mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-11 09:18:20 +03:00
bdf24cdc04
It's not working for me in `make check` on a RHEL 7 Workstation, apparently because no GPG agent is spawned. I'm guessing this has something to do with the GPG version? The downside of this is we will be less likely to notice if GPG changes again and we start leaking agents like we're in The Matrix Reloaded. But the real solution to that is containers anyways. Closes: #233 Approved by: smcv
84 lines
3.6 KiB
Bash
Executable File
84 lines
3.6 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (C) 2013 Jeremy Whiting <jeremy.whiting@collabora.com>
|
|
# Copyright (C) 2015 Red Hat, Inc.
|
|
#
|
|
# This library is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; either
|
|
# version 2 of the License, or (at your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library; if not, write to the
|
|
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
# Boston, MA 02111-1307, USA.
|
|
|
|
set -euo pipefail
|
|
|
|
if ! ostree --version | grep -q -e '\+gpgme'; then
|
|
echo "1..0 #SKIP no gpgme support compiled in"
|
|
exit 0
|
|
fi
|
|
|
|
. $(dirname $0)/libtest.sh
|
|
|
|
echo "1..1"
|
|
|
|
setup_test_repository "archive-z2"
|
|
|
|
export OSTREE_GPG_SIGN="${OSTREE} gpg-sign --gpg-homedir=${TEST_GPG_KEYHOME}"
|
|
|
|
cd ${test_tmpdir}
|
|
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID_1} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
|
|
${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
|
|
# We at least got some content here and ran through the code; later
|
|
# tests will actually do verification
|
|
assert_file_has_content test2-show 'Found 1 signature'
|
|
|
|
${OSTREE} show --gpg-homedir=${TEST_GPG_KEYHOME} test2 | grep -o 'Found [[:digit:]] signature' > test2-show
|
|
assert_file_has_content test2-show 'Found 1 signature'
|
|
|
|
# Now sign a commit with 3 different keys
|
|
cd ${test_tmpdir}
|
|
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID_1} --gpg-sign=${TEST_GPG_KEYID_2} --gpg-sign=${TEST_GPG_KEYID_3} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
|
|
${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
|
|
assert_file_has_content test2-show 'Found 3 signature'
|
|
|
|
# Commit and sign separately, then monkey around with signatures
|
|
cd ${test_tmpdir}
|
|
${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --tree=dir=files
|
|
if ${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature'; then
|
|
assert_not_reached
|
|
fi
|
|
${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_1}
|
|
${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
|
|
assert_file_has_content test2-show 'Found 1 signature'
|
|
# Signing with a previously used key should be caught
|
|
if ${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_1} 2>/dev/null; then
|
|
assert_not_reached
|
|
fi
|
|
# Add a few more signatures and then delete them
|
|
${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3}
|
|
${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
|
|
assert_file_has_content test2-show 'Found 3 signature'
|
|
${OSTREE_GPG_SIGN} --delete test2 ${TEST_GPG_KEYID_2} | grep -o 'Signatures deleted: [[:digit:]]' > test2-delete
|
|
assert_file_has_content test2-delete 'Signatures deleted: 1'
|
|
${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
|
|
assert_file_has_content test2-show 'Found 2 signature'
|
|
# Already deleted TEST_GPG_KEYID_2; should be ignored
|
|
${OSTREE_GPG_SIGN} --delete test2 ${TEST_GPG_KEYID_1} ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3} | grep -o 'Signatures deleted: [[:digit:]]' > test2-delete
|
|
assert_file_has_content test2-delete 'Signatures deleted: 2'
|
|
# Verify all signatures are gone
|
|
if ${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature'; then
|
|
assert_not_reached
|
|
fi
|
|
|
|
libtest_cleanup_gpg
|
|
|
|
echo "ok"
|