tests: Fix up GPG tests for more strict EL7 GPG

These GPG tests were failing for me on EL7 - it appears to be because
we had only one directory for both private and public keys, and we
were giving that to ostree for verification, which passed them onto
gpgv.

In EL7 beta at least, gpgv now barfs if it finds a private key where
it is just expecting to find public keys.

Fix this by splitting out the public trusted directory from the
private key directory.  Except now for signing, we still need the
public key there, so symlink it.  Whee!

diff --git a/Makefile-tests.am b/Makefile-tests.am
index e281883f25abee645413c041d732a12e4508e3f7..7ca4b63bc6de418a99a4040bc696d497d2f917be 100644 (file)
--- a/Makefile-tests.am
+++ b/Makefile-tests.am
@@ -60,8 +60,13 @@ insttest_DATA = tests/archive-test.sh \
 
 gpginsttestdir = $(pkglibexecdir)/installed-tests/gpghome
 gpginsttest_DATA = tests/gpghome/secring.gpg \
-       tests/gpghome/pubring.gpg \
        tests/gpghome/trustdb.gpg
+gpginsttest_trusteddir = $(pkglibexecdir)/installed-tests/gpghome/trusted
+gpginsttest_trusted_DATA = tests/gpghome/trusted/pubring.gpg
+
+install-gpg-data-hook:
+       ln -s trusted/pubring.gpg $(DESTDIR)$(gpginsttestdir)/pubring.gpg 
+INSTALL_DATA_HOOKS += install-gpg-data-hook
 
 %.test: tests/%.sh Makefile
        $(AM_V_GEN) (echo '[Test]' > $@.tmp; \

diff --git a/tests/gpghome/pubring.gpg b/tests/gpghome/pubring.gpg
deleted file mode 100644 (file)
index 502a1a3..0000000
Binary files a/tests/gpghome/pubring.gpg and /dev/null differ

diff --git a/tests/gpghome/trusted/pubring.gpg b/tests/gpghome/trusted/pubring.gpg
new file mode 100644 (file)
index 0000000..502a1a3
Binary files /dev/null and b/tests/gpghome/trusted/pubring.gpg differ

diff --git a/tests/libtest.sh b/tests/libtest.sh
index 57365cbb2703fee172f0231a69d942493ebc102f..da85c1c88c3ecbc28b939b31c4b07c64c6ad3934 100644 (file)
--- a/tests/libtest.sh
+++ b/tests/libtest.sh
@@ -23,8 +23,8 @@ test_tmpdir=$(pwd)
 export G_DEBUG=fatal-warnings
 
 export TEST_GPG_KEYID="472CDAFA"
-export TEST_GPG_HOME=${SRCDIR}/gpghome
-export OSTREE_GPG_HOME=${TEST_GPG_HOME}
+export TEST_GPG_KEYHOME=${SRCDIR}/gpghome
+export OSTREE_GPG_HOME=${TEST_GPG_KEYHOME}/trusted
 
 if test -n "${OT_TESTS_DEBUG}"; then
     set -x

diff --git a/tests/test-gpg-signed-commit.sh b/tests/test-gpg-signed-commit.sh
index 1166f866bffac844410f128236b4901b204e682d..8a75660a48bc997a72d8a1e41d962efc19b4afa3 100644 (file)
--- a/tests/test-gpg-signed-commit.sh
+++ b/tests/test-gpg-signed-commit.sh
@@ -28,7 +28,7 @@ fi
 setup_test_repository "archive-z2"
 
 cd ${test_tmpdir}
-${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_HOME} --tree=dir=files
+${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
 $OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
 # We at least got some content here and ran through the code; later
 # tests will actually do verification
@@ -36,6 +36,6 @@ assert_file_has_content test2-gpgsigs 'byte '
 
 # Now sign a commit 3 times (with the same key)
 cd ${test_tmpdir}
-${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_HOME} --tree=dir=files
+${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
 $OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
 assert_file_has_content test2-gpgsigs 'byte '