diff options
| author | Dan Nicholson <dbn@endlessos.org> | 2021-08-23 11:09:24 -0600 |
|---|---|---|
| committer | Dan Nicholson <dbn@endlessos.org> | 2021-08-23 15:30:31 -0600 |
| commit | 58a683f8f0a14d19d15e3b5521b9fbcc6c04a9a1 (patch) | |
| tree | 13e9699f02fe4c2132e9024ff80764be30a5c8bf /tests/test-remote-gpg-list-keys.sh | |
| parent | 452611e4a862bf7df567e4c55790a1ce7d9cf4ef (diff) | |
| download | ostree-58a683f8f0a14d19d15e3b5521b9fbcc6c04a9a1.tar.gz | |
bin/remote: Rename list-gpg-keys to gpg-list-keys
As pointed out in the original review, `gpg-list-keys` fits better
alongside the existing `gpg-import`.
Changes were done with:
```
git grep -l list-gpg-keys | xargs sed -i 's/list-gpg-keys/gpg-list-keys/'
for src in $(git ls-files '*list-gpg-keys*'); do
dst=${src/list-gpg-keys/gpg-list-keys}
git mv "$src" "$dst"
done
```
Diffstat (limited to 'tests/test-remote-gpg-list-keys.sh')
| -rwxr-xr-x | tests/test-remote-gpg-list-keys.sh | 152 |
1 files changed, 152 insertions, 0 deletions
diff --git a/tests/test-remote-gpg-list-keys.sh b/tests/test-remote-gpg-list-keys.sh new file mode 100755 index 00000000..51b60084 --- /dev/null +++ b/tests/test-remote-gpg-list-keys.sh @@ -0,0 +1,152 @@ +#!/bin/bash +# +# Copyright © 2021 Endless OS Foundation LLC +# +# SPDX-License-Identifier: LGPL-2.0+ +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +set -euo pipefail + +. $(dirname $0)/libtest.sh + +# We don't want OSTREE_GPG_HOME used for most of these tests. +emptydir=${test_tmpdir}/empty +trusteddir=${OSTREE_GPG_HOME} +mkdir ${emptydir} +OSTREE_GPG_HOME=${emptydir} + +# Key listings show dates using the local timezone, so specify UTC for +# consistency. +export TZ=UTC + +# Some tests require an appropriate gpg +num_non_gpg_tests=5 +num_gpg_tests=2 +num_tests=$((num_non_gpg_tests + num_gpg_tests)) + +echo "1..${num_tests}" + +setup_test_repository "archive" + +cd ${test_tmpdir} +${OSTREE} remote add R1 http://example.com/repo + +# No remote keyring should list no keys. +${OSTREE} remote gpg-list-keys R1 > result +assert_file_empty result + +echo "ok remote no keyring" + +# Make the global keyring available and make sure there are still no +# keys found for a specified remote. +OSTREE_GPG_HOME=${trusteddir} +${OSTREE} remote gpg-list-keys R1 > result +OSTREE_GPG_HOME=${emptydir} +assert_file_empty result + +echo "ok remote with global keyring" + +# Import a key and check that it's listed +${OSTREE} remote gpg-import --keyring ${TEST_GPG_KEYHOME}/key1.asc R1 +${OSTREE} remote gpg-list-keys R1 > result +cat > expected <<"EOF" +Key: 5E65DE75AB1C501862D476347FCA23D8472CDAFA + Created: Tue Sep 10 02:29:42 2013 + UID: Ostree Tester <test@test.com> + Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test + Direct update URL: https://test.com/.well-known/openpgpkey/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test + Subkey: CC47B2DFB520AEF231180725DF20F58B408DEA49 + Created: Tue Sep 10 02:29:42 2013 +EOF +assert_files_equal result expected + +echo "ok remote with keyring" + +# Check the global keys with no keyring +OSTREE_GPG_HOME=${emptydir} +${OSTREE} remote gpg-list-keys > result +assert_file_empty result + +echo "ok global no keyring" + +# Now check the global keys with a keyring +OSTREE_GPG_HOME=${trusteddir} +${OSTREE} remote gpg-list-keys > result +OSTREE_GPG_HOME=${emptydir} +cat > expected <<"EOF" +Key: 5E65DE75AB1C501862D476347FCA23D8472CDAFA + Created: Tue Sep 10 02:29:42 2013 + UID: Ostree Tester <test@test.com> + Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test + Direct update URL: https://test.com/.well-known/openpgpkey/hu/iffe93qcsgp4c8ncbb378rxjo6cn9q6u?l=test + Subkey: CC47B2DFB520AEF231180725DF20F58B408DEA49 + Created: Tue Sep 10 02:29:42 2013 +Key: 7B3B1020D74479687FDB2273D8228CFECA950D41 + Created: Tue Mar 17 14:00:32 2015 + UID: Ostree Tester II <test2@test.com> + Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/nnxwsxno46ap6hw7fgphp68j76egpfa9?l=test2 + Direct update URL: https://test.com/.well-known/openpgpkey/hu/nnxwsxno46ap6hw7fgphp68j76egpfa9?l=test2 + Subkey: 1EFA95C06EB1EB91754575E004B69C2560D53993 + Created: Tue Mar 17 14:00:32 2015 +Key: 7D29CF060B8269CDF63BFBDD0D15FAE7DF444D67 + Created: Tue Mar 17 14:01:05 2015 + UID: Ostree Tester III <test3@test.com> + Advanced update URL: https://openpgpkey.test.com/.well-known/openpgpkey/test.com/hu/8494gyqhmrcs6gn38tn6kgjexet117cj?l=test3 + Direct update URL: https://test.com/.well-known/openpgpkey/hu/8494gyqhmrcs6gn38tn6kgjexet117cj?l=test3 + Subkey: 0E45E48CBF7B360C0E04443E0C601A7402416340 + Created: Tue Mar 17 14:01:05 2015 +EOF +assert_files_equal result expected + +echo "ok global with keyring" + +# Tests checking for expiration and revocation listings require gpg. +GPG=$(which_gpg) +if [ -z "${GPG}" ]; then + # Print a skip message per skipped test + for (( i = 0; i < num_gpg_tests; i++ )); do + echo "ok # SKIP this test requires gpg" + done +else + # The GPG private keyring in gpghome is in the older secring.gpg + # format, but we're likely using a newer gpg. Normally it's + # implicitly migrated to the newer format, but this test hasn't + # signed anything, so the private keys haven't been loaded. Force + # the migration by listing the private keys. + ${GPG} --homedir=${test_tmpdir}/gpghome -K >/dev/null + + # Expire key1, wait for it to be expired and re-import it. + ${GPG} --homedir=${test_tmpdir}/gpghome --quick-set-expire ${TEST_GPG_KEYFPR_1} seconds=1 + sleep 2 + ${GPG} --homedir=${test_tmpdir}/gpghome --armor --export ${TEST_GPG_KEYID_1} > ${test_tmpdir}/key1expired.asc + ${OSTREE} remote gpg-import --keyring ${test_tmpdir}/key1expired.asc R1 + ${OSTREE} remote gpg-list-keys R1 > result + assert_file_has_content result "^ Expired:" + + echo "ok remote expired key" + + # Revoke key1 and re-import it. + ${GPG} --homedir=${TEST_GPG_KEYHOME} --import ${TEST_GPG_KEYHOME}/revocations/key1.rev + ${GPG} --homedir=${test_tmpdir}/gpghome --armor --export ${TEST_GPG_KEYID_1} > ${test_tmpdir}/key1revoked.asc + ${OSTREE} remote gpg-import --keyring ${test_tmpdir}/key1revoked.asc R1 + ${OSTREE} remote gpg-list-keys R1 > result + assert_file_has_content result "^Key: 5E65DE75AB1C501862D476347FCA23D8472CDAFA (revoked)" + assert_file_has_content result "^ UID: Ostree Tester <test@test.com> (revoked)" + assert_file_has_content result "^ Subkey: CC47B2DFB520AEF231180725DF20F58B408DEA49 (revoked)" + + echo "ok remote revoked key" +fi |