mirror of
https://git.dpkg.org/git/dpkg/debsig-verify.git
synced 2025-04-23 21:05:56 +00:00
151 lines
3.3 KiB
Plaintext
151 lines
3.3 KiB
Plaintext
# Global shell definitions for the autotest test suite
|
|
|
|
PATH="@abs_top_builddir@/src:$PATH"
|
|
export PATH
|
|
|
|
# Setup a sane environment
|
|
LC_ALL=C
|
|
export LC_ALL
|
|
|
|
TZ=UTC0
|
|
export TZ
|
|
|
|
# Define helper variables and functions
|
|
TESTDATA="@abs_top_srcdir@/test"
|
|
TESTPOLICIES="$TESTDATA/policies"
|
|
TESTKEYRINGS="$TESTDATA/keyrings"
|
|
# Default key
|
|
TESTFPRID="B2551A215CE5C74584C6AE0DE9F3837DB59CDACD"
|
|
TESTKEYID="$(echo $TESTFPRID | cut -c25-)"
|
|
|
|
DEBSIG="debsig-verify -v -d --policies-dir $TESTPOLICIES --keyrings-dir $TESTKEYRINGS"
|
|
|
|
debsig_stub ()
|
|
{
|
|
:
|
|
}
|
|
|
|
SOP=
|
|
for sop in sqop rsop gosop pgpainless-cli; do
|
|
if command -v $sop >/dev/null; then
|
|
SOP=$sop
|
|
break
|
|
fi
|
|
done
|
|
|
|
if [ -n "$SOP" ]; then
|
|
alias debsig_openpgp_setup=debsig_stub
|
|
alias debsig_openpgp_teardown=debsig_stub
|
|
|
|
debsig_openpgp_detach_sign ()
|
|
{
|
|
$SOP sign --no-armor $TESTKEYRINGS/$TESTFPRID/secring.pgp
|
|
}
|
|
elif command -v sq >/dev/null; then
|
|
alias debsig_openpgp_setup=debsig_stub
|
|
alias debsig_openpgp_teardown=debsig_stub
|
|
|
|
debsig_openpgp_detach_sign ()
|
|
{
|
|
sq sign --signer-file $TESTKEYRINGS/$TESTFPRID/secring.pgp \
|
|
--signature-file -
|
|
}
|
|
elif command -v gpg >/dev/null; then
|
|
GPG=gpg
|
|
GPGOPTS="--ignore-time-conflict --no-options --no-default-keyring
|
|
--no-auto-check-trustdb --trust-model=always"
|
|
|
|
# Check if we need to manage the agent ourselves.
|
|
if gpgconf -n --kill gpg-agent >/dev/null 2>&1; then
|
|
GPGAGENT_MANAGED=true
|
|
else
|
|
GPGAGENT_MANAGED=false
|
|
fi
|
|
|
|
trap debsig_openpgp_teardown EXIT HUP INT QUIT TERM
|
|
|
|
debsig_openpgp_setup ()
|
|
{
|
|
# Create the GnuPG home directory.
|
|
export GNUPGHOME=$(mktemp --tmpdir -d debsig-test-tmp.XXXXXXXXXX)
|
|
TESTGNUPG=$GNUPGHOME
|
|
chmod 0700 $GNUPGHOME
|
|
|
|
# For recent GnuPG versions, start the agent explicitly.
|
|
if $GPGAGENT_MANAGED; then
|
|
gpgconf --launch gpg-agent
|
|
fi
|
|
|
|
# Import the keys.
|
|
$GPG $GPGOPTS -v --batch --import $TESTKEYRINGS/$TESTFPRID/pubring.pgp
|
|
$GPG $GPGOPTS -v --batch --import $TESTKEYRINGS/$TESTFPRID/secring.pgp
|
|
}
|
|
|
|
debsig_openpgp_teardown ()
|
|
{
|
|
if $GPGAGENT_MANAGED; then
|
|
gpgconf --kill gpg-agent
|
|
fi
|
|
rm -rf "$TESTGNUPG"
|
|
unset GNUPGHOME
|
|
}
|
|
|
|
debsig_openpgp_detach_sign()
|
|
{
|
|
$GPG $GPGOPTS --detach-sig
|
|
}
|
|
else
|
|
echo "error: cannot find an OpenPGP backend" >&2
|
|
fi
|
|
|
|
debsig_use_key ()
|
|
{
|
|
local fprid="$1"
|
|
|
|
TESTFPRID="$fprid"
|
|
TESTKEYID="$(echo $TESTFPRID | cut -c25-)"
|
|
}
|
|
|
|
debsig_make_deb ()
|
|
{
|
|
local debname="$1"
|
|
local debversion="$2"
|
|
local debdir="${debname}_${debversion}"
|
|
local debpkg="${debdir}.deb"
|
|
|
|
# Make a .deb package.
|
|
mkdir -p $debdir/DEBIAN
|
|
cat > $debdir/DEBIAN/control <<EOF
|
|
Package: $debname
|
|
Version: $debversion
|
|
Architecture: all
|
|
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
|
|
Description: Signature Test Package
|
|
EOF
|
|
mkdir -p $debdir/usr/share/doc/
|
|
echo "Debsig testing deb" > $debdir/usr/share/doc/README
|
|
dpkg-deb --root-owner-group -b "$debdir" "$debpkg"
|
|
}
|
|
|
|
debsig_make_sig_bad ()
|
|
{
|
|
local debpkg="$1_$2.deb"
|
|
|
|
# Add a bogus signature to a .deb package.
|
|
debsig_openpgp_setup
|
|
debsig_openpgp_detach_sign >_gpgorigin <"$debpkg"
|
|
ar q "$debpkg" _gpgorigin
|
|
debsig_openpgp_teardown
|
|
}
|
|
|
|
debsig_make_sig ()
|
|
{
|
|
local debpkg="$1_$2.deb"
|
|
|
|
# Add signature to a .deb package.
|
|
debsig_openpgp_setup
|
|
ar p "$debpkg" | debsig_openpgp_detach_sign >_gpgorigin
|
|
ar q "$debpkg" _gpgorigin
|
|
debsig_openpgp_teardown
|
|
}
|