def test_export_single_key_from_keyring_dir(self, home_dir, tmpdir):
"""Only a single key is exported from a multi-key source keyring."""
source_key1 = tmpdir.join("ubuntu-advantage-esm-{}.gpg".format(
data.GPG_KEY1_ID))
source_key2 = tmpdir.join("ubuntu-advantage-cc-eal-{}.gpg".format(
data.GPG_KEY2_ID))
destination_keyfile = tmpdir.join("destination_key").strpath
# Create keyring with both ESM and CC-EAL2 keys
source_key1.write(data.GPG_KEY1, "wb")
source_key2.write(data.GPG_KEY2, "wb")
gpg.export_gpg_key(
source_keyfile=source_key1.strpath,
destination_keyfile=destination_keyfile,
)
gpg_dest_list_keys = [
"gpg",
"--no-auto-check-trustdb",
"--options",
"/dev/null",
"--no-default-keyring",
"--keyring",
destination_keyfile,
"--list-keys",
]
dest_out, _err = util.subp(gpg_dest_list_keys)
assert "Ubuntu Common Criteria EAL2" in dest_out
# ESM didn't get exported
assert "Extended Security Maintenance" not in dest_out
def add_auth_apt_repo(
repo_filename: str,
repo_url: str,
credentials: str,
suites: "List[str]",
keyring_file: str,
) -> None:
"""Add an authenticated apt repo and credentials to the system.
@raises: InvalidAPTCredentialsError when the token provided can't access
the repo PPA.
"""
try:
username, password = credentials.split(":")
except ValueError: # Then we have a bearer token
username = "******"
password = credentials
series = util.get_platform_info()["series"]
if repo_url.endswith("/"):
repo_url = repo_url[:-1]
assert_valid_apt_credentials(repo_url, username, password)
# Does this system have updates suite enabled?
updates_enabled = False
policy = run_apt_command(["apt-cache", "policy"],
status.MESSAGE_APT_POLICY_FAILED)
for line in policy.splitlines():
# We only care about $suite-updates lines
if "a={}-updates".format(series) not in line:
continue
# We only care about $suite-updates from the Ubuntu archive
if "o=Ubuntu," not in line:
continue
updates_enabled = True
break
content = ""
for suite in suites:
if series not in suite:
continue # Only enable suites matching this current series
maybe_comment = ""
if "-updates" in suite and not updates_enabled:
logging.debug(
'Not enabling apt suite "%s" because "%s-updates" is not'
" enabled",
suite,
series,
)
maybe_comment = "# "
content += ("{maybe_comment}deb {url}/ubuntu {suite} main\n"
"# deb-src {url}/ubuntu {suite} main\n".format(
maybe_comment=maybe_comment, url=repo_url,
suite=suite))
util.write_file(repo_filename, content)
add_apt_auth_conf_entry(repo_url, username, password)
source_keyring_file = os.path.join(KEYRINGS_DIR, keyring_file)
destination_keyring_file = os.path.join(APT_KEYS_DIR, keyring_file)
gpg.export_gpg_key(source_keyring_file, destination_keyring_file)
def test_key_error_on_missing_keyfile(self, home_dir, tmpdir):
"""Raise UserFacingError when source_keyfile is not found."""
src_keyfile = tmpdir.join("nothere").strpath
destination_keyfile = tmpdir.join("destination_keyfile").strpath
# known valid gpg key which will not exist in source_keyring_dir
with pytest.raises(exceptions.UserFacingError) as excinfo:
gpg.export_gpg_key(
source_keyfile=src_keyfile,
destination_keyfile=destination_keyfile,
)
error_msg = "GPG key '{}' not found".format(src_keyfile)
assert error_msg in str(excinfo.value)
assert not os.path.exists(destination_keyfile)