | 50e78e29da6fe8cf5ff2f733f9aa0e8673ed480d (diff) | |
apt-key: warn instead of fail on unreadable keyrings
apt-key has inconsistent behaviour if it can't read a keyring file:
Commands like 'list' skipped silently over such keyrings while 'verify'
failed hard resulting in apt to report cconfusing gpg errors (#834973).
As a first step we teach apt-key to be more consistent here skipping in
all commands over unreadable keyrings, but issuing a warning in the
process, which is as usual for apt commands displayed at the end of the
run.
(cherry picked from commit 105503b4b470c124bc0c271bd8a50e25ecbe9133)
(removed the buffering of warnings in aptwarnings.log, as we do not
have a cleanup function where we can cat it)
LP: #1642386
Diffstat (limited to 'test')
| -rwxr-xr-x | test/integration/test-apt-key | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index ddb9bf9d2..1929550c6 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -82,6 +82,21 @@ gpg: unchanged: 1' aptkey --fakeroot update testsuccess --nomsg aptkey --fakeroot del d141dbac8dae testempty aptkey list + if [ "$(id -u)" != '0' ]; then + msgtest 'Test key removal with' 'unreadable key' + cleanplate + cp -a "keys/joesixpack.pub" "rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg" + echo 'foobar' > "rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg" + chmod 000 "rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg" + aptkey --fakeroot del d141dbac8dae + testwarning --nomsg aptkey --fakeroot del d141dbac8dae + testwarning aptkey list + chmod 644 "rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg" + rm -f "rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg" + grep -v '^W: ' "rootdir/tmp/testwarning.output" > "rootdir/aptkeylist.output" || true + testempty cat "rootdir/aptkeylist.output" + fi + msgtest 'Test key removal with' 'single key in real file' cleanplate cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg @@ -189,6 +204,17 @@ gpg: unchanged: 1' aptkey --fakeroot update msgtest 'Test verify a file' 'with all keys' testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature + if [ "$(id -u)" != '0' ]; then + msgtest 'Test verify a file' 'with unreadable key' + echo 'foobar' > "rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg" + chmod 000 "rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg" + aptkey --quiet --readonly verify "signature.gpg" "signature" + testwarning --nomsg aptkey --quiet --readonly verify "signature.gpg" "signature" + testwarning aptkey list + chmod 644 "rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg" + rm -f "rootdir/etc/apt/trusted.gpg.d/unreadablekey.gpg" + fi + msgtest 'Test verify a file' 'with good keyring' testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature |