oeqa/selftest/cases: Migrate test cases into the new oe-qa framework

New framework has different classes/decorators so adapt current test cases to support these. Changes include changes on base classes and decorators. Also include paths in selftest/__init__.py isn't needed because the loader is the standard unittest one. (From OE-Core rev: ddbbefdd124604d10bd47dd0266b55a764fcc0ab) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> 2017-05-12 14:40:21 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-06-06 19:02:43 +0100
commit: 157c3be2ca93f076033f725ec1ee912df91f7488 (patch)
tree: 8ef896ff7adf78d63b34059cd5b017a4f0a3419a /meta/lib/oeqa/selftest/cases/signing.py
parent: 10c512b60d1167122b5fe778b93838dca3def717 (diff)
download: poky-157c3be2ca93f076033f725ec1ee912df91f7488.tar.gz
1 files changed, 184 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/cases/signing.py b/meta/lib/oeqa/selftest/cases/signing.py
new file mode 100644
index 0000000000..edb5f653f2
--- /dev/null
+++ b/meta/lib/oeqa/selftest/cases/signing.py
@@ -0,0 +1,184 @@
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars
+import os
+import glob
+import re
+import shutil
+import tempfile
+from oeqa.core.decorator.oeid import OETestID
+from oeqa.utils.ftools import write_file
+class Signing(OESelftestTestCase):
+    gpg_dir = ""
+    pub_key_path = ""
+    secret_key_path = ""
+    @classmethod
+    def setUpClass(cls):
+        super(Signing, cls).setUpClass()
+        # Check that we can find the gpg binary and fail early if we can't
+        if not shutil.which("gpg"):
+            raise AssertionError("This test needs GnuPG")
+        cls.gpg_home_dir = tempfile.TemporaryDirectory(prefix="oeqa-signing-")
+        cls.gpg_dir = cls.gpg_home_dir.name
+        cls.pub_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.pub")
+        cls.secret_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.secret")
+        runCmd('gpg --batch --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path))
+    @OETestID(1362)
+    def test_signing_packages(self):
+        """
+        Summary:     Test that packages can be signed in the package feed
+        Expected:    Package should be signed with the correct key
+        Expected:    Images can be created from signed packages
+        Product:     oe-core
+        Author:      Daniel Istrate <daniel.alexandrux.istrate@intel.com>
+        Author:      Alexander Kanavin <alexander.kanavin@intel.com>
+        AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
+        """
+        import oe.packagedata
+        package_classes = get_bb_var('PACKAGE_CLASSES')
+        if 'package_rpm' not in package_classes:
+            self.skipTest('This test requires RPM Packaging.')
+        test_recipe = 'ed'
+        feature = 'INHERIT += "sign_rpm"\n'
+        feature += 'RPM_GPG_PASSPHRASE = "test123"\n'
+        feature += 'RPM_GPG_NAME = "testuser"\n'
+        feature += 'GPG_PATH = "%s"\n' % self.gpg_dir
+        self.write_config(feature)
+        bitbake('-c clean %s' % test_recipe)
+        bitbake('-f -c package_write_rpm %s' % test_recipe)
+        self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe)
+        needed_vars = ['PKGDATA_DIR', 'DEPLOY_DIR_RPM', 'PACKAGE_ARCH', 'STAGING_BINDIR_NATIVE']
+        bb_vars = get_bb_vars(needed_vars, test_recipe)
+        pkgdatadir = bb_vars['PKGDATA_DIR']
+        pkgdata = oe.packagedata.read_pkgdatafile(pkgdatadir + "/runtime/ed")
+        if 'PKGE' in pkgdata:
+            pf = pkgdata['PN'] + "-" + pkgdata['PKGE'] + pkgdata['PKGV'] + '-' + pkgdata['PKGR']
+        else:
+            pf = pkgdata['PN'] + "-" + pkgdata['PKGV'] + '-' + pkgdata['PKGR']
+        deploy_dir_rpm = bb_vars['DEPLOY_DIR_RPM']
+        package_arch = bb_vars['PACKAGE_ARCH'].replace('-', '_')
+        staging_bindir_native = bb_vars['STAGING_BINDIR_NATIVE']
+        pkg_deploy = os.path.join(deploy_dir_rpm, package_arch, '.'.join((pf, package_arch, 'rpm')))
+        # Use a temporary rpmdb
+        rpmdb = tempfile.mkdtemp(prefix='oeqa-rpmdb')
+        runCmd('%s/rpmkeys --define "_dbpath %s" --import %s' %
+               (staging_bindir_native, rpmdb, self.pub_key_path))
+        ret = runCmd('%s/rpmkeys --define "_dbpath %s" --checksig %s' %
+                     (staging_bindir_native, rpmdb, pkg_deploy))
+        # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK
+        self.assertIn('rsa sha1 (md5) pgp md5 OK', ret.output, 'Package signed incorrectly.')
+        shutil.rmtree(rpmdb)
+        #Check that an image can be built from signed packages
+        self.add_command_to_tearDown('bitbake -c clean core-image-minimal')
+        bitbake('-c clean core-image-minimal')
+        bitbake('core-image-minimal')
+    @OETestID(1382)
+    def test_signing_sstate_archive(self):
+        """
+        Summary:     Test that sstate archives can be signed
+        Expected:    Package should be signed with the correct key
+        Product:     oe-core
+        Author:      Daniel Istrate <daniel.alexandrux.istrate@intel.com>
+        AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
+        """
+        test_recipe = 'ed'
+        builddir = os.environ.get('BUILDDIR')
+        sstatedir = os.path.join(builddir, 'test-sstate')
+        self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe)
+        self.add_command_to_tearDown('rm -rf %s' % sstatedir)
+        feature = 'SSTATE_SIG_KEY ?= "testuser"\n'
+        feature += 'SSTATE_SIG_PASSPHRASE ?= "test123"\n'
+        feature += 'SSTATE_VERIFY_SIG ?= "1"\n'
+        feature += 'GPG_PATH = "%s"\n' % self.gpg_dir
+        feature += 'SSTATE_DIR = "%s"\n' % sstatedir
+        # Any mirror might have partial sstate without .sig files, triggering failures
+        feature += 'SSTATE_MIRRORS_forcevariable = ""\n'
+        self.write_config(feature)
+        bitbake('-c clean %s' % test_recipe)
+        bitbake(test_recipe)
+        recipe_sig = glob.glob(sstatedir + '/*/*:ed:*_package.tgz.sig')
+        recipe_tgz = glob.glob(sstatedir + '/*/*:ed:*_package.tgz')
+        self.assertEqual(len(recipe_sig), 1, 'Failed to find .sig file.')
+        self.assertEqual(len(recipe_tgz), 1, 'Failed to find .tgz file.')
+        ret = runCmd('gpg --homedir %s --verify %s %s' % (self.gpg_dir, recipe_sig[0], recipe_tgz[0]))
+        # gpg: Signature made Thu 22 Oct 2015 01:45:09 PM EEST using RSA key ID 61EEFB30
+        # gpg: Good signature from "testuser (nocomment) <testuser@email.com>"
+        self.assertIn('gpg: Good signature from', ret.output, 'Package signed incorrectly.')
+class LockedSignatures(OESelftestTestCase):
+    @OETestID(1420)
+    def test_locked_signatures(self):
+        """
+        Summary:     Test locked signature mechanism
+        Expected:    Locked signatures will prevent task to run
+        Product:     oe-core
+        Author:      Daniel Istrate <daniel.alexandrux.istrate@intel.com>
+        AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
+        """
+        test_recipe = 'ed'
+        locked_sigs_file = 'locked-sigs.inc'
+        self.add_command_to_tearDown('rm -f %s' % os.path.join(self.builddir, locked_sigs_file))
+        bitbake(test_recipe)
+        # Generate locked sigs include file
+        bitbake('-S none %s' % test_recipe)
+        feature = 'require %s\n' % locked_sigs_file
+        feature += 'SIGGEN_LOCKEDSIGS_TASKSIG_CHECK = "warn"\n'
+        self.write_config(feature)
+        # Build a locked recipe
+        bitbake(test_recipe)
+        # Make a change that should cause the locked task signature to change
+        recipe_append_file = test_recipe + '_' + get_bb_var('PV', test_recipe) + '.bbappend'
+        recipe_append_path = os.path.join(self.testlayer_path, 'recipes-test', test_recipe, recipe_append_file)
+        feature = 'SUMMARY += "test locked signature"\n'
+        os.mkdir(os.path.join(self.testlayer_path, 'recipes-test', test_recipe))
+        write_file(recipe_append_path, feature)
+        self.add_command_to_tearDown('rm -rf %s' % os.path.join(self.testlayer_path, 'recipes-test', test_recipe))
+        # Build the recipe again
+        ret = bitbake(test_recipe)
+        # Verify you get the warning and that the real task *isn't* run (i.e. the locked signature has worked)
+        patt = r'WARNING: The %s:do_package sig is computed to be \S+, but the sig is locked to \S+ in SIGGEN_LOCKEDSIGS\S+' % test_recipe
+        found_warn = re.search(patt, ret.output)
+        self.assertIsNotNone(found_warn, "Didn't find the expected warning message. Output: %s" % ret.output)
author	Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>	2017-05-12 14:40:21 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-06-06 19:02:43 +0100
commit	157c3be2ca93f076033f725ec1ee912df91f7488 (patch)
tree	8ef896ff7adf78d63b34059cd5b017a4f0a3419a /meta/lib/oeqa/selftest/cases/signing.py
parent	10c512b60d1167122b5fe778b93838dca3def717 (diff)
download	poky-157c3be2ca93f076033f725ec1ee912df91f7488.tar.gz

diff --git a/meta/lib/oeqa/selftest/cases/signing.py b/meta/lib/oeqa/selftest/cases/signing.py new file mode 100644 index 0000000000..edb5f653f2 --- /dev/null +++ b/meta/lib/oeqa/selftest/cases/signing.py
@@ -0,0 +1,184 @@
	1	from oeqa.selftest.case import OESelftestTestCase
	2	from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars
	3	import os
	4	import glob
	5	import re
	6	import shutil
	7	import tempfile
	8	from oeqa.core.decorator.oeid import OETestID
	9	from oeqa.utils.ftools import write_file
	10
	11
	12	class Signing(OESelftestTestCase):
	13
	14	gpg_dir = ""
	15	pub_key_path = ""
	16	secret_key_path = ""
	17
	18	@classmethod
	19	def setUpClass(cls):
	20	super(Signing, cls).setUpClass()
	21	# Check that we can find the gpg binary and fail early if we can't
	22	if not shutil.which("gpg"):
	23	raise AssertionError("This test needs GnuPG")
	24
	25	cls.gpg_home_dir = tempfile.TemporaryDirectory(prefix="oeqa-signing-")
	26	cls.gpg_dir = cls.gpg_home_dir.name
	27
	28	cls.pub_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.pub")
	29	cls.secret_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.secret")
	30
	31	runCmd('gpg --batch --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path))
	32
	33	@OETestID(1362)
	34	def test_signing_packages(self):
	35	"""
	36	Summary: Test that packages can be signed in the package feed
	37	Expected: Package should be signed with the correct key
	38	Expected: Images can be created from signed packages
	39	Product: oe-core
	40	Author: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
	41	Author: Alexander Kanavin <alexander.kanavin@intel.com>
	42	AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
	43	"""
	44	import oe.packagedata
	45
	46	package_classes = get_bb_var('PACKAGE_CLASSES')
	47	if 'package_rpm' not in package_classes:
	48	self.skipTest('This test requires RPM Packaging.')
	49
	50	test_recipe = 'ed'
	51
	52	feature = 'INHERIT += "sign_rpm"\n'
	53	feature += 'RPM_GPG_PASSPHRASE = "test123"\n'
	54	feature += 'RPM_GPG_NAME = "testuser"\n'
	55	feature += 'GPG_PATH = "%s"\n' % self.gpg_dir
	56
	57	self.write_config(feature)
	58
	59	bitbake('-c clean %s' % test_recipe)
	60	bitbake('-f -c package_write_rpm %s' % test_recipe)
	61
	62	self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe)
	63
	64	needed_vars = ['PKGDATA_DIR', 'DEPLOY_DIR_RPM', 'PACKAGE_ARCH', 'STAGING_BINDIR_NATIVE']
	65	bb_vars = get_bb_vars(needed_vars, test_recipe)
	66	pkgdatadir = bb_vars['PKGDATA_DIR']
	67	pkgdata = oe.packagedata.read_pkgdatafile(pkgdatadir + "/runtime/ed")
	68	if 'PKGE' in pkgdata:
	69	pf = pkgdata['PN'] + "-" + pkgdata['PKGE'] + pkgdata['PKGV'] + '-' + pkgdata['PKGR']
	70	else:
	71	pf = pkgdata['PN'] + "-" + pkgdata['PKGV'] + '-' + pkgdata['PKGR']
	72	deploy_dir_rpm = bb_vars['DEPLOY_DIR_RPM']
	73	package_arch = bb_vars['PACKAGE_ARCH'].replace('-', '_')
	74	staging_bindir_native = bb_vars['STAGING_BINDIR_NATIVE']
	75
	76	pkg_deploy = os.path.join(deploy_dir_rpm, package_arch, '.'.join((pf, package_arch, 'rpm')))
	77
	78	# Use a temporary rpmdb
	79	rpmdb = tempfile.mkdtemp(prefix='oeqa-rpmdb')
	80
	81	runCmd('%s/rpmkeys --define "_dbpath %s" --import %s' %
	82	(staging_bindir_native, rpmdb, self.pub_key_path))
	83
	84	ret = runCmd('%s/rpmkeys --define "_dbpath %s" --checksig %s' %
	85	(staging_bindir_native, rpmdb, pkg_deploy))
	86	# tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK
	87	self.assertIn('rsa sha1 (md5) pgp md5 OK', ret.output, 'Package signed incorrectly.')
	88	shutil.rmtree(rpmdb)
	89
	90	#Check that an image can be built from signed packages
	91	self.add_command_to_tearDown('bitbake -c clean core-image-minimal')
	92	bitbake('-c clean core-image-minimal')
	93	bitbake('core-image-minimal')
	94
	95
	96	@OETestID(1382)
	97	def test_signing_sstate_archive(self):
	98	"""
	99	Summary: Test that sstate archives can be signed
	100	Expected: Package should be signed with the correct key
	101	Product: oe-core
	102	Author: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
	103	AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
	104	"""
	105
	106	test_recipe = 'ed'
	107
	108	builddir = os.environ.get('BUILDDIR')
	109	sstatedir = os.path.join(builddir, 'test-sstate')
	110
	111	self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe)
	112	self.add_command_to_tearDown('rm -rf %s' % sstatedir)
	113
	114	feature = 'SSTATE_SIG_KEY ?= "testuser"\n'
	115	feature += 'SSTATE_SIG_PASSPHRASE ?= "test123"\n'
	116	feature += 'SSTATE_VERIFY_SIG ?= "1"\n'
	117	feature += 'GPG_PATH = "%s"\n' % self.gpg_dir
	118	feature += 'SSTATE_DIR = "%s"\n' % sstatedir
	119	# Any mirror might have partial sstate without .sig files, triggering failures
	120	feature += 'SSTATE_MIRRORS_forcevariable = ""\n'
	121
	122	self.write_config(feature)
	123
	124	bitbake('-c clean %s' % test_recipe)
	125	bitbake(test_recipe)
	126
	127	recipe_sig = glob.glob(sstatedir + '//:ed:*_package.tgz.sig')
	128	recipe_tgz = glob.glob(sstatedir + '//:ed:*_package.tgz')
	129
	130	self.assertEqual(len(recipe_sig), 1, 'Failed to find .sig file.')
	131	self.assertEqual(len(recipe_tgz), 1, 'Failed to find .tgz file.')
	132
	133	ret = runCmd('gpg --homedir %s --verify %s %s' % (self.gpg_dir, recipe_sig[0], recipe_tgz[0]))
	134	# gpg: Signature made Thu 22 Oct 2015 01:45:09 PM EEST using RSA key ID 61EEFB30
	135	# gpg: Good signature from "testuser (nocomment) <testuser@email.com>"
	136	self.assertIn('gpg: Good signature from', ret.output, 'Package signed incorrectly.')
	137
	138
	139	class LockedSignatures(OESelftestTestCase):
	140
	141	@OETestID(1420)
	142	def test_locked_signatures(self):
	143	"""
	144	Summary: Test locked signature mechanism
	145	Expected: Locked signatures will prevent task to run
	146	Product: oe-core
	147	Author: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
	148	AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
	149	"""
	150
	151	test_recipe = 'ed'
	152	locked_sigs_file = 'locked-sigs.inc'
	153
	154	self.add_command_to_tearDown('rm -f %s' % os.path.join(self.builddir, locked_sigs_file))
	155
	156	bitbake(test_recipe)
	157	# Generate locked sigs include file
	158	bitbake('-S none %s' % test_recipe)
	159
	160	feature = 'require %s\n' % locked_sigs_file
	161	feature += 'SIGGEN_LOCKEDSIGS_TASKSIG_CHECK = "warn"\n'
	162	self.write_config(feature)
	163
	164	# Build a locked recipe
	165	bitbake(test_recipe)
	166
	167	# Make a change that should cause the locked task signature to change
	168	recipe_append_file = test_recipe + '_' + get_bb_var('PV', test_recipe) + '.bbappend'
	169	recipe_append_path = os.path.join(self.testlayer_path, 'recipes-test', test_recipe, recipe_append_file)
	170	feature = 'SUMMARY += "test locked signature"\n'
	171
	172	os.mkdir(os.path.join(self.testlayer_path, 'recipes-test', test_recipe))
	173	write_file(recipe_append_path, feature)
	174
	175	self.add_command_to_tearDown('rm -rf %s' % os.path.join(self.testlayer_path, 'recipes-test', test_recipe))
	176
	177	# Build the recipe again
	178	ret = bitbake(test_recipe)
	179
	180	# Verify you get the warning and that the real task isn't run (i.e. the locked signature has worked)
	181	patt = r'WARNING: The %s:do_package sig is computed to be \S+, but the sig is locked to \S+ in SIGGEN_LOCKEDSIGS\S+' % test_recipe
	182	found_warn = re.search(patt, ret.output)
	183
	184	self.assertIsNotNone(found_warn, "Didn't find the expected warning message. Output: %s" % ret.output)