[ostree] tests: Update test-gpg-signed-commit.sh

From: Matthew Barnes <mbarnes src gnome org>
To: commits-list gnome org
Cc:
Subject: [ostree] tests: Update test-gpg-signed-commit.sh
Date: Wed, 18 Mar 2015 15:56:19 +0000 (UTC)
commit 9b8bad3c2ee183a409d14d56a45a501e68a5ef44
Author: Matthew Barnes <mbarnes redhat com>
Date:   Tue Mar 17 11:22:27 2015 -0400

    tests: Update test-gpg-signed-commit.sh
    
    Utilize and test new CLI capabilities:
    
      - Signature count in 'ostree show' result
      - Duplicate signatures now rejected
      - Ability to delete signatures

 tests/gpghome/secring.gpg         |  Bin 2491 -> 7480 bytes
 tests/gpghome/trustdb.gpg         |  Bin 1280 -> 1440 bytes
 tests/gpghome/trusted/pubring.gpg |  Bin 1189 -> 3574 bytes
 tests/libtest.sh                  |    4 ++-
 tests/test-gpg-signed-commit.sh   |   48 +++++++++++++++++++++++++++---------
 5 files changed, 39 insertions(+), 13 deletions(-)
---
diff --git a/tests/gpghome/secring.gpg b/tests/gpghome/secring.gpg
index 635e20c..ad88437 100644
Binary files a/tests/gpghome/secring.gpg and b/tests/gpghome/secring.gpg differ
diff --git a/tests/gpghome/trustdb.gpg b/tests/gpghome/trustdb.gpg
index aeb46cb..d5f053e 100644
Binary files a/tests/gpghome/trustdb.gpg and b/tests/gpghome/trustdb.gpg differ
diff --git a/tests/gpghome/trusted/pubring.gpg b/tests/gpghome/trusted/pubring.gpg
index 502a1a3..5461d9d 100644
Binary files a/tests/gpghome/trusted/pubring.gpg and b/tests/gpghome/trusted/pubring.gpg differ
diff --git a/tests/libtest.sh b/tests/libtest.sh
index 5879ac8..5ee5ae4 100644
--- a/tests/libtest.sh
+++ b/tests/libtest.sh
@@ -22,7 +22,9 @@ test_tmpdir=$(pwd)
 
 export G_DEBUG=fatal-warnings
 
-export TEST_GPG_KEYID="472CDAFA"
+export TEST_GPG_KEYID_1="472CDAFA"
+export TEST_GPG_KEYID_2="CA950D41"
+export TEST_GPG_KEYID_3="DF444D67"
 
 # GPG when creating signatures demands a writable
 # homedir in order to create lockfiles.  Work around
diff --git a/tests/test-gpg-signed-commit.sh b/tests/test-gpg-signed-commit.sh
index dc39d09..49fb490 100644
--- a/tests/test-gpg-signed-commit.sh
+++ b/tests/test-gpg-signed-commit.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 #
 # Copyright (C) 2013 Jeremy Whiting <jeremy whiting collabora com>
+# Copyright (C) 2015 Red Hat, Inc.
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -27,23 +28,46 @@ fi
 
 setup_test_repository "archive-z2"
 
+export OSTREE_GPG_SIGN="${OSTREE} gpg-sign --gpg-homedir=${TEST_GPG_KEYHOME}"
+
 cd ${test_tmpdir}
-${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} 
--gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
-$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
+${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID_1} 
--gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
+${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
 # We at least got some content here and ran through the code; later
 # tests will actually do verification
-assert_file_has_content test2-gpgsigs 'byte '
+assert_file_has_content test2-show 'Found 1 signature'
 
-# Now sign a commit 3 times (with the same key)
+# Now sign a commit with 3 different keys
 cd ${test_tmpdir}
-${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} 
--gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
-$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
-assert_file_has_content test2-gpgsigs 'byte '
+${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID_1} 
--gpg-sign=${TEST_GPG_KEYID_2} --gpg-sign=${TEST_GPG_KEYID_3} --gpg-homedir=${TEST_GPG_KEYHOME} 
--tree=dir=files
+${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
+assert_file_has_content test2-show 'Found 3 signature'
 
-# Commit and sign separately
+# Commit and sign separately, then monkey around with signatures
 cd ${test_tmpdir}
 ${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --tree=dir=files
-$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 2> /dev/null && (echo 1>&2 "unsigned commit 
unexpectedly had detached metadata"; exit 1)
-$OSTREE gpg-sign test2 ${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME}
-$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
-assert_file_has_content test2-gpgsigs 'byte '
+if ${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature'; then
+  assert_not_reached
+fi
+${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_1}
+${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
+assert_file_has_content test2-show 'Found 1 signature'
+# Signing with a previously used key should be caught
+if ${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_1} 2>/dev/null; then
+  assert_not_reached
+fi
+# Add a few more signatures and then delete them
+${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3}
+${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
+assert_file_has_content test2-show 'Found 3 signature'
+${OSTREE_GPG_SIGN} --delete test2 ${TEST_GPG_KEYID_2} | grep -o 'Signatures deleted: [[:digit:]]' > 
test2-delete
+assert_file_has_content test2-delete 'Signatures deleted: 1'
+${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
+assert_file_has_content test2-show 'Found 2 signature'
+# Already deleted TEST_GPG_KEYID_2; should be ignored
+${OSTREE_GPG_SIGN} --delete test2 ${TEST_GPG_KEYID_1} ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3} | grep -o 
'Signatures deleted: [[:digit:]]' > test2-delete
+assert_file_has_content test2-delete 'Signatures deleted: 2'
+# Verify all signatures are gone
+if ${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature'; then
+  assert_not_reached
+fi
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]