diff options
| author | Julian Andres Klode <jak@debian.org> | 2024-11-22 16:09:41 +0000 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2024-11-22 16:09:41 +0000 |
| commit | f9069c2498f74c09b4a4d7da8bb677756b371dae (patch) | |
| tree | c99e4b2b6673ea9865c84ffc16a029ade5637834 /test | |
| parent | b3c8a3cbb0f51d9cf704ca6a1c050fb50a0fb22d (diff) | |
| parent | e983d98c4fcd952ffcbc010b185455913c8af650 (diff) | |
Merge branch 'test-gpgv-sq' into 'main'
Test gpgv-sq
See merge request apt-team/apt!403
Diffstat (limited to 'test')
| -rw-r--r-- | test/integration/framework | 3 | ||||
| -rwxr-xr-x | test/integration/test-apt-key | 4 | ||||
| -rwxr-xr-x | test/integration/test-releasefile-verification | 44 |
3 files changed, 43 insertions, 8 deletions
diff --git a/test/integration/framework b/test/integration/framework index 10cae70a5..ad87d17c7 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -2029,6 +2029,9 @@ testfailure() { BAD signature from signature could not be verified" "$OUTPUT"; then msgpass + elif [ -e "$OUTPUT" -a ! -s "$OUTPUT" ]; then + msgwarn "apt-key failed without output, this is normal for gpgv-sq (see sequoia-chameleon-gnupg#88)" + msgpass else msgfailoutput "run failed with exitcode ${EXITCODE}, but no signature error" "$OUTPUT" "$@" fi diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key index a1e633ca3..c2180c5f1 100755 --- a/test/integration/test-apt-key +++ b/test/integration/test-apt-key @@ -258,7 +258,7 @@ gpg: unchanged: 1' aptkey --fakeroot update msgtest 'Test verify a file' 'with no sig' testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub.${EXT}" verify "${SIGNATURE}" "${SIGNATURE}2" - for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do + for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2' 'gpgv-sq' 'gpgv-g10code'; do echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi @@ -330,7 +330,7 @@ gpg: unchanged: 1' aptkey --fakeroot update adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}" testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}" - for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do + for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2' 'gpgv-sq' 'gpgv-g10code'; do echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd" if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 810427620..0109f2954 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -101,6 +101,16 @@ updatewithwarnings() { testsuccess grep -E "$1" rootdir/tmp/testwarning.output } +foreachgpg() { + rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd + "$@" + for GPGV in "gpgv-sq" "gpgv-g10code"; do + msgmsg "Forcing $GPGV to be used" + echo "APT::Key::GPGVCommand \"$GPGV\";" > "rootdir/etc/apt/apt.conf.d/00gpgvcmd" + "$@" + done +} + runtest() { msgmsg 'Cold archive signed by' 'Joe Sixpack' prepare "${PKGFILE}" @@ -155,8 +165,8 @@ runtest() { if [ -e rootdir/etc/apt/apt.conf.d/99gnupg2 ]; then prepare "${PKGFILE}" rm -rf rootdir/var/lib/apt/lists - signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20070924T154812" --default-sig-expire 2016-04-01 - updatewithwarnings '^W: .* EXPSIG' + signreleasefiles 'Joe Sixpack' 'aptarchive' --faked-system-time "20160924T154812" --default-sig-expire 2017-04-01 + updatewithwarnings '^W: .* (BADSIG|EXPSIG)' testsuccessequal "$(cat "${PKGFILE}") " aptcache show apt failaptold @@ -420,6 +430,28 @@ runtest2() { " aptcache show apt failaptnew + msgmsg 'Cold archive signed by' 'Empty signature' + rm -rf rootdir/var/lib/apt/lists + find aptarchive -name Release -exec touch {}.gpg \; + testfailuremsg "E: GPG error: http://localhost:${APTHTTPPORT} Release: Signed file isn't valid, got 'NODATA' (does the network require authentication?)" aptget update -o Debug::gpgv=1 + + msgmsg 'Cold archive signed by' 'Unknown format signature' + rm -rf rootdir/var/lib/apt/lists + find aptarchive -name Release -exec sh -c "echo Hello > {}.gpg" \; + testfailuremsg "E: GPG error: http://localhost:${APTHTTPPORT} Release: Signed file isn't valid, got 'NODATA' (does the network require authentication?)" aptget update + + msgmsg 'Cold archive signed by' 'Empty inline' + rm -rf rootdir/var/lib/apt/lists + find aptarchive -name Release -exec sh -c '( echo -----BEGIN PGP SIGNED MESSAGE-----; echo Hash: SHA512; echo; cat {} ; echo; echo -----BEGIN PGP SIGNATURE-----; echo ; echo -----END PGP SIGNATURE----- ) > $(dirname {})/In$(basename {})' \; + testfailuremsg "E: GPG error: http://localhost:${APTHTTPPORT} InRelease: Signed file isn't valid, got 'NODATA' (does the network require authentication?)" aptget update + + msgmsg 'Cold archive signed by' 'Bad inline' + rm -rf rootdir/var/lib/apt/lists + find aptarchive -name Release -exec sh -c '( echo -----BEGIN PGP SIGNED MESSAGE-----; echo Hash: SHA512; echo; cat {} ; echo; echo -----BEGIN PGP SIGNATURE-----; echo ; echo SGVsbG8K; echo =nFa9; echo -----END PGP SIGNATURE----- ) > $(dirname {})/In$(basename {})' \; + testfailuremsg "E: GPG error: http://localhost:${APTHTTPPORT} InRelease: Signed file isn't valid, got 'NODATA' (does the network require authentication?)" aptget update + + find aptarchive/ \( -name InRelease -o -name Release.gpg \) -delete + # Unsigned archive from the beginning must also be detected. msgmsg 'Cold archive signed by' 'nobody' rm -rf rootdir/var/lib/apt/lists @@ -458,7 +490,7 @@ successfulaptgetupdate() { testsuccess grep "$1" aptupdate.output fi } -runtest3 'Trusted' +foreachgpg runtest3 'Trusted' successfulaptgetupdate() { testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 @@ -467,7 +499,7 @@ successfulaptgetupdate() { fi testsuccess grep 'uses weak algorithm' rootdir/tmp/testwarning.output } -runtest3 'Weak' +foreachgpg runtest3 'Weak' msgmsg "Running test with apt-untrusted digest" echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate @@ -502,8 +534,8 @@ runfailure() { export APT_DONT_SIGN='Release.gpg' done } -runfailure +foreachgpg runfailure msgmsg "Running test with gpgv-untrusted digest" export APT_TESTS_DIGEST_ALGO='MD5' -runfailure +foreachgpg runfailure |
