def test_23_ensure_gpgcheck_config(self):
'''ensure that GPG checking is configured in the client configuration as expected'''
# for RHBZ#1428756
# we'll need the repo file in a few tests; fetch it now
remote_repo_file = "/tmp/%s-%s/build/BUILD/%s-%s/rh-cloud.repo" % tuple(
CLI_CFG[:2] * 2)
try:
Util.fetch(RHUA, remote_repo_file, YUM_REPO_FILE)
except IOError:
raise RuntimeError("configuration not created, can't test it")
yum_cfg = ConfigParser()
yum_cfg.read(YUM_REPO_FILE)
# check RH repos: they all must have GPG checking enabled; get a list of those that don't
bad = [
r for r in self.yum_repo_labels
if not yum_cfg.getboolean("rhui-%s" % r, "gpgcheck")
]
# check custom repos: the 2nd must have GPG checking enabled:
if not yum_cfg.getboolean("rhui-custom-%s" % CUSTOM_REPOS[1],
"gpgcheck"):
bad.append(CUSTOM_REPOS[1])
# the first one mustn't:
if yum_cfg.getboolean("rhui-custom-%s" % CUSTOM_REPOS[0], "gpgcheck"):
bad.append(CUSTOM_REPOS[0])
nose.tools.ok_(not bad,
msg="Unexpected GPG checking configuration for %s" %
bad)
def test_17_legacy_ca():
'''
check for bogus error messages if a legacy CA is used
'''
# for RHBZ#1731856
# get the CA cert from the RHUA and upload it to the CDS
# the cert is among the extra RHUI files, ie. in the directory also containing custom RPMs
cds_lb = ConMgr.get_cds_lb_hostname()
remote_ca_file = join(CUSTOM_RPMS_DIR, LEGACY_CA_FILE)
local_ca_file = join(TMPDIR, LEGACY_CA_FILE)
Util.fetch(RHUA, remote_ca_file, local_ca_file)
Helpers.add_legacy_ca(CDS, local_ca_file)
# re-fetch repodata on the client to trigger the OID validator on the CDS
Expect.expect_retval(CLI, "yum clean all ; yum repolist enabled")
Expect.expect_retval(
CDS, "egrep 'Cert verification failed against [0-9]+ ca cert' " +
"/var/log/httpd/%s_error_ssl.log" % cds_lb, 1)
