def test_23_ensure_gpgcheck_config(self): '''ensure that GPG checking is configured in the client configuration as expected''' # for RHBZ#1428756 # we'll need the repo file in a few tests; fetch it now remote_repo_file = "/tmp/%s-%s/build/BUILD/%s-%s/rh-cloud.repo" % tuple( CLI_CFG[:2] * 2) try: Util.fetch(RHUA, remote_repo_file, YUM_REPO_FILE) except IOError: raise RuntimeError("configuration not created, can't test it") yum_cfg = ConfigParser() yum_cfg.read(YUM_REPO_FILE) # check RH repos: they all must have GPG checking enabled; get a list of those that don't bad = [ r for r in self.yum_repo_labels if not yum_cfg.getboolean("rhui-%s" % r, "gpgcheck") ] # check custom repos: the 2nd must have GPG checking enabled: if not yum_cfg.getboolean("rhui-custom-%s" % CUSTOM_REPOS[1], "gpgcheck"): bad.append(CUSTOM_REPOS[1]) # the first one mustn't: if yum_cfg.getboolean("rhui-custom-%s" % CUSTOM_REPOS[0], "gpgcheck"): bad.append(CUSTOM_REPOS[0]) nose.tools.ok_(not bad, msg="Unexpected GPG checking configuration for %s" % bad)
def test_17_legacy_ca(): ''' check for bogus error messages if a legacy CA is used ''' # for RHBZ#1731856 # get the CA cert from the RHUA and upload it to the CDS # the cert is among the extra RHUI files, ie. in the directory also containing custom RPMs cds_lb = ConMgr.get_cds_lb_hostname() remote_ca_file = join(CUSTOM_RPMS_DIR, LEGACY_CA_FILE) local_ca_file = join(TMPDIR, LEGACY_CA_FILE) Util.fetch(RHUA, remote_ca_file, local_ca_file) Helpers.add_legacy_ca(CDS, local_ca_file) # re-fetch repodata on the client to trigger the OID validator on the CDS Expect.expect_retval(CLI, "yum clean all ; yum repolist enabled") Expect.expect_retval( CDS, "egrep 'Cert verification failed against [0-9]+ ca cert' " + "/var/log/httpd/%s_error_ssl.log" % cds_lb, 1)