From 12841e8320aa499554ac50b102b222900bb1b879 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 24 Jan 2014 23:48:11 +0100 Subject: use apt-key adv (+ gnupg) instead of gpgv for verify apt-key does the keyring merge as we need it, so we just call it instead of reimplementing it to do the merging before gpgv. This means we don't use gpgv anymore (we never depended on it explicitly - bad style), but it also means that the message in apt-cdrom add is a bit less friendly as it says loudly "untrusted key", but for a one-time command its okay. --- test/integration/framework | 1 + test/integration/test-apt-cdrom | 2 +- test/integration/test-apt-key-net-update | 7 +++++- .../integration/test-bug-733028-gpg-resource-limit | 27 ++++++++++++++++++++++ 4 files changed, 35 insertions(+), 2 deletions(-) create mode 100755 test/integration/test-bug-733028-gpg-resource-limit (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 7cf4d8a6d..a9ba0014f 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -223,6 +223,7 @@ setupenvironment() { echo "Debug::NoLocking \"true\";" >> aptconfig.conf echo "APT::Get::Show-User-Simulation-Note \"false\";" >> aptconfig.conf echo "Dir::Bin::Methods \"${METHODSDIR}\";" >> aptconfig.conf + echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf echo "Dir::Bin::dpkg \"fakeroot\";" >> aptconfig.conf echo "DPKG::options:: \"dpkg\";" >> aptconfig.conf echo "DPKG::options:: \"--root=${TMPWORKINGDIRECTORY}/rootdir\";" >> aptconfig.conf diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom index 8d8fdf167..9fbc4288d 100755 --- a/test/integration/test-apt-cdrom +++ b/test/integration/test-apt-cdrom @@ -29,7 +29,7 @@ aptcdromlog() { test ! -e rootdir/media/cdrom || echo "CD-ROM is mounted, but shouldn't be!" test -e rootdir/media/cdrom-unmounted || echo "Unmounted CD-ROM doesn't exist, but it should!" aptcdrom "$@" -o quiet=1 >rootdir/tmp/apt-cdrom.log 2>&1 aptkey.list +testfileequal ./aptkey.list 'pub 1024R/F68C85A3 2013-12-19 +pub 2048R/DBAC8DAE 2010-08-18' # now try a different one # setup archive-keyring @@ -40,4 +43,6 @@ echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf testequal "Checking for new archive signing keys now Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update - +aptkey list | grep '^pub' > aptkey.list +testfileequal ./aptkey.list 'pub 1024R/F68C85A3 2013-12-19 +pub 2048R/DBAC8DAE 2010-08-18' diff --git a/test/integration/test-bug-733028-gpg-resource-limit b/test/integration/test-bug-733028-gpg-resource-limit new file mode 100755 index 000000000..f9c804963 --- /dev/null +++ b/test/integration/test-bug-733028-gpg-resource-limit @@ -0,0 +1,27 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'i386' + +insertpackage 'unstable' 'foobar' 'all' '1' + +setupaptarchive --no-update + +for i in $(seq 1 50); do + touch rootdir/etc/apt/trusted.gpg.d/emptykey-${i}.gpg +done + +aptkey list | grep '^pub' > aptkey.list +testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + +msgtest 'Test for no gpg errors/warnings in' 'apt-get update' +aptget update > update.log 2>&1 +if grep -iq 'GPG' update.log; then + msgfail + cat update.log +else + msgpass +fi -- cgit v1.2.3 From 93d0d08cdd6854f9bfb779c13b5b78cd6ed263aa Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 26 Jan 2014 18:28:50 +0100 Subject: support gnupg2 as drop-in replacement for gnupg If both are available APT will still prefer gpg over gpg2 as it is a bit more lightweight, but it shouldn't be a problem to use one or the other (at least at the moment, who knows what will happen in the future). --- test/integration/test-apt-key | 191 ++++++++++++++++++++++++------------------ 1 file changed, 108 insertions(+), 83 deletions(-) (limited to 'test') diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 68b3f9710..99ce855d4 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -7,101 +7,126 @@ TESTDIR=$(readlink -f $(dirname $0)) setupenvironment configarchitecture 'amd64' -msgtest 'Check that paths in list output are not' 'double-slashed' -aptkey list 2>&1 | grep -q '//' && msgfail || msgpass - -msgtest 'Check that paths in finger output are not' 'double-slashed' -aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass +# start from a clean plate again +cleanplate() { + rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg + mkdir rootdir/etc/apt/trusted.gpg.d/ +} echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub"; APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' +testrun() { + cleanplate + ln -sf ${TMPWORKINGDIRECTORY}/keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed -gpg: Total number processed: 1 -gpg: unchanged: 1' aptkey --fakeroot update + msgtest 'Check that paths in list output are not' 'double-slashed' + aptkey list 2>&1 | grep -q '//' && msgfail || msgpass -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + msgtest 'Check that paths in finger output are not' 'double-slashed' + aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass -testsuccess aptkey --fakeroot add ./keys/rexexpired.pub - -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] -pub 2048R/DBAC8DAE 2010-08-18' + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' -msgtest 'Execute update again to trigger removal of' 'Rex Expired key' -testsuccess --nomsg aptkey --fakeroot update + testequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed +gpg: Total number processed: 1 +gpg: unchanged: 1' aptkey --fakeroot update -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' -msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring' -testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE + testsuccess aptkey --fakeroot add ./keys/rexexpired.pub -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] +pub 2048R/DBAC8DAE 2010-08-18' -testsuccess aptkey --fakeroot del DBAC8DAE -testempty aptkey list + msgtest 'Execute update again to trigger removal of' 'Rex Expired key' + testsuccess --nomsg aptkey --fakeroot update + + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + + msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring' + testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE + + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + + testsuccess aptkey --fakeroot del DBAC8DAE + testempty aptkey list + + msgtest 'Test key removal with' 'single key in real file' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + + msgtest 'Test key removal with' 'single key in softlink' + cleanplate + ln -s $(readlink -f ./keys/joesixpack.pub) rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + + cleanplate + testsuccess aptkey --fakeroot add ./keys/joesixpack.pub + testsuccess aptkey --fakeroot add ./keys/marvinparanoid.pub + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' + cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse + + msgtest 'Test key removal with' 'multi key in real file' + cleanplate + cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + + msgtest 'Test key removal with' 'multi key in softlink' + cleanplate + ln -s $(readlink -f ./keys/testcase-multikey.pub) rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + testsuccess test ! -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + + msgtest 'Test key removal with' 'multiple files including key' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testsuccess --nomsg aptkey --fakeroot del DBAC8DAE + aptkey list | grep '^pub' > aptkey.list + testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ +} -# start from a clean plate again -cleanplate() { - rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg - mkdir rootdir/etc/apt/trusted.gpg.d/ +setupgpgcommand() { + echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd + msgtest 'Test that apt-key uses for the following tests command' "$1" + aptkey adv --version >aptkey.version 2>&1 + if grep -q "^Executing: $1 --" aptkey.version; then + msgpass + else + cat aptkey.version + msgfail + fi } -msgtest 'Test key removal with' 'single key in real file' -cleanplate -cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -testempty aptkey list -testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ - -msgtest 'Test key removal with' 'single key in softlink' -cleanplate -ln -s $(readlink -f ./keys/joesixpack.pub) rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -testempty aptkey list -testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ - -cleanplate -testsuccess aptkey --fakeroot add ./keys/joesixpack.pub -testsuccess aptkey --fakeroot add ./keys/marvinparanoid.pub -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18 -pub 2048R/528144E2 2011-01-16' -cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse - -msgtest 'Test key removal with' 'multi key in real file' -cleanplate -cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' -testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ - -msgtest 'Test key removal with' 'multi key in softlink' -cleanplate -ln -s $(readlink -f ./keys/testcase-multikey.pub) rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' -testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ -testsuccess test ! -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ - -msgtest 'Test key removal with' 'multiple files including key' -cleanplate -cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg -testsuccess --nomsg aptkey --fakeroot del DBAC8DAE -aptkey list | grep '^pub' > aptkey.list -testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' -testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ -testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ +# run with default (whatever this is) +testrun +# run with … +setupgpgcommand 'gpg' +testrun +setupgpgcommand 'gpg2' +testrun -- cgit v1.2.3 From f1e1abd88a2a7f147c79b99956f88d37ab14e038 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 26 Jan 2014 19:23:58 +0100 Subject: use apt-key to wrap gpg calls in testcases beside testing apt-key a bit it also avoids duplicating gpghome setup code in apt-key and the test framework Git-Dch: Ignore --- test/integration/framework | 40 +++++++++------------------------------- 1 file changed, 9 insertions(+), 31 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index a9ba0014f..1ab01b20a 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -133,13 +133,6 @@ gdb() { shift runapt command gdb --quiet -ex run "${BUILDDIRECTORY}/$CMD" --args "${BUILDDIRECTORY}/$CMD" "$@" } -gpg() { - # see apt-key for the whole trickery. Setup is done in setupenvironment - command gpg --ignore-time-conflict --no-options --no-default-keyring \ - --homedir "${TMPWORKINGDIRECTORY}/gnupghome" \ - --no-auto-check-trustdb --trust-model always \ - "$@" -} exitwithstatus() { # error if we about to overflow, but ... @@ -239,19 +232,6 @@ setupenvironment() { echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary configcompression '.' 'gz' #'bz2' 'lzma' 'xz' - # gpg needs a trustdb to function, but it can't be invalid (not even empty) - # see also apt-key where this trickery comes from: - local TRUSTDBDIR="${TMPWORKINGDIRECTORY}/gnupghome" - mkdir "$TRUSTDBDIR" - chmod 700 "$TRUSTDBDIR" - # We also don't use a secret keyring, of course, but gpg panics and - # implodes if there isn't one available - and writeable for imports - local SECRETKEYRING="${TRUSTDBDIR}/secring.gpg" - touch $SECRETKEYRING - # now create the trustdb with an (empty) dummy keyring - # newer gpg versions are fine without it, but play it safe for now - gpg --quiet --check-trustdb --secret-keyring $SECRETKEYRING --keyring $SECRETKEYRING >/dev/null 2>&1 - # cleanup the environment a bit # prefer our apt binaries over the system apt binaries export PATH="${BUILDDIRECTORY}:${PATH}:/usr/local/sbin:/usr/sbin:/sbin" @@ -449,8 +429,8 @@ Package: $NAME" >> ${BUILDDIR}/debian/control | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist # if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then -# gpg --yes --secret-keyring ./keys/joesixpack.sec \ -# --keyring ./keys/joesixpack.pub --default-key 'Joe Sixpack' \ +# aptkey --keyring ./keys/joesixpack.pub --quiet adv --yes \ +# --secret-keyring ./keys/joesixpack.sec --default-key 'Joe Sixpack' \ # --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # fi @@ -835,8 +815,9 @@ setupaptarchive() { signreleasefiles() { local SIGNER="${1:-Joe Sixpack}" - local GPG="gpg --batch --yes" - msgninfo "\tSign archive with $SIGNER key… " + local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" + local GPG="aptkey --quiet --keyring ${KEY}.pub adv --batch --yes --secret-keyring ${KEY}.sec" + msgninfo "\tSign archive with $SIGNER key $KEY… " local REXKEY='keys/rexexpired' local SECEXPIREBAK="${REXKEY}.sec.bak" local PUBEXPIREBAK="${REXKEY}.pub.bak" @@ -852,17 +833,14 @@ signreleasefiles() { cp $SECUNEXPIRED ${REXKEY}.sec cp $PUBUNEXPIRED ${REXKEY}.pub else - printf "expire\n1w\nsave\n" | $GPG --keyring ${REXKEY}.pub --secret-keyring ${REXKEY}.sec --command-fd 0 --edit-key "${SIGNER}" >/dev/null 2>&1 || true + if ! printf "expire\n1w\nsave\n" | $GPG --default-key "$SIGNER" --command-fd 0 --edit-key "${SIGNER}" >setexpire.gpg 2>&1; then + cat setexpire.gpg + exit 1 + fi cp ${REXKEY}.sec $SECUNEXPIRED cp ${REXKEY}.pub $PUBUNEXPIRED fi fi - for KEY in $(find keys/ -name '*.sec'); do - GPG="$GPG --secret-keyring $KEY" - done - for KEY in $(find keys/ -name '*.pub'); do - GPG="$GPG --keyring $KEY" - done for RELEASE in $(find aptarchive/ -name Release); do $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output ${RELEASE}.gpg ${RELEASE} local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')" -- cgit v1.2.3 From 38005d8b24bb81f4862d2c2a228e4a49a2af4ccd Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 27 Jan 2014 16:59:46 +0100 Subject: add a test for apt-key export{,all} Git-Dch: Ignore --- test/integration/test-apt-key | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'test') diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 99ce855d4..e863e54a4 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -42,6 +42,13 @@ gpg: unchanged: 1' aptkey --fakeroot update testfileequal ./aptkey.list 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] pub 2048R/DBAC8DAE 2010-08-18' + msgtest 'Check that Sixpack key can be' 'exported' + aptkey export 'Sixpack' > aptkey.export + aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall + testsuccess --nomsg cmp aptkey.export aptkey.exportall + testsuccess test -s aptkey.export + testsuccess test -s aptkey.exportall + msgtest 'Execute update again to trigger removal of' 'Rex Expired key' testsuccess --nomsg aptkey --fakeroot update -- cgit v1.2.3 From ba72845c07b2682f251dc7661869d20095260f8f Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 27 Jan 2014 17:04:53 +0100 Subject: allow to specify fingerprints in 'apt-key del' --- test/integration/test-apt-key | 8 ++++++++ test/integration/test-apt-key-net-update | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index e863e54a4..6bece40d7 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -72,6 +72,14 @@ pub 2048R/DBAC8DAE 2010-08-18' testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + msgtest 'Test key removal with' 'fingerprint' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + msgtest 'Test key removal with' 'single key in softlink' cleanplate ln -s $(readlink -f ./keys/joesixpack.pub) rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg diff --git a/test/integration/test-apt-key-net-update b/test/integration/test-apt-key-net-update index b5fb796d0..b3c118555 100755 --- a/test/integration/test-apt-key-net-update +++ b/test/integration/test-apt-key-net-update @@ -41,7 +41,7 @@ echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf # test against the "real" webserver testequal "Checking for new archive signing keys now -Key 'E8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update +Key 'DE66AECA9151AFA1877EC31DE8525D47528144E2' not added. It is not signed with a master key" aptkey --fakeroot net-update aptkey list | grep '^pub' > aptkey.list testfileequal ./aptkey.list 'pub 1024R/F68C85A3 2013-12-19 -- cgit v1.2.3 From bd7fb5aa31f58917e8630f2981e78d190d465198 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 27 Jan 2014 18:26:44 +0100 Subject: add --secret-keyring option for apt-key For some advanced usecases it might be handy to specify the secret keyring to be used (e.g. as it is used in the testcases), but specifying it via a normal option for gnupg might not be available forever: http://lists.gnupg.org/pipermail/gnupg-users/2013-August/047180.html Git-Dch: Ignore --- test/integration/framework | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 1ab01b20a..50f16fb46 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -429,8 +429,8 @@ Package: $NAME" >> ${BUILDDIR}/debian/control | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist # if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then -# aptkey --keyring ./keys/joesixpack.pub --quiet adv --yes \ -# --secret-keyring ./keys/joesixpack.sec --default-key 'Joe Sixpack' \ +# aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet \ +# adv --yes --default-key 'Joe Sixpack' \ # --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # fi @@ -816,7 +816,7 @@ setupaptarchive() { signreleasefiles() { local SIGNER="${1:-Joe Sixpack}" local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" - local GPG="aptkey --quiet --keyring ${KEY}.pub adv --batch --yes --secret-keyring ${KEY}.sec" + local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec adv --batch --yes" msgninfo "\tSign archive with $SIGNER key $KEY… " local REXKEY='keys/rexexpired' local SECEXPIREBAK="${REXKEY}.sec.bak" -- cgit v1.2.3 From 0dae96a2b5e8ecd80a1b6e44961f1692ad4aec15 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 27 Jan 2014 22:07:16 +0100 Subject: use only one --keyring in gpg interactions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were down to at most two keyrings before, but gnupg upstream plans dropping support for multiple keyrings in the longrun, so with a single keyring we hope to be future proof – and 'apt-key adv' isn't a problem anymore as every change to the keys is merged back, so we have now the same behavior as before, but support an unlimited amount of trusted.gpg.d keyrings. --- test/integration/test-apt-key | 57 +++++++++++++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 18 deletions(-) (limited to 'test') diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 6bece40d7..337b16a59 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -13,6 +13,13 @@ cleanplate() { mkdir rootdir/etc/apt/trusted.gpg.d/ } +testaptkeys() { + if ! aptkey list | grep '^pub' > aptkey.list; then + echo -n > aptkey.list + fi + testequal "$1" cat ./aptkey.list +} + echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub"; APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf @@ -26,20 +33,17 @@ testrun() { msgtest 'Check that paths in finger output are not' 'double-slashed' aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' testequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) " not changed gpg: Total number processed: 1 gpg: unchanged: 1' aptkey --fakeroot update - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' testsuccess aptkey --fakeroot add ./keys/rexexpired.pub - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] + testaptkeys 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] pub 2048R/DBAC8DAE 2010-08-18' msgtest 'Check that Sixpack key can be' 'exported' @@ -52,14 +56,12 @@ pub 2048R/DBAC8DAE 2010-08-18' msgtest 'Execute update again to trigger removal of' 'Rex Expired key' testsuccess --nomsg aptkey --fakeroot update - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring' testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18' + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18' testsuccess aptkey --fakeroot del DBAC8DAE testempty aptkey list @@ -91,8 +93,7 @@ pub 2048R/DBAC8DAE 2010-08-18' cleanplate testsuccess aptkey --fakeroot add ./keys/joesixpack.pub testsuccess aptkey --fakeroot add ./keys/marvinparanoid.pub - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/DBAC8DAE 2010-08-18 + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18 pub 2048R/528144E2 2011-01-16' cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse @@ -100,16 +101,14 @@ pub 2048R/528144E2 2011-01-16' cleanplate cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg testsuccess --nomsg aptkey --fakeroot del DBAC8DAE - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testaptkeys 'pub 2048R/528144E2 2011-01-16' testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ msgtest 'Test key removal with' 'multi key in softlink' cleanplate ln -s $(readlink -f ./keys/testcase-multikey.pub) rootdir/etc/apt/trusted.gpg.d/multikey.gpg testsuccess --nomsg aptkey --fakeroot del DBAC8DAE - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testaptkeys 'pub 2048R/528144E2 2011-01-16' testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ testsuccess test ! -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ @@ -119,11 +118,33 @@ pub 2048R/528144E2 2011-01-16' cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg testsuccess --nomsg aptkey --fakeroot del DBAC8DAE - aptkey list | grep '^pub' > aptkey.list - testfileequal ./aptkey.list 'pub 2048R/528144E2 2011-01-16' + testaptkeys 'pub 2048R/528144E2 2011-01-16' testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~ + + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' + msgtest 'Test merge-back of' 'added keys' + testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub + testaptkeys 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13] +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' + + msgtest 'Test merge-back of' 'removed keys' + testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9 + testaptkeys 'pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/DBAC8DAE 2010-08-18 +pub 2048R/528144E2 2011-01-16' + + msgtest 'Test merge-back of' 'removed duplicate keys' + testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE + testaptkeys 'pub 2048R/528144E2 2011-01-16' } setupgpgcommand() { -- cgit v1.2.3 From 33a2267214eed2a11281c9f93b8cf10b4c436d94 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 6 Feb 2014 17:56:28 +0100 Subject: add --readonly option for apt-key adv Some advanced commands can be executed without the keyring being modified like --verify, so this adds an option to disable the mergeback and uses it for our gpg calling code. Git-Dch: Ignore --- test/integration/framework | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/integration/framework b/test/integration/framework index 50f16fb46..fcdca34ce 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -429,7 +429,7 @@ Package: $NAME" >> ${BUILDDIR}/debian/control | while read SRC; do echo "pool/${SRC}" >> ${BUILDDIR}/../${RELEASE}.${DISTSECTION}.srclist # if expr match "${SRC}" '.*\.dsc' >/dev/null 2>&1; then -# aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet \ +# aptkey --keyring ./keys/joesixpack.pub --secret-keyring ./keys/joesixpack.sec --quiet --readonly \ # adv --yes --default-key 'Joe Sixpack' \ # --clearsign -o "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" # mv "${BUILDDIR}/../${SRC}.sign" "${BUILDDIR}/../$SRC" @@ -816,7 +816,7 @@ setupaptarchive() { signreleasefiles() { local SIGNER="${1:-Joe Sixpack}" local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')" - local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec adv --batch --yes" + local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes" msgninfo "\tSign archive with $SIGNER key $KEY… " local REXKEY='keys/rexexpired' local SECEXPIREBAK="${REXKEY}.sec.bak" -- cgit v1.2.3 From 29f1b977100aeb6d6ebd38923eeb7a623e264ffe Mon Sep 17 00:00:00 2001 From: James McCoy Date: Mon, 18 Aug 2014 12:54:19 +0200 Subject: ensure apt-key del handles 16-byte key ids The original patch does not apply against the rewritten apt-key, but an additional test doesn't hurt. Closes: 754436 --- test/integration/test-apt-key | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'test') diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index 337b16a59..d5adec5bd 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -74,6 +74,14 @@ pub 2048R/DBAC8DAE 2010-08-18' testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + msgtest 'Test key removal with' 'long key ID' + cleanplate + cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE + testempty aptkey list + testsuccess test ! -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg + testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~ + msgtest 'Test key removal with' 'fingerprint' cleanplate cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg -- cgit v1.2.3 From 98f0d7b3d9d7ed0a5cf11d8f9327a021954816b6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 26 Sep 2014 23:09:01 +0200 Subject: add gnupg and gnupg2 as test-dependency apt can work with both, so it has an or-dependency on them, but the tests want to play with both of them. Git-Dch: Ignore --- .../test-very-tight-loop-configure-with-unpacking-new-packages | 1 + 1 file changed, 1 insertion(+) (limited to 'test') diff --git a/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages b/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages index 202716636..409d1212c 100755 --- a/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages +++ b/test/integration/test-very-tight-loop-configure-with-unpacking-new-packages @@ -45,6 +45,7 @@ Conf libreoffice-core (4 sid [amd64]) Conf libreoffice-style-galaxy (4 sid [amd64]) Conf libreoffice (4 sid [amd64])' 'Reading package lists... Building dependency tree... +Calculating upgrade... The following NEW packages will be installed: ure The following packages will be upgraded: -- cgit v1.2.3