From b786d1b4bc124e43b1f72d7a519845f7ec05c713 Mon Sep 17 00:00:00 2001 From: Dan Nicholson Date: Fri, 21 Jun 2019 07:09:43 -0500 Subject: [PATCH] tests/gpg-verify-data: Empty out trustdb.gpg When the private keys were generated, gpg added an ultimate trust entry since you normally want to trust your own keys. However, this throws off the expired signature testing since gpgme considers it valid if the key is fully or ultimately trusted. The use of a trustdb for the test-gpg-verify-result is unlike any other GPG verification in ostree. Under normal circumstances, a temporary GPG homedir is created without any trust information, so all keys are treated as having unknown trust. Regenerate an empty trustdb.gpg in gpg-verify-data so that the tests behave as ostree normally operates. After this the expired signature testing correctly shows up as a non-valid signature. The trustdb was regenerated by simply removing it and running any gpg operation with the gpg-verify-data directory as the homedir. --- tests/gpg-verify-data/trustdb.gpg | Bin 1520 -> 1200 bytes tests/test-gpg-verify-result.c | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/gpg-verify-data/trustdb.gpg b/tests/gpg-verify-data/trustdb.gpg index 3f046fad106df32b0a4d73339c21fbeeb034656f..91f87170b0afbdbca5570ab736cce423a2e11e0e 100644 GIT binary patch delta 40 wcmeysy@6AJF})z2nVFH5k%@sJmgj`+L__h3>XRlq@NfK($vjbked31-0M}RyLI3~& literal 1520 zcmZQfFGy!*W@Ke#Vqgg6`Yq0Y9WZiX7sn8#n>r;_t1;|V0LrVNssZsZ)L|+Ci;Swn z9x$WfG8!(R5FnTiyrIXc@0^yX+M*Sq2~~$s#=yg%{%)O|`aAv)SHe7tG!Ho&ux{R# z234nsP{_;hE@7MZ_w&&KN4NM29N;@OOWQ>D5;pS`9`gK3JT+(E?cdC61>-Lioj95> z8ETF)vUz7dvYre((XVjr*1gi>zt7q9@gG$~$irAX3>vzj5wC=Dw$GHvob^02b9P@{ m(Hy9(Doho~zvV?43h!=*I7>xFSIzR0oBDcRbsj<<#sUCc*;Up6 diff --git a/tests/test-gpg-verify-result.c b/tests/test-gpg-verify-result.c index 95de1873..8b409ab5 100644 --- a/tests/test-gpg-verify-result.c +++ b/tests/test-gpg-verify-result.c @@ -115,7 +115,7 @@ test_check_counts (TestFixture *fixture, count_valid = ostree_gpg_verify_result_count_valid (fixture->result); g_assert_cmpint (count_all, ==, 5); - g_assert_cmpint (count_valid, ==, 2); + g_assert_cmpint (count_valid, ==, 1); } static void @@ -373,7 +373,7 @@ test_expired_signature (TestFixture *fixture, &key_missing, &key_exp_timestamp); - g_assert_true (valid); + g_assert_false (valid); g_assert_true (sig_expired); g_assert_false (key_expired); g_assert_false (key_revoked);