Skip to content

Commit

Permalink
Run all signing tests with runroot since we now can
Browse files Browse the repository at this point in the history
In the fakechroot days there was just no way to get gpg to run
inside that contraption, with the "new" container stuff, we can just
run everything there. Makes life simpler in many ways.

GPG still needs GPG_TTY set, do this centrally from snapshot()
to get it out of all the individual tests.
  • Loading branch information
pmatilai authored and dmnks committed Nov 6, 2024
1 parent d8992bd commit dd819c3
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 32 deletions.
5 changes: 3 additions & 2 deletions tests/atlocal.in
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,9 @@ snapshot()
exec)
bwrap --unshare-pid --dev-bind $RPMTEST / --clearenv \
--setenv PATH $(env -i sh -c 'echo $PATH') \
--setenv HOME /root --chdir / --dev /dev --proc /proc \
--die-with-parent "$@"
--setenv HOME /root \
--setenv GPG_TTY "" \
--chdir / --dev /dev --proc /proc --die-with-parent "$@"
;;
shell)
local source=$(findmnt -no SOURCE --mountpoint $RPMTEST)
Expand Down
50 changes: 20 additions & 30 deletions tests/rpmsigdig.at
Original file line number Diff line number Diff line change
Expand Up @@ -1131,21 +1131,19 @@ AT_KEYWORDS([rpmsign signature])
AT_SKIP_IF([test x$PGP = xdummy])
RPMDB_INIT
gpg2 --import ${RPMTEST}/data/keys/rpm.org-rsa-2048-test.secret
# Our keys have no passphrases to be asked, silence GPG_TTY warning
export GPG_TTY=""

# rpmsign --addsign --rpmv3 <unsigned>
RPMTEST_CHECK([
RPMDB_INIT

cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id 4344591E1964C5FC --rpmv3 --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --key-id 4344591E1964C5FC --rpmv3 --digest-algo sha256 --addsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo PRE-IMPORT
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
echo POST-IMPORT
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --delsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo POST-DELSIGN
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
],
Expand All @@ -1168,13 +1166,13 @@ RPMTEST_CHECK([
RPMDB_INIT

cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id 4344591E1964C5FC --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --key-id 4344591E1964C5FC --digest-algo sha256 --addsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo PRE-IMPORT
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
echo POST-IMPORT
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --delsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo POST-DELSIGN
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
],
Expand All @@ -1194,14 +1192,14 @@ POST-DELSIGN
RPMTEST_CHECK([
RPMDB_INIT

ORIG="${RPMTEST}/data/RPMS/hello-2.0-1.x86_64.rpm"
NEW="${RPMTEST}/tmp/hello-2.0-1.x86_64.rpm"
ORIG="/data/RPMS/hello-2.0-1.x86_64.rpm"
NEW="/tmp/hello-2.0-1.x86_64.rpm"

cp ${ORIG} "${RPMTEST}"/tmp/
run rpmsign --key-id 4344591E1964C5FC --addsign ${NEW} > /dev/null
cmp -s ${ORIG} ${NEW}; echo $?
run rpmsign --delsign ${NEW} > /dev/null
cmp -s ${ORIG} ${NEW}; echo $?
runroot_other cp ${ORIG} /tmp/
runroot rpmsign --key-id 4344591E1964C5FC --addsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot_other cmp -s ${ORIG} ${NEW}; echo $?
runroot rpmsign --delsign ${NEW} > /dev/null
runroot_other cmp -s ${ORIG} ${NEW}; echo $?
],
[ignore],
[1
Expand All @@ -1210,15 +1208,15 @@ cmp -s ${ORIG} ${NEW}; echo $?
[])

RPMTEST_CHECK([
run rpmsign --define "__gpg_sign_cmd mumble" --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --define "__gpg_sign_cmd mumble" --key-id 1964C5FC --addsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
],
[1],
[],
[error: Invalid sign command: mumble
])

RPMTEST_CHECK([
run rpmsign --define "__gpg /gnus/not/here" --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --define "__gpg /gnus/not/here" --key-id 1964C5FC --addsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
],
[1],
[],
Expand All @@ -1231,7 +1229,7 @@ RPMTEST_CHECK([
RPMDB_INIT

cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id 4344591E1964C5FC --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping"
runroot rpmsign --key-id 4344591E1964C5FC --digest-algo sha256 --addsign /tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping"
],
[0],
[],
Expand Down Expand Up @@ -1325,7 +1323,7 @@ runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
echo POST-IMPORT
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --delsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo POST-DELSIGN
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
],
Expand Down Expand Up @@ -1366,7 +1364,7 @@ cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/
echo PRE-DELSIGN
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm|grep -v digest
echo POST-DELSIGN
run rpmsign --delsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm > /dev/null
runroot rpmsign --delsign /tmp/hello-2.0-1.x86_64-signed.rpm > /dev/null
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm|grep -v digest
],
[0],
Expand Down Expand Up @@ -1409,13 +1407,11 @@ AT_KEYWORDS([rpmsign signature])
AT_SKIP_IF([test x$PGP = xdummy])
RPMDB_INIT
gpg2 --import ${RPMTEST}/data/keys/*.secret
# Our keys have no passphrases to be asked, silence GPG_TTY warning
export GPG_TTY=""
RPMTEST_CHECK([
RPMDB_INIT

cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id B0645AEC757BF69E --digest-algo sha512 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --key-id B0645AEC757BF69E --digest-algo sha512 --addsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo PRE-IMPORT
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
echo POST-IMPORT
Expand All @@ -1442,13 +1438,11 @@ AT_KEYWORDS([rpmsign signature])
AT_SKIP_IF([test x$PGP = xdummy])
RPMDB_INIT
gpg2 --import ${RPMTEST}/data/keys/*.secret
# Our keys have no passphrases to be asked, silence GPG_TTY warning
export GPG_TTY=""
RPMTEST_CHECK([
RPMDB_INIT

cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id 7f1c21f95f65bbe8 --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --key-id 7f1c21f95f65bbe8 --digest-algo sha256 --addsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo PRE-IMPORT
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
echo POST-IMPORT
Expand All @@ -1475,13 +1469,11 @@ AT_KEYWORDS([rpmsign signature])
AT_SKIP_IF([test x$PGP = xdummy])
RPMDB_INIT
gpg2 --import ${RPMTEST}/data/keys/keyidcollision1.asc
# Our keys have no passphrases to be asked, silence GPG_TTY warning
export GPG_TTY=""
RPMTEST_CHECK([
RPMDB_INIT

cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id 79cc07f167fee8841829acaa42655a75156b3de0 --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --key-id 79cc07f167fee8841829acaa42655a75156b3de0 --digest-algo sha256 --addsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo PRE-IMPORT
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
echo POST-IMPORT
Expand Down Expand Up @@ -1514,13 +1506,11 @@ AT_KEYWORDS([rpmsign signature])
AT_SKIP_IF([test x$PGP = xdummy])
RPMDB_INIT
gpg2 --import ${RPMTEST}/data/keys/keyidcollision2.asc
# Our keys have no passphrases to be asked, silence GPG_TTY warning
export GPG_TTY=""
RPMTEST_CHECK([
RPMDB_INIT

cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id 94706f8da571389e8642bdfd42655a75156b3de0 --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
runroot rpmsign --key-id 94706f8da571389e8642bdfd42655a75156b3de0 --digest-algo sha256 --addsign /tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo PRE-IMPORT
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
echo POST-IMPORT
Expand Down

0 comments on commit dd819c3

Please sign in to comment.