def testForPrivatePPA(self):
"""Run publish-distro in private PPA mode.
It should only publish private PPAs.
"""
# First, we'll make a private PPA and populate it with a
# publishing record.
ubuntutest = getUtility(IDistributionSet)['ubuntutest']
private_ppa = self.factory.makeArchive(private=True,
distribution=ubuntutest)
# Publish something to the private PPA:
pub_source = self.getPubSource(sourcename='baz',
filecontent='baz',
archive=private_ppa)
self.layer.txn.commit()
self.setUpRequireSigningKeys()
yield self.useFixture(InProcessKeyServerFixture()).start()
key_path = os.path.join(gpgkeysdir, '*****@*****.**')
yield IArchiveSigningKey(private_ppa).setSigningKey(
key_path, async_keyserver=True)
# Try a plain PPA run, to ensure the private one is NOT published.
self.runPublishDistro(['--ppa'])
pub_source.sync()
self.assertEqual(pub_source.status, PackagePublishingStatus.PENDING)
# Now publish the private PPAs and make sure they are really
# published.
self.runPublishDistro(['--private-ppa'])
pub_source.sync()
self.assertEqual(pub_source.status, PackagePublishingStatus.PUBLISHED)
def testForPPA(self):
"""Try to run publish-distro in PPA mode.
It should deal only with PPA publications.
"""
pub_source = self.getPubSource(filecontent='foo')
cprov = getUtility(IPersonSet).getByName('cprov')
pub_source2 = self.getPubSource(sourcename='baz',
filecontent='baz',
archive=cprov.archive)
ubuntutest = getUtility(IDistributionSet)['ubuntutest']
name16 = getUtility(IPersonSet).getByName('name16')
getUtility(IArchiveSet).new(purpose=ArchivePurpose.PPA,
owner=name16,
distribution=ubuntutest)
pub_source3 = self.getPubSource(sourcename='bar',
filecontent='bar',
archive=name16.archive)
# Override PPAs distributions
naked_archive = removeSecurityProxy(cprov.archive)
naked_archive.distribution = self.ubuntutest
naked_archive = removeSecurityProxy(name16.archive)
naked_archive.distribution = self.ubuntutest
self.setUpRequireSigningKeys()
yield self.useFixture(InProcessKeyServerFixture()).start()
key_path = os.path.join(gpgkeysdir, '*****@*****.**')
yield IArchiveSigningKey(cprov.archive).setSigningKey(
key_path, async_keyserver=True)
name16.archive.signing_key_owner = cprov.archive.signing_key_owner
name16.archive.signing_key_fingerprint = (
cprov.archive.signing_key_fingerprint)
self.layer.txn.commit()
self.runPublishDistro(['--ppa'])
pub_source.sync()
pub_source2.sync()
pub_source3.sync()
self.assertEqual(pub_source.status, PackagePublishingStatus.PENDING)
self.assertEqual(pub_source2.status, PackagePublishingStatus.PUBLISHED)
self.assertEqual(pub_source3.status, PackagePublishingStatus.PUBLISHED)
foo_path = "%s/main/f/foo/foo_666.dsc" % self.pool_dir
self.assertEqual(False, os.path.exists(foo_path))
baz_path = os.path.join(config.personalpackagearchive.root, cprov.name,
'ppa/ubuntutest/pool/main/b/baz/baz_666.dsc')
self.assertEqual('baz', open(baz_path).read().strip())
bar_path = os.path.join(config.personalpackagearchive.root,
name16.name,
'ppa/ubuntutest/pool/main/b/bar/bar_666.dsc')
self.assertEqual('bar', open(bar_path).read().strip())
def test_starts_properly(self):
# The fixture starts properly and we can load the page.
from twisted.internet import reactor
fixture = self.useFixture(InProcessKeyServerFixture())
yield fixture.start()
client = self.useFixture(TReqFixture(reactor)).client
response = yield client.get(fixture.url).addCallback(check_status)
content = yield treq.content(response)
self.assertEqual(GREETING, content)
def test_url(self):
# The url is the one that gpghandler is configured to hit.
fixture = self.useFixture(InProcessKeyServerFixture())
yield fixture.start()
self.assertEqual(
("http://%s:%d" % (
config.gpghandler.host,
config.gpghandler.port)).encode("UTF-8"),
fixture.url)
def makeArchive(self, signing_key_name="*****@*****.**",
publish_binary=False, **kwargs):
try:
getattr(config, "in-process-key-server-fixture")
except AttributeError:
yield self.useFixture(InProcessKeyServerFixture()).start()
archive = self.factory.makeArchive(distribution=self.ubuntu, **kwargs)
if signing_key_name is not None:
key_path = os.path.join(gpgkeysdir, "%s.sec" % signing_key_name)
yield IArchiveSigningKey(archive).setSigningKey(
key_path, async_keyserver=True)
if publish_binary:
self.publisher.getPubBinaries(
archive=archive, status=PackagePublishingStatus.PUBLISHED)
defer.returnValue(archive)
def test_extraBuildArgs_archive_trusted_keys(self):
# If the archive has a signing key, extraBuildArgs sends it.
yield self.useFixture(InProcessKeyServerFixture()).start()
archive = self.factory.makeArchive()
key_path = os.path.join(gpgkeysdir, "*****@*****.**")
yield IArchiveSigningKey(archive).setSigningKey(
key_path, async_keyserver=True)
job = self.makeJob(archive=archive, with_builder=True)
distroarchseries = job.build.distroseries.architectures[0]
self.factory.makeBinaryPackagePublishingHistory(
distroarchseries=distroarchseries, pocket=job.build.pocket,
archive=archive, status=PackagePublishingStatus.PUBLISHED)
args = yield job.extraBuildArgs()
self.assertThat(args["trusted_keys"], MatchesListwise([
Base64KeyMatches("0D57E99656BEFB0897606EE9A022DD1F5001B46D"),
]))
def setUp(self):
super(TestSignableArchiveWithSigningKey, self).setUp()
self.temp_dir = self.makeTemporaryDirectory()
self.distro = self.factory.makeDistribution()
db_pubconf = getUtility(IPublisherConfigSet).getByDistribution(
self.distro)
db_pubconf.root_dir = unicode(self.temp_dir)
self.archive = self.factory.makeArchive(distribution=self.distro,
purpose=ArchivePurpose.PRIMARY)
self.archive_root = getPubConfig(self.archive).archiveroot
self.suite = "distroseries"
with InProcessKeyServerFixture() as keyserver:
yield keyserver.start()
key_path = os.path.join(gpgkeysdir, '*****@*****.**')
yield IArchiveSigningKey(self.archive).setSigningKey(
key_path, async_keyserver=True)
def test_sign_with_signing_key(self):
filename = os.path.join(getPubConfig(self.archive).archiveroot, "file")
write_file(filename, "contents")
self.assertIsNone(self.archive.signing_key)
self.useFixture(InProcessKeyServerFixture()).start()
key_path = os.path.join(gpgkeysdir, '*****@*****.**')
yield IArchiveSigningKey(self.archive).setSigningKey(
key_path, async_keyserver=True)
self.assertIsNotNone(self.archive.signing_key)
custom_processor = CustomUpload()
custom_processor.sign(self.archive, "suite", filename)
with open(filename) as cleartext_file:
cleartext = cleartext_file.read()
with open("%s.gpg" % filename) as signature_file:
signature = getUtility(IGPGHandler).getVerifiedSignature(
cleartext, signature_file.read())
self.assertEqual(self.archive.signing_key.fingerprint,
signature.fingerprint)
def testCarefulRelease(self):
"""publish-distro can be asked to just rewrite Release files."""
archive = self.factory.makeArchive(distribution=self.ubuntutest)
pub_source = self.getPubSource(filecontent='foo', archive=archive)
self.setUpRequireSigningKeys()
yield self.useFixture(InProcessKeyServerFixture()).start()
key_path = os.path.join(gpgkeysdir, '*****@*****.**')
yield IArchiveSigningKey(archive).setSigningKey(key_path,
async_keyserver=True)
self.layer.txn.commit()
self.runPublishDistro(['--ppa'])
pub_source.sync()
self.assertEqual(PackagePublishingStatus.PUBLISHED, pub_source.status)
dists_path = getPubConfig(archive).distsroot
hoary_inrelease_path = os.path.join(dists_path, 'hoary-test',
'InRelease')
breezy_inrelease_path = os.path.join(dists_path, 'breezy-autotest',
'InRelease')
self.assertThat(hoary_inrelease_path, Not(PathExists()))
os.unlink(breezy_inrelease_path)
self.runPublishDistro(['--ppa', '--careful-release'])
self.assertThat(hoary_inrelease_path, Not(PathExists()))
self.assertThat(breezy_inrelease_path, Not(PathExists()))
self.runPublishDistro([
'--ppa',
'--careful-release',
'--include-non-pending',
'--disable-publishing',
'--disable-domination',
'--disable-apt',
])
# hoary-test never had indexes created, so is untouched.
self.assertThat(hoary_inrelease_path, Not(PathExists()))
# breezy-autotest has its Release files rewritten.
self.assertThat(breezy_inrelease_path, PathExists())
def test_extraBuildArgs_archive_trusted_keys(self):
# If the archive has a signing key, extraBuildArgs sends it.
yield self.useFixture(InProcessKeyServerFixture()).start()
archive = self.factory.makeArchive()
builder = self.factory.makeBuilder()
key_path = os.path.join(gpgkeysdir, "*****@*****.**")
yield IArchiveSigningKey(archive).setSigningKey(key_path,
async_keyserver=True)
build = self.factory.makeBinaryPackageBuild(archive=archive)
self.factory.makeBinaryPackagePublishingHistory(
distroarchseries=build.distro_arch_series,
pocket=build.pocket,
archive=archive,
status=PackagePublishingStatus.PUBLISHED)
behaviour = IBuildFarmJobBehaviour(build)
behaviour.setBuilder(builder, None)
args = yield behaviour.extraBuildArgs()
self.assertThat(
args["trusted_keys"],
MatchesListwise([
Base64KeyMatches("0D57E99656BEFB0897606EE9A022DD1F5001B46D"),
]))
def setUpArchiveKey(self):
with InProcessKeyServerFixture() as keyserver:
yield keyserver.start()
key_path = os.path.join(gpgkeysdir, '*****@*****.**')
yield IArchiveSigningKey(self.archive).setSigningKey(
key_path, async_keyserver=True)