summaryrefslogtreecommitdiff
path: root/test/integration/framework
diff options
context:
space:
mode:
authorDavid Kalnischkies <kalnischkies@gmail.com>2013-08-09 22:20:27 +0200
committerDavid Kalnischkies <kalnischkies@gmail.com>2013-08-12 18:01:37 +0200
commit29a59c460403820d0f039398194e321b7e0921fc (patch)
treefb6c6655bb9cee83493949465b56d23d62230d3c /test/integration/framework
parent7dd5854b48f5d59c02fb0068d850384f3e678c67 (diff)
test Release file handling with expired keys
Signing files with expired keys is not as easy as it sounds, so the framework jumps a few loops to do it, but it might come in handy to have an expired key around for later tests even if it is not that different from having no key in regards to APT behaviour. Git-Dch: Ignore
Diffstat (limited to 'test/integration/framework')
-rw-r--r--test/integration/framework35
1 files changed, 29 insertions, 6 deletions
diff --git a/test/integration/framework b/test/integration/framework
index 7dd7c20a7..f64b8482c 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -711,22 +711,45 @@ setupaptarchive() {
signreleasefiles() {
local SIGNER="${1:-Joe Sixpack}"
+ local GPG="gpg --batch --yes --no-default-keyring --trustdb-name rootdir/etc/apt/trustdb.gpg"
msgninfo "\tSign archive with $SIGNER key… "
- local SECKEYS=""
+ local REXKEY='keys/rexexpired'
+ local SECEXPIREBAK="${REXKEY}.sec.bak"
+ local PUBEXPIREBAK="${REXKEY}.pub.bak"
+ if [ "${SIGNER}" = 'Rex Expired' ]; then
+ # the key is expired, so gpg doesn't allow to sign with and the --faked-system-time
+ # option doesn't exist anymore (and using faketime would add a new obscure dependency)
+ # therefore we 'temporary' make the key not expired and restore a backup after signing
+ cp ${REXKEY}.sec $SECEXPIREBAK
+ cp ${REXKEY}.pub $PUBEXPIREBAK
+ local SECUNEXPIRED="${REXKEY}.sec.unexpired"
+ local PUBUNEXPIRED="${REXKEY}.pub.unexpired"
+ if [ -f "$SECUNEXPIRED" ] && [ -f "$PUBUNEXPIRED" ]; then
+ cp $SECUNEXPIRED ${REXKEY}.sec
+ cp $PUBUNEXPIRED ${REXKEY}.pub
+ else
+ printf "expire\n1w\nsave\n" | $GPG --keyring ${REXKEY}.pub --secret-keyring ${REXKEY}.sec --command-fd 0 --edit-key "${SIGNER}" >/dev/null 2>&1 || true
+ cp ${REXKEY}.sec $SECUNEXPIRED
+ cp ${REXKEY}.pub $PUBUNEXPIRED
+ fi
+ fi
for KEY in $(find keys/ -name '*.sec'); do
- SECKEYS="$SECKEYS --secret-keyring $KEY"
+ GPG="$GPG --secret-keyring $KEY"
done
- local PUBKEYS=""
for KEY in $(find keys/ -name '*.pub'); do
- PUBKEYS="$PUBKEYS --keyring $KEY"
+ GPG="$GPG --keyring $KEY"
done
for RELEASE in $(find aptarchive/ -name Release); do
- gpg --yes --no-default-keyring $SECKEYS $PUBKEYS --default-key "$SIGNER" -abs -o ${RELEASE}.gpg ${RELEASE}
+ $GPG --default-key "$SIGNER" --armor --detach-sign --sign --output ${RELEASE}.gpg ${RELEASE}
local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
- gpg --yes --no-default-keyring $SECKEYS $PUBKEYS --default-key "$SIGNER" --clearsign -o $INRELEASE $RELEASE
+ $GPG --default-key "$SIGNER" --clearsign --output $INRELEASE $RELEASE
# we might have set a specific date for the Release file, so copy it
touch -d "$(stat --format "%y" ${RELEASE})" ${RELEASE}.gpg ${INRELEASE}
done
+ if [ -f "$SECEXPIREBAK" ] && [ -f "$PUBEXPIREBAK" ]; then
+ mv -f $SECEXPIREBAK ${REXKEY}.sec
+ mv -f $PUBEXPIREBAK ${REXKEY}.pub
+ fi
msgdone "info"
}