5
if test "${MAINTESTOPTIONS+set}" != set ; then
6
source $(dirname $0)/test.inc
13
chmod go-rwx gpgtestdir
14
export GNUPGHOME="`pwd`/gpgtestdir"
15
gpg --import $SRCDIR/tests/good.key $SRCDIR/tests/evil.key $SRCDIR/tests/expired.key $SRCDIR/tests/revoked.key $SRCDIR/tests/expiredwithsubkey-working.key $SRCDIR/tests/withsubkeys-works.key
17
CURDATE="$(date +"%Y-%m-%d")"
20
cat > conf/distributions <<CONFEND
23
Components: everything
24
Update: rule otherrule
26
cat > conf/updates <<CONFEND
28
Method: file:$WORKDIR/test
39
testrun - -b . update Test 3<<EOF
42
-v2*=Created directory "./db"
44
*=Error: Too short key id '111' in VerifyRelease condition '111'!
45
-v0*=There have been errors!
48
cat > conf/updates <<CONFEND
50
Method: file:$WORKDIR/test
51
VerifyRelease: 11111111 22222222
61
testrun - -b . update Test 3<<EOF
65
*=Error: Space separated key-ids in VerifyRelease condition '11111111 22222222'!
66
*=(Alternate keys can be separated with '|'. Do not put spaces in key-ids.)
67
-v0*=There have been errors!
70
cat > conf/updates <<CONFEND
72
Method: file:$WORKDIR/test
73
VerifyRelease: 11111111
83
testrun - -b . update Test 3<<EOF
87
*=Error: unknown key '11111111'!
88
-v0*=There have been errors!
91
cat > conf/updates <<CONFEND
93
Method: file:$WORKDIR/test
94
VerifyRelease: 11111111
98
VerifyRelease: DC3C29B8|685AF714
103
VerifyRelease: 685AF714|D04DD3D6
109
mkdir test/dists/test
110
cat > test/dists/test/Release <<EOF
112
Components: everything
116
gpg --list-secret-keys
117
gpg --expert --sign -b -u 60DDED5B -u D7A5D887 -u revoked@nowhere.tld --output test/dists/test/Release.gpg test/dists/test/Release
118
gpg --expert --sign -b -u 60DDED5B -u D7A5D887 -u good@nowhere.tld --output test/dists/test/Release.gpg.good test/dists/test/Release
119
gpg --expert -a --sign -b -u evil@nowhere.tld --output test/dists/test/Release.gpg.evil test/dists/test/Release
123
chmod go-rwx gpgtestdir
124
gpg --import $SRCDIR/tests/good.key $SRCDIR/tests/evil.key $SRCDIR/tests/expired.key $SRCDIR/tests/revoked.key $SRCDIR/tests/revoked.pkey $SRCDIR/tests/expiredwithsubkey.key $SRCDIR/tests/withsubkeys.key
127
testrun - -b . update Test 3<<EOF
130
*=VerifyRelease condition 'DC3C29B8|685AF714' lists revoked key '72F1D61F685AF714'.
131
*=(To use it anyway, append it with a '!' to force usage).
132
-v0*=There have been errors!
136
sed -e 's/685AF714/&!/' -i conf/updates
138
testrun - -b . update Test 3<<EOF
141
*=VerifyRelease condition '685AF714!|D04DD3D6' lists expired key '894FA29DD04DD3D6'.
142
*=(To use it anyway, append it with a '!' to force usage).
143
-v0*=There have been errors!
147
sed -e 's/D04DD3D6/&!/' -i conf/updates
149
testrun - -b . update Test 3<<EOF
152
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
153
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
154
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
155
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
156
*=Not accepting valid signature in './lists/commonbase_test_Release.gpg' with REVOKED '12D6C95C8C737389EAAF535972F1D61F685AF714'
157
*=(To ignore it append a ! to the key and run reprepro with --ignore=revokedkey)
158
*=ERROR: Condition '685AF714!|D04DD3D6!' not fullfilled for './lists/commonbase_test_Release.gpg'.
159
*=Signatures in './lists/commonbase_test_Release.gpg':
160
*='DCAD3A286F5178E2F4B09330A573FEB160DDED5B' (signed ${CURDATE}): valid
161
*='236B4B98B5087AF4B621CB14D8A28B7FD7A5D887' (signed ${CURDATE}): valid
162
*='12D6C95C8C737389EAAF535972F1D61F685AF714' (signed ${CURDATE}): key revoced
163
*=Error: Not enough signatures found for remote repository commonbase (file:${WORKDIR}/test test)!
164
-v0*=There have been errors!
168
testrun - --ignore=revokedkey -b . update Test 3<<EOF
171
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
172
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
173
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
174
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
175
*=WARNING: valid signature in './lists/commonbase_test_Release.gpg' with revoked '12D6C95C8C737389EAAF535972F1D61F685AF714' is accepted as requested!
176
*=Missing checksums in Release file './lists/commonbase_test_Release'!
177
-v0*=There have been errors!
181
cp test/dists/test/Release.gpg.good test/dists/test/Release.gpg
183
testrun - -b . update Test 3<<EOF
186
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
187
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
188
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
189
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
190
*=ERROR: Condition '685AF714!|D04DD3D6!' not fullfilled for './lists/commonbase_test_Release.gpg'.
191
*=Signatures in './lists/commonbase_test_Release.gpg':
192
*='DCAD3A286F5178E2F4B09330A573FEB160DDED5B' (signed ${CURDATE}): valid
193
*='236B4B98B5087AF4B621CB14D8A28B7FD7A5D887' (signed ${CURDATE}): valid
194
*='12E94E82B6D7A883AF6EC8E980F4C43EDC3C29B8' (signed ${CURDATE}): valid
195
*=Error: Not enough signatures found for remote repository commonbase (file:${WORKDIR}/test test)!
196
-v0*=There have been errors!
201
cat > conf/updates <<CONFEND
203
Method: file:$WORKDIR/test
204
VerifyRelease: 11111111
208
VerifyRelease: 685AF714!|D04DD3D6!
213
VerifyRelease: DC3C29B8|685AF714!
217
testrun - -b . update Test 3<<EOF
220
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
221
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
222
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
223
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
224
*=ERROR: Condition '685AF714!|D04DD3D6!' not fullfilled for './lists/commonbase_test_Release.gpg'.
225
*=Signatures in './lists/commonbase_test_Release.gpg':
226
*='DCAD3A286F5178E2F4B09330A573FEB160DDED5B' (signed ${CURDATE}): valid
227
*='236B4B98B5087AF4B621CB14D8A28B7FD7A5D887' (signed ${CURDATE}): valid
228
*='12E94E82B6D7A883AF6EC8E980F4C43EDC3C29B8' (signed ${CURDATE}): valid
229
*=Error: Not enough signatures found for remote repository commonbase (file:${WORKDIR}/test test)!
230
-v0*=There have been errors!
235
cat > conf/updates <<CONFEND
237
Method: file:$WORKDIR/test
238
VerifyRelease: F62C6D3B
242
VerifyRelease: D7A5D887
250
testrun - -b . update Test 3<<EOF
253
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
254
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
255
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
256
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
257
*=ERROR: Condition 'F62C6D3B' not fullfilled for './lists/commonbase_test_Release.gpg'.
258
*=Signatures in './lists/commonbase_test_Release.gpg':
259
*='DCAD3A286F5178E2F4B09330A573FEB160DDED5B' (signed ${CURDATE}): valid
260
*='236B4B98B5087AF4B621CB14D8A28B7FD7A5D887' (signed ${CURDATE}): valid
261
*='12E94E82B6D7A883AF6EC8E980F4C43EDC3C29B8' (signed ${CURDATE}): valid
262
*=Error: Not enough signatures found for remote repository commonbase (file:${WORKDIR}/test test)!
263
-v0*=There have been errors!
267
sed -e 's/F62C6D3B/F62C6D3B+/' -i conf/updates
269
testrun - -b . update Test 3<<EOF
272
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
273
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
274
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
275
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
276
*=Missing checksums in Release file './lists/commonbase_test_Release'!
277
-v0*=There have been errors!
281
# now subkey of an expired key
282
cat > conf/updates <<CONFEND
284
Method: file:$WORKDIR/test
285
VerifyRelease: 60DDED5B!
296
testrun - -b . update Test 3<<EOF
299
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
300
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
301
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
302
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
303
*=Not accepting valid signature in './lists/commonbase_test_Release.gpg' with parent-EXPIRED 'DCAD3A286F5178E2F4B09330A573FEB160DDED5B'
304
*=(To ignore it append a ! to the key and run reprepro with --ignore=expiredkey)
305
*=ERROR: Condition '60DDED5B!' not fullfilled for './lists/commonbase_test_Release.gpg'.
306
*=Signatures in './lists/commonbase_test_Release.gpg':
307
*='DCAD3A286F5178E2F4B09330A573FEB160DDED5B' (signed ${CURDATE}): valid
308
*='236B4B98B5087AF4B621CB14D8A28B7FD7A5D887' (signed ${CURDATE}): valid
309
*='12E94E82B6D7A883AF6EC8E980F4C43EDC3C29B8' (signed ${CURDATE}): valid
310
*=Error: Not enough signatures found for remote repository commonbase (file:${WORKDIR}/test test)!
311
-v0*=There have been errors!
315
# now listing the expired key, of which we use an non-expired subkey
316
cat > conf/updates <<CONFEND
318
Method: file:$WORKDIR/test
319
VerifyRelease: A260449A!+
330
testrun - -b . update Test 3<<EOF
333
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
334
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
335
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
336
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
337
*=Not accepting valid signature in './lists/commonbase_test_Release.gpg' with parent-EXPIRED 'DCAD3A286F5178E2F4B09330A573FEB160DDED5B'
338
*=(To ignore it append a ! to the key and run reprepro with --ignore=expiredkey)
339
*=ERROR: Condition 'A260449A!+' not fullfilled for './lists/commonbase_test_Release.gpg'.
340
*=Signatures in './lists/commonbase_test_Release.gpg':
341
*='DCAD3A286F5178E2F4B09330A573FEB160DDED5B' (signed ${CURDATE}): valid
342
*='236B4B98B5087AF4B621CB14D8A28B7FD7A5D887' (signed ${CURDATE}): valid
343
*='12E94E82B6D7A883AF6EC8E980F4C43EDC3C29B8' (signed ${CURDATE}): valid
344
*=Error: Not enough signatures found for remote repository commonbase (file:${WORKDIR}/test test)!
345
-v0*=There have been errors!
349
# Now testing what happens when only signed with a totally different key:
350
cp test/dists/test/Release.gpg.evil test/dists/test/Release.gpg
352
testrun - -b . update Test 3<<EOF
355
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
356
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
357
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
358
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
359
*=ERROR: Condition 'A260449A!+' not fullfilled for './lists/commonbase_test_Release.gpg'.
360
*=Signatures in './lists/commonbase_test_Release.gpg':
361
*='FDC7D039CCC83CC4921112A09FA943670C672A4A' (signed ${CURDATE}): valid
362
*=Error: Not enough signatures found for remote repository commonbase (file:${WORKDIR}/test test)!
363
-v0*=There have been errors!
367
# Now testing an expired signature:
368
cat > conf/updates <<CONFEND
370
Method: file:$WORKDIR/test
371
VerifyRelease: F62C6D3B+
375
VerifyRelease: F62C6D3B
383
# expired signatures are not that easy to fake, to cat it:
384
cat > test/dists/test/Release.gpg <<'EOF'
385
-----BEGIN PGP SIGNATURE-----
386
Version: GnuPG v1.4.9 (GNU/Linux)
388
iKIEAAECAAwFAknjKV8FgwABUYAACgkQFU9je/YsbTvOMwQAhyMjhSCosJtdvMSV
389
l3OUSmHplKZZizJDO9YqO/018I2iSWgpnRxsEX4kmf07qwHjUOYXF3ezaEYWoK1H
390
B5rLqWuju5lwXpPjOF1b1X/0lzyBmLT380gbMa9Nkgjxq2viX/eP9UJKeKKidmrg
391
zWLyB0i6AbOlZw4eE+RCQyUqheI=
393
-----END PGP SIGNATURE-----
396
testrun - -b . update Test 3<<EOF
399
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
400
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
401
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
402
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
403
*=Not accepting valid but EXPIRED signature in './lists/commonbase_test_Release.gpg' with '2938A0D8CD4E20437CAE9CE4154F637BF62C6D3B'
404
*=(To ignore it append a ! to the key and run reprepro with --ignore=expiredsignature)
405
*=ERROR: Condition 'F62C6D3B+' not fullfilled for './lists/commonbase_test_Release.gpg'.
406
*=Signatures in './lists/commonbase_test_Release.gpg':
407
*='2938A0D8CD4E20437CAE9CE4154F637BF62C6D3B' (signed 2009-04-13): expired signature (since 2009-04-14)
408
*=Error: Not enough signatures found for remote repository commonbase (file:${WORKDIR}/test test)!
409
-v0*=There have been errors!
413
testrun - --ignore=expiredsignature -b . update Test 3<<EOF
416
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
417
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
418
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
419
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
420
*=Not accepting valid but EXPIRED signature in './lists/commonbase_test_Release.gpg' with '2938A0D8CD4E20437CAE9CE4154F637BF62C6D3B'
421
*=(To ignore it append a ! to the key and run reprepro with --ignore=expiredsignature)
422
*=ERROR: Condition 'F62C6D3B+' not fullfilled for './lists/commonbase_test_Release.gpg'.
423
*=Signatures in './lists/commonbase_test_Release.gpg':
424
*='2938A0D8CD4E20437CAE9CE4154F637BF62C6D3B' (signed 2009-04-13): expired signature (since 2009-04-14)
425
*=Error: Not enough signatures found for remote repository commonbase (file:${WORKDIR}/test test)!
426
-v0*=There have been errors!
430
sed -e 's/F62C6D3B/&!/' -i conf/updates
432
testrun - --ignore=expiredsignature -b . update Test 3<<EOF
435
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
436
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
437
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
438
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
439
*=WARNING: valid but expired signature in './lists/commonbase_test_Release.gpg' with '2938A0D8CD4E20437CAE9CE4154F637BF62C6D3B' is accepted as requested!
440
*=Missing checksums in Release file './lists/commonbase_test_Release'!
441
-v0*=There have been errors!
446
cat > test/dists/test/Release.gpg <<EOF
449
testrun - -b . update Test 3<<EOF
452
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release'
453
-v2*=Copy file '${WORKDIR}/test/dists/test/Release' to './lists/commonbase_test_Release'...
454
-v1*=aptmethod got 'file:${WORKDIR}/test/dists/test/Release.gpg'
455
-v2*=Copy file '${WORKDIR}/test/dists/test/Release.gpg' to './lists/commonbase_test_Release.gpg'...
456
*=Error verifying './lists/commonbase_test_Release.gpg':
457
*=gpgme gave error GPGME:58: No data
458
-v0*=There have been errors!
462
rm -rf db conf gpgtestdir gpgtestdir lists test
464
if test x$STANDALONE = xtrue ; then
467
echo "If the script is still running to show this,"
468
echo "all tested cases seem to work. (Though writing some tests more can never harm)."