def test_export_single_key_from_keyring_dir(self, home_dir, tmpdir): """Only a single key is exported from a multi-key source keyring.""" source_key1 = tmpdir.join("ubuntu-advantage-esm-{}.gpg".format( data.GPG_KEY1_ID)) source_key2 = tmpdir.join("ubuntu-advantage-cc-eal-{}.gpg".format( data.GPG_KEY2_ID)) destination_keyfile = tmpdir.join("destination_key").strpath # Create keyring with both ESM and CC-EAL2 keys source_key1.write(data.GPG_KEY1, "wb") source_key2.write(data.GPG_KEY2, "wb") gpg.export_gpg_key( source_keyfile=source_key1.strpath, destination_keyfile=destination_keyfile, ) gpg_dest_list_keys = [ "gpg", "--no-auto-check-trustdb", "--options", "/dev/null", "--no-default-keyring", "--keyring", destination_keyfile, "--list-keys", ] dest_out, _err = util.subp(gpg_dest_list_keys) assert "Ubuntu Common Criteria EAL2" in dest_out # ESM didn't get exported assert "Extended Security Maintenance" not in dest_out
def add_auth_apt_repo( repo_filename: str, repo_url: str, credentials: str, suites: "List[str]", keyring_file: str, ) -> None: """Add an authenticated apt repo and credentials to the system. @raises: InvalidAPTCredentialsError when the token provided can't access the repo PPA. """ try: username, password = credentials.split(":") except ValueError: # Then we have a bearer token username = "******" password = credentials series = util.get_platform_info()["series"] if repo_url.endswith("/"): repo_url = repo_url[:-1] assert_valid_apt_credentials(repo_url, username, password) # Does this system have updates suite enabled? updates_enabled = False policy = run_apt_command(["apt-cache", "policy"], status.MESSAGE_APT_POLICY_FAILED) for line in policy.splitlines(): # We only care about $suite-updates lines if "a={}-updates".format(series) not in line: continue # We only care about $suite-updates from the Ubuntu archive if "o=Ubuntu," not in line: continue updates_enabled = True break content = "" for suite in suites: if series not in suite: continue # Only enable suites matching this current series maybe_comment = "" if "-updates" in suite and not updates_enabled: logging.debug( 'Not enabling apt suite "%s" because "%s-updates" is not' " enabled", suite, series, ) maybe_comment = "# " content += ("{maybe_comment}deb {url}/ubuntu {suite} main\n" "# deb-src {url}/ubuntu {suite} main\n".format( maybe_comment=maybe_comment, url=repo_url, suite=suite)) util.write_file(repo_filename, content) add_apt_auth_conf_entry(repo_url, username, password) source_keyring_file = os.path.join(KEYRINGS_DIR, keyring_file) destination_keyring_file = os.path.join(APT_KEYS_DIR, keyring_file) gpg.export_gpg_key(source_keyring_file, destination_keyring_file)
def test_key_error_on_missing_keyfile(self, home_dir, tmpdir): """Raise UserFacingError when source_keyfile is not found.""" src_keyfile = tmpdir.join("nothere").strpath destination_keyfile = tmpdir.join("destination_keyfile").strpath # known valid gpg key which will not exist in source_keyring_dir with pytest.raises(exceptions.UserFacingError) as excinfo: gpg.export_gpg_key( source_keyfile=src_keyfile, destination_keyfile=destination_keyfile, ) error_msg = "GPG key '{}' not found".format(src_keyfile) assert error_msg in str(excinfo.value) assert not os.path.exists(destination_keyfile)