From 26d5db696bd1b6fa7ac5131c0ff2acfa4e9056ed Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 10 Feb 2014 09:38:07 -0500 Subject: [PATCH] tests: Fix up GPG tests for more strict EL7 GPG These GPG tests were failing for me on EL7 - it appears to be because we had only one directory for both private and public keys, and we were giving that to ostree for verification, which passed them onto gpgv. In EL7 beta at least, gpgv now barfs if it finds a private key where it is just expecting to find public keys. Fix this by splitting out the public trusted directory from the private key directory. Except now for signing, we still need the public key there, so symlink it. Whee! --- Makefile-tests.am | 7 ++++++- tests/gpghome/{ => trusted}/pubring.gpg | Bin tests/libtest.sh | 4 ++-- tests/test-gpg-signed-commit.sh | 4 ++-- 4 files changed, 10 insertions(+), 5 deletions(-) rename tests/gpghome/{ => trusted}/pubring.gpg (100%) diff --git a/Makefile-tests.am b/Makefile-tests.am index e281883f..7ca4b63b 100644 --- a/Makefile-tests.am +++ b/Makefile-tests.am @@ -60,8 +60,13 @@ insttest_DATA = tests/archive-test.sh \ gpginsttestdir = $(pkglibexecdir)/installed-tests/gpghome gpginsttest_DATA = tests/gpghome/secring.gpg \ - tests/gpghome/pubring.gpg \ tests/gpghome/trustdb.gpg +gpginsttest_trusteddir = $(pkglibexecdir)/installed-tests/gpghome/trusted +gpginsttest_trusted_DATA = tests/gpghome/trusted/pubring.gpg + +install-gpg-data-hook: + ln -s trusted/pubring.gpg $(DESTDIR)$(gpginsttestdir)/pubring.gpg +INSTALL_DATA_HOOKS += install-gpg-data-hook %.test: tests/%.sh Makefile $(AM_V_GEN) (echo '[Test]' > $@.tmp; \ diff --git a/tests/gpghome/pubring.gpg b/tests/gpghome/trusted/pubring.gpg similarity index 100% rename from tests/gpghome/pubring.gpg rename to tests/gpghome/trusted/pubring.gpg diff --git a/tests/libtest.sh b/tests/libtest.sh index 57365cbb..da85c1c8 100644 --- a/tests/libtest.sh +++ b/tests/libtest.sh @@ -23,8 +23,8 @@ test_tmpdir=$(pwd) export G_DEBUG=fatal-warnings export TEST_GPG_KEYID="472CDAFA" -export TEST_GPG_HOME=${SRCDIR}/gpghome -export OSTREE_GPG_HOME=${TEST_GPG_HOME} +export TEST_GPG_KEYHOME=${SRCDIR}/gpghome +export OSTREE_GPG_HOME=${TEST_GPG_KEYHOME}/trusted if test -n "${OT_TESTS_DEBUG}"; then set -x diff --git a/tests/test-gpg-signed-commit.sh b/tests/test-gpg-signed-commit.sh index 1166f866..8a75660a 100644 --- a/tests/test-gpg-signed-commit.sh +++ b/tests/test-gpg-signed-commit.sh @@ -28,7 +28,7 @@ fi setup_test_repository "archive-z2" cd ${test_tmpdir} -${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_HOME} --tree=dir=files +${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files $OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs # We at least got some content here and ran through the code; later # tests will actually do verification @@ -36,6 +36,6 @@ assert_file_has_content test2-gpgsigs 'byte ' # Now sign a commit 3 times (with the same key) cd ${test_tmpdir} -${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_HOME} --tree=dir=files +${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files $OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs assert_file_has_content test2-gpgsigs 'byte '