summaryrefslogtreecommitdiffstats
path: root/test/test_debsign
blob: 9c7ccf581fa2b02f51c3ccef6be9e83c92ea56dc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/bin/sh

# Copyright (C) 2018, Chris Lamb <lamby@debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

set -u

WORKDIR="$(readlink -f "${0%/*}")"

if test "${1:-}" = --installed; then
	COMMAND="debsign --no-conf"
	shift
else
	COMMAND="$WORKDIR/../scripts/debsign.sh --no-conf"
fi

GPG=gpg
GPGHOME=$(mktemp -d -p /tmp gpg.XXXXX)
if ! command -v $GPG >/dev/null 2>&1; then
	echo "$GPG missing"
	GPG=gpg2
	if ! command -v $GPG >/dev/null 2>&1; then
		echo "$GPG missing"
		exit 1
	fi
fi

oneTimeSetUp () {
	$GPG -v --homedir "$GPGHOME" --no-options -q --batch --no-default-keyring \
		--output $GPGHOME/secring.gpg --dearmor $WORKDIR/debsign/private_key.asc

	$GPG -v --homedir "$GPGHOME" --no-options -q --batch --no-default-keyring \
		--output $GPGHOME/pubring.gpg --dearmor $WORKDIR/debsign/public_key.asc

	export GNUPGHOME=$GPGHOME
}

oneTimeTearDown () {
	gpgconf --homedir "$GPGHOME" --verbose --kill gpg-agent
	rm -rf "$GPGHOME"
}

setUp() {
	TEMPDIR=$(mktemp -d -p /tmp debsign.XXXXX)
	cp $WORKDIR/debsign/* $TEMPDIR
	CHANGES=$(echo $TEMPDIR/*changes)
}

tearDown() {
	rm -rf $TEMPDIR
}

assertSigned() {
	expected=$1
	shift
	$COMMAND "$@" $CHANGES >$TEMPDIR/stdout 2>$TEMPDIR/stderr
	rc=$?
	assertEquals 'error code' $expected $rc
}

testEmailKeyID () {
	assertSigned 0 -k none@debian.org
}

testShortKeyID () {
	assertSigned 1 -k 72543FAF
	assertTrue 'error not seen' "grep -q 'short key ID' $TEMPDIR/stderr"
}

testPrefixedShortKeyID () {
	assertSigned 1 -k 0x72543FAF
	assertTrue 'error not seen' "grep -q 'short key ID' $TEMPDIR/stderr"
}

testLongKeyID() {
	assertSigned 0 -k C77E2D6872543FAF
	assertTrue 'not signed' "grep -q 'BEGIN PGP SIGNATURE' $CHANGES"
}

testPrefixedLongKeyID() {
	assertSigned 0 -k 0xC77E2D6872543FAF
	assertTrue 'not signed' "grep -q 'BEGIN PGP SIGNATURE' $CHANGES"
}

testFingerprintKeyID () {
	assertSigned 0 -k CF218F0E7EABF584B7E20402C77E2D6872543FAF
}

testUnknownKeyID () {
	assertSigned 2 -k AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
	assertTrue 'warning not seen' "grep -q 'No secret key' $TEMPDIR/stderr"
}

testNameKeyID () {
	assertSigned 0 -k 'uscan test key (no secret)'
}

testFullNameAsKeyID () {
	assertSigned 0 -k 'uscan test key (no secret) <none@debian.org>'
}

. shunit2