summaryrefslogtreecommitdiff
path: root/test/integration/test-apt-key
blob: e1be08c65150f2026317d8237a938c253cd6335e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
#!/bin/sh
set -e

TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework

setupenvironment
configarchitecture 'amd64'

# start from a clean plate again
cleanplate() {
	rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg
	mkdir rootdir/etc/apt/trusted.gpg.d/
}

testaptkeys() {
	if ! aptkey list | grep '^pub' > aptkey.list; then
		echo -n > aptkey.list
	fi
	testfileequal './aptkey.list' "$1"
}

echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub";
APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf

testrun() {
	cleanplate
	ln -sf ${TMPWORKINGDIRECTORY}/keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg

	msgtest 'Check that paths in list output are not' 'double-slashed'
	aptkey list 2>&1 | grep -q '//' && msgfail || msgpass

	msgtest 'Check that paths in finger output are not' 'double-slashed'
	aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass

	testaptkeys 'pub   2048R/DBAC8DAE 2010-08-18'

	testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1' aptkey --fakeroot update

	testaptkeys 'pub   2048R/DBAC8DAE 2010-08-18'

	testfailure test -e rootdir/etc/apt/trusted.gpg
	testsuccess aptkey --fakeroot add ./keys/rexexpired.pub
	msgtest 'Check if trusted.gpg is created with permissions set to' '0644'
	if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then
		msgpass
	else
		msgfail
	fi

	testaptkeys 'pub   2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]
pub   2048R/DBAC8DAE 2010-08-18'

	msgtest 'Check that Sixpack key can be' 'exported'
	aptkey export 'Sixpack' > aptkey.export
	aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall
	testsuccess --nomsg cmp aptkey.export aptkey.exportall
	testsuccess test -s aptkey.export
	testsuccess test -s aptkey.exportall

	msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
	testsuccess --nomsg aptkey --fakeroot update

	testaptkeys 'pub   2048R/DBAC8DAE 2010-08-18'

	msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
	testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE

	testaptkeys 'pub   2048R/DBAC8DAE 2010-08-18'

	testsuccess aptkey --fakeroot del DBAC8DAE
	testempty aptkey list

	msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
	testempty aptkey list

	msgtest 'Test key removal with' 'single key in real file'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	msgtest 'Test key removal with' 'long key ID'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	msgtest 'Test key removal with' 'fingerprint'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	msgtest 'Test key removal with' 'single key in softlink'
	cleanplate
	ln -s $(readlink -f ./keys/joesixpack.pub) rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testempty aptkey list
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~

	cleanplate
	testsuccess aptkey --fakeroot add ./keys/joesixpack.pub
	testsuccess aptkey --fakeroot add ./keys/marvinparanoid.pub
	testaptkeys 'pub   2048R/DBAC8DAE 2010-08-18
pub   2048R/528144E2 2011-01-16'
	cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse

	msgtest 'Test key removal with' 'multi key in real file'
	cleanplate
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testaptkeys 'pub   2048R/528144E2 2011-01-16'
	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~

	msgtest 'Test key removal with' 'multi key in softlink'
	cleanplate
	ln -s $(readlink -f ./keys/testcase-multikey.pub) rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testaptkeys 'pub   2048R/528144E2 2011-01-16'
	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
	testfailure test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~

	msgtest 'Test key removal with' 'multiple files including key'
	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
	testaptkeys 'pub   2048R/528144E2 2011-01-16'
	testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
	testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~

	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	testaptkeys 'pub   2048R/DBAC8DAE 2010-08-18
pub   2048R/DBAC8DAE 2010-08-18
pub   2048R/528144E2 2011-01-16'
	msgtest 'Test merge-back of' 'added keys'
	testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub
	testaptkeys 'pub   2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]
pub   2048R/DBAC8DAE 2010-08-18
pub   2048R/DBAC8DAE 2010-08-18
pub   2048R/528144E2 2011-01-16'

	msgtest 'Test merge-back of' 'removed keys'
	testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
	testaptkeys 'pub   2048R/DBAC8DAE 2010-08-18
pub   2048R/DBAC8DAE 2010-08-18
pub   2048R/528144E2 2011-01-16'

	msgtest 'Test merge-back of' 'removed duplicate keys'
	testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
	testaptkeys 'pub   2048R/528144E2 2011-01-16'

	cleanplate
	cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
	cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
	msgtest 'Test signing a file' 'with a key'
	echo 'Verify me. This is my signature.' > signature
	testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
		adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature

	msgtest 'Test verify a file' 'with all keys'
	testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature

	msgtest 'Test verify a file' 'with good keyring'
	testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature

	msgtest 'Test fail verify a file' 'with bad keyring'
	testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature

	msgtest 'Test fail verify a file' 'with non-existing keyring'
	testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
	testfailure test -e keys/does-not-exist.pub

	msgtest 'Test verify a file' 'with good keyid'
	testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature

	msgtest 'Test fail verify a file' 'with bad keyid'
	testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature

	msgtest 'Test fail verify a file' 'with non-existing keyid'
	testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature

	msgtest 'Test verify fails on' 'bad file'
	echo 'lalalalala' > signature
	testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature
}

setupgpgcommand() {
	echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd
	msgtest 'Test that apt-key uses for the following tests command' "$1"
	aptkey adv --version >aptkey.version 2>&1
	if grep -q "^Executing: $1 --" aptkey.version; then
		msgpass
	else
		cat aptkey.version
		msgfail
	fi
}

# run with default (whatever this is)
testrun
# run with …
setupgpgcommand 'gpg'
testrun
setupgpgcommand 'gpg2'
testrun