mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-25 10:04:14 +03:00
b786d1b4bc
When the private keys were generated, gpg added an ultimate trust entry since you normally want to trust your own keys. However, this throws off the expired signature testing since gpgme considers it valid if the key is fully or ultimately trusted. The use of a trustdb for the test-gpg-verify-result is unlike any other GPG verification in ostree. Under normal circumstances, a temporary GPG homedir is created without any trust information, so all keys are treated as having unknown trust. Regenerate an empty trustdb.gpg in gpg-verify-data so that the tests behave as ostree normally operates. After this the expired signature testing correctly shows up as a non-valid signature. The trustdb was regenerated by simply removing it and running any gpg operation with the gpg-verify-data directory as the homedir.
This is a GPG config directory for use with the OstreeGpgVerifyResult
test cases. The test data (lgpl2
) is signed with a variety of valid
and invalid GPG keys in a detached signature file (lgpl2.sig
). In
addition, each detached signature is available in a separate file
(lgpgl2.sig<N>
).
The passphrase for all the keys is redhat
.