diff options
| author |   Daniel Istrate <daniel.alexandrux.istrate@intel.com> | 2015-11-10 16:38:38 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-11-24 15:55:23 +0000 |
| commit | 6b9d22bfd5414b517a1f0468e1229dfa2294b5fd (patch) | |
| tree | 0178fe23483844b0ab7afbec94e45d47bd5822a4 /meta/lib | |
| parent | 7740f214fffd6278f801899fc5e45f5720cbb544 (diff) | |
| download | openembedded-core-contrib-6b9d22bfd5414b517a1f0468e1229dfa2294b5fd.tar.gz | |
oeqa/selftest/signing: New test for Signing packages in the package feeds.
[YOCTO # 8134] This test verifies features introduced in bug 8134.
It requires as resources the files from meta-selftest/files/signing:
For 'gpg --gen-key' the used input was:
key: RSA
key-size: 2048
key-valid: 0
realname: testuser
email: testuser@email.com
comment: nocomment
passphrase: test123
Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/lib')
| -rw-r--r-- | meta/lib/oeqa/selftest/signing.py | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py new file mode 100644 index 0000000000..879c3e0e59 --- /dev/null +++ b/meta/lib/oeqa/selftest/signing.py @@ -0,0 +1,76 @@ +from oeqa.selftest.base import oeSelfTest +from oeqa.utils.commands import runCmd, bitbake, get_bb_var +import os +import glob +from oeqa.utils.decorators import testcase + + +class Signing(oeSelfTest): + + gpg_dir = "" + pub_key_name = 'key.pub' + secret_key_name = 'key.secret' + + @classmethod + def setUpClass(cls): + # Import the gpg keys + + cls.gpg_dir = os.path.join(cls.testlayer_path, 'files/signing/') + + # key.secret key.pub are located in gpg_dir + pub_key_location = cls.gpg_dir + cls.pub_key_name + secret_key_location = cls.gpg_dir + cls.secret_key_name + runCmd('gpg --homedir %s --import %s %s' % (cls.gpg_dir, pub_key_location, secret_key_location)) + + @classmethod + def tearDownClass(cls): + # Delete the files generated by 'gpg --import' + + gpg_files = glob.glob(cls.gpg_dir + '*.gpg*') + random_seed_file = cls.gpg_dir + 'random_seed' + gpg_files.append(random_seed_file) + + for gpg_file in gpg_files: + runCmd('rm -f ' + gpg_file) + + @testcase(1362) + def test_signing_packages(self): + """ + Summary: Test that packages can be signed in the package feed + Expected: Package should be signed with the correct key + Product: oe-core + Author: Daniel Istrate <daniel.alexandrux.istrate@intel.com> + AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com> + """ + + package_classes = get_bb_var('PACKAGE_CLASSES') + if 'package_rpm' not in package_classes: + self.skipTest('This test requires RPM Packaging.') + + test_recipe = 'ed' + + feature = 'INHERIT += "sign_rpm"\n' + feature += 'RPM_GPG_PASSPHRASE_FILE = "%ssecret.txt"\n' % self.gpg_dir + feature += 'RPM_GPG_NAME = "testuser"\n' + feature += 'RPM_GPG_PUBKEY = "%s%s"\n' % (self.gpg_dir, self.pub_key_name) + feature += 'GPG_PATH = "%s"\n' % self.gpg_dir + + self.write_config(feature) + + bitbake('-c cleansstate %s' % test_recipe) + bitbake(test_recipe) + self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe) + + pf = get_bb_var('PF', test_recipe) + deploy_dir_rpm = get_bb_var('DEPLOY_DIR_RPM', test_recipe) + package_arch = get_bb_var('PACKAGE_ARCH', test_recipe).replace('-', '_') + staging_bindir_native = get_bb_var('STAGING_BINDIR_NATIVE') + + pkg_deploy = os.path.join(deploy_dir_rpm, package_arch, '.'.join((pf, package_arch, 'rpm'))) + + runCmd('%s/rpm --import %s%s' % (staging_bindir_native, self.gpg_dir, self.pub_key_name)) + + ret = runCmd('%s/rpm --checksig %s' % (staging_bindir_native, pkg_deploy)) + # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK + self.assertIn('rsa sha1 md5 OK', ret.output, 'Package signed incorrectly.') + |