#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'amd64'

export TMPDIR="${TMPWORKINGDIRECTORY}/tmp"
mkdir "${TMPDIR}"

msgtest 'Check that a repository with' 'signed-by and two components works'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
testsuccess --nomsg aptcache policy

msgtest 'Check that a repository with' 'two fingerprints work'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
testsuccess --nomsg aptcache policy

msgtest 'Check that a repository with' 'exact fingerprint works'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386!] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
testsuccess --nomsg aptcache policy

msgtest 'Check that a repository with' 'whitespaced fingerprints work'
echo 'deb [signed-by=CDE5618B8805FD6E202CE9C2D73C39E56580B386!,,,,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] https://people.debian.org/~jak/debian/ stable main contrib # Äffchen' > rootdir/etc/apt/sources.list
cat > rootdir/etc/apt/sources.list.d/people.sources <<EOF
Types: deb
URIs: mirror+file:/var/lib/apt/mirror.lst
Suites: stable testing
Components: main contrib
Architectures: amd64 i386
Signed-By: CDE5618B8805FD6E202CE9C2D73C39E56580B386!       AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    ,  , BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
EOF
testsuccess --nomsg aptcache policy

buildsimplenativepackage "coolstuff" "all" "1.0" "stable"
setupaptarchive --no-update
rm -f rootdir/etc/apt/sources.list.d/* rootdir/etc/apt/sources.list
rm -f rootdir/etc/apt/trusted.gpg.d/* rootdir/etc/apt/trusted.gpg

GPGKEYBLOCK='-----BEGIN PGP PUBLIC KEY BLOCK-----
    .
    mQENBExsGNYBCADNVx+TQ6h1tEyUP11f7ihfta3ZePkW1rIdkdHgA3Fw/TeLnTEq
    mWuhMw2pL4zy1vQhU8efNrRaNUrUS7kV3LIdSjd5K4Aizqtsdy/gLKFoTcO8LFIm
    KAXPg5hZBZ1B1HWvw7Npe4nkIj0Ar+bUyMfyCBUeqoaNeIy31a4IiNo8LdD73DOh
    4APKcp+pXh2s2DOmWOnTI8Z+WZ9W2ZurtdZl8g04hszGatwVKrNc6p5wK0wAvJ+X
    M0HaIVt/+90GVLCMb/Gjf66At73BS19BdRDPi54PPK5N+Q9HZAYq0zPPNySB3l4A
    vGjZtCqljkSqiaL1C0ZKf8c5ey/FoAviyS7TABEBAAG0M0pvZSBTaXhwYWNrIChB
    UFQgVGVzdGNhc2VzIER1bW15KSA8am9lQGV4YW1wbGUub3JnPokBNwQTAQoAIQIb
    AwIeAQIXgAUCV7L5PQULCQgHAwUVCgkICwUWAgMBAAAKCRBakNFB26yNri5RB/sF
    xRzAFAwwp6TQNeZk3L2zsHD2ZPKaoWzi1l+nD4grfP1enuAnwcLR3HG4zouN3nCg
    M0PgZEUo2yOAnKK4D5XWkcZjhcoCj133bTW807e+aM6d08ns+piIGJ8VdUVYlNZ2
    Tnr8eunkUQVkWQGjtHicIJFtjbokIKXzlJtVSklF/kDQ+v93kyj1SNM7Tm57Q01i
    ZtB2jCXNYvqdlHaZw1oXdVd1R6u0+SSb4wtjHuTeYG76JaCnWKBnvexWhIEN1MxK
    xNHhRHzEPTYZ4PCCyaRX4YRAwsEMFsscsghpQgqRDhGSWq+jUVI+Aay7FTnd+1UA
    1snsGpB0o9qxx8JpGMXI
    =c/k4
    -----END PGP PUBLIC KEY BLOCK-----'
cat > rootdir/etc/apt/sources.list.d/deb822.sources << EOF
Types: deb
URIs: file://$PWD/aptarchive
Suites: stable
Components: main
xSigned-By:
    $GPGKEYBLOCK
EOF
testfailure apt update  -o Debug::Acquire::gpgv=1
testsuccess grep -E "(NO_PUBKEY 5A90D141DBAC8DAE|no keyring is specified)" rootdir/tmp/testfailure.output
sed -i s/^xSigned-By/Signed-By/ rootdir/etc/apt/sources.list.d/deb822.sources
testsuccess apt update  -o Debug::Acquire::gpgv=1
testsuccessequal "$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')\n$(echo "$GPGKEYBLOCK" | sed 's/^ \+/ /')" aptget indextargets --format '$(SIGNED_BY)'
# make sure we did not leave leftover files (LP: #1995247)
testsuccessequal "" ls "${TMPDIR}"
rm -f rootdir/etc/apt/sources.list.d/*

msgtest 'Check that a repository with' 'only the fisrt entry has no Signed-By value works'
cat > rootdir/etc/apt/sources.list.d/example.sources << EOF
Types: deb
URIs: http://example.org/
Suites: suite
Components: component

Types: deb
URIs: http://example.org/
Suites: suite
Components: component2
Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE
EOF
testsuccess --nomsg aptcache policy

msgtest 'Check that a repository with' 'only the second entry has no Signed-By value works'
cat > rootdir/etc/apt/sources.list.d/example.sources << EOF
Types: deb
URIs: http://example.org/
Suites: suite
Components: component
Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE

Types: deb
URIs: http://example.org/
Suites: suite
Components: component2
EOF
testsuccess --nomsg aptcache policy

cat > rootdir/etc/apt/sources.list.d/example.sources << EOF
Types: deb
URIs: http://example.org/
Suites: suite
Components: component
Signed-By: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE

Types: deb
URIs: http://example.org/
Suites: suite
Components: component2
Signed-By: DE66AECA9151AFA1877EC31DE8525D47528144E2
EOF
testfailuremsg 'E: Conflicting values set for option Signed-By regarding source http://example.org/ suite: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE != DE66AECA9151AFA1877EC31DE8525D47528144E2
E: The list of sources could not be read.' aptget update --print-uris