summaryrefslogtreecommitdiff
path: root/tests/test-gpg-signed-commit.sh
Commit message (Collapse)AuthorAgeFilesLines
* Update FSF license notices to use URL instead of addressJoseph Marrero2021-12-071-3/+1
|
* tests/gpg: Don't assert subkey expiration when only primary expiredDan Nicholson2021-05-281-1/+0
| | | | | | | | | | | | | | | | | | | | | | | In gnupg 2.3.0[1], if a primary key is expired and a subkey does not have an expiration or its expiration is older than the primary key, the subkey's expiration will be reported as the primary's. Previously a subkey without an expiration would not report one regardless of the primary key's expiration. This caused a regression in a test setting an expiration on a primary key. The test was checking that the subkey was not expired by asserting that there was no `Key expired` line in the signature verification output. With gnupg 2.3.0+, it will show as expired, causing the test to fail. Remove the assertion since it's not consistent across gnupg versions. In practice we don't care whether the subkey is considered expired or not as long as the signature verification fails when the primary key is expired. 1. https://dev.gnupg.org/T3343 Fixes: #2359
* tests/gpg: Skip tests when subkeys can't be expiredDan Nicholson2019-07-271-28/+48
| | | | | | | | | | | The ability to expire subkeys using gpg's --quick-set-expire is only available on gnupg 2.1.22. If expiring a subkey fails, assume this is why and skip the tests that require it but run the actions that the subsequent tests depend on. This was failing on the Debian Stretch CI tests since stretch has gnupg 2.1.18. Closes: #1892 Approved by: jlebon
* tests/gpg: Use exit hook to kill agent in temporary GPG homedirDan Nicholson2019-07-271-2/+6
| | | | | | | | | This wasn't available when I originally wrote this, but it ensures that the running gpg-agent in tmpgpghome is killed in case the tests exit early. Closes: #1892 Approved by: jlebon
* tests: Always cleanup gpg-agent when exitingDan Nicholson2019-06-191-2/+0
| | | | | | | | | | | | | | | | Add `libtest_cleanup_gpg()` to the array of commands to run when exiting. This provides 2 improvements: 1. You don't need to worry about whether the test will spawn a gpg-agent and therefore require adding a call to `libtest_cleanup_gpg()`. 2. All the existing users were calling `libtest_cleanup_gpg()` at the end of the script. If there was a failure and the script exited early, then it wouldn't cleanup and there may be a stray gpg-agent hanging around. Closes: #1799 Approved by: cgwalters
* tests/test-gpg-signed-commit: Test more key statesDan Nicholson2019-06-191-1/+223
| | | | | | | | | | | | | Extend test-gpg-signed-commit.sh to test various key states. If gpg is found that supports the required options, keys will be generated on the fly and changed in various ways to exercise the output from `ostree_gpg_verify_result_describe_variant` used in `ostree show`. I tested this using gnupg 2.2.12, so I hope it works well enough on various gpgs found in the wild. Closes: #1872 Approved by: cgwalters
* Add SPDX-License-Identifier to source filesMarcus Folkesson2018-01-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | SPDX License List is a list of (common) open source licenses that can be referred to by a “short identifier”. It has several advantages compared to the common "license header texts" usually found in source files. Some of the advantages: * It is precise; there is no ambiguity due to variations in license header text * It is language neutral * It is easy to machine process * It is concise * It is simple and can be used without much cost in interpreted environments like java Script, etc. * An SPDX license identifier is immutable. * It provides simple guidance for developers who want to make sure the license for their code is respected See http://spdx.org for further reading. Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com> Closes: #1439 Approved by: cgwalters
* tree-wide: Replace archive-z2 with archiveColin Walters2017-09-011-1/+1
| | | | | | | | | | | | In almost all places. There are just a few exceptions; one tricky bit for example is that the repo config must still have `mode=archive-z2`, since `archive` used to mean something else. (We could very likely just get rid of that check, but eh, later). I also added a test that one can still do `ostree repo init --mode=archive-z2`. Closes: #1125 Approved by: jlebon
* libtest: add has_gpgme() helper functionJonathan Lebon2016-08-311-3/+3
| | | | | Closes: #469 Approved by: cgwalters
* tests: Make failing to kill the GPG agent non-fatalColin Walters2016-03-311-1/+1
| | | | | | | | | | | | | It's not working for me in `make check` on a RHEL 7 Workstation, apparently because no GPG agent is spawned. I'm guessing this has something to do with the GPG version? The downside of this is we will be less likely to notice if GPG changes again and we start leaking agents like we're in The Matrix Reloaded. But the real solution to that is containers anyways. Closes: #233 Approved by: smcv
* In tests that use gpg, terminate the gpg-agent after testingSimon McVittie2016-03-311-0/+2
| | | | | | | | | Otherwise we leak those processes. Signed-off-by: Simon McVittie <smcv@debian.org> Closes: #232 Approved by: cgwalters
* tests: Port to glib-tap.mk, make `make check` run all of the testsColin Walters2016-03-031-1/+6
| | | | | | | | | | | | | | | | | | OSTree's code for testing predates the `glib-tap.mk` making its way into GLib. Let's switch to it, as it provides a number of advantages. By far the biggest advantage is that `make check` can start to run most of the tests *in addition* to having them work installed. This commit keeps the installed tests working, but `make check` turns out to be really broken because...our TAP usage has bitrotted to say the least. Fix that all up. Do some hacks so that the tests work uninstalled as well - in particular, `glib-tap.mk` and the bits encoded into `g_test_build_filename()` assume *recursive* Automake (blah). Work around that by creating a symlink when installed to loop back.
* tests: Use "bash strict mode"Colin Walters2016-01-271-2/+2
| | | | | | | | | | I noticed in the static deltas tests, there were some tests that should have been under `-o pipefail` to ensure we properly propagate errors. There were a few places where we were referencing undefined variables. Overall, this is clearly a good idea IMO.
* show: add option --gpg-homedirGiuseppe Scrivano2015-04-271-0/+3
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* tests: Update test-gpg-signed-commit.shMatthew Barnes2015-03-181-12/+36
| | | | | | | | Utilize and test new CLI capabilities: - Signature count in 'ostree show' result - Duplicate signatures now rejected - Ability to delete signatures
* tests: enforce ${CMD_PREFIX} on all ostree processesGiuseppe Scrivano2015-03-031-1/+1
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* ostree: Add gpg-sign commandMatthew Barnes2015-02-261-0/+8
| | | | Signs a commit with one or more GPG keys.
* tests: Fix up GPG tests for more strict EL7 GPGColin Walters2014-02-101-2/+2
| | | | | | | | | | | | | | These GPG tests were failing for me on EL7 - it appears to be because we had only one directory for both private and public keys, and we were giving that to ostree for verification, which passed them onto gpgv. In EL7 beta at least, gpgv now barfs if it finds a private key where it is just expecting to find public keys. Fix this by splitting out the public trusted directory from the private key directory. Except now for signing, we still need the public key there, so symlink it. Whee!
* core: Use libgpgme to add GPG signatures to detached metadata for commit objectJeremy Whiting2013-09-281-0/+41
Add an optional dependency on gpgme to add GPG signatures into the detached metadata, with the key "ostree.gpgsigs", as an "aay", an array of signatures (treated as binary data). The commit command gains a --gpg-sign=<key-id> argument. Also add an argument --gpg-homedir to set the GPG homedir where we look for keyrings.
View Lorry Controller Status