summaryrefslogtreecommitdiff
path: root/test/integration/test-releasefile-verification
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2024-12-19 22:11:04 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2024-12-19 23:41:01 +0100
commita00fbbdb28cc31e78882301c2efe7218583ab4cb (patch)
tree2f8055ee820f2f9fb7fa773d3ce89d6944ac033f /test/integration/test-releasefile-verification
parentd5961016ffa5e22f1997d94d797800796ddb613b (diff)
Use sq in the test suite, remove apt-key
Remove the test case for MD5 and expired signatures, as we can't create them (can't set signing digest, and can't set signature expiry). Tests for them have been added to test-method-gpgv instead. We override sq in a function with cert-store and key-store set to none. This supports both sq 0.40 and sq 1.0.
Diffstat (limited to 'test/integration/test-releasefile-verification')
-rwxr-xr-xtest/integration/test-releasefile-verification36
1 files changed, 5 insertions, 31 deletions
diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification
index 171792a10..1392a05d1 100755
--- a/test/integration/test-releasefile-verification
+++ b/test/integration/test-releasefile-verification
@@ -153,28 +153,6 @@ runtest() {
failaptold
rm -f rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
- msgmsg 'Cold archive expired signed by' 'Joe Sixpack'
- if dpkg --compare-versions "$(aptkey adv --version | head -n 2 | tail -n 1 | cut -d' ' -f 3)" '>=' '2.1' >/dev/null 2>&1; then
- touch rootdir/etc/apt/apt.conf.d/99gnupg2
- elif gpg2 --version >/dev/null 2>&1; then
- echo 'Apt::Key::gpgcommand "gpg2";' > rootdir/etc/apt/apt.conf.d/99gnupg2
- if ! dpkg --compare-versions "$(aptkey adv --version | head -n 2 | tail -n 1 | cut -d' ' -f 3)" '>=' '2.1' >/dev/null 2>&1; then
- rm rootdir/etc/apt/apt.conf.d/99gnupg2
- fi
- fi
- if [ -e rootdir/etc/apt/apt.conf.d/99gnupg2 ]; then
- prepare "${PKGFILE}"
- rm -rf rootdir/var/lib/apt/lists
- signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20160924T154812" --default-sig-expire 2017-04-01
- updatewithwarnings '^W: .* (BADSIG|EXPSIG)'
- testsuccessequal "$(cat "${PKGFILE}")
-" aptcache show apt
- failaptold
- rm -f rootdir/etc/apt/apt.conf.d/99gnupg2
- else
- msgskip 'Not a new enough gpg available providing --fake-system-time'
- fi
-
msgmsg 'Cold archive signed by' 'Joe Sixpack,Marvin Paranoid'
prepare "${PKGFILE}"
rm -rf rootdir/var/lib/apt/lists
@@ -282,7 +260,7 @@ runtest() {
installaptold
sed -i "s# \[signed-by=[^]]\+\] # #" rootdir/etc/apt/sources.list.d/*
- local MARVIN="$(aptkey --keyring $MARVIN finger --with-colons | grep '^fpr' | cut -d':' -f 10)"
+ local MARVIN="DE66AECA9151AFA1877EC31DE8525D47528144E2"
msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
@@ -306,7 +284,7 @@ runtest() {
" aptcache show apt
installaptold
- local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger --with-colons | grep '^fpr' | cut -d':' -f 10)"
+ local SIXPACK="34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE"
msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
@@ -376,7 +354,7 @@ Signed-By: ${MARVIN} ${MARVIN}, \\
installaptnew
cp -a keys/sebastiansubkey.pub rootdir/etc/apt/trusted.gpg.d/sebastiansubkey.gpg
- local SEBASTIAN="$(aptkey --keyring keys/sebastiansubkey.pub finger --with-colons | grep -m 1 '^fpr' | cut -d':' -f 10)"
+ local SEBASTIAN="648E6A33FDE5CB5BA2D896A3CA3E1DFF1E6BE149"
msgmsg 'Warm archive with subkey signing' 'Sebastian Subkey'
rm -rf rootdir/var/lib/apt/lists
cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists
@@ -400,7 +378,7 @@ Signed-By: ${SEBASTIAN}!" rootdir/var/lib/apt/lists/*Release
" aptcache show apt
installaptold
- local SUBKEY="$(aptkey --keyring keys/sebastiansubkey.pub finger --with-colons | grep -m 2 '^fpr' | tail -n -1 | cut -d':' -f 10)"
+ local SUBKEY="4281DEDBD466EAE8C1F4157E5B6896415D44C43E"
msgmsg 'Warm archive with correct exact subkey signing' 'Sebastian Subkey'
rm -rf rootdir/var/lib/apt/lists
cp -a rootdir/var/lib/apt/lists-bak rootdir/var/lib/apt/lists
@@ -482,7 +460,7 @@ Acquire::AllowInsecureRepositories "1";
Acquire::AllowDowngradeToInsecureRepositories "1";
EOF
# the hash marked as configurable in our gpgv method
-export APT_TESTS_DIGEST_ALGO='SHA224'
+export APT_TESTS_DIGEST_ALGO='SHA512'
successfulaptgetupdate() {
testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1
@@ -536,7 +514,3 @@ runfailure() {
done
}
foreachgpg runfailure
-
-msgmsg "Running test with gpgv-untrusted digest"
-export APT_TESTS_DIGEST_ALGO='MD5'
-foreachgpg runfailure