diff --git a/system/files/debian-archive-keyring.gpg b/system/files/debian-archive-keyring.gpg new file mode 100644 index 00000000..46d1f0e2 Binary files /dev/null and b/system/files/debian-archive-keyring.gpg differ diff --git a/system/lib.py b/system/lib.py index 1706797a..881996a3 100644 --- a/system/lib.py +++ b/system/lib.py @@ -57,6 +57,7 @@ class BaseTest(object): longTest = False fixturePool = False fixtureDB = False + fixtureGpg = False fixtureWebServer = False expectedCode = 0 @@ -85,6 +86,8 @@ class BaseTest(object): shutil.rmtree(os.path.join(os.environ["HOME"], ".aptly")) if os.path.exists(os.path.join(os.environ["HOME"], ".aptly.conf")): os.remove(os.path.join(os.environ["HOME"], ".aptly.conf")) + if os.path.exists(os.path.join(os.environ["HOME"], ".gnupg", "aptlytest.gpg")): + os.remove(os.path.join(os.environ["HOME"], ".gnupg", "aptlytest.gpg")) def prepare_default_config(self): cfg = self.configFile.copy() @@ -113,6 +116,11 @@ class BaseTest(object): self.webServerUrl = self.start_webserver(os.path.join(os.path.dirname(inspect.getsourcefile(self.__class__)), self.fixtureWebServer)) + if self.fixtureGpg: + self.run_cmd(["gpg", "--no-default-keyring", "--keyring", "aptlytest.gpg", "--import", + os.path.join(os.path.dirname(inspect.getsourcefile(BaseTest)), "files", "debian-archive-keyring.gpg")], + expected_code=2) + if hasattr(self, "fixtureCmds"): if self.fixtureWebServer: params = {'url': self.webServerUrl} @@ -127,7 +135,9 @@ class BaseTest(object): try: if not hasattr(command, "__iter__"): command = shlex.split(command) - proc = subprocess.Popen(command, stderr=subprocess.STDOUT, stdout=subprocess.PIPE) + environ = os.environ.copy() + environ["LC_ALL"] = "C" + proc = subprocess.Popen(command, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, env=environ) output, _ = proc.communicate() if proc.returncode != expected_code: raise Exception("exit code %d != %d (output: %s)" % (proc.returncode, expected_code, output)) diff --git a/system/t04_mirror/CreateMirror10Test_gold b/system/t04_mirror/CreateMirror10Test_gold new file mode 100644 index 00000000..a39de397 --- /dev/null +++ b/system/t04_mirror/CreateMirror10Test_gold @@ -0,0 +1,10 @@ +Downloading http://mirror.yandex.ru/debian-backports/dists/squeeze-backports/InRelease... +gpgv: keyblock resource `${HOME}/.gnupg/aptlytest.gpg': file open error +gpgv: RSA key ID 46925553 +gpgv: Can't check signature: public key not found +Downloading http://mirror.yandex.ru/debian-backports/dists/squeeze-backports/Release... +Downloading http://mirror.yandex.ru/debian-backports/dists/squeeze-backports/Release.gpg... +gpgv: keyblock resource `${HOME}/.gnupg/aptlytest.gpg': file open error +gpgv: RSA key ID 46925553 +gpgv: Can't check signature: public key not found +ERROR: unable to fetch mirror: GnuPG verification of detached signature failed: exit status 2 diff --git a/system/t04_mirror/CreateMirror11Test_gold b/system/t04_mirror/CreateMirror11Test_gold new file mode 100644 index 00000000..8b96d2b3 --- /dev/null +++ b/system/t04_mirror/CreateMirror11Test_gold @@ -0,0 +1,10 @@ +Downloading http://mirror.yandex.ru/debian/dists/squeeze/InRelease... +Downloading http://mirror.yandex.ru/debian/dists/squeeze/Release... +Downloading http://mirror.yandex.ru/debian/dists/squeeze/Release.gpg... +gpgv: RSA key ID 473041FA +gpgv: Good signature from "Debian Archive Automatic Signing Key (6.0/squeeze) " +gpgv: RSA key ID B98321F9 +gpgv: Good signature from "Squeeze Stable Release Key " + +Mirror [mirror11]: http://mirror.yandex.ru/debian/ squeeze successfully added. +You can run 'aptly mirror update mirror11' to download repository contents. diff --git a/system/t04_mirror/CreateMirror11Test_mirror_show b/system/t04_mirror/CreateMirror11Test_mirror_show new file mode 100644 index 00000000..f2c5c227 --- /dev/null +++ b/system/t04_mirror/CreateMirror11Test_mirror_show @@ -0,0 +1,18 @@ +Name: mirror11 +Archive Root URL: http://mirror.yandex.ru/debian/ +Distribution: squeeze +Components: main, contrib, non-free +Architectures: amd64, armel, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, sparc +Last update: never + +Information from release file: +Architectures: amd64 armel i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc s390 sparc +Codename: squeeze +Components: main contrib non-free +Date: Sat, 19 Oct 2013 13:54:21 UTC +Description: Debian 6.0.8 Released 19 October 2013 + +Label: Debian +Origin: Debian +Suite: oldstable +Version: 6.0.8 diff --git a/system/t04_mirror/CreateMirror12Test_gold b/system/t04_mirror/CreateMirror12Test_gold new file mode 100644 index 00000000..164666e9 --- /dev/null +++ b/system/t04_mirror/CreateMirror12Test_gold @@ -0,0 +1,9 @@ +Downloading http://mirror.yandex.ru/debian/dists/squeeze/InRelease... +Downloading http://mirror.yandex.ru/debian/dists/squeeze/Release... +Downloading http://mirror.yandex.ru/debian/dists/squeeze/Release.gpg... +gpgv: keyblock resource `${HOME}/.gnupg/aptlytest.gpg': file open error +gpgv: RSA key ID 473041FA +gpgv: Can't check signature: public key not found +gpgv: RSA key ID B98321F9 +gpgv: Can't check signature: public key not found +ERROR: unable to fetch mirror: GnuPG verification of detached signature failed: exit status 2 diff --git a/system/t04_mirror/CreateMirror9Test_gold b/system/t04_mirror/CreateMirror9Test_gold new file mode 100644 index 00000000..deb6848d --- /dev/null +++ b/system/t04_mirror/CreateMirror9Test_gold @@ -0,0 +1,11 @@ +Downloading http://mirror.yandex.ru/debian-backports/dists/squeeze-backports/InRelease... +gpgv: Signature made Fri Feb 7 06:56:50 2014 MSK using RSA key ID 46925553 +gpgv: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy) " +gpg: Signature made Fri Feb 7 06:56:50 2014 MSK using RSA key ID 46925553 +gpg: Good signature from "Debian Archive Automatic Signing Key (7.0/wheezy) " +gpg: WARNING: This key is not certified with a trusted signature! +gpg: There is no indication that the signature belongs to the owner. +Primary key fingerprint: A1BD 8E9D 78F7 FE5C 3E65 D8AF 8B48 AD62 4692 5553 + +Mirror [mirror9]: http://mirror.yandex.ru/debian-backports/ squeeze-backports successfully added. +You can run 'aptly mirror update mirror9' to download repository contents. diff --git a/system/t04_mirror/CreateMirror9Test_mirror_show b/system/t04_mirror/CreateMirror9Test_mirror_show new file mode 100644 index 00000000..c593ba8d --- /dev/null +++ b/system/t04_mirror/CreateMirror9Test_mirror_show @@ -0,0 +1,20 @@ +Name: mirror9 +Archive Root URL: http://mirror.yandex.ru/debian-backports/ +Distribution: squeeze-backports +Components: main, contrib, non-free +Architectures: amd64, armel, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, sparc +Last update: never + +Information from release file: +Architectures: amd64 armel i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc s390 sparc +ButAutomaticUpgrades: yes +Codename: squeeze-backports +Components: main contrib non-free +Date: Fri, 07 Feb 2014 02:56:49 UTC +Description: Backports for the Squeeze Distribution + +Label: Debian Backports +NotAutomatic: yes +Origin: Debian Backports +Suite: squeeze-backports +Valid-Until: Fri, 14 Feb 2014 02:56:49 UTC diff --git a/system/t04_mirror/create.py b/system/t04_mirror/create.py index 5747c986..866650fd 100644 --- a/system/t04_mirror/create.py +++ b/system/t04_mirror/create.py @@ -1,3 +1,5 @@ +import re + from lib import BaseTest @@ -82,3 +84,51 @@ class CreateMirror8Test(BaseTest): ] runCmd = "aptly mirror create --ignore-signatures mirror8 http://mirror.yandex.ru/debian/ wheezy main contrib" expectedCode = 1 + + +class CreateMirror9Test(BaseTest): + """ + create mirror: repo with InRelease verification + """ + runCmd = "aptly mirror create --keyring=aptlytest.gpg mirror9 http://mirror.yandex.ru/debian-backports/ squeeze-backports" + fixtureGpg = True + outputMatchPrepare = lambda _, s: re.sub(r'Signature made .* using', '', s) + + def check(self): + self.check_output() + self.check_cmd_output("aptly mirror show mirror9", "mirror_show") + + +class CreateMirror10Test(BaseTest): + """ + create mirror: repo with InRelease verification, failure + """ + runCmd = "aptly mirror create --keyring=aptlytest.gpg mirror10 http://mirror.yandex.ru/debian-backports/ squeeze-backports" + fixtureGpg = False + gold_processor = BaseTest.expand_environ + outputMatchPrepare = lambda _, s: re.sub(r'Signature made .* using', '', s) + expectedCode = 1 + + +class CreateMirror11Test(BaseTest): + """ + create mirror: repo with Release + Release.gpg verification + """ + runCmd = "aptly mirror create --keyring=aptlytest.gpg mirror11 http://mirror.yandex.ru/debian/ squeeze" + fixtureGpg = True + outputMatchPrepare = lambda _, s: re.sub(r'Signature made .* using', '', s) + + def check(self): + self.check_output() + self.check_cmd_output("aptly mirror show mirror11", "mirror_show") + + +class CreateMirror12Test(BaseTest): + """ + create mirror: repo with Release+Release.gpg verification, failure + """ + runCmd = "aptly mirror create --keyring=aptlytest.gpg mirror12 http://mirror.yandex.ru/debian/ squeeze" + fixtureGpg = False + gold_processor = BaseTest.expand_environ + outputMatchPrepare = lambda _, s: re.sub(r'Signature made .* using', '', s) + expectedCode = 1