tests: Update test-gpg-signed-commit.sh

Utilize and test new CLI capabilities:

  - Signature count in 'ostree show' result
  - Duplicate signatures now rejected
  - Ability to delete signatures

diff --git a/tests/gpghome/secring.gpg b/tests/gpghome/secring.gpg
index 635e20c5521a37acadd284f721cf85428bb5a690..ad88437ec50b7bfeed4a9d5484414d446905deb1 100644 (file)
Binary files a/tests/gpghome/secring.gpg and b/tests/gpghome/secring.gpg differ

diff --git a/tests/gpghome/trustdb.gpg b/tests/gpghome/trustdb.gpg
index aeb46cbdec554a3b7c9d93cc3f4283dd56d93b5b..d5f053e76d560ed2b383364e92cd27b4f86e2cee 100644 (file)
Binary files a/tests/gpghome/trustdb.gpg and b/tests/gpghome/trustdb.gpg differ

diff --git a/tests/gpghome/trusted/pubring.gpg b/tests/gpghome/trusted/pubring.gpg
index 502a1a3773e321cba677f77b76657c2f12cccbee..5461d9d4a39fda1da4cde504e6b43574d9fdafbb 100644 (file)
Binary files a/tests/gpghome/trusted/pubring.gpg and b/tests/gpghome/trusted/pubring.gpg differ

diff --git a/tests/libtest.sh b/tests/libtest.sh
index 5879ac855eb19a705646124411cf7b609c3405e9..5ee5ae461a88de028051ba26296fbfac092cf550 100644 (file)
--- a/tests/libtest.sh
+++ b/tests/libtest.sh
@@ -22,7 +22,9 @@ test_tmpdir=$(pwd)
 
 export G_DEBUG=fatal-warnings
 
-export TEST_GPG_KEYID="472CDAFA"
+export TEST_GPG_KEYID_1="472CDAFA"
+export TEST_GPG_KEYID_2="CA950D41"
+export TEST_GPG_KEYID_3="DF444D67"
 
 # GPG when creating signatures demands a writable
 # homedir in order to create lockfiles.  Work around

diff --git a/tests/test-gpg-signed-commit.sh b/tests/test-gpg-signed-commit.sh
index dc39d092d44eb0132e410c751c0b108cf01a5465..49fb49036d80f79479819513990dae8cede6231b 100644 (file)
--- a/tests/test-gpg-signed-commit.sh
+++ b/tests/test-gpg-signed-commit.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 #
 # Copyright (C) 2013 Jeremy Whiting <jeremy.whiting@collabora.com>
+# Copyright (C) 2015 Red Hat, Inc.
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -27,23 +28,46 @@ fi
 
 setup_test_repository "archive-z2"
 
+export OSTREE_GPG_SIGN="${OSTREE} gpg-sign --gpg-homedir=${TEST_GPG_KEYHOME}"
+
 cd ${test_tmpdir}
-${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
-$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
+${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID_1} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
+${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
 # We at least got some content here and ran through the code; later
 # tests will actually do verification
-assert_file_has_content test2-gpgsigs 'byte '
+assert_file_has_content test2-show 'Found 1 signature'
 
-# Now sign a commit 3 times (with the same key)
+# Now sign a commit with 3 different keys
 cd ${test_tmpdir}
-${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-sign=${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
-$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
-assert_file_has_content test2-gpgsigs 'byte '
+${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --gpg-sign=${TEST_GPG_KEYID_1} --gpg-sign=${TEST_GPG_KEYID_2} --gpg-sign=${TEST_GPG_KEYID_3} --gpg-homedir=${TEST_GPG_KEYHOME} --tree=dir=files
+${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
+assert_file_has_content test2-show 'Found 3 signature'
 
-# Commit and sign separately
+# Commit and sign separately, then monkey around with signatures
 cd ${test_tmpdir}
 ${OSTREE} commit -b test2 -s "A GPG signed commit" -m "Signed commit body" --tree=dir=files
-$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 2> /dev/null && (echo 1>&2 "unsigned commit unexpectedly had detached metadata"; exit 1)
-$OSTREE gpg-sign test2 ${TEST_GPG_KEYID} --gpg-homedir=${TEST_GPG_KEYHOME}
-$OSTREE show --print-detached-metadata-key=ostree.gpgsigs test2 > test2-gpgsigs
-assert_file_has_content test2-gpgsigs 'byte '
+if ${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature'; then
+  assert_not_reached
+fi
+${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_1}
+${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
+assert_file_has_content test2-show 'Found 1 signature'
+# Signing with a previously used key should be caught
+if ${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_1} 2>/dev/null; then
+  assert_not_reached
+fi
+# Add a few more signatures and then delete them
+${OSTREE_GPG_SIGN} test2 ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3}
+${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
+assert_file_has_content test2-show 'Found 3 signature'
+${OSTREE_GPG_SIGN} --delete test2 ${TEST_GPG_KEYID_2} | grep -o 'Signatures deleted: [[:digit:]]' > test2-delete
+assert_file_has_content test2-delete 'Signatures deleted: 1'
+${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature' > test2-show
+assert_file_has_content test2-show 'Found 2 signature'
+# Already deleted TEST_GPG_KEYID_2; should be ignored
+${OSTREE_GPG_SIGN} --delete test2 ${TEST_GPG_KEYID_1} ${TEST_GPG_KEYID_2} ${TEST_GPG_KEYID_3} | grep -o 'Signatures deleted: [[:digit:]]' > test2-delete
+assert_file_has_content test2-delete 'Signatures deleted: 2'
+# Verify all signatures are gone
+if ${OSTREE} show test2 | grep -o 'Found [[:digit:]] signature'; then
+  assert_not_reached
+fi