Beispiel #1
0
    def test_export_single_key_from_keyring_dir(self, home_dir, tmpdir):
        """Only a single key is exported from a multi-key source keyring."""
        source_key1 = tmpdir.join("ubuntu-advantage-esm-{}.gpg".format(
            data.GPG_KEY1_ID))
        source_key2 = tmpdir.join("ubuntu-advantage-cc-eal-{}.gpg".format(
            data.GPG_KEY2_ID))
        destination_keyfile = tmpdir.join("destination_key").strpath
        # Create keyring with both ESM and CC-EAL2 keys
        source_key1.write(data.GPG_KEY1, "wb")
        source_key2.write(data.GPG_KEY2, "wb")
        gpg.export_gpg_key(
            source_keyfile=source_key1.strpath,
            destination_keyfile=destination_keyfile,
        )
        gpg_dest_list_keys = [
            "gpg",
            "--no-auto-check-trustdb",
            "--options",
            "/dev/null",
            "--no-default-keyring",
            "--keyring",
            destination_keyfile,
            "--list-keys",
        ]
        dest_out, _err = util.subp(gpg_dest_list_keys)

        assert "Ubuntu Common Criteria EAL2" in dest_out
        # ESM didn't get exported
        assert "Extended Security Maintenance" not in dest_out
def add_auth_apt_repo(
    repo_filename: str,
    repo_url: str,
    credentials: str,
    suites: "List[str]",
    keyring_file: str,
) -> None:
    """Add an authenticated apt repo and credentials to the system.

    @raises: InvalidAPTCredentialsError when the token provided can't access
        the repo PPA.
    """
    try:
        username, password = credentials.split(":")
    except ValueError:  # Then we have a bearer token
        username = "******"
        password = credentials
    series = util.get_platform_info()["series"]
    if repo_url.endswith("/"):
        repo_url = repo_url[:-1]
    assert_valid_apt_credentials(repo_url, username, password)

    # Does this system have updates suite enabled?
    updates_enabled = False
    policy = run_apt_command(["apt-cache", "policy"],
                             status.MESSAGE_APT_POLICY_FAILED)
    for line in policy.splitlines():
        # We only care about $suite-updates lines
        if "a={}-updates".format(series) not in line:
            continue
        # We only care about $suite-updates from the Ubuntu archive
        if "o=Ubuntu," not in line:
            continue
        updates_enabled = True
        break

    content = ""
    for suite in suites:
        if series not in suite:
            continue  # Only enable suites matching this current series
        maybe_comment = ""
        if "-updates" in suite and not updates_enabled:
            logging.debug(
                'Not enabling apt suite "%s" because "%s-updates" is not'
                " enabled",
                suite,
                series,
            )
            maybe_comment = "# "
        content += ("{maybe_comment}deb {url}/ubuntu {suite} main\n"
                    "# deb-src {url}/ubuntu {suite} main\n".format(
                        maybe_comment=maybe_comment, url=repo_url,
                        suite=suite))
    util.write_file(repo_filename, content)
    add_apt_auth_conf_entry(repo_url, username, password)
    source_keyring_file = os.path.join(KEYRINGS_DIR, keyring_file)
    destination_keyring_file = os.path.join(APT_KEYS_DIR, keyring_file)
    gpg.export_gpg_key(source_keyring_file, destination_keyring_file)
Beispiel #3
0
    def test_key_error_on_missing_keyfile(self, home_dir, tmpdir):
        """Raise UserFacingError when source_keyfile is not found."""
        src_keyfile = tmpdir.join("nothere").strpath
        destination_keyfile = tmpdir.join("destination_keyfile").strpath
        # known valid gpg key which will not exist in source_keyring_dir
        with pytest.raises(exceptions.UserFacingError) as excinfo:
            gpg.export_gpg_key(
                source_keyfile=src_keyfile,
                destination_keyfile=destination_keyfile,
            )

        error_msg = "GPG key '{}' not found".format(src_keyfile)
        assert error_msg in str(excinfo.value)
        assert not os.path.exists(destination_keyfile)