You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

429 lines
21 KiB

  1. #!/bin/sh
  2. set -e
  3. # apt-key is a shell script, so relatively prune to be effected by 'crazy' things:
  4. # confuses config parser as there exists no way of escaping " currently.
  5. #TMPDIR="$(mktemp -d)/This is \"fü\$\$ing cràzy\", \$(man man | head -n1 | cut -d' ' -f 1)\$!"
  6. # gpg doesn't like | in path names – documented e.g. in the man gpg2 --agent-program
  7. #TMPDIR="$(mktemp -d)/This is fü\$\$ing cràzy, \$(man man | head -n1 | cut -d' ' -f 1)\$!"
  8. TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
  9. TESTDIR="$(readlink -f "$(dirname "$0")")"
  10. . "$TESTDIR/framework"
  11. setupenvironment
  12. chmod o+x "${TMPWORKINGDIRECTORY}/.."
  13. configarchitecture 'amd64'
  14. insertpackage 'unstable' 'bar' 'i386' '1'
  15. insertsource 'unstable' 'foo' 'all' '1'
  16. setupaptarchive --no-update
  17. # start from a clean plate again
  18. cleanplate() {
  19. rm -rf "${ROOTDIR}/etc/apt/trusted.gpg.d/" "${ROOTDIR}/etc/apt/trusted.gpg"
  20. mkdir "${ROOTDIR}/etc/apt/trusted.gpg.d/"
  21. }
  22. testmultigpg() {
  23. testfailure --nomsg aptkey --quiet --readonly "$@"
  24. testsuccess grep "^gpgv: Can't check signature" "${ROOTDIR}/tmp/testfailure.output"
  25. testsuccess grep '^gpgv: Good signature from' "${ROOTDIR}/tmp/testfailure.output"
  26. }
  27. testaptkeyskeyring() {
  28. local KEYRING="$1"
  29. shift
  30. local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/aptkeylistkeyring.output"
  31. if ! aptkey --keyring "$KEYRING" list --with-colon 2>/dev/null | grep '^pub' | cut -d':' -f 5 > "$OUTPUT"; then
  32. echo -n > "$OUTPUT"
  33. fi
  34. testfileequal "$OUTPUT" "$(mapkeynametokeyid "$@")"
  35. }
  36. testsuccessempty() {
  37. testempty "$@"
  38. }
  39. testrun() {
  40. local EXT="${1:-gpg}"
  41. local TESTSTATE="${2:-testsuccess}"
  42. echo "APT::Key::ArchiveKeyring \"${KEYDIR}/joesixpack.pub.gpg\";
  43. APT::Key::RemovedKeys \"${KEYDIR}/rexexpired.pub.gpg\";" > "${ROOTDIR}/etc/apt/apt.conf.d/aptkey.conf"
  44. cleanplate
  45. ln -sf "$(readlink -f "${KEYDIR}/joesixpack.pub.${EXT}")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  46. testaptkeys 'Joe Sixpack'
  47. ${TESTSTATE} aptkey list
  48. msgtest 'Check that paths in list output are not' 'double-slashed'
  49. testfailure --nomsg grep '//' "${ROOTDIR}/tmp/${TESTSTATE}.output"
  50. ${TESTSTATE} aptkey finger
  51. msgtest 'Check that paths in finger output are not' 'double-slashed'
  52. testfailure --nomsg grep '//' "${ROOTDIR}/tmp/${TESTSTATE}.output"
  53. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${KEYDIR}/joesixpack.pub.${EXT}.bak"
  54. if [ "$TESTSTATE" = 'testwarning' ]; then
  55. testwarning aptkey --fakeroot update
  56. testsuccess grep '^gpg: key .*DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed$' "${ROOTDIR}/tmp/testwarning.output"
  57. testsuccess grep '^W: .* are ignored as the file has an unsupported filetype' "${ROOTDIR}/tmp/testwarning.output"
  58. else
  59. testequalor2 'gpg: key DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
  60. gpg: Total number processed: 1
  61. gpg: unchanged: 1' 'gpg: key 5A90D141DBAC8DAE: "Joe Sixpack (APT Testcases Dummy) <joe@example.org>" not changed
  62. gpg: Total number processed: 1
  63. gpg: unchanged: 1' aptkey --fakeroot update
  64. fi
  65. testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  66. testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${KEYDIR}/joesixpack.pub.${EXT}.bak"
  67. testaptkeys 'Joe Sixpack'
  68. testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg"
  69. ${TESTSTATE} aptkey --fakeroot add "${KEYDIR}/rexexpired.pub.${EXT}"
  70. testfilestats "${ROOTDIR}/etc/apt/trusted.gpg" '%a' '=' '644'
  71. testaptkeys 'Rex Expired' 'Joe Sixpack'
  72. msgtest 'Check that Sixpack key can be' 'exported'
  73. aptkey export 'Sixpack' > "${TMPWORKINGDIRECTORY}/aptkey.export" 2>/dev/null
  74. aptkey --keyring "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" exportall > "${TMPWORKINGDIRECTORY}/aptkey.exportall"
  75. testsuccess --nomsg cmp "${TMPWORKINGDIRECTORY}/aptkey.export" "${TMPWORKINGDIRECTORY}/aptkey.exportall"
  76. testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.export"
  77. testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.exportall"
  78. msgtest 'Check that multiple keys can be' 'exported'
  79. aptkey export 'Sixpack' 'Expired' > "${TMPWORKINGDIRECTORY}/aptkey.export" 2>/dev/null
  80. aptkey --keyring "${KEYDIR}/rexexpired.pub.${EXT}" \
  81. --keyring "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" exportall > "${TMPWORKINGDIRECTORY}/aptkey.exportall"
  82. testsuccess --nomsg cmp "${TMPWORKINGDIRECTORY}/aptkey.export" "${TMPWORKINGDIRECTORY}/aptkey.exportall"
  83. testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.export"
  84. testsuccess test -s "${TMPWORKINGDIRECTORY}/aptkey.exportall"
  85. msgtest 'Execute update again to trigger removal of' 'Rex Expired key'
  86. ${TESTSTATE} --nomsg aptkey --fakeroot update
  87. testaptkeys 'Joe Sixpack'
  88. msgtest "Try to remove a key which exists, but isn't in the" 'forced keyring'
  89. testsuccess --nomsg aptkey --fakeroot --keyring "${ROOTDIR}/etc/apt/trusted.gpg" del DBAC8DAE
  90. testaptkeys 'Joe Sixpack'
  91. ${TESTSTATE} aptkey --fakeroot del DBAC8DAE
  92. "${TESTSTATE}empty" aptkey list
  93. ln -sf "$(readlink -f "${KEYDIR}/joesixpack.pub.${EXT}")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  94. testaptkeys 'Joe Sixpack'
  95. msgtest "Remove a key from" 'forced keyring in trusted.d.gpg'
  96. testsuccess --nomsg aptkey --fakeroot --keyring "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}" del DBAC8DAE
  97. testsuccess cmp -s "$(readlink -f "${KEYDIR}/joesixpack.pub.${EXT}")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~"
  98. "${TESTSTATE}empty" aptkey list
  99. cp -a "${KEYDIR}/marvinparanoid.pub.asc" "${ROOTDIR}/etc/foobar.pub"
  100. testsuccess aptkey --fakeroot --keyring "${ROOTDIR}/etc/foobar.pub" add "${KEYDIR}/rexexpired.pub.asc" "${KEYDIR}/joesixpack.pub.gpg"
  101. testfilestats "${ROOTDIR}/etc/foobar.pub" '%a' '=' '644'
  102. testaptkeyskeyring "${ROOTDIR}/etc/foobar.pub" 'Marvin Paranoid' 'Rex Expired' 'Joe Sixpack'
  103. "${TESTSTATE}empty" aptkey list
  104. msgtest 'Test key removal with' 'lowercase key ID' #keylength somewhere between 8byte and short
  105. cleanplate
  106. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  107. ${TESTSTATE} --nomsg aptkey --fakeroot del d141dbac8dae
  108. "${TESTSTATE}empty" aptkey list
  109. if [ "$(id -u)" != '0' ]; then
  110. msgtest 'Test key removal with' 'unreadable key'
  111. cleanplate
  112. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  113. echo 'foobar' > "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.${EXT}"
  114. chmod 000 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.${EXT}"
  115. testwarning --nomsg aptkey --fakeroot del d141dbac8dae
  116. testwarning aptkey list
  117. chmod 644 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.${EXT}"
  118. rm -f "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.${EXT}"
  119. grep -v '^W: ' "${ROOTDIR}/tmp/testwarning.output" > "${ROOTDIR}/aptkeylist.output" || true
  120. testempty cat "${ROOTDIR}/aptkeylist.output"
  121. fi
  122. msgtest 'Test key removal with' 'single key in real file'
  123. cleanplate
  124. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  125. ${TESTSTATE} --nomsg aptkey --fakeroot del DBAC8DAE
  126. "${TESTSTATE}empty" aptkey list
  127. testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  128. testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~"
  129. msgtest 'Test key removal with' 'different key specs'
  130. cleanplate
  131. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  132. cp -a "${KEYDIR}/marvinparanoid.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.${EXT}"
  133. ${TESTSTATE} --nomsg aptkey --fakeroot del 0xDBAC8DAE 528144E2
  134. "${TESTSTATE}empty" aptkey list
  135. testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  136. testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~"
  137. testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.${EXT}"
  138. testsuccess cmp "${KEYDIR}/marvinparanoid.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/marvinparanoid.${EXT}~"
  139. msgtest 'Test key removal with' 'long key ID'
  140. cleanplate
  141. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  142. ${TESTSTATE} --nomsg aptkey --fakeroot del 5A90D141DBAC8DAE
  143. "${TESTSTATE}empty" aptkey list
  144. testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  145. testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~"
  146. msgtest 'Test key removal with' 'fingerprint'
  147. cleanplate
  148. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  149. ${TESTSTATE} --nomsg aptkey --fakeroot del 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
  150. "${TESTSTATE}empty" aptkey list
  151. testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  152. testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~"
  153. msgtest 'Test key removal with' 'spaced fingerprint'
  154. cleanplate
  155. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  156. ${TESTSTATE} --nomsg aptkey --fakeroot del '34A8 E9D1 8DB3 20F3 67E8 EAA0 5A90 D141 DBAC 8DAE'
  157. "${TESTSTATE}empty" aptkey list
  158. testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  159. testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~"
  160. msgtest 'Test key removal with' 'single key in softlink'
  161. cleanplate
  162. ln -sf "$(readlink -f "${KEYDIR}/joesixpack.pub.${EXT}")" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  163. ${TESTSTATE} --nomsg aptkey --fakeroot del DBAC8DAE
  164. "${TESTSTATE}empty" aptkey list
  165. testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  166. testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~"
  167. cleanplate
  168. ${TESTSTATE} aptkey --fakeroot add "${KEYDIR}/joesixpack.pub.${EXT}"
  169. ln -sf "$(readlink -f "${KEYDIR}/marvinparanoid.pub.${EXT}")" "${KEYDIR}/marvin paránöid.pub.${EXT}"
  170. ${TESTSTATE} aptkey --fakeroot add "${KEYDIR}/marvin paránöid.pub.${EXT}"
  171. testaptkeys 'Joe Sixpack' 'Marvin Paranoid'
  172. cp -a "${ROOTDIR}/etc/apt/trusted.gpg" "${KEYDIR}/testcase-multikey.pub.gpg" # store for reuse
  173. aptkey --keyring "${KEYDIR}/testcase-multikey.pub.gpg" export > "${KEYDIR}/testcase-multikey.pub.asc"
  174. msgtest 'Test key removal with' 'multi key in real file'
  175. cleanplate
  176. cp -a "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}"
  177. ${TESTSTATE} --nomsg aptkey --fakeroot del DBAC8DAE
  178. testaptkeys 'Marvin Paranoid'
  179. testsuccess cmp "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}~"
  180. msgtest 'Test key removal with' 'multi key in softlink'
  181. cleanplate
  182. ln -s "$(readlink -f "${KEYDIR}/testcase-multikey.pub.${EXT}")" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}"
  183. ${TESTSTATE} --nomsg aptkey --fakeroot del DBAC8DAE
  184. testaptkeys 'Marvin Paranoid'
  185. testsuccess cmp "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}~"
  186. testfailure test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}"
  187. testsuccess test -L "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}~"
  188. msgtest 'Test key removal with' 'multiple files including key'
  189. cleanplate
  190. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  191. cp -a "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}"
  192. ${TESTSTATE} --nomsg aptkey --fakeroot del DBAC8DAE
  193. testaptkeys 'Marvin Paranoid'
  194. testfailure test -e "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  195. testsuccess cmp "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}~"
  196. testsuccess cmp "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}~"
  197. cleanplate
  198. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  199. cp -a "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}"
  200. testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
  201. msgtest 'Test merge-back of' 'added keys'
  202. ${TESTSTATE} --nomsg aptkey adv --batch --yes --import "${KEYDIR}/rexexpired.pub.${EXT}"
  203. testaptkeys 'Rex Expired' 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
  204. msgtest 'Test merge-back of' 'removed keys'
  205. ${TESTSTATE} --nomsg aptkey adv --batch --yes --delete-keys 27CE74F9
  206. testaptkeys 'Joe Sixpack' 'Joe Sixpack' 'Marvin Paranoid'
  207. msgtest 'Test merge-back of' 'removed duplicate keys'
  208. ${TESTSTATE} --nomsg aptkey adv --batch --yes --delete-keys DBAC8DAE
  209. testaptkeys 'Marvin Paranoid'
  210. cleanplate
  211. cp -a "${KEYDIR}/joesixpack.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/joesixpack.${EXT}"
  212. cp -a "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}"
  213. local SIGNATURE="${TMPWORKINGDIRECTORY}/signature"
  214. msgtest 'Test signing a file' 'with a key'
  215. echo 'Verify me. This is my signature.' > "$SIGNATURE"
  216. echo 'lalalalala' > "${SIGNATURE}2"
  217. testsuccess --nomsg aptkey --quiet --keyring "${KEYDIR}/marvinparanoid.pub.gpg" --secret-keyring "${KEYDIR}/marvinparanoid.sec" --readonly \
  218. adv --batch --yes --default-key 'Marvin' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}"
  219. testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}"
  220. msgtest 'Test verify a file' 'with no sig'
  221. testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub.${EXT}" verify "${SIGNATURE}" "${SIGNATURE}2"
  222. for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do
  223. echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd"
  224. if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi
  225. msgtest 'Test verify a file' 'with all keys'
  226. ${TESTSTATE} --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  227. if [ "$(id -u)" != '0' ]; then
  228. msgtest 'Test verify a file' 'with unreadable key'
  229. echo 'foobar' > "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.${EXT}"
  230. chmod 000 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.${EXT}"
  231. testwarning --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  232. testwarning aptkey list
  233. # check that apt users see warnings, too
  234. rm -rf "${ROOTDIR}/var/lib/apt/lists"
  235. testwarning apt update
  236. chmod 644 "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.${EXT}"
  237. rm -f "${ROOTDIR}/etc/apt/trusted.gpg.d/unreadablekey.${EXT}"
  238. fi
  239. msgtest 'Test verify a file' 'with good keyring'
  240. testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  241. msgtest 'Test verify a file' 'with good keyrings 1'
  242. testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/joesixpack.pub.${EXT}" \
  243. --keyring "${KEYDIR}/marvinparanoid.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  244. msgtest 'Test verify a file' 'with good keyrings 2'
  245. testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/marvinparanoid.pub.${EXT}" \
  246. --keyring "${KEYDIR}/joesixpack.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  247. msgtest 'Test fail verify a file' 'with bad keyring'
  248. testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/joesixpack.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  249. msgtest 'Test fail verify a file' 'with non-existing keyring'
  250. testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/does-not-exist.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  251. testfailure test -e "${KEYDIR}/does-not-exist.pub.${EXT}"
  252. # note: this isn't how apts gpgv method implements keyid for verify
  253. msgtest 'Test verify a file' 'with good keyid'
  254. ${TESTSTATE} --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  255. msgtest 'Test fail verify a file' 'with bad keyid'
  256. testfailure --nomsg aptkey --quiet --readonly --keyid 'Sixpack' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  257. msgtest 'Test fail verify a file' 'with non-existing keyid'
  258. testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  259. msgtest 'Test verify fails on' 'bad file'
  260. testfailure --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}2"
  261. # try to perform an entire update with this gpgv
  262. rm -rf "${ROOTDIR}/var/lib/apt/lists"
  263. ${TESTSTATE} apt update -o Test::Dir="${ROOTDIR}"
  264. done
  265. rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd"
  266. msgtest 'Test verify a file' 'with good keyring'
  267. testsuccess --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/testcase-multikey.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  268. cleanplate
  269. cat "${KEYDIR}/joesixpack.pub.gpg" "${KEYDIR}/marvinparanoid.pub.gpg" > "${KEYDIR}/double.pub.gpg"
  270. cat "${KEYDIR}/joesixpack.pub.asc" "${KEYDIR}/marvinparanoid.pub.asc" > "${KEYDIR}/double.pub.asc"
  271. cat "${KEYDIR}/joesixpack.sec" "${KEYDIR}/marvinparanoid.sec" > "${KEYDIR}/double.sec"
  272. cp -a "${KEYDIR}/double.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/double.${EXT}"
  273. cp -a "${KEYDIR}/testcase-multikey.pub.${EXT}" "${ROOTDIR}/etc/apt/trusted.gpg.d/multikey.${EXT}"
  274. rm -f "${SIGNATURE}.gpg"
  275. testsuccess aptkey --quiet --keyring "${KEYDIR}/double.pub.gpg" --secret-keyring "${KEYDIR}/double.sec" --readonly \
  276. adv --batch --yes -u 'Marvin' -u 'Joe' --armor --detach-sign --sign --output "${SIGNATURE}.gpg" "${SIGNATURE}"
  277. testsuccess test -s "${SIGNATURE}.gpg" -a -s "${SIGNATURE}"
  278. for GPGV in '' 'gpgv' 'gpgv1' 'gpgv2'; do
  279. echo "APT::Key::GPGVCommand \"$GPGV\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd"
  280. if [ -n "$GPGV" ] && ! command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then continue; fi
  281. msgtest 'Test verify a doublesigned file' 'with all keys'
  282. ${TESTSTATE} --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  283. msgtest 'Test verify a doublesigned file' 'with good keyring joe'
  284. testmultigpg --keyring "${KEYDIR}/joesixpack.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  285. msgtest 'Test verify a doublesigned file' 'with good keyring marvin'
  286. testmultigpg --keyring "${KEYDIR}/marvinparanoid.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  287. msgtest 'Test fail verify a doublesigned file' 'with bad keyring'
  288. testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/rexexpired.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  289. msgtest 'Test fail verify a doublesigned file' 'with non-existing keyring'
  290. testfailure --nomsg aptkey --quiet --readonly --keyring "${KEYDIR}/does-not-exist.pub.${EXT}" verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  291. testfailure test -e "${KEYDIR}/does-not-exist.pub.${EXT}"
  292. # note: this isn't how apts gpgv method implements keyid for verify
  293. msgtest 'Test verify a doublesigned file' 'with good keyid'
  294. testmultigpg --keyid 'Paranoid' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  295. msgtest 'Test fail verify a doublesigned file' 'with bad keyid'
  296. testfailure --nomsg aptkey --quiet --readonly --keyid 'Rex' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  297. msgtest 'Test fail verify a doublesigned file' 'with non-existing keyid'
  298. testfailure --nomsg aptkey --quiet --readonly --keyid 'Kalnischkies' verify "${SIGNATURE}.gpg" "${SIGNATURE}"
  299. msgtest 'Test verify fails on' 'bad doublesigned file'
  300. testfailure --nomsg aptkey --quiet --readonly verify "${SIGNATURE}.gpg" "${SIGNATURE}2"
  301. done
  302. rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgvcmd"
  303. }
  304. setupgpgcommand() {
  305. local GPGEXE;
  306. if command dpkg -l gnupg1 2>&1 | grep -q '^ii'; then
  307. if [ "$1" = '1' ]; then
  308. GPGEXE='gpg1'
  309. else
  310. GPGEXE='gpg'
  311. fi
  312. else
  313. if [ "$1" = '1' ]; then
  314. GPGEXE='gpg'
  315. else
  316. GPGEXE='gpg2'
  317. fi
  318. fi
  319. msgmsg 'Force tests to be run with' "$GPGEXE"
  320. echo "APT::Key::GPGCommand \"$GPGEXE\";" > "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd"
  321. testsuccess aptkey --readonly adv --version
  322. cp "${ROOTDIR}/tmp/testsuccess.output" "${TMPWORKINGDIRECTORY}/aptkey.version"
  323. testsuccess grep "^gpg (GnuPG) $1\." "${TMPWORKINGDIRECTORY}/aptkey.version"
  324. }
  325. (cd /; find "${TMPWORKINGDIRECTORY}/keys" -name '*.pub' -type f) | while read trusted; do
  326. testsuccess aptkey --keyring "$trusted" adv --armor --export --output "${trusted}.asc"
  327. cp -a "$trusted" "${trusted}.gpg"
  328. done
  329. # run with default (whatever this is) in current CWD with relative paths
  330. ROOTDIR="./rootdir"
  331. KEYDIR="./keys"
  332. testrun
  333. # run with … and up the game with a strange CWD & absolute paths
  334. ROOTDIR="${TMPWORKINGDIRECTORY}/rootdir"
  335. KEYDIR="${TMPWORKINGDIRECTORY}/keys"
  336. mkdir inaccessible
  337. cd inaccessible
  338. chmod 600 ../inaccessible
  339. testfilestats "${TMPWORKINGDIRECTORY}/inaccessible" '%a' '=' '600'
  340. setupgpgcommand '1'
  341. testrun
  342. setupgpgcommand '2'
  343. testrun
  344. msgmsg 'Tests to be run with' 'asc files'
  345. rm -f "${ROOTDIR}/etc/apt/apt.conf.d/00gpgcmd"
  346. testrun 'asc'
  347. msgmsg 'Tests to be run with' 'bad files'
  348. # don't let the plate be so clean anymore
  349. cleanplate() {
  350. rm -rf "${ROOTDIR}/etc/apt/trusted.gpg.d/" "${ROOTDIR}/etc/apt/trusted.gpg"
  351. mkdir "${ROOTDIR}/etc/apt/trusted.gpg.d/"
  352. touch "${ROOTDIR}/etc/apt/trusted.gpg.d/emptyfile.gpg"
  353. touch "${ROOTDIR}/etc/apt/trusted.gpg.d/emptyfile.asc"
  354. echo 'broken' > "${ROOTDIR}/etc/apt/trusted.gpg.d/brokenfile.gpg"
  355. echo 'broken' > "${ROOTDIR}/etc/apt/trusted.gpg.d/brokenfile.asc"
  356. }
  357. testrun 'gpg' 'testwarning'