summaryrefslogtreecommitdiff
path: root/test/integration/test-apt-key
blob: 7a2849b4e2b1bb89e7200d55428092809a8050ef (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
#!/bin/sh
set -e

# apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
# confuses config parser as there exists no way of escaping " currently.
#TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!"
# gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program
#TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!"
TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'amd64'

# start from a clean plate again
cleanplate() {
	rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg
	mkdir rootdir/etc/apt/trusted.gpg.d/
}

createlistofkeys() {
	while [ -n "$1" ]; do
		# gpg 2.1 has a slightly different output format
		if grep -q ' rsa2048/' aptkey.list; then
			case "$1" in
				*Joe*|*Sixpack*) echo 'pub   rsa2048/DBAC8DAE 2010-08-18';;
				*Rex*|*Expired*) echo 'pub   rsa2048/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
				*Marvin*|*Paranoid*) echo 'pub   rsa2048/528144E2 2011-01-16';;
				*) echo 'UNKNOWN KEY';;
			esac
		else
			case "$1" in
				*Joe*|*Sixpack*) echo 'pub   2048R/DBAC8DAE 2010-08-18';;
				*Rex*|*Expired*) echo 'pub   2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
				*Marvin*|*Paranoid*) echo 'pub   2048R/528144E2 2011-01-16';;
				*) echo 'UNKNOWN KEY';;
			esac
		fi
		shift
	done
}

testaptkeys() {
	if ! aptkey list | grep '^pub' > aptkey.list; then
		echo -n > aptkey.list
	fi
	testfileequal './aptkey.list' "$(createlistofkeys "$@")"
}

echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub";
APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf

testrun() {
	cleanplate
	ln -sf "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg

	msgtest 'Check that paths in list output are not' 'double-slashed'
	aptkey list 2>&1 | grep -q '//' && msgfail || msgpass

	msgtest 'Check that paths in finger output are not' 'double-slashed'
	aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass
	testaptkeys 'Joe Sixpack'

	testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1' aptkey --fakeroot update

	testaptkeys 'Joe Sixpack'
	testfailure test -e rootdir/etc/apt/trusted.gpg

	testsuccess aptkey --fakeroot add ./keys/rexexpired.pub
	msgtest 'Check if trusted.gpg is created with permissions set to' '0644'
	if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then
		msgpass
	else
		msgfail
	fi

	testaptkeys 'Rex Expired' 'Joe Sixpack'

	msgtest 'Check that Sixpack key can be' 'exported'
	aptkey export 'Sixpack' > aptkey.export
	aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall
	testsuccess --nomsg cmp aptkey.export aptkey.exportall
	testsuccess test -s aptkey.export
	testsuccess test -s aptkey.exportall

	msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
	testsuccess --nomsg aptkey --fakeroot update

	testaptkeys 'Joe Sixpack'

	msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
	testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE

	testaptkeys 'Joe Sixpack'

	testsuccess aptkey --fakeroot del DBAC8DAE
	testempty aptkey list

	msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
	testempty aptkey list

	msgtest 'Test key removal with' 'single key in real file'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	msgtest 'Test key removal with' 'long key ID'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	msgtest 'Test key removal with' 'fingerprint'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	msgtest 'Test key removal with' 'single key in softlink'
	cleanplate
	ln -s "$(readlink -f ./keys/joesixpack.pub)" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	cleanplate
	testsuccess aptkey --fakeroot add ./keys/joesixpack.pub
	ln -sf "$(readlink -f ./keys/marvinparanoid.pub)" "./keys/marvin paránöid.pub"
	testsuccess aptkey --fakeroot add "./keys/marvin paránöid.pub"
	testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
	cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse

	msgtest 'Test key removal with' 'multi key in real file'
	cleanplate
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testaptkeys 'Marvin Paranoid'
	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~

	msgtest 'Test key removal with' 'multi key in softlink'
	cleanplate
	ln -s "$(readlink -f ./keys/testcase-multikey.pub)" rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testaptkeys 'Marvin Paranoid'
	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
	testfailure test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~

	msgtest 'Test key removal with' 'multiple files including key'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testaptkeys 'Marvin Paranoid'
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~

	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
	msgtest 'Test merge-back of' 'added keys'
	testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub
	testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'

	msgtest 'Test merge-back of' 'removed keys'
	testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
	testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'

	msgtest 'Test merge-back of' 'removed duplicate keys'
	testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
	testaptkeys 'Marvin Paranoid'

	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	msgtest 'Test signing a file' 'with a key'
	echo 'Verify me. This is my signature.' > signature
	testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
		adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature
	testsuccess test -s signature.gpg -a -s signature


	for GPGV in '' 'gpgv' 'gpgv2'; do
		echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd

		msgtest 'Test verify a file' 'with all keys'
		testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature

		msgtest 'Test verify a file' 'with good keyring'
		testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature

		msgtest 'Test fail verify a file' 'with bad keyring'
		testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature

		msgtest 'Test fail verify a file' 'with non-existing keyring'
		testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
		testfailure test -e keys/does-not-exist.pub

		# note: this isn't how apts gpgv method implements keyid for verify
		msgtest 'Test verify a file' 'with good keyid'
		testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature

		msgtest 'Test fail verify a file' 'with bad keyid'
		testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature

		msgtest 'Test fail verify a file' 'with non-existing keyid'
		testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature

		msgtest 'Test verify fails on' 'bad file'
		echo 'lalalalala' > signature2
		testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
	done
}

setupgpgcommand() {
	echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd
	msgmsg 'Force tests to be run with' "$1"
	testsuccess aptkey --readonly adv --version
	cp rootdir/tmp/testsuccess.output aptkey.version
	testsuccess grep "^gpg (GnuPG) $2\." aptkey.version
}

# run with default (whatever this is)
testrun
# run with …
setupgpgcommand 'gpg' '1'
testrun
setupgpgcommand 'gpg2' '2'
testrun