shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2025-03-08 08:58:46 +03:00
Code Issues Projects Releases Wiki Activity

tests: Fix up GPG tests for more strict EL7 GPG

Browse Source 
These GPG tests were failing for me on EL7 - it appears to be because
we had only one directory for both private and public keys, and we
were giving that to ostree for verification, which passed them onto
gpgv.

In EL7 beta at least, gpgv now barfs if it finds a private key where
it is just expecting to find public keys.

Fix this by splitting out the public trusted directory from the
private key directory.  Except now for signing, we still need the
public key there, so symlink it.  Whee!
This commit is contained in:
Colin Walters 2014-02-10 09:38:07 -05:00
parent 2ee2751fd1
commit 26d5db696b
4 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile-tests.am
View File

@ -60,8 +60,13 @@ insttest_DATA = tests/archive-test.sh \
gpginsttestdir = $(pkglibexecdir)/installed-tests/gpghome
gpginsttest_DATA = tests/gpghome/secring.gpg \
tests/gpghome/pubring.gpg \
tests/gpghome/trustdb.gpg
gpginsttest_trusteddir = $(pkglibexecdir)/installed-tests/gpghome/trusted
gpginsttest_trusted_DATA = tests/gpghome/trusted/pubring.gpg
install-gpg-data-hook:
ln -s trusted/pubring.gpg $(DESTDIR)$(gpginsttestdir)/pubring.gpg
INSTALL_DATA_HOOKS += install-gpg-data-hook
%.test: tests/%.sh Makefile
$(AM_V_GEN) (echo '[Test]' > $@.tmp; \

0
tests/gpghome/pubring.gpg → tests/gpghome/trusted/pubring.gpg
View File

4
tests/libtest.sh
View File

@ -23,8 +23,8 @@ test_tmpdir=$(pwd)
export G_DEBUG=fatal-warnings
export TEST_GPG_KEYID="472CDAFA"
export TEST_GPG_HOME=${SRCDIR}/gpghome
export OSTREE_GPG_HOME=${TEST_GPG_HOME}
export TEST_GPG_KEYHOME=${SRCDIR}/gpghome
export OSTREE_GPG_HOME=${TEST_GPG_KEYHOME}/trusted
if test -n "${OT_TESTS_DEBUG}"; then
set -x

4
tests/test-gpg-signed-commit.sh
View File

@ -28,7 +28,7 @@ fi
setup_test_repository "archive-z2"
cd ${test_tmpdir}
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_HOME} --tree=dir=files
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
# We at least got some content here and ran through the code; later
# tests will actually do verification
@ -36,6 +36,6 @@ assert_file_has_content test2-gpgsigs 'byte '
# Now sign a commit 3 times (with the same key)
cd ${test_tmpdir}
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_HOME} --tree=dir=files
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
assert_file_has_content test2-gpgsigs 'byte '