Commit Graph

12 Commits

Author SHA1 Message Date
Colin Walters
88b25dc65c tree-wide: Replace archive-z2 with archive
In almost all places. There are just a few exceptions; one tricky bit for
example is that the repo config must still have `mode=archive-z2`, since
`archive` used to mean something else. (We could very likely just get rid of
that check, but eh, later).

I also added a test that one can still do `ostree repo init --mode=archive-z2`.

Closes: #1125
Approved by: jlebon
2017-09-01 20:54:12 +00:00
Jonathan Lebon
c4c030cc79 libtest: add has_gpgme() helper function
Closes: #469
Approved by: cgwalters
2016-08-31 16:52:12 +00:00
Colin Walters
bdf24cdc04 tests: Make failing to kill the GPG agent non-fatal
It's not working for me in `make check` on a RHEL 7 Workstation,
apparently because no GPG agent is spawned.  I'm guessing this has
something to do with the GPG version?

The downside of this is we will be less likely to notice if GPG
changes again and we start leaking agents like we're in The Matrix
Reloaded.  But the real solution to that is containers anyways.

Closes: #233
Approved by: smcv
2016-03-31 18:43:31 +00:00
Simon McVittie
b25ddd29ab In tests that use gpg, terminate the gpg-agent after testing
Otherwise we leak those processes.

Signed-off-by: Simon McVittie <smcv@debian.org>

Closes: #232
Approved by: cgwalters
2016-03-31 14:22:06 +00:00
Colin Walters
d25212f04a tests: Port to glib-tap.mk, make make check run all of the tests
OSTree's code for testing predates the `glib-tap.mk` making its
way into GLib.  Let's switch to it, as it provides a number
of advantages.

By far the biggest advantage is that `make check` can start to run
most of the tests *in addition* to having them work installed.

This commit keeps the installed tests working, but `make check` turns
out to be really broken because...our TAP usage has bitrotted to say
the least.  Fix that all up.

Do some hacks so that the tests work uninstalled as well - in
particular, `glib-tap.mk` and the bits encoded into
`g_test_build_filename()` assume *recursive* Automake (blah).  Work
around that by creating a symlink when installed to loop back.
2016-03-03 08:50:19 -05:00
Colin Walters
5ebe43859d tests: Use "bash strict mode"
I noticed in the static deltas tests, there were some tests that
should have been under `-o pipefail` to ensure we properly propagate
errors.

There were a few places where we were referencing undefined variables.

Overall, this is clearly a good idea IMO.
2016-01-27 11:44:10 -05:00
Giuseppe Scrivano
cd93780d97 show: add option --gpg-homedir
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-04-27 15:22:41 +02:00
Matthew Barnes
9b8bad3c2e tests: Update test-gpg-signed-commit.sh
Utilize and test new CLI capabilities:

  - Signature count in 'ostree show' result
  - Duplicate signatures now rejected
  - Ability to delete signatures
2015-03-18 11:53:26 -04:00
Giuseppe Scrivano
aea173b3f8 tests: enforce ${CMD_PREFIX} on all ostree processes
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-03-03 18:32:24 -05:00
Matthew Barnes
a5b002dae6 ostree: Add gpg-sign command
Signs a commit with one or more GPG keys.
2015-02-26 12:53:01 -05:00
Colin Walters
26d5db696b tests: Fix up GPG tests for more strict EL7 GPG
These GPG tests were failing for me on EL7 - it appears to be because
we had only one directory for both private and public keys, and we
were giving that to ostree for verification, which passed them onto
gpgv.

In EL7 beta at least, gpgv now barfs if it finds a private key where
it is just expecting to find public keys.

Fix this by splitting out the public trusted directory from the
private key directory.  Except now for signing, we still need the
public key there, so symlink it.  Whee!
2014-02-10 09:40:35 -05:00
Jeremy Whiting
7d5aa74dae core: Use libgpgme to add GPG signatures to detached metadata for commit object
Add an optional dependency on gpgme to add GPG signatures into the
detached metadata, with the key "ostree.gpgsigs", as an "aay", an
array of signatures (treated as binary data).

The commit command gains a --gpg-sign=<key-id> argument.  Also add an
argument --gpg-homedir to set the GPG homedir where we look for
keyrings.
2013-09-28 16:12:35 -04:00