diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2017-04-07 11:36:13 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2017-04-07 11:42:22 +0300 |
commit | 111d3c1a8c21121a14c13ccb1a65b8134f1df772 (patch) | |
tree | 609ab15865c22c6a1af5d0d435eb1918c0fe55b6 | |
parent | bd003e6b54eb3a6359f69254ffc7fe3c5d0785ec (diff) | |
download | rpm-111d3c1a8c21121a14c13ccb1a65b8134f1df772.tar.gz |
Implement basic signing tests for --addsign and --delsign
This is tricky and flimsy as we criss-cross over the fakechroot border:
getting gpg and gpg-agent to work in the fake root environment seems
non-trivial (mismatch about homedir expectations I think) so we
run signing outside the root and verification inside. And anything
on the outside needs to avoid absolute paths in results as those
would change from user to user etc. Still, better than not having it...
-rw-r--r-- | tests/Makefile.am | 1 | ||||
-rw-r--r-- | tests/atlocal.in | 7 | ||||
-rw-r--r-- | tests/rpmsigdig.at | 79 |
3 files changed, 87 insertions, 0 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 6ba497d15..b04f4cb25 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -125,6 +125,7 @@ testing$(bindir)/rpmbuild: ../rpmbuild for prog in gzip cat patch tar sh ln chmod rm mkdir uname grep sed find file ionice mktemp nice cut sort diff touch; do p=`which $${prog}`; ln -s $${p} testing/$(bindir)/; done for d in /proc /sys /selinux /etc/selinux; do if [ -d $${d} ]; then ln -s $${d} testing/$${d}; fi; done (cd testing/magic && file -C) + HOME=$(srcdir)/testing gpg2 -q --import data/keys/*.secret || HOME=$(srcdir)/testing gpg -q --import data/keys/*.secret check_DATA = atconfig atlocal $(TESTSUITE) check_DATA += testing$(bindir)/rpmbuild diff --git a/tests/atlocal.in b/tests/atlocal.in index 929698725..74efc6f66 100644 --- a/tests/atlocal.in +++ b/tests/atlocal.in @@ -33,3 +33,10 @@ function runroot() MAGIC="/magic/magic" FAKECHROOT_BASE="${RPMTEST}" fakechroot "$@" --define "_topdir /build" --noplugins ) } + +function runroot_other() +{ + (unset RPM_CONFIGDIR RPM_POPTEXEC_PATH; cd ${RPMTEST} && \ + FAKECHROOT_BASE="${RPMTEST}" fakechroot "$@" + ) +} diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index c8053092f..a3dc5548a 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -144,3 +144,82 @@ runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64-signed.rpm ], []) AT_CLEANUP + +# ------------------------------ +# Test --addsign +AT_SETUP([rpmsign --addsign <unsigned>]) +AT_KEYWORDS([rpmsign signature]) +AT_CHECK([ +RPMDB_CLEAR +RPMDB_INIT +rm -rf "${TOPDIR}" + +cp "${RPMDATA}"/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/ +run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null +echo PRE-IMPORT +runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest +echo POST-IMPORT +runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub +runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest +run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null +echo POST-DELSIGN +runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest +], +[0], +[PRE-IMPORT +/tmp/hello-2.0-1.x86_64.rpm: + Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY + V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY +POST-IMPORT +/tmp/hello-2.0-1.x86_64.rpm: + Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK + V4 RSA/SHA256 Signature, key ID 1964c5fc: OK +POST-DELSIGN +/tmp/hello-2.0-1.x86_64.rpm: +], +[]) +AT_CLEANUP + +# ------------------------------ +# Test --delsign +AT_SETUP([rpmsign --delsign <package>]) +AT_KEYWORDS([rpmsign signature]) +AT_CHECK([ +RPMDB_CLEAR +RPMDB_INIT +rm -rf "${TOPDIR}" + +cp "${RPMDATA}"/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/ +echo PRE-DELSIGN +runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm|grep -v digest +echo POST-DELSIGN +run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm > /dev/null +runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm|grep -v digest +], +[0], +[PRE-DELSIGN +/tmp/hello-2.0-1.x86_64-signed.rpm: + Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY + V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY +POST-DELSIGN +/tmp/hello-2.0-1.x86_64-signed.rpm: +], +[]) +AT_CLEANUP + +# ------------------------------ +# Test --addsign +AT_SETUP([rpmsign --addsign <signed>]) +AT_KEYWORDS([rpmsign signature]) +AT_CHECK([ +RPMDB_CLEAR +RPMDB_INIT +rm -rf "${TOPDIR}" + +cp "${RPMDATA}"/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/ +run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping" +], +[0], +[], +[]) +AT_CLEANUP |