AT_BANNER([RPM signature/digest verifylevel]) AT_SETUP([rpmkeys -K verifylevel]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT for lvl in none digest signature all; do echo "LEVEL ${lvl}" for dis in "" "--nodigest" "--nosignature" "--nodigest --nosignature"; do echo "${dis}" runroot rpmkeys -K ${dis} \ --define "_pkgverify_level ${lvl}" \ /data/RPMS/hello-2.0-1.x86_64.rpm; echo $? done done ], [0], [LEVEL none /data/RPMS/hello-2.0-1.x86_64.rpm: digests OK 0 --nodigest /data/RPMS/hello-2.0-1.x86_64.rpm: OK 0 --nosignature /data/RPMS/hello-2.0-1.x86_64.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64.rpm: OK 0 LEVEL digest /data/RPMS/hello-2.0-1.x86_64.rpm: digests OK 0 --nodigest /data/RPMS/hello-2.0-1.x86_64.rpm: OK 0 --nosignature /data/RPMS/hello-2.0-1.x86_64.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64.rpm: OK 0 LEVEL signature /data/RPMS/hello-2.0-1.x86_64.rpm: digests SIGNATURES NOT OK 1 --nodigest /data/RPMS/hello-2.0-1.x86_64.rpm: SIGNATURES NOT OK 1 --nosignature /data/RPMS/hello-2.0-1.x86_64.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64.rpm: OK 0 LEVEL all /data/RPMS/hello-2.0-1.x86_64.rpm: digests SIGNATURES NOT OK 1 --nodigest /data/RPMS/hello-2.0-1.x86_64.rpm: SIGNATURES NOT OK 1 --nosignature /data/RPMS/hello-2.0-1.x86_64.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64.rpm: OK 0 ], []) AT_CLEANUP AT_SETUP([rpmkeys -K verifylevel]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT nomd5="0x20000" nopld="0x10000" nopl="0x30000" nosha1="0x100" nosha2="0x200" nosha="0x300" nohdr="0x20300" lvl="digest" for dis in nomd5 nopld nopl nosha1 nosha2 nosha nohdr; do vsf="$(eval echo \$${dis})" echo ${dis} runroot rpmkeys -Kv \ --define "_pkgverify_level ${lvl}" \ --define "_pkgverify_flags ${vsf}" \ /data/RPMS/hello-2.0-1.x86_64.rpm; echo $? done ], [0], [nomd5 /data/RPMS/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK 0 nopld /data/RPMS/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK Header SHA1 digest: OK MD5 digest: OK 0 nopl /data/RPMS/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: NOTFOUND Payload SHA256 ALT digest: NOTFOUND MD5 digest: NOTFOUND 1 nosha1 /data/RPMS/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK Payload SHA256 digest: OK MD5 digest: OK 0 nosha2 /data/RPMS/hello-2.0-1.x86_64.rpm: Header SHA1 digest: OK Payload SHA256 digest: OK MD5 digest: OK 0 nosha /data/RPMS/hello-2.0-1.x86_64.rpm: Payload SHA256 digest: OK MD5 digest: OK 0 nohdr /data/RPMS/hello-2.0-1.x86_64.rpm: Header SHA256 digest: NOTFOUND Header SHA1 digest: NOTFOUND Payload SHA256 digest: OK MD5 digest: NOTFOUND 1 ], []) AT_CLEANUP AT_SETUP([rpmkeys -K verifylevel]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT for lvl in none digest signature all; do echo "LEVEL ${lvl}" for dis in "" "--nodigest" "--nosignature" "--nodigest --nosignature"; do echo "${dis}" runroot rpmkeys -K ${dis} \ --define "_pkgverify_level ${lvl}" \ /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $? done done ], [0], [LEVEL none /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests SIGNATURES NOT OK 1 --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm: SIGNATURES NOT OK 1 --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: OK 0 LEVEL digest /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests SIGNATURES NOT OK 1 --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm: SIGNATURES NOT OK 1 --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: OK 0 LEVEL signature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests SIGNATURES NOT OK 1 --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm: SIGNATURES NOT OK 1 --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: OK 0 LEVEL all /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests SIGNATURES NOT OK 1 --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm: SIGNATURES NOT OK 1 --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: OK 0 ], []) AT_CLEANUP AT_SETUP([rpmkeys -K verifylevel]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub for lvl in none digest signature all; do echo "LEVEL ${lvl}" for dis in "" "--nodigest" "--nosignature" "--nodigest --nosignature"; do echo "${dis}" runroot rpmkeys -K ${dis} \ --define "_pkgverify_level ${lvl}" \ /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $? done done ], [0], [LEVEL none /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests signatures OK 0 --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm: signatures OK 0 --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: OK 0 LEVEL digest /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests signatures OK 0 --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm: signatures OK 0 --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: OK 0 LEVEL signature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests signatures OK 0 --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm: signatures OK 0 --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: OK 0 LEVEL all /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests signatures OK 0 --nodigest /data/RPMS/hello-2.0-1.x86_64-signed.rpm: signatures OK 0 --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: digests OK 0 --nodigest --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm: OK 0 ], []) AT_CLEANUP AT_SETUP([rpmkeys -K verifylevel]) AT_KEYWORDS([rpmkeys digest]) AT_CHECK([ RPMDB_INIT nomd5="0x20000" nopld="0x10000" nopl="0x30000" nopls="0xc0000" noplds="0xd0000" nohdrs="0x00c00" nosig="0xc0c00" runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub lvl="all" for dis in nopls noplds nohdrs nosig; do vsf="$(eval echo \$${dis})" echo ${dis} runroot rpmkeys -Kv \ --define "_pkgverify_level ${lvl}" \ --define "_pkgverify_flags ${vsf}" \ /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo $? done ], [0], [nopls /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK MD5 digest: OK 0 noplds /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: NOTFOUND Payload SHA256 ALT digest: NOTFOUND RSA signature: NOTFOUND DSA signature: NOTFOUND MD5 digest: OK 1 nohdrs /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: OK MD5 digest: OK 0 nosig /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: NOTFOUND Header DSA signature: NOTFOUND Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK RSA signature: NOTFOUND DSA signature: NOTFOUND MD5 digest: OK 1 ], []) AT_CLEANUP