Browse Source

add the gpg-classic variant to the gpgv/gnupg or-group

We need to support partial upgrades anyhow, so we have to deal with the
different versions and your tests try to ensure that we do, so we
shouldn't make any explicit higher requirements.
tags/debian/1.3_rc2
David Kalnischkies 4 years ago
parent
commit
19fdf93d73
8 changed files with 52 additions and 62 deletions
  1. +6
    -3
      cmdline/apt-key.in
  2. +2
    -2
      debian/control
  3. +2
    -1
      debian/tests/control
  4. +3
    -2
      prepare-release
  5. +10
    -35
      test/integration/framework
  6. +26
    -8
      test/integration/test-apt-key
  7. +1
    -8
      test/integration/test-apt-key-net-update
  8. +2
    -3
      test/integration/test-releasefile-verification

+ 6
- 3
cmdline/apt-key.in View File

@@ -530,9 +530,11 @@ EOF
GPG_EXE="gpg"
elif command_available 'gpg2'; then
GPG_EXE="gpg2"
elif command_available 'gpg1'; then
GPG_EXE="gpg1"
else
echo >&2 "Error: gnupg or gnupg2 do not seem to be installed,"
echo >&2 "Error: but apt-key requires gnupg or gnupg2 for this operation."
echo >&2 "Error: gnupg, gnupg2 and gnupg1 do not seem to be installed,"
echo >&2 "Error: but apt-key requires gnupg, gnupg2 or gnupg1 for this operation."
echo >&2
exit 255
fi
@@ -639,8 +641,9 @@ case "$command" in
if [ -n "$GPGV" ] && command_available "$GPGV"; then true;
elif command_available 'gpgv'; then GPGV='gpgv';
elif command_available 'gpgv2'; then GPGV='gpgv2';
elif command_available 'gpgv1'; then GPGV='gpgv1';
else
echo >&2 'ERROR: gpgv or gpgv2 required for verification'
echo >&2 'ERROR: gpgv, gpgv2 or gpgv1 required for verification'
exit 29
fi
# for a forced keyid we need gpg --export, so full wrapping required


+ 2
- 2
debian/control View File

@@ -19,10 +19,10 @@ Testsuite: autopkgtest

Package: apt
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gpgv | gpgv2, adduser
Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gpgv | gpgv2 | gpgv1, adduser
Replaces: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~), bash-completion (<< 1:2.1-4.2+fakesync1), apt-utils (<< 1.3~exp2~)
Breaks: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~), sun-java6-jdk (>> 0), sun-java5-jdk (>> 0), openjdk-6-jdk (<< 6b24-1.11-0ubuntu1~), apt-utils (<< 1.3~exp2~)
Recommends: gnupg | gnupg2
Recommends: gnupg | gnupg2 | gnupg1
Suggests: aptitude | synaptic | wajig, dpkg-dev (>= 1.17.2), apt-doc, python-apt, powermgmt-base
Description: commandline package manager
This package provides commandline tools for searching and


+ 2
- 1
debian/tests/control View File

@@ -1,4 +1,5 @@
Tests: run-tests
Restrictions: allow-stderr
Depends: @, @builddeps@, fakeroot, wget, stunnel4, lsof, db-util, gnupg, gnupg2,
Depends: @, @builddeps@, fakeroot, wget, stunnel4, lsof, db-util,
gnupg, gnupg1, gpgv, gpgv1,
libfile-fcntllock-perl, python3-apt

+ 3
- 2
prepare-release View File

@@ -158,8 +158,9 @@ elif [ "$1" = 'buildlog' ]; then
shift
done
elif [ "$1" = 'travis-ci' ]; then
apt-get install -qy --no-install-recommends $(sed -n -e '/^Build-Depends: /,/^Build-Depends-Indep: / {p}' debian/control | sed -e 's#([^)]*)##g' -e 's#^Build-Depends\(-Indep\)\?: ##' -e 's#<.*>##g' | tr -d ',')
apt-get install -qy --no-install-recommends $(sed -n 's#^Depends: .*@, \(.*\)$#\1#p' debian/tests/control | tr -d ',')
apt-get install -qy --no-install-recommends dctrl-tools
apt-get install -qy --no-install-recommends $(grep-dctrl -S -s Build-Depends,Build-Depends-Indep,Build-Depends-Arch apt ./debian/control | sed -e 's#([^)]*)##g' -e 's#^Build-Depends\(-Indep\|-Arch\)\?: ##' -e 's#<.*>##g' | tr -s '\n,' ' ')
apt-get install -qy --no-install-recommends $(grep-dctrl -F Tests -s Depends run-tests ./debian/tests/control | tr -s '\n,' ' ' | cut -d'@' -f 4- | sed -e 's#gnupg1#gnupg2#' -e 's#gpgv1#gpgv2#')
elif [ "$1" = 'coverage' ]; then
DIR="${2:-./coverage}"
git clean -dfX # remove ignored build artefacts for a clean start


+ 10
- 35
test/integration/framework View File

@@ -1856,49 +1856,24 @@ testwebserverlaststatuscode() {
msggroup
}

createlistofkeys() {
local OUTPUT="$1"
shift
mapkeynametokeyid() {
while [ -n "$1" ]; do
# gpg 2.1.something starts printing [SC] at some point
if grep -q ' rsa2048/' "$OUTPUT" && grep -qF '[SC]' "$OUTPUT"; then
case "$1" in
*Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18 [SC]';;
*Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [SC] [expired: 2013-07-13]';;
*Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16 [SC]';;
oldarchive) echo 'pub rsa1024/F68C85A3 2013-12-19 [SC]';;
newarchive) echo 'pub rsa2048/DBAC8DAE 2010-08-18 [SC]';;
*) echo 'UNKNOWN KEY';;
esac
# gpg 2.1 has a slightly different output format
elif grep -q ' rsa2048/' "$OUTPUT"; then
case "$1" in
*Joe*|*Sixpack*) echo 'pub rsa2048/DBAC8DAE 2010-08-18';;
*Rex*|*Expired*) echo 'pub rsa2048/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
*Marvin*|*Paranoid*) echo 'pub rsa2048/528144E2 2011-01-16';;
oldarchive) echo 'pub rsa1024/F68C85A3 2013-12-19';;
newarchive) echo 'pub rsa2048/DBAC8DAE 2010-08-18';;
*) echo 'UNKNOWN KEY';;
esac
else
case "$1" in
*Joe*|*Sixpack*) echo 'pub 2048R/DBAC8DAE 2010-08-18';;
*Rex*|*Expired*) echo 'pub 2048R/27CE74F9 2013-07-12 [expired: 2013-07-13]';;
*Marvin*|*Paranoid*) echo 'pub 2048R/528144E2 2011-01-16';;
oldarchive) echo 'pub 1024R/F68C85A3 2013-12-19';;
newarchive) echo 'pub 2048R/DBAC8DAE 2010-08-18';;
*) echo 'UNKNOWN KEY';;
esac
fi
case "$1" in
*Joe*|*Sixpack*|newarchive) echo '5A90D141DBAC8DAE';;
*Rex*|*Expired*) echo '4BC0A39C27CE74F9';;
*Marvin*|*Paranoid*) echo 'E8525D47528144E2';;
oldarchive) echo 'FDD2DB85F68C85A3';;
*) echo 'UNKNOWN KEY';;
esac
shift
done
}
testaptkeys() {
local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/aptkeylist.output"
if ! aptkey list | grep '^pub' > "$OUTPUT"; then
if ! aptkey list --with-colon | grep '^pub' | cut -d':' -f 5 > "$OUTPUT"; then
echo -n > "$OUTPUT"
fi
testfileequal "$OUTPUT" "$(createlistofkeys "$OUTPUT" "$@")"
testfileequal "$OUTPUT" "$(mapkeynametokeyid "$@")"
}

pause() {


+ 26
- 8
test/integration/test-apt-key View File

@@ -41,7 +41,9 @@ APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub\";" > "${ROOTDIR}/etc/apt/apt.c
msgtest 'Check that paths in finger output are not' 'double-slashed'
testfailure --nomsg grep '//' "${ROOTDIR}/tmp/testsuccess.output"

testsuccessequal 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
testequalor2 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1' 'gpg: key 5A90D141DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1' aptkey --fakeroot update

@@ -185,8 +187,9 @@ gpg: unchanged: 1' aptkey --fakeroot update
msgtest 'Test verify a file' 'with no sig'
testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub" verify "${SIGNATURE}" "${SIGNATURE}2"

for GPGV in '' 'gpgv' 'gpgv2'; do
for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do
echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd"
if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi

msgtest 'Test verify a file' 'with all keys'
testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}"
@@ -229,8 +232,9 @@ gpg: unchanged: 1' aptkey --fakeroot update
adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}"
testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}"

for GPGV in '' 'gpgv' 'gpgv2'; do
for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do
echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd"
if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi

msgtest 'Test verify a doublesigned file' 'with all keys'
testsuccess --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}"
@@ -265,11 +269,25 @@ gpg: unchanged: 1' aptkey --fakeroot update
}

setupgpgcommand() {
echo "APT::Key::GPGCommand \"$1\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd"
msgmsg 'Force tests to be run with' "$1"
local GPGEXE;
if command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then
if [ "$1" = '1' ]; then
GPGEXE='gpg1'
else
GPGEXE='gpg'
fi
else
if [ "$1" = '1' ]; then
GPGEXE='gpg'
else
GPGEXE='gpg2'
fi
fi
msgmsg 'Force tests to be run with' "$GPGEXE"
echo "APT::Key::GPGCommand \"$GPGEXE\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd"
testsuccess aptkey --readonly adv --version
cp "${ROOTDIR}/tmp/testsuccess.output" "${TMPWORKINGDIRECTORY}/aptkey.version"
testsuccess grep "^gpg (GnuPG) $2\." "${TMPWORKINGDIRECTORY}/aptkey.version"
testsuccess grep "^gpg (GnuPG) $1\." "${TMPWORKINGDIRECTORY}/aptkey.version"
}

# run with default (whatever this is) in current CWD with relative paths
@@ -285,7 +303,7 @@ cd inaccessible
chmod 600 ../inaccessible
testfilestats "${TMPWORKINGDIRECTORY}/inaccessible" '%a' '=' '600'

setupgpgcommand 'gpg' '1'
setupgpgcommand '1'
testrun
setupgpgcommand 'gpg2' '2'
setupgpgcommand '2'
testrun

+ 1
- 8
test/integration/test-apt-key-net-update View File

@@ -24,14 +24,7 @@ echo 'APT::Key::Net-Update-Enabled "1";' >> ./aptconfig.conf

# test against the "real" webserver
testsuccess aptkey --fakeroot net-update
testequalor2 'Checking for new archive signing keys now
gpg: key F68C85A3: public key "Test Automatic Archive Signing Key <ftpmaster@example.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)' 'Checking for new archive signing keys now
gpg: key F68C85A3: public key "Test Automatic Archive Signing Key <ftpmaster@example.com>" imported
gpg: Total number processed: 1
gpg: imported: 1' cat rootdir/tmp/testsuccess.output

testfailure grep 'not added' rootdir/tmp/testsuccess.output
testaptkeys 'oldarchive' 'newarchive'

# now try a different one


+ 2
- 3
test/integration/test-releasefile-verification View File

@@ -237,7 +237,7 @@ runtest() {
updatewithwarnings '^W: .* NO_PUBKEY'
sed -i "s#^\(deb\(-src\)\?\) \[signed-by=$MARVIN\] #\1 #" rootdir/etc/apt/sources.list.d/*

local MARVIN="$(aptkey --keyring $MARVIN finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')"
local MARVIN="$(aptkey --keyring $MARVIN finger --with-colons | grep '^fpr' | cut -d':' -f 10)"
msgmsg 'Cold archive signed by bad keyid' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
@@ -261,7 +261,7 @@ runtest() {
" aptcache show apt
installaptold

local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')"
local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger --with-colons | grep '^fpr' | cut -d':' -f 10)"
msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
signreleasefiles 'Joe Sixpack'
@@ -271,7 +271,6 @@ runtest() {
" aptcache show apt
installaptold

local SIXPACK="$(aptkey --keyring keys/joesixpack.pub finger | grep 'Key fingerprint' | cut -d'=' -f 2 | tr -d ' ')"
msgmsg 'Cold archive signed by good keyids' 'Joe Sixpack'
rm -rf rootdir/var/lib/apt/lists
sed -i "s#^\(deb\(-src\)\?\) \[signed-by=${SIXPACK},${MARVIN}\] #\1 [signed-by=${MARVIN},${SIXPACK}] #" rootdir/etc/apt/sources.list.d/*


Loading…
Cancel
Save