blob: ddb9bf9d297e95c80b1bfd69d5c3615a9152a41c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
#!/bin/sh
set -e
# apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
# confuses config parser as there exists no way of escaping " currently.
#TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!"
# gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program
#TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!"
TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture 'amd64'
# start from a clean plate again
cleanplate() {
rm -rf rootdir/etc/apt/trusted.gpg.d/ rootdir/etc/apt/trusted.gpg
mkdir rootdir/etc/apt/trusted.gpg.d/
}
testmultigpg() {
testfailure --nomsg aptkey --quiet --readonly "$@"
testsuccess grep "^gpgv: Can't check signature" rootdir/tmp/testfailure.output
testsuccess grep '^gpgv: Good signature from' rootdir/tmp/testfailure.output
}
echo 'APT::Key::ArchiveKeyring "./keys/joesixpack.pub";
APT::Key::RemovedKeys "./keys/rexexpired.pub";' > rootdir/etc/apt/apt.conf.d/aptkey.conf
testrun() {
cleanplate
ln -sf "${TMPWORKINGDIRECTORY}/keys/joesixpack.pub" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
msgtest 'Check that paths in list output are not' 'double-slashed'
aptkey list 2>&1 | grep -q '//' && msgfail || msgpass
msgtest 'Check that paths in finger output are not' 'double-slashed'
aptkey finger 2>&1 | grep -q '//' && msgfail || msgpass
testaptkeys 'Joe Sixpack'
testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1' aptkey --fakeroot update
testaptkeys 'Joe Sixpack'
testfailure test -e rootdir/etc/apt/trusted.gpg
testsuccess aptkey --fakeroot add ./keys/rexexpired.pub
msgtest 'Check if trusted.gpg is created with permissions set to' '0644'
if [ "$(stat -c '%a' rootdir/etc/apt/trusted.gpg )" = '644' ]; then
msgpass
else
msgfail
fi
testaptkeys 'Rex Expired' 'Joe Sixpack'
msgtest 'Check that Sixpack key can be' 'exported'
aptkey export 'Sixpack' > aptkey.export
aptkey --keyring rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg exportall > aptkey.exportall
testsuccess --nomsg cmp aptkey.export aptkey.exportall
testsuccess test -s aptkey.export
testsuccess test -s aptkey.exportall
msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
testsuccess --nomsg aptkey --fakeroot update
testaptkeys 'Joe Sixpack'
msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
testsuccess --nomsg aptkey --fakeroot --keyring rootdir/etc/apt/trusted.gpg del DBAC8DAE
testaptkeys 'Joe Sixpack'
testsuccess aptkey --fakeroot del DBAC8DAE
testempty aptkey list
msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del d141dbac8dae
testempty aptkey list
msgtest 'Test key removal with' 'single key in real file'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
testempty aptkey list
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
msgtest 'Test key removal with' 'different key specs'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
cp -a keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
testsuccess --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2
testempty aptkey list
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
testfailure test -e rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg
testsuccess cmp keys/marvinparanoid.pub rootdir/etc/apt/trusted.gpg.d/marvinparanoid.gpg~
msgtest 'Test key removal with' 'long key ID'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
testempty aptkey list
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
msgtest 'Test key removal with' 'fingerprint'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
testempty aptkey list
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
msgtest 'Test key removal with' 'single key in softlink'
cleanplate
ln -s "$(readlink -f ./keys/joesixpack.pub)" rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
testempty aptkey list
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess test -L rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
cleanplate
testsuccess aptkey --fakeroot add ./keys/joesixpack.pub
ln -sf "$(readlink -f ./keys/marvinparanoid.pub)" "./keys/marvin paránöid.pub"
testsuccess aptkey --fakeroot add "./keys/marvin paránöid.pub"
testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
cp -a rootdir/etc/apt/trusted.gpg keys/testcase-multikey.pub # store for reuse
msgtest 'Test key removal with' 'multi key in real file'
cleanplate
cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
testaptkeys 'Marvin Paranoid'
testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
msgtest 'Test key removal with' 'multi key in softlink'
cleanplate
ln -s "$(readlink -f ./keys/testcase-multikey.pub)" rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
testaptkeys 'Marvin Paranoid'
testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
testfailure test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testsuccess test -L rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
msgtest 'Test key removal with' 'multiple files including key'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testsuccess --nomsg aptkey --fakeroot del DBAC8DAE
testaptkeys 'Marvin Paranoid'
testfailure test -e rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
testsuccess cmp keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg~
testsuccess cmp keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg~
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
msgtest 'Test merge-back of' 'added keys'
testsuccess --nomsg aptkey adv --batch --yes --import keys/rexexpired.pub
testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
msgtest 'Test merge-back of' 'removed keys'
testsuccess --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
msgtest 'Test merge-back of' 'removed duplicate keys'
testsuccess --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
testaptkeys 'Marvin Paranoid'
cleanplate
cp -a keys/joesixpack.pub rootdir/etc/apt/trusted.gpg.d/joesixpack.gpg
cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
msgtest 'Test signing a file' 'with a key'
echo 'Verify me. This is my signature.' > signature
testsuccess --nomsg aptkey --quiet --keyring keys/marvinparanoid.pub --secret-keyring keys/marvinparanoid.sec --readonly \
adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output signature.gpg signature
testsuccess test -s signature.gpg -a -s signature
for GPGV in '' 'gpgv' 'gpgv2'; do
echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
msgtest 'Test verify a file' 'with all keys'
testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
msgtest 'Test verify a file' 'with good keyring'
testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
msgtest 'Test fail verify a file' 'with bad keyring'
testfailure --nomsg aptkey --quiet --readonly --keyring keys/joesixpack.pub verify signature.gpg signature
msgtest 'Test fail verify a file' 'with non-existing keyring'
testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
testfailure test -e keys/does-not-exist.pub
# note: this isn't how apts gpgv method implements keyid for verify
msgtest 'Test verify a file' 'with good keyid'
testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature
msgtest 'Test fail verify a file' 'with bad keyid'
testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify signature.gpg signature
msgtest 'Test fail verify a file' 'with non-existing keyid'
testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
msgtest 'Test verify fails on' 'bad file'
echo 'lalalalala' > signature2
testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
done
rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
msgtest 'Test verify a file' 'with good keyring'
testsuccess --nomsg aptkey --quiet --readonly --keyring keys/testcase-multikey.pub verify signature.gpg signature
cleanplate
cat keys/joesixpack.pub keys/marvinparanoid.pub > keys/double.pub
cat keys/joesixpack.sec keys/marvinparanoid.sec > keys/double.sec
cp -a keys/double.pub rootdir/etc/apt/trusted.gpg.d/double.gpg
cp -a keys/testcase-multikey.pub rootdir/etc/apt/trusted.gpg.d/multikey.gpg
testsuccess aptkey --quiet --keyring keys/double.pub --secret-keyring keys/double.sec --readonly \
adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output signature.gpg signature
testsuccess test -s signature.gpg -a -s signature
for GPGV in '' 'gpgv' 'gpgv2'; do
echo "APT::Key::GPGVCommand \"$GPGV\";" > rootdir/etc/apt/apt.conf.d/00gpgvcmd
msgtest 'Test verify a doublesigned file' 'with all keys'
testsuccess --nomsg aptkey --quiet --readonly verify signature.gpg signature
msgtest 'Test verify a doublesigned file' 'with good keyring joe'
testmultigpg --keyring keys/joesixpack.pub verify signature.gpg signature
msgtest 'Test verify a doublesigned file' 'with good keyring marvin'
testmultigpg --keyring keys/marvinparanoid.pub verify signature.gpg signature
msgtest 'Test fail verify a doublesigned file' 'with bad keyring'
testfailure --nomsg aptkey --quiet --readonly --keyring keys/rexexpired.pub verify signature.gpg signature
msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring'
testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
testfailure test -e keys/does-not-exist.pub
# note: this isn't how apts gpgv method implements keyid for verify
msgtest 'Test verify a doublesigned file' 'with good keyid'
testmultigpg --keyid 'Paranoid' verify signature.gpg signature
msgtest 'Test fail verify a doublesigned file' 'with bad keyid'
testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify signature.gpg signature
msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid'
testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify signature.gpg signature
msgtest 'Test verify fails on' 'bad doublesigned file'
echo 'lalalalala' > signature2
testfailure --nomsg aptkey --quiet --readonly verify signature.gpg signature2
done
rm -f rootdir/etc/apt/apt.conf.d/00gpgvcmd
}
setupgpgcommand() {
echo "APT::Key::GPGCommand \"$1\";" > rootdir/etc/apt/apt.conf.d/00gpgcmd
msgmsg 'Force tests to be run with' "$1"
testsuccess aptkey --readonly adv --version
cp rootdir/tmp/testsuccess.output aptkey.version
testsuccess grep "^gpg (GnuPG) $2\." aptkey.version
}
# run with default (whatever this is)
testrun
# run with …
setupgpgcommand 'gpg' '1'
testrun
setupgpgcommand 'gpg2' '2'
testrun
|