tests/gpg-verify-data: Empty out trustdb.gpg

When the private keys were generated, gpg added an ultimate trust entry
since you normally want to trust your own keys. However, this throws off
the expired signature testing since gpgme considers it valid if the key
is fully or ultimately trusted.

The use of a trustdb for the test-gpg-verify-result is unlike any other
GPG verification in ostree. Under normal circumstances, a temporary GPG
homedir is created without any trust information, so all keys are
treated as having unknown trust.

Regenerate an empty trustdb.gpg in gpg-verify-data so that the tests
behave as ostree normally operates. After this the expired signature
testing correctly shows up as a non-valid signature. The trustdb was
regenerated by simply removing it and running any gpg operation with the
gpg-verify-data directory as the homedir.

diff --git a/tests/gpg-verify-data/trustdb.gpg b/tests/gpg-verify-data/trustdb.gpg
index 3f046fad106df32b0a4d73339c21fbeeb034656f..91f87170b0afbdbca5570ab736cce423a2e11e0e 100644 (file)
Binary files a/tests/gpg-verify-data/trustdb.gpg and b/tests/gpg-verify-data/trustdb.gpg differ

diff --git a/tests/test-gpg-verify-result.c b/tests/test-gpg-verify-result.c
index 95de1873a2026883b0a6446d1d06d41783138bd2..8b409ab5f42c75eb4ec0a6400300075ac9892592 100644 (file)
--- a/tests/test-gpg-verify-result.c
+++ b/tests/test-gpg-verify-result.c
@@ -115,7 +115,7 @@ test_check_counts (TestFixture *fixture,
   count_valid = ostree_gpg_verify_result_count_valid (fixture->result);
 
   g_assert_cmpint (count_all, ==, 5);
-  g_assert_cmpint (count_valid, ==, 2);
+  g_assert_cmpint (count_valid, ==, 1);
 }
 
 static void
@@ -373,7 +373,7 @@ test_expired_signature (TestFixture *fixture,
                  &key_missing,
                  &key_exp_timestamp);
 
-  g_assert_true (valid);
+  g_assert_false (valid);
   g_assert_true (sig_expired);
   g_assert_false (key_expired);
   g_assert_false (key_revoked);