devuan
/
apt
10
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 27 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9213 Commits
3 Branches
65 MiB
 
 
 
 
 
 
Tree: e2965b0b6b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e2965b0b6b'
${ noResults }
apt/test/integration/test-method-gpgv

186 lines
11 KiB
Raw Blame History 

  1. #!/bin/sh

  2. set -e

  3. 

  4. TESTDIR="$(readlink -f "$(dirname "$0")")"

  5. . "$TESTDIR/framework"

  6. 

  7. setupenvironment

  8. configarchitecture 'i386'

  9. 

  10. cat > faked-apt-key <<EOF

  11. #!/bin/sh

  12. set -e

  13. find_gpgv_status_fd() {

  14. 	while [ -n "\$1" ]; do

  15. 		if [ "\$1" = '--status-fd' ]; then

  16. 			shift

  17. 			echo "\$1"

  18. 			break

  19. 		fi

  20. 		shift

  21. 	done

  22. }

  23. GPGSTATUSFD="\$(find_gpgv_status_fd "\$@")"

  24. cat >&\${GPGSTATUSFD} gpgv.output

  25. cat gpgv.output

  26. EOF

  27. chmod +x faked-apt-key

  28. 

  29. testgpgv() {

  30. 	echo "$4" > gpgv.output

  31. 	msgtest "$1" "$2"

  32. 	gpgvmethod >method.output 2>&1 || true

  33. 	testsuccess --nomsg grep "^  $2\$" method.output

  34. 	msgtest 'The reported signedby key is' "${3:-empty}"

  35. 	testsuccess --nomsg grep "^  Signed-By:\s\+$3\$" method.output

  36. }

  37. 

  38. testrun() {

  39. 	testgpgv 'Good signed with long keyid' 'Good: GOODSIG 5A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>

  40. [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE'

  41. 	testgpgv 'Good signed with fingerprint' 'Good: GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>

  42. [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE'

  43. 

  44. 	testgpgv 'Good subkey signed with long keyid' 'Good: GOODSIG 5B6896415D44C43E' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, 4281DEDBD466EAE8C1F4157E5B6896415D44C43E!' '[GNUPG:] GOODSIG 5B6896415D44C43E Sebastian Subkey <subkey@example.org>

  45. [GNUPG:] VALIDSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E 2018-08-16 1534459673 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE'

  46. 	testgpgv 'Good subkey signed with fingerprint' 'Good: GOODSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, 4281DEDBD466EAE8C1F4157E5B6896415D44C43E!' '[GNUPG:] GOODSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E Sebastian Subkey <subkey@example.org>

  47. [GNUPG:] VALIDSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E 2018-08-16 1534459673 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE'

  48. 

  49. 	testgpgv 'Untrusted signed with long keyid' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>

  50. [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 1 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE'

  51. 	testsuccess grep '^\s\+Good:\s\+$' method.output

  52. 	testgpgv 'Untrusted signed with fingerprint' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>

  53. [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 1 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE'

  54. 	testsuccess grep '^\s\+Good:\s\+$' method.output

  55. 

  56. 	testgpgv 'Weak signed with long keyid' 'Good: GOODSIG 5A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>

  57. [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 2 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE'

  58. 	testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak digest algorithm (SHA1)$' method.output

  59. 	testgpgv 'Weak signed with fingerprint' 'Good: GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) <joe@example.org>

  60. [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 2 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE'

  61. 	testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak digest algorithm (SHA1)$' method.output

  62. 

  63. 	testgpgv 'No Pubkey with long keyid' 'NoPubKey: NO_PUBKEY E8525D47528144E2' '' '[GNUPG:] ERRSIG E8525D47528144E2 1 11 00 1472744666 9

  64. [GNUPG:] NO_PUBKEY E8525D47528144E2'

  65. 	testgpgv 'No Pubkey with fingerprint' 'NoPubKey: NO_PUBKEY DE66AECA9151AFA1877EC31DE8525D47528144E2' '' '[GNUPG:] ERRSIG DE66AECA9151AFA1877EC31DE8525D47528144E2 1 11 00 1472744666 9

  66. [GNUPG:] NO_PUBKEY DE66AECA9151AFA1877EC31DE8525D47528144E2'

  67. 

  68. 	testgpgv 'Expired key with long keyid' 'Worthless: EXPKEYSIG 4BC0A39C27CE74F9 Rex Expired <rex@example.org>' '' '[GNUPG:] EXPKEYSIG 4BC0A39C27CE74F9 Rex Expired <rex@example.org>

  69. [GNUPG:] VALIDSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 2016-09-01 1472742629 0 4 0 1 11 00 891CC50E605796A0C6E733F74BC0A39C27CE74F9'

  70. 	testgpgv 'Expired key with fingerprint' 'Worthless: EXPKEYSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 Rex Expired <rex@example.org>' '' '[GNUPG:] EXPKEYSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 Rex Expired <rex@example.org>

  71. [GNUPG:] VALIDSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 2016-09-01 1472742629 0 4 0 1 11 00 891CC50E605796A0C6E733F74BC0A39C27CE74F9'

  72. }

  73. 

  74. echo 'Test' > message.data

  75. cat >message.sig <<EOF

  76. -----BEGIN PGP SIGNATURE-----

  77. 

  78. iQFEBAEBCgAuFiEENKjp0Y2zIPNn6OqgWpDRQdusja4FAlhT7+kQHGpvZUBleGFt

  79. cGxlLm9yZwAKCRBakNFB26yNrjvEB/9/e3jA1l0fvPafx9LEXcH8CLpUFQK7ra9l

  80. 3M4YAH4JKQlTG1be7ixruBRlCTh3YiSs66fKMeJeUYoxA2HPhvbGFEjQFAxunEYg

  81. X/LBKv1mQWa+Q34P5GBjK8kQdLCN+yJAiUErmWNQG3GPninrxsC9tY5jcWvHeP1k

  82. V7N3MLnNqzXaCJM24mnKidC5IDadUdQ8qC8c3rjUexQ8vBz0eucH56jbqV5oOcvx

  83. pjlW965dCPIf3OI8q6J7bIOjyY+u/PTcVlqPq3TUz/ti6RkVbKpLH0D4ll3lUTns

  84. JQt/+gJCPxHUJphy8sccBKhW29CLELJIIafvU30E1nWn9szh2Xjq

  85. =TB1F

  86. -----END PGP SIGNATURE-----

  87. EOF

  88. 

  89. 

  90. gpgvmethod() {

  91. 	echo "601 Configuration

  92. Config-Item: Debug::Acquire::gpgv=1

  93. Config-Item: Dir::Bin::apt-key=./faked-apt-key

  94. Config-Item: APT::Hashes::SHA1::Weak=true

  95. 

  96. 600 URI Acquire

  97. URI: file://${TMPWORKINGDIRECTORY}/message.sig

  98. Filename: ${TMPWORKINGDIRECTORY}/message.data

  99. " | runapt "${METHODSDIR}/gpgv"

  100. }

  101. testrun

  102. 

  103. gpgvmethod() {

  104. 	echo "601 Configuration

  105. Config-Item: Debug::Acquire::gpgv=1

  106. Config-Item: Dir::Bin::apt-key=./faked-apt-key

  107. Config-Item: APT::Hashes::SHA1::Weak=true

  108. 

  109. 600 URI Acquire

  110. URI: file://${TMPWORKINGDIRECTORY}/message.sig

  111. Filename: ${TMPWORKINGDIRECTORY}/message.data

  112. Signed-By: /dev/null,34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE

  113. " | runapt "${METHODSDIR}/gpgv"

  114. }

  115. testrun

  116. 

  117. gpgvmethod() {

  118. 	echo "601 Configuration

  119. Config-Item: Debug::Acquire::gpgv=1

  120. Config-Item: Dir::Bin::apt-key=./faked-apt-key

  121. Config-Item: APT::Hashes::SHA1::Weak=true

  122. 

  123. 600 URI Acquire

  124. URI: file://${TMPWORKINGDIRECTORY}/message.sig

  125. Filename: ${TMPWORKINGDIRECTORY}/message.data

  126. Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE,/dev/null

  127. " | runapt "${METHODSDIR}/gpgv"

  128. }

  129. testrun

  130. 

  131. testgpgv 'Good signed with long keyid but not signed-by key' 'NoPubKey: GOODSIG 4BC0A39C27CE74F9' '' '[GNUPG:] GOODSIG 4BC0A39C27CE74F9 Rex Expired <rex@example.org>

  132. [GNUPG:] VALIDSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 2016-09-01 1472742625 0 4 0 1 11 00 891CC50E605796A0C6E733F74BC0A39C27CE74F9'

  133. testsuccess grep '^\s\+Good:\s\+$' method.output

  134. testsuccess grep 'verified because the public key is not available: GOODSIG' method.output

  135. testgpgv 'Good signed with fingerprint but not signed-by key' 'NoPubKey: GOODSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9' '' '[GNUPG:] GOODSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 Rex Expired <rex@example.org>

  136. [GNUPG:] VALIDSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 2016-09-01 1472742625 0 4 0 1 11 00 891CC50E605796A0C6E733F74BC0A39C27CE74F9'

  137. testsuccess grep '^\s\+Good:\s\+$' method.output

  138. testsuccess grep 'verified because the public key is not available: GOODSIG' method.output

  139. 

  140. gpgvmethod() {

  141. 	echo "601 Configuration

  142. Config-Item: Debug::Acquire::gpgv=1

  143. Config-Item: Dir::Bin::apt-key=./faked-apt-key

  144. Config-Item: APT::Hashes::SHA1::Weak=true

  145. 

  146. 600 URI Acquire

  147. URI: file://${TMPWORKINGDIRECTORY}/message.sig

  148. Filename: ${TMPWORKINGDIRECTORY}/message.data

  149. Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!

  150. " | runapt "${METHODSDIR}/gpgv"

  151. }

  152. testgpgv 'Exact matched subkey signed with long keyid' 'Good: GOODSIG 5A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Sebastian Subkey <subkey@example.org>

  153. [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E'

  154. testgpgv 'Exact matched subkey signed with fingerprint' 'Good: GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Sebastian Subkey <subkey@example.org>

  155. [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E'

  156. 

  157. testgpgv 'Exact unmatched subkey signed with long keyid' 'NoPubKey: GOODSIG 5B6896415D44C43E' '' '[GNUPG:] GOODSIG 5B6896415D44C43E Sebastian Subkey <subkey@example.org>

  158. [GNUPG:] VALIDSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E 2018-08-16 1534459673 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE'

  159. testsuccess grep '^\s\+Good:\s\+$' method.output

  160. testsuccess grep 'verified because the public key is not available: GOODSIG' method.output

  161. testgpgv 'Exact unmatched subkey signed with fingerprint' 'NoPubKey: GOODSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' '' '[GNUPG:] GOODSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E Sebastian Subkey <subkey@example.org>

  162. [GNUPG:] VALIDSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E 2018-08-16 1534459673 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE'

  163. testsuccess grep '^\s\+Good:\s\+$' method.output

  164. testsuccess grep 'verified because the public key is not available: GOODSIG' method.output

  165. 

  166. insertpackage 'unstable' 'foo' 'all' '1'

  167. setupaptarchive --no-update

  168. 

  169. echo '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Sebastian Subkey <subkey@example.org>

  170. [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' > gpgv.output

  171. testsuccess apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1

  172. rm -rf rootdir/var/lib/apt/lists

  173. 

  174. echo '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Sebastian Subkey <subkey@example.org>' > gpgv.output

  175. testfailure apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1

  176. rm -rf rootdir/var/lib/apt/lists

  177. 

  178. echo '[GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' > gpgv.output

  179. testfailure apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1

  180. rm -rf rootdir/var/lib/apt/lists

  181. 

  182. echo '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Sebastian Subkey <subkey@example.org>

  183. [GNUPG:] VALIDSIG 0000000000000000000000000000000000000000 2018-08-16 1534459673 0 4 0 1 11 00 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' > gpgv.output

  184. testfailure apt update -o Dir::Bin::apt-key="./faked-apt-key" -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1

  185. rm -rf rootdir/var/lib/apt/lists