gpg: Regenerate test data for test-gpg-verify-result

Turns out the expired signature case was failing because the signature
itself was corrupted.  Reconstructed the test data and updated the test
code.  Note, an expired signature is still counted as valid.

Also, handy debugging trick for setting a key or signature expiry: the
CLI makes it appear the shortest expiry is 1 day, but it also secretly
recognizes "seconds=N".

diff --git a/tests/gpg-verify-data/lgpl2.sig b/tests/gpg-verify-data/lgpl2.sig
index a9eafbf760bdfdd373129d14880105e7a8972561..4229b814f7565fdef945d1f92e3123e95cd9f5df 100644 (file)
Binary files a/tests/gpg-verify-data/lgpl2.sig and b/tests/gpg-verify-data/lgpl2.sig differ

diff --git a/tests/gpg-verify-data/pubring.gpg b/tests/gpg-verify-data/pubring.gpg
index 187538f36d577778b1df8ce9273b2762037a5864..2c9e5b6a1a7b8af58353c293534ca5d92c601003 100644 (file)
Binary files a/tests/gpg-verify-data/pubring.gpg and b/tests/gpg-verify-data/pubring.gpg differ

diff --git a/tests/gpg-verify-data/secring.gpg b/tests/gpg-verify-data/secring.gpg
index 219df34467cfb0a3d87f5d8dfa9f2529da074ea9..38e7f1c1c572835e4437b33d93530b463fe9d500 100644 (file)
Binary files a/tests/gpg-verify-data/secring.gpg and b/tests/gpg-verify-data/secring.gpg differ

diff --git a/tests/gpg-verify-data/trustdb.gpg b/tests/gpg-verify-data/trustdb.gpg
index b7426c719d08e6c5529190244360370babb2d7c1..3f046fad106df32b0a4d73339c21fbeeb034656f 100644 (file)
Binary files a/tests/gpg-verify-data/trustdb.gpg and b/tests/gpg-verify-data/trustdb.gpg differ

diff --git a/tests/test-gpg-verify-result.c b/tests/test-gpg-verify-result.c
index 2bc238411da64af618b21018e777ddd348309ffa..c00e90a59d8731c32ee8489246e502af9afd122e 100644 (file)
--- a/tests/test-gpg-verify-result.c
+++ b/tests/test-gpg-verify-result.c
@@ -114,7 +114,7 @@ test_check_counts (TestFixture *fixture,
   count_valid = ostree_gpg_verify_result_count_valid (fixture->result);
 
   g_assert_cmpint (count_all, ==, 5);
-  g_assert_cmpint (count_valid, ==, 1);
+  g_assert_cmpint (count_valid, ==, 2);
 }
 
 static void
@@ -125,7 +125,7 @@ test_signature_lookup (TestFixture *fixture,
   guint expected_signature_index = GPOINTER_TO_UINT (user_data);
 
   /* Lowercase letters to ensure OstreeGpgVerifyResult handles it. */
-  const char *fingerprint = "20e10cfa61ca9cbedbfb03ad115fd072c8c56093";
+  const char *fingerprint = "68dcc2db4bec5811c2573590bd9d2a44b7f541a6";
 
   guint signature_index;
   gboolean signature_found;
@@ -358,33 +358,8 @@ test_expired_signature (TestFixture *fixture,
                  &key_revoked,
                  &key_missing);
 
-  /* XXX GPGME seems to be mishandling this case entirely.
-   *
-   * GPG itself recognizes the last signature as expired:
-   *
-   *   gpg: Signature made Tue 10 Mar 2015 06:29:07 PM EDT using
-   *        RSA key ID 9A51B00B
-   *   gpg: BAD signature from "J. Random User (valid signing key)
-   *        <testcase@redhat.com>"
-   *   gpg: Signature expired Wed 11 Mar 2015 06:29:07 PM EDT
-   *
-   * But the gpgme_signature_t record comes back with:
-   *
-   *         summary = GPGME_SIGSUM_RED (expected GPGME_SIGSUM_SIG_EXPIRED)
-   *          status = GPG_ERR_BAD_SIGNATURE (expected GPG_ERR_SIG_EXPIRED)
-   *       timestamp = 0             }
-   *   exp_timestamp = 0             } all wrong values!
-   *     pubkey_algo = 0             }
-   *       hash_algo = GPGME_MD_NONE }
-   *
-   * Possibly a parsing error in GPGME?  It acts like it sees the BAD
-   * token and just gives up on the rest.  Worth investigating further?
-   */
-
-  g_assert_false (valid);
-#if 0
+  g_assert_true (valid);
   g_assert_true (sig_expired);
-#endif
   g_assert_false (key_expired);
   g_assert_false (key_revoked);
   g_assert_false (key_missing);