blob: 7a2849b4e2b1bb89e7200d55428092809a8050ef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
|
#!/bin/sh
set -e
# apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
# confuses config parser as there exists no way of escaping " currently.
#TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!"
# gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program
#TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!"
TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture 'amd64'
# start from a clean plate again
cleanplate() {
rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg
mkdir rootdir/etc/apt/trusted.gpg.d/
}
createlistofkeys() {
while [ -n "$1" ]; do
# gpg 2.1 has a slightly different output format
if grep -q ' rsa2048/' aptkey.list; then
case "$1" in
*Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18';;
*Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
*Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16';;
*) echo 'UNKNOWN KEY';;
esac
else
case "$1" in
*Joe*|*Sixpack*) echo 'pub 2048R/DBAC8DAE 2010-08-18';;
*Rex*|*Expired*) echo 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
*Marvin*|*Paranoid*) echo 'pub 2048R/528144E2 2011-01-16';;
*) echo 'UNKNOWN KEY';;
esac
fi
shift
done
}
testaptkeys() {
if ! aptkey list | grep '^pub' > aptkey.list; then
echo -n > aptkey.list
fi
testfileequal './aptkey.list' "$(createlistofkeys "$@")"
}
echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub";
APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf
testrun() {
cleanplate
ln -sf "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
msgtest 'Check that paths in list output are not' 'double-slashed'
aptkey list 2>&1 | grep -q '//' && msgfail || msgpass
msgtest 'Check that paths in finger output are not' 'double-slashed'
aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass
testaptkeys 'Joe Sixpack'
testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1' aptkey --fakeroot update
testaptkeys 'Joe Sixpack'
testfailure test -e rootdir/etc/apt/trusted.gpg
testsuccess aptkey --fakeroot add ./keys/rexexpired.pub
msgtest 'Check if trusted.gpg is created with permissions set to' '0644'
if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then
msgpass
else
msgfail
fi
testaptkeys 'Rex Expired' 'Joe Sixpack'
msgtest 'Check that Sixpack key can be' 'exported'
aptkey export 'Sixpack' > aptkey.export
aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall
testsuccess --nomsg cmp aptkey.export aptkey.exportall
testsuccess test -s aptkey.export
testsuccess test -s aptkey.exportall
msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
testsuccess --nomsg aptkey --fakeroot update
testaptkeys 'Joe Sixpack'
msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE
testaptkeys 'Joe Sixpack'
testsuccess aptkey --fakeroot del DBAC8DAE
testempty aptkey list
msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
testempty aptkey list
msgtest 'Test key removal with' 'single key in real file'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
testempty aptkey list
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
msgtest 'Test key removal with' 'long key ID'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
testempty aptkey list
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
msgtest 'Test key removal with' 'fingerprint'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
testempty aptkey list
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
msgtest 'Test key removal with' 'single key in softlink'
cleanplate
ln -s "$(readlink -f ./keys/joesixpack.pub)" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
testempty aptkey list
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
cleanplate
testsuccess aptkey --fakeroot add ./keys/joesixpack.pub
ln -sf "$(readlink -f ./keys/marvinparanoid.pub)" "./keys/marvin paránöid.pub"
testsuccess aptkey --fakeroot add "./keys/marvin paránöid.pub"
testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse
msgtest 'Test key removal with' 'multi key in real file'
cleanplate
cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
testaptkeys 'Marvin Paranoid'
testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
msgtest 'Test key removal with' 'multi key in softlink'
cleanplate
ln -s "$(readlink -f ./keys/testcase-multikey.pub)" rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
testaptkeys 'Marvin Paranoid'
testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
testfailure test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
msgtest 'Test key removal with' 'multiple files including key'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
testaptkeys 'Marvin Paranoid'
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
msgtest 'Test merge-back of' 'added keys'
testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub
testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
msgtest 'Test merge-back of' 'removed keys'
testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
msgtest 'Test merge-back of' 'removed duplicate keys'
testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
testaptkeys 'Marvin Paranoid'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
msgtest 'Test signing a file' 'with a key'
echo 'Verify me. This is my signature.' > signature
testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature
testsuccess test -s signature.gpg -a -s signature
for GPGV in '' 'gpgv' 'gpgv2'; do
echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
msgtest 'Test verify a file' 'with all keys'
testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
msgtest 'Test verify a file' 'with good keyring'
testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
msgtest 'Test fail verify a file' 'with bad keyring'
testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature
msgtest 'Test fail verify a file' 'with non-existing keyring'
testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
testfailure test -e keys/does-not-exist.pub
# note: this isn't how apts gpgv method implements keyid for verify
msgtest 'Test verify a file' 'with good keyid'
testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature
msgtest 'Test fail verify a file' 'with bad keyid'
testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature
msgtest 'Test fail verify a file' 'with non-existing keyid'
testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
msgtest 'Test verify fails on' 'bad file'
echo 'lalalalala' > signature2
testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
done
}
setupgpgcommand() {
echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd
msgmsg 'Force tests to be run with' "$1"
testsuccess aptkey --readonly adv --version
cp rootdir/tmp/testsuccess.output aptkey.version
testsuccess grep "^gpg (GnuPG) $2\." aptkey.version
}
# run with default (whatever this is)
testrun
# run with …
setupgpgcommand 'gpg' '1'
testrun
setupgpgcommand 'gpg2' '2'
testrun
|