def testTroveDisplaySigs(self): # go through a lot of trouble to sign this trove. # copied from sigtest. self.addComponent('foo:runtime', '1.0') from conary.lib import openpgpfile, openpgpkey from conary.build import signtrove fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477' keyCache = openpgpkey.getKeyCache() keyCache.getPrivateKey(fingerprint, '111111') keyRing = open(resources.get_archive() + '/pubring.gpg') keyData = openpgpfile.exportKey(fingerprint, keyRing) keyData.seek(0) keyData = keyData.read() # upload the public key repos = self.openRepository() repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData) self.cfg.signatureKey = fingerprint self.cfg.quiet = True signtrove.signTroves(self.cfg, [ "foo:runtime"]) rs, txt = self.captureOutput(queryrep.displayTroves, self.cfg, ['foo:runtime'], digSigs=True) assert(txt.startswith('''\ foo:runtime=1.0-1-1 Digital Signature: F7440D78FE813C882212C2BF8AC2828190B1E477:'''))
def testCompareRepos(self): sourceRepos, targetRepos = self.createRepositories() mirrorFile = self.createConfigurationFile() self.createTroves(sourceRepos, 1,1) # repos should be different self.assertRaises(AssertionError, self.compareRepositories, sourceRepos, targetRepos) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # sign our trove sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey) self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D' signtrove.signTroves(self.cfg, [ "test1:runtime" ]) self.assertRaises(AssertionError, self.compareRepositories, sourceRepos, targetRepos) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test metadata changes if sourceRepos.c['localhost'].getProtocolVersion() < 47: return ti = trove.TroveInfo() mi = trove.MetadataItem() mi.shortDesc.set('testsuite is fun to run') ti.metadata.addItem(mi) tl = sourceRepos.getTroveVersionList("localhost", {"test1:runtime":None}) tl = self._flatten(tl) sourceRepos.setTroveInfo(zip(tl, [ti] * len(tl))) self.assertRaises(AssertionError, self.compareRepositories, sourceRepos, targetRepos) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos)
def testCompareRepos(self): sourceRepos, targetRepos = self.createRepositories() mirrorFile = self.createConfigurationFile() self.createTroves(sourceRepos, 1, 1) # repos should be different self.assertRaises(AssertionError, self.compareRepositories, sourceRepos, targetRepos) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # sign our trove sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey) self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D' signtrove.signTroves(self.cfg, ["test1:runtime"]) self.assertRaises(AssertionError, self.compareRepositories, sourceRepos, targetRepos) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test metadata changes if sourceRepos.c['localhost'].getProtocolVersion() < 47: return ti = trove.TroveInfo() mi = trove.MetadataItem() mi.shortDesc.set('testsuite is fun to run') ti.metadata.addItem(mi) tl = sourceRepos.getTroveVersionList("localhost", {"test1:runtime": None}) tl = self._flatten(tl) sourceRepos.setTroveInfo(zip(tl, [ti] * len(tl))) self.assertRaises(AssertionError, self.compareRepositories, sourceRepos, targetRepos) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos)
def testSignNoKey(self): fingerprint = None self.addQuickTestComponent("test:doc", "1.0-1-1") self.cfg.signatureKey = fingerprint self.cfg.quiet = True signtrove.signTroves(self.cfg, ["test:doc"])
def testInstallSignedTrove(self): # CNY-2555 fingerprint = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E' self.addComponent('test:run', '1', fileContents=[('/usr/share/foo1', 'blah')]) self.addCollection('test', '1', [':run']) self.cfg.signatureKey = fingerprint self.cfg.quiet = True signtrove.signTroves(self.cfg, ["test"]) # Install, have a non-existant keyring self.cfg.pubRing = "/some/keyring" openpgpkey.getKeyCache().reset() openpgpkey.getKeyCache().setPublicPath(self.cfg.pubRing) # This should change to an error when RMK-791 (related to CNY-2555) is # fixed self.logFilter.add() self.updatePkg("test") self.logFilter.remove() self.logFilter.compare( "error: While caching PGP key: Permission denied: /some")
def testUpdateMissingKey(self): fingerprint = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E' # supply the pass phrase for our private key keyCache = openpgpkey.getKeyCache() keyCache.getPrivateKey(fingerprint, '111111') self.cfg.signatureKey = fingerprint self.addQuickTestComponent("test:doc", "1.0-1-1") signtrove.signTroves(self.cfg, ["test:doc"]) repos = self.openRepository() # utterly prevent the keycache from knowing about the key, # but give it a place to store a keyserver retrieved key. newKeyCache = openpgpkey.OpenPGPKeyFileCache() tmpPath = mkdtemp() pubRing = self.cfg.pubRing self.cfg.pubRing = [tmpPath + '/pubring.gpg'] newKeyCache.publicPaths = self.cfg.pubRing keyCacheCallback = openpgpkey.KeyCacheCallback(repos, self.cfg) newKeyCache.setCallback(keyCacheCallback) openpgpkey.setKeyCache(newKeyCache) try: self.updatePkg(self.rootDir, "test:doc") newKeyCache.getPublicKey(fingerprint) finally: self.cfg.pubRing = pubRing openpgpkey.setKeyCache(keyCache) util.rmtree(tmpPath)
def testTroveDisplaySigs(self): # go through a lot of trouble to sign this trove. # copied from sigtest. self.addComponent('foo:runtime', '1.0') from conary.lib import openpgpfile, openpgpkey from conary.build import signtrove fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477' keyCache = openpgpkey.getKeyCache() keyCache.getPrivateKey(fingerprint, '111111') keyRing = open(resources.get_archive() + '/pubring.gpg') keyData = openpgpfile.exportKey(fingerprint, keyRing) keyData.seek(0) keyData = keyData.read() # upload the public key repos = self.openRepository() repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData) self.cfg.signatureKey = fingerprint self.cfg.quiet = True signtrove.signTroves(self.cfg, ["foo:runtime"]) rs, txt = self.captureOutput(queryrep.displayTroves, self.cfg, ['foo:runtime'], digSigs=True) assert (txt.startswith('''\ foo:runtime=1.0-1-1 Digital Signature: F7440D78FE813C882212C2BF8AC2828190B1E477:'''))
def runCommand(self, cfg, argSet, args, profile = False, callback = None, repos = None): args = args[1:] if len(args) <2: return self.usage() if argSet.has_key('quiet'): cfg.quiet = True del argSet['quiet'] recurse = argSet.pop('recurse', False) signtrove.signTroves(cfg, args[1:], recurse)
def testMirror(self): sourceRepos, targetRepos = self.createRepositories() mirrorFile = self.createConfigurationFile() # this is really ugly, but needed to ensure test consistency db = self.servers.getServer(0).reposDB.connect() cu = db.cursor() # test simple trove mirroring self.createTroves(sourceRepos, 1, 2, "1.0") self.createTroves(sourceRepos, 1, 2, "2.0") self.sleep(1.2) self.createTroves(sourceRepos, 1, 2, "3.0") # the following is just to get the trigger to fire cu.execute("update Instances set changed=1") db.commit() self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # simulate multiple trove versions with the same mark self.createTroves(sourceRepos, 10, 2, "1.0", "~foo") self.createTroves(sourceRepos, 10, 2, "1.0", "~!foo") self.createTroves(sourceRepos, 10, 2, "1.1") # the following is just to get the trigger to fire cu.execute("update Instances set changed=1") db.commit() self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test mirroring of ascii keys sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test mirroring of new trove signatures self.createTroves(sourceRepos, 20, 2) self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D' signtrove.signTroves(self.cfg, ["test10:runtime", "test20:runtime"]) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) fprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477' keyCache = openpgpkey.getKeyCache() keyCache.getPrivateKey(fprint, '111111') self.cfg.signatureKey = fprint keyRing = open(resources.get_archive() + '/pubring.gpg') keyData = openpgpfile.exportKey(fprint, keyRing) keyData.seek(0) keyData = keyData.read() sourceRepos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData) signtrove.signTroves(self.cfg, ["test11:runtime", "test21:runtime"]) self.createTroves(sourceRepos, 30, 2) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos)
def testMirror(self): sourceRepos, targetRepos = self.createRepositories() mirrorFile = self.createConfigurationFile() # this is really ugly, but needed to ensure test consistency db = self.servers.getServer(0).reposDB.connect() cu = db.cursor() # test simple trove mirroring self.createTroves(sourceRepos, 1, 2, "1.0") self.createTroves(sourceRepos, 1, 2, "2.0") self.sleep(1.2) self.createTroves(sourceRepos, 1, 2, "3.0") # the following is just to get the trigger to fire cu.execute("update Instances set changed=1") db.commit() self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # simulate multiple trove versions with the same mark self.createTroves(sourceRepos, 10, 2, "1.0", "~foo") self.createTroves(sourceRepos, 10, 2, "1.0", "~!foo") self.createTroves(sourceRepos, 10, 2, "1.1") # the following is just to get the trigger to fire cu.execute("update Instances set changed=1") db.commit() self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test mirroring of ascii keys sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test mirroring of new trove signatures self.createTroves(sourceRepos, 20, 2) self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D' signtrove.signTroves(self.cfg, [ "test10:runtime", "test20:runtime" ]) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) fprint='F7440D78FE813C882212C2BF8AC2828190B1E477' keyCache = openpgpkey.getKeyCache() keyCache.getPrivateKey(fprint, '111111') self.cfg.signatureKey = fprint keyRing = open(resources.get_archive() + '/pubring.gpg') keyData = openpgpfile.exportKey(fprint, keyRing) keyData.seek(0) keyData = keyData.read() sourceRepos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData) signtrove.signTroves(self.cfg, [ "test11:runtime", "test21:runtime" ]) self.createTroves(sourceRepos, 30, 2) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos)
def testMirrorInfo(self): sourceRepos, targetRepos = self.createRepositories() mirrorFile = self.createConfigurationFile() self.createTroves(sourceRepos, 10, 2, "1.0") self.createTroves(sourceRepos, 10, 2, "2.0") self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test mirroring signatures sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey) self.createTroves(sourceRepos, 20, 2, "1.1") self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D' signtrove.signTroves(self.cfg, ["test10:runtime", "test11:runtime"]) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) signtrove.signTroves(self.cfg, ["test20:runtime"]) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test mirroring metadata changes ti = trove.TroveInfo() mi = trove.MetadataItem() mi.shortDesc.set('This is the short description') ti.metadata.addItem(mi) # get the versions of the troves we're testing tl = ["test%d:runtime" % x for x in (10, 20, 21)] tl = sourceRepos.getTroveVersionList("localhost", dict.fromkeys(tl)) tl = self._flatten(tl) tl = dict([(n, (v, f)) for n, v, f in tl]) self.sleep(1.2) for tidx in (21, 20, 10): t = "test%d:runtime" % tidx sourceRepos.setTroveInfo([((t, tl[t][0], tl[t][1]), ti)]) self.assertRaises(AssertionError, self.compareRepositories, sourceRepos, targetRepos) if tidx == 10: self.createTroves(sourceRepos, 30, 10, "3.0") self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test mirroring with the addMetadataItem call mi = trove.MetadataItem() mi.longDesc.set( "this should be areally long description, but it isn't") mi.url.set("http://localhost/") mi.keyValue['key'] = 'value' for tidx in (21, 20, 10): t = "test%d:runtime" % tidx sourceRepos.addMetadataItems([((t, tl[t][0], tl[t][1]), mi)]) self.assertRaises(AssertionError, self.compareRepositories, sourceRepos, targetRepos) if tidx == 10: self.createTroves(sourceRepos, 40, 10, "3.1") self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos)
def testMirrorInfo(self): sourceRepos, targetRepos = self.createRepositories() mirrorFile = self.createConfigurationFile() self.createTroves(sourceRepos, 10, 2, "1.0") self.createTroves(sourceRepos, 10, 2, "2.0") self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test mirroring signatures sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey) self.createTroves(sourceRepos, 20, 2, "1.1") self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D' signtrove.signTroves(self.cfg, [ "test10:runtime", "test11:runtime" ]) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) signtrove.signTroves(self.cfg, [ "test20:runtime" ]) self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test mirroring metadata changes ti = trove.TroveInfo() mi = trove.MetadataItem() mi.shortDesc.set('This is the short description') ti.metadata.addItem(mi) # get the versions of the troves we're testing tl = [ "test%d:runtime" % x for x in (10,20,21) ] tl = sourceRepos.getTroveVersionList("localhost", dict.fromkeys(tl)) tl = self._flatten(tl) tl = dict([ (n, (v,f)) for n,v,f in tl ]) self.sleep(1.2) for tidx in (21, 20, 10): t = "test%d:runtime" % tidx sourceRepos.setTroveInfo([((t, tl[t][0], tl[t][1]), ti)]) self.assertRaises(AssertionError, self.compareRepositories, sourceRepos, targetRepos) if tidx == 10: self.createTroves(sourceRepos, 30, 10, "3.0") self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos) # test mirroring with the addMetadataItem call mi = trove.MetadataItem() mi.longDesc.set("this should be areally long description, but it isn't") mi.url.set("http://localhost/") mi.keyValue['key'] = 'value' for tidx in (21, 20, 10): t = "test%d:runtime" % tidx sourceRepos.addMetadataItems([((t,tl[t][0],tl[t][1]), mi)]) self.assertRaises(AssertionError, self.compareRepositories, sourceRepos, targetRepos) if tidx == 10: self.createTroves(sourceRepos, 40, 10, "3.1") self.runMirror(mirrorFile) self.compareRepositories(sourceRepos, targetRepos)
def runCommand(self, cfg, argSet, args, profile=False, callback=None, repos=None): args = args[1:] if len(args) < 2: return self.usage() if argSet.has_key('quiet'): cfg.quiet = True del argSet['quiet'] recurse = argSet.pop('recurse', False) signtrove.signTroves(cfg, args[1:], recurse)
def testSignTroveExpiration(self): # test that a key that hasn't expired will succeed fingerprint = "7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D" repos = self.openRepository() repos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', unexpiredKey) self.addQuickTestComponent("test:doc", "1.0-1-1") self.cfg.signatureKey = fingerprint signtrove.signTroves(self.cfg, ["test:doc"]) # test that a key that has expired won't succeed fingerprint = "69E3912FA8DDD94EDF172D4BF7C542A9DA44E4BD" repos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', unexpiredKey) self.cfg.signatureKey = fingerprint self.assertRaises(errors.DigitalSignatureError, signtrove.signTroves, self.cfg, ["test:doc"])
def testSignedCheckout(self): fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477' # supply the pass phrase for our private key keyCache = openpgpkey.getKeyCache() keyCache.getPrivateKey(fingerprint, '111111') self.addQuickTestComponent("test:source", "1.0-1-1") self.cfg.signatureKey = fingerprint self.cfg.quiet = True # put the public key into the repo keyRing = open( resources.get_path('conary_test', 'archive', 'pubring.gpg')) keyData = openpgpfile.exportKey(fingerprint, keyRing) keyData.seek(0) keyData = keyData.read() repos = self.openRepository() repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData) signtrove.signTroves(self.cfg, ["test:source"]) # alter key's trust value and determine that the doUpdate # code properly verifies trust thresholds pubKey = keyCache.getPublicKey(fingerprint) pubKey.trustLevel = openpgpfile.TRUST_UNTRUSTED keyCache.publicDict[fingerprint] = pubKey self.cfg.trustThreshold = openpgpfile.TRUST_ULTIMATE self.logFilter.add() try: checkout(repos, self.cfg, self.workDir, ["test"]) self.fail("checkin.checkout did not properly verify trust levels") except DigitalSignatureVerificationError: self.logFilter.compare([ 'warning: The trove test:source has ' 'signatures generated with untrusted keys. You can either ' 'resign the trove with a key that you trust, or add one of the ' 'keys to the list of trusted keys (the trustedKeys ' 'configuration option). The keys that were not trusted are: ' '90B1E477' ])
def testMirrrorInfoExcluded(self): sourceRepos, targetRepos = self.createRepositories() # only mirror test10 troves mirrorFile = self.createConfigurationFile(matchTroves="+test10.*") self.createTroves(sourceRepos, 10, 3, "1.0") self.runMirror(mirrorFile) src = sourceRepos.getTroveVersionList("localhost", { None : None }) src = self._flatten(src) self.assertEqual(len(src), 6) dst = targetRepos.getTroveVersionList("localhost", { None : None }) dst = self._flatten(dst) self.assertEqual(len(dst), 2) # test mirroring signatures sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey) self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D' signtrove.signTroves(self.cfg, [ "test10:runtime", "test11:runtime" ]) self.runMirror(mirrorFile) signtrove.signTroves(self.cfg, [ "test12:runtime" ]) self.runMirror(mirrorFile) troves1 = sourceRepos.getTroves(dst) troves2 = targetRepos.getTroves(dst) self.assertEqual(troves1, troves2)
def testMirrrorInfoExcluded(self): sourceRepos, targetRepos = self.createRepositories() # only mirror test10 troves mirrorFile = self.createConfigurationFile(matchTroves="+test10.*") self.createTroves(sourceRepos, 10, 3, "1.0") self.runMirror(mirrorFile) src = sourceRepos.getTroveVersionList("localhost", {None: None}) src = self._flatten(src) self.assertEqual(len(src), 6) dst = targetRepos.getTroveVersionList("localhost", {None: None}) dst = self._flatten(dst) self.assertEqual(len(dst), 2) # test mirroring signatures sourceRepos.addNewAsciiPGPKey(self.cfg.buildLabel, 'test', sigtest.unexpiredKey) self.cfg.signatureKey = '7CCD34B5C5D9CD1F637F6743D4F8F127C267B79D' signtrove.signTroves(self.cfg, ["test10:runtime", "test11:runtime"]) self.runMirror(mirrorFile) signtrove.signTroves(self.cfg, ["test12:runtime"]) self.runMirror(mirrorFile) troves1 = sourceRepos.getTroves(dst) troves2 = targetRepos.getTroves(dst) self.assertEqual(troves1, troves2)
def testSignTrove(self): fingerprint = 'F7440D78FE813C882212C2BF8AC2828190B1E477' # supply the pass phrase for our private key keyCache = openpgpkey.getKeyCache() keyCache.getPrivateKey(fingerprint, '111111') self.addQuickTestComponent("test:doc", "1.0-1-1") self.cfg.signatureKey = fingerprint self.cfg.quiet = True self.assertRaises(errors.DigitalSignatureError, signtrove.signTroves, self.cfg, ["test:doc"]) # get the public key keyRing = open( resources.get_path('conary_test', 'archive', 'pubring.gpg')) keyData = openpgpfile.exportKey(fingerprint, keyRing) keyData.seek(0) keyData = keyData.read() # upload the public key repos = self.openRepository() repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData) signtrove.signTroves(self.cfg, ["test:doc"]) # get the signed trove from the repository, verify that # everything is correct v = versions.VersionFromString('/localhost@rpl:linux/1.0-1-1') f = deps.parseFlavor('') t = repos.getTrove('test:doc', v, f) self._checkDigitalSig(t, fingerprint) self.assertEqual(t.verifyDigitalSignatures(), (openpgpfile.TRUST_TRUSTED, [], set())) # add another signature. This exercises code such as the # change set cache invalidation fingerprint2 = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E' keyCache.getPrivateKey(fingerprint2, '111111') # upload the public key keyRing = open( resources.get_path('conary_test', 'archive', 'pubring.gpg')) keyData = openpgpfile.exportKey(fingerprint2, keyRing) keyData.seek(0) keyData = keyData.read() repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData) # sign with the second private key self.cfg.signatureKey = fingerprint2 self.cfg.quiet = True signtrove.signTroves(self.cfg, ["test:doc"]) # iterate over the signatures, making sure each signature version has # two sigs associated with it t = repos.getTrove('test:doc', v, f) self._checkDigitalSig(t, fingerprint) self._checkDigitalSig(t, fingerprint2) self.assertEqual(t.verifyDigitalSignatures(), (openpgpfile.TRUST_TRUSTED, [], set())) # attempt signing again with a key that already signed the trove self.assertRaises(errors.DigitalSignatureError, signtrove.signTroves, self.cfg, ["test:doc"])
def testSignedUpdate(self): fingerprint = '95B457D16843B21EA3FC73BBC7C32FC1F94E405E' # supply the pass phrase for our private key keyCache = openpgpkey.getKeyCache() keyCache.getPrivateKey(fingerprint, '111111') self.addQuickTestComponent("test:doc", "1.0-1-1") self.cfg.signatureKey = fingerprint self.cfg.quiet = True # put the public key into the repo keyRing = open( resources.get_path('conary_test', 'archive', 'pubring.gpg')) keyData = openpgpfile.exportKey(fingerprint, keyRing) keyData.seek(0) keyData = keyData.read() repos = self.openRepository() repos.addNewPGPKey(self.cfg.buildLabel, 'test', keyData) signtrove.signTroves(self.cfg, ["test:doc"]) # alter key's trust value and determine that the doUpdate # code properly verifies trust thresholds pubKey = keyCache.getPublicKey(fingerprint) pubKey.trustLevel = openpgpfile.TRUST_UNTRUSTED keyCache.publicDict[fingerprint] = pubKey self.cfg.trustThreshold = openpgpfile.TRUST_ULTIMATE self.logFilter.add() try: self.discardOutput(doUpdate, self.cfg, 'test:doc') self.fail("updatecmd.doUpdate did not properly check trust levels") except DigitalSignatureVerificationError: self.logFilter.compare([ 'warning: The trove test:doc has ' 'signatures generated with untrusted keys. You can either ' 'resign the trove with a key that you trust, or add one of the ' 'keys to the list of trusted keys (the trustedKeys ' 'configuration option). The keys that were not trusted are: ' 'F94E405E' ]) # An example how one can catch the digital signature verification # error for each unsigned trove (and display some message in a GUI # maybe). In this case we just raise a different exception. class MyException(Exception): errorIsUncatchable = True class C_(callbacks.UpdateCallback): def verifyTroveSignatures(self, trv): try: return callbacks.UpdateCallback.verifyTroveSignatures( self, trv) except DigitalSignatureVerificationError: raise MyException("Error in trove %s" % trv.getName()) callback = C_(trustThreshold=self.cfg.trustThreshold) # We should catch our own exception now self.discardOutput(self.assertRaises, MyException, doUpdate, self.cfg, "test:doc", callback=callback)