diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2023-04-12 17:56:19 +0200 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2023-04-20 14:08:55 +0300 |
| commit | 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3 (patch) | |
| tree | 44a0d97ec5ee091462b074c11831e042a0b3f2a8 /tests/rpmsigdig.at | |
| parent | 293b625f3ad6924754ff98a4d486c6aa6e6cffa8 (diff) | |
| download | rpm-87b9e0c28c3df3937f6676ee1b4164d6154dd9d3.tar.gz | |
Add pgpVerifySignature2() and pgpPrtParams2()
Add new functions pgpVerifySignature2() and pgpPrtParams2(), which are
like their earlier versions, but optionally return descriptive error
messages (in the case of failure) or lints (in the case of success).
Adjust tests accordingly.
This requires rpm-sequoia 1.4 or later.
See https://github.com/rpm-software-management/rpm-sequoia/issues/39
and
https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398
Fixes #2483.
Diffstat (limited to 'tests/rpmsigdig.at')
| -rw-r--r-- | tests/rpmsigdig.at | 50 |
1 files changed, 38 insertions, 12 deletions
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index 9fb3febc9..df1f669e4 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -386,17 +386,17 @@ AT_CHECK([ RPMDB_INIT echo Checking package before importing key: -runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $? +runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $? echo Importing key: -runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc; echo $? +runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc 2>&1; echo $? echo Checking for key: runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1 echo Checking package after importing key: -runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $? +runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $? echo Checking package after importing key, no digest: -runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $? +runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $? echo Checking package after importing key, no signature: -runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $? +runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $? ], [0], [[Checking package before importing key: @@ -416,6 +416,10 @@ Checking for key: Version : eb04e625 Checking package after importing key: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: +error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>): + Key 1F71177215217EE0 invalid: key is not alive + because: The subkey is not live + because: Expired on 2022-04-12T00:00:15Z Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header DSA signature: NOTFOUND Header SHA256 digest: OK @@ -427,6 +431,10 @@ Checking package after importing key: 1 Checking package after importing key, no digest: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: +error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>): + Key 1F71177215217EE0 invalid: key is not alive + because: The subkey is not live + because: Expired on 2022-04-12T00:00:15Z Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header DSA signature: NOTFOUND RSA signature: NOTFOUND @@ -455,15 +463,15 @@ RPMDB_INIT echo Checking package before importing key: runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $? echo Importing key: -runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc; echo $? +runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc 2>&1; echo $? echo Checking for key: runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1 echo Checking package after importing key: -runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $? +runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $? echo Checking package after importing key, no digest: -runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $? +runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $? echo Checking package after importing key, no signature: -runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $? +runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $? ], [0], [[Checking package before importing key: @@ -483,6 +491,8 @@ Checking for key: Version : eb04e625 Checking package after importing key: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: +error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>): + Key 1F71177215217EE0 is invalid: key is revoked Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header DSA signature: NOTFOUND Header SHA256 digest: OK @@ -494,6 +504,8 @@ Checking package after importing key: 1 Checking package after importing key, no digest: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: +error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>): + Key 1F71177215217EE0 is invalid: key is revoked Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header DSA signature: NOTFOUND RSA signature: NOTFOUND @@ -740,7 +752,7 @@ AT_CLEANUP # Test pre-built corrupted package verification (corrupted signature) AT_SETUP([rpmkeys -Kv <corrupted signed> 1]) AT_KEYWORDS([rpmkeys digest signature]) -AT_CHECK([ +AT_CHECK_UNQUOTED([ RPMDB_INIT pkg="hello-2.0-1.x86_64-signed.rpm" @@ -754,14 +766,28 @@ runroot rpmkeys -Kv /tmp/${pkg} ], [1], [/tmp/hello-2.0-1.x86_64-signed.rpm: - Header RSA signature: BAD (package tag 268: invalid OpenPGP signature) +`if test x$PGP = xinternal; then + echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)' +else + echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:' + echo ' Failed to parse Signature Packet' + echo ' because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.' + echo ' because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))' +fi` Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY MD5 digest: OK /tmp/hello-2.0-1.x86_64-signed.rpm: - Header RSA signature: BAD (package tag 268: invalid OpenPGP signature) +`if test x$PGP = xinternal; then + echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)' +else + echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:' + echo ' Failed to parse Signature Packet' + echo ' because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.' + echo ' because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))' +fi` Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK |