shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2024-12-21 13:34:34 +03:00
Code Issues Projects Releases Wiki Activity

tests/gpg-verify-data: Empty out trustdb.gpg

Browse Source 
When the private keys were generated, gpg added an ultimate trust entry
since you normally want to trust your own keys. However, this throws off
the expired signature testing since gpgme considers it valid if the key
is fully or ultimately trusted.

The use of a trustdb for the test-gpg-verify-result is unlike any other
GPG verification in ostree. Under normal circumstances, a temporary GPG
homedir is created without any trust information, so all keys are
treated as having unknown trust.

Regenerate an empty trustdb.gpg in gpg-verify-data so that the tests
behave as ostree normally operates. After this the expired signature
testing correctly shows up as a non-valid signature. The trustdb was
regenerated by simply removing it and running any gpg operation with the
gpg-verify-data directory as the homedir.
This commit is contained in:
Dan Nicholson 2019-06-21 07:09:43 -05:00
parent 7fe265b087
commit b786d1b4bc
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
tests/gpg-verify-data/trustdb.gpg
View File

Binary file not shown.

4
tests/test-gpg-verify-result.c
View File

@ -115,7 +115,7 @@ test_check_counts (TestFixture *fixture,
count_valid = ostree_gpg_verify_result_count_valid (fixture->result);
g_assert_cmpint (count_all, ==, 5);
g_assert_cmpint (count_valid, ==, 2);
g_assert_cmpint (count_valid, ==, 1);
}
static void
@ -373,7 +373,7 @@ test_expired_signature (TestFixture *fixture,
&key_missing,
&key_exp_timestamp);
g_assert_true (valid);
g_assert_false (valid);
g_assert_true (sig_expired);
g_assert_false (key_expired);
g_assert_false (key_revoked);