From 4e03c47de15164f2656d9655edab6fb3570cb2f2 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 7 Jul 2015 22:11:20 +0200 Subject: implement Signed-By without using gpg for verification The previous commit returns to the possibility of using just gpgv for verification proposes. There is one problem through: We can't enforce a specific keyid without using gpg, but our acquire method can as it parses gpgv output anyway, so it can deal with good signatures from not expected signatures and treats them as unknown keys instead. Git-Dch: Ignore --- test/integration/test-apt-key | 1 + test/integration/test-releasefile-verification | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'test/integration') diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 1226e7dc4..a1a0d883d 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -204,6 +204,7 @@ gpg: unchanged: 1' aptkey --fakeroot update testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature testfailure test -e keys/does-not-exist.pub + # note: this isn't how apts gpgv method implements keyid for verify msgtest 'Test verify a file' 'with good keyid' testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 1c3953c8b..759242514 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -92,7 +92,7 @@ touch aptarchive/apt.deb PKGFILE="${TESTDIR}/$(echo "$(basename $0)" | sed 's#^test-#Packages-#')" updatewithwarnings() { - testwarning aptget update + testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 testsuccess grep -E "$1" rootdir/tmp/testwarning.output } @@ -225,7 +225,7 @@ runtest() { signreleasefiles 'Joe Sixpack' find aptarchive/ -name "$DELETEFILE" -delete msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack' - updatewithwarnings '^W: .* NO_PUBKEY' + updatewithwarnings '^W: .* be verified because the public key is not available: .*' sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/* } -- cgit v1.2.3