# rpmsigdig.at: rpm signature and digest tests AT_BANNER([RPM signatures and digests]) # ------------------------------ # Test pre-built package verification AT_SETUP([rpmkeys -Kv 1]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm /data/RPMS/hello-1.0-1.i386.rpm ], [0], [/data/RPMS/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK MD5 digest: OK /data/RPMS/hello-1.0-1.i386.rpm: Header SHA1 digest: OK MD5 digest: OK ], []) AT_CLEANUP AT_SETUP([rpmkeys -Kv 1]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT cp "${RPMTEST}"/data/misc/hello.intro "${RPMTEST}"/data/misc/hello.payload . gzip -cd < hello.payload > hello.uc-payload cat hello.intro hello.payload > "${RPMTEST}"/tmp/hello-c.rpm cat hello.intro hello.uc-payload > "${RPMTEST}"/tmp/hello-uc.rpm runroot rpmkeys -Kv /tmp/hello-c.rpm /tmp/hello-uc.rpm ], [1], [/tmp/hello-c.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK MD5 digest: OK /tmp/hello-uc.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 ALT digest: OK MD5 digest: BAD (Expected 055607c4dee6464b9415ae726e7d81a7 != 839d24c30e5188e0b83599fbe3865919) ], []) AT_CLEANUP # ------------------------------ # Test corrupted package verification (corrupted signature) AT_SETUP([rpmkeys -Kv 1]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT pkg="hello-2.0-1.x86_64.rpm" cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} # conv=notrunc bs=1 seek=261 count=6 2> /dev/null dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ conv=notrunc bs=1 seek=333 count=4 2> /dev/null runroot rpmkeys -Kv /tmp/${pkg} ], [1], [/tmp/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK MD5 digest: BAD (Expected 007ca1d8b35cca02a1854ba301c5432e != 137ca1d8b35cca02a1854ba301c5432e) ], []) AT_CLEANUP # ------------------------------ # Test corrupted package verification (corrupted header) AT_SETUP([rpmkeys -Kv 2]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT pkg="hello-2.0-1.x86_64.rpm" cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ conv=notrunc bs=1 seek=5555 count=6 2> /dev/null runroot rpmkeys -Kv /tmp/${pkg} ], [1], [/tmp/hello-2.0-1.x86_64.rpm: Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82) Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba) Payload SHA256 digest: OK MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e) ], []) AT_CLEANUP # ------------------------------ # Test corrupted package verification (corrupted payload) AT_SETUP([rpmkeys -Kv 3]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT pkg="hello-2.0-1.x86_64.rpm" cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ conv=notrunc bs=1 seek=7777 count=6 2> /dev/null runroot rpmkeys -Kv /tmp/${pkg} ], [1], [/tmp/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) Payload SHA256 ALT digest: NOTFOUND MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38) ], []) AT_CLEANUP # ------------------------------ # Test corrupted package verification (corrupted header) AT_SETUP([rpmkeys -Kv 4]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT pkg="hello-2.0-1.x86_64.rpm" cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ conv=notrunc bs=1 seek=4750 count=4 2> /dev/null runroot rpmkeys -Kv /tmp/${pkg} ], [1], [/tmp/hello-2.0-1.x86_64.rpm: ], [error: /tmp/hello-2.0-1.x86_64.rpm: tag[[13]]: BAD, tag 1028 type 0 offset 116 count 5 len 7] ) AT_CLEANUP # ------------------------------ # Reproducably build and verify a package AT_SETUP([rpmkeys -Kv 2]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT runroot rpmbuild -bb --quiet \ --define "%optflags -O2 -g" \ --define "%_target_platform noarch-linux" \ --define "%_binary_payload w.ufdio" \ --define "%_buildhost localhost" \ --define "%use_source_date_epoch_as_buildtime 1" \ --define "%source_date_epoch_from_changelog 1" \ --define "%clamp_mtime_to_source_date_epoch 1" \ /data/SPECS/attrtest.spec for v in SHA256HEADER SHA1HEADER SIGMD5 PAYLOADDIGEST PAYLOADDIGESTALT; do runroot rpm -q --qf "${v}: %{${v}}\n" /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm done runroot rpmkeys -Kv /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm ], [0], [SHA256HEADER: 8257777b3c09ad7cefce087af2437e9d711063677fe49c60811c30fbf1f2f779 SHA1HEADER: cc3d3a91b32587f0afd4935ca0d7e38cc71221f5 SIGMD5: 0c21d2620a279b07c69d4d6171568d98 PAYLOADDIGEST: 749d8980cc5889419da8cdbe9a5b3292742af8a227db3635f84966481b7612a8 PAYLOADDIGESTALT: 749d8980cc5889419da8cdbe9a5b3292742af8a227db3635f84966481b7612a8 /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 ALT digest: OK Payload SHA256 digest: OK MD5 digest: OK ], []) AT_CLEANUP # ------------------------------ # Import a public RSA key AT_SETUP([rpmkeys --import rsa]) AT_KEYWORDS([rpmkeys import]) AT_CHECK([ RPMDB_INIT runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub runroot rpm -qi gpg-pubkey-1964c5fc-58e63918|grep -v Date|grep -v Version: runroot rpm -q --provides gpg-pubkey-1964c5fc-58e63918 ], [0], [Name : gpg-pubkey Version : 1964c5fc Release : 58e63918 Architecture: (none) Group : Public Keys Size : 0 License : pubkey Signature : (none) Source RPM : (none) Build Host : localhost Packager : rpm.org RSA testkey Summary : rpm.org RSA testkey public key Description : -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY 91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas 7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ 1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq +mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAGJAR8EGAEIAAkFAljmORgCGwwA CgkQQ0RZHhlkxfzwDQf/Y5on5o+s/xD3tDyRYa6SErfT44lEArdCD7Yi+cygJFox 3jyM8ovtJAkwRegwyxcaLN7zeG1p1Sk9ZAYWQEJT6qSU4Ppu+CVGHgxgnTcfUiu6 EZZQE6srvua53IMY1lT50M7vx0T5VicHFRWBFV2C/Mc32p7cEE6nn45nEZgUXQNl ySEyvoRlsAJq6gFsfqucVz2vMJDTMVczUtq1CjvUqFbif8JVL36EoZCf1SeRw6d6 s1Kp3AA33Rjd+Uw87HJ4EIB75zMFQX2H0ggAVdYTQcqGXHP5MZK1jJrHfxJyMi3d UNW2iqnN3BA7guhOv6OMiROF1+I7Q5nWT63mQC7IgQ== =Z6nu -----END PGP PUBLIC KEY BLOCK----- gpg(rpm.org RSA testkey ) = 4:4344591e1964c5fc-58e63918 gpg(1964c5fc) = 4:4344591e1964c5fc-58e63918 gpg(4344591e1964c5fc) = 4:4344591e1964c5fc-58e63918 gpg(f00650f8) = 4:185e6146f00650f8-58e63918 gpg(185e6146f00650f8) = 4:185e6146f00650f8-58e63918 ], []) AT_CLEANUP # ------------------------------ # Test pre-built package verification AT_SETUP([rpmkeys -K 1]) AT_KEYWORDS([rpmkeys digest signature]) AT_CHECK([ RPMDB_INIT runroot rpmkeys -K /data/RPMS/hello-2.0-1.x86_64-signed.rpm runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub runroot rpmkeys -K /data/RPMS/hello-2.0-1.x86_64-signed.rpm ], [0], [[/data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests SIGNATURES NOT OK /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests signatures OK ]], []) AT_CLEANUP # ------------------------------ # Test pre-built package verification AT_SETUP([rpmkeys -Kv 1]) AT_KEYWORDS([rpmkeys digest signature]) AT_CHECK([ RPMDB_INIT runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $? runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub; echo $? runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $? runroot rpmkeys -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $? runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $? ], [0], [/data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY MD5 digest: OK 1 0 /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: OK MD5 digest: OK 0 /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: OK 0 /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK MD5 digest: OK 0 ], []) AT_CLEANUP # ------------------------------ # Test pre-built corrupted package verification (corrupted signature) AT_SETUP([rpmkeys -Kv 1]) AT_KEYWORDS([rpmkeys digest signature]) AT_CHECK([ RPMDB_INIT pkg="hello-2.0-1.x86_64-signed.rpm" cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ conv=notrunc bs=1 seek=264 count=6 2> /dev/null runroot rpmkeys -Kv /tmp/${pkg} runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub runroot rpmkeys -Kv /tmp/${pkg} ], [1], [/tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature) Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY MD5 digest: OK /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature) Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: OK MD5 digest: OK ], []) AT_CLEANUP # ------------------------------ # Test pre-built corrupted package verification (corrupted header) AT_SETUP([rpmkeys -Kv 2]) AT_KEYWORDS([rpmkeys digest signature]) AT_CHECK([ RPMDB_INIT pkg="hello-2.0-1.x86_64-signed.rpm" cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ conv=notrunc bs=1 seek=5555 count=6 2> /dev/null runroot rpmkeys -Kv /tmp/${pkg} runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub runroot rpmkeys -Kv /tmp/${pkg} ], [1], [/tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82) Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba) Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e) /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82) Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba) Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e) ], []) AT_CLEANUP # ------------------------------ # Test pre-built corrupted package verification (corrupted payload) AT_SETUP([rpmkeys -Kv 3]) AT_KEYWORDS([rpmkeys digest signature]) AT_CHECK([ RPMDB_INIT pkg="hello-2.0-1.x86_64-signed.rpm" cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ conv=notrunc bs=1 seek=7777 count=6 2> /dev/null runroot rpmkeys -Kv /tmp/${pkg} runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub runroot rpmkeys -Kv /tmp/${pkg} ], [1], [/tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) Payload SHA256 ALT digest: NOTFOUND V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38) /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) Payload SHA256 ALT digest: NOTFOUND V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38) ], []) AT_CLEANUP # ------------------------------ # Test --addsign AT_SETUP([rpmsign --addsign]) AT_KEYWORDS([rpmsign signature]) RPMDB_INIT gpg2 --import ${RPMTEST}/data/keys/*.secret # Our keys have no passphrases to be asked, silence GPG_TTY warning export GPG_TTY="" # rpmsign --addsign --rpmv3 AT_CHECK([ RPMDB_INIT cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/ run rpmsign --key-id 1964C5FC --rpmv3 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null echo PRE-IMPORT runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest echo POST-IMPORT runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null echo POST-DELSIGN runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest ], [0], [PRE-IMPORT /tmp/hello-2.0-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY POST-IMPORT /tmp/hello-2.0-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: OK POST-DELSIGN /tmp/hello-2.0-1.x86_64.rpm: ], []) # rpmsign --addsign AT_CHECK([ RPMDB_INIT cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/ run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null echo PRE-IMPORT runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest echo POST-IMPORT runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null echo POST-DELSIGN runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest ], [0], [PRE-IMPORT /tmp/hello-2.0-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY POST-IMPORT /tmp/hello-2.0-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK POST-DELSIGN /tmp/hello-2.0-1.x86_64.rpm: ], []) # rpmsign --addsign AT_CHECK([ RPMDB_INIT cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/ run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping" ], [0], [], []) # rpmsign --addsign AT_CHECK([ RPMDB_INIT pkg="hello-2.0-1.x86_64.rpm" cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ conv=notrunc bs=1 seek=333 count=4 2> /dev/null run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}/tmp/${pkg}" >/dev/null 2> stderr echo $? grep -c "error: not signing corrupt package " stderr runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm echo $? ], [], [1 1 /tmp/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK MD5 digest: BAD (Expected 007ca1d8b35cca02a1854ba301c5432e != 137ca1d8b35cca02a1854ba301c5432e) 1 ], []) gpgconf --kill gpg-agent AT_CLEANUP # ------------------------------ # Test --delsign AT_SETUP([rpmsign --delsign]) AT_KEYWORDS([rpmsign signature]) AT_CHECK([ RPMDB_INIT cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/ echo PRE-DELSIGN runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm|grep -v digest echo POST-DELSIGN run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm > /dev/null runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm|grep -v digest ], [0], [PRE-DELSIGN /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY POST-DELSIGN /tmp/hello-2.0-1.x86_64-signed.rpm: ], []) AT_CLEANUP