oeqa/selftest/signing: Added test for locked signatures

fix for [YOCTO #8706]

(From OE-Core rev: 9b704ae44d9dc1d3d5c3aee6d7a5530b642070c4)

Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 48 insertions, 0 deletions

diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py
index c402e3709a..1e710e3cd3 100644
--- a/meta/lib/oeqa/selftest/signing.py
+++ b/meta/lib/oeqa/selftest/signing.py
@@ -6,6 +6,7 @@ import re
 import shutil
 import tempfile
 from oeqa.utils.decorators import testcase
+from oeqa.utils.ftools import write_file
 
 
 class Signing(oeSelfTest):
@@ -130,3 +131,50 @@ class Signing(oeSelfTest):
         # gpg: Good signature from "testuser (nocomment) <testuser@email.com>"
         self.assertIn('gpg: Good signature from', ret.output, 'Package signed incorrectly.')
 
+
+class LockedSignatures(oeSelfTest):
+
+    @testcase(1420)
+    def test_locked_signatures(self):
+        """
+        Summary:     Test locked signature mechanism
+        Expected:    Locked signatures will prevent task to run
+        Product:     oe-core
+        Author:      Daniel Istrate <daniel.alexandrux.istrate@intel.com>
+        AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
+        """
+
+        test_recipe = 'ed'
+        locked_sigs_file = 'locked-sigs.inc'
+
+        self.add_command_to_tearDown('rm -f %s' % os.path.join(self.builddir, locked_sigs_file))
+
+        bitbake(test_recipe)
+        # Generate locked sigs include file
+        bitbake('-S none %s' % test_recipe)
+
+        feature = 'require %s\n' % locked_sigs_file
+        feature += 'SIGGEN_LOCKEDSIGS_CHECK_LEVEL = "warn"\n'
+        self.write_config(feature)
+
+        # Build a locked recipe
+        bitbake(test_recipe)
+
+        # Make a change that should cause the locked task signature to change
+        recipe_append_file = test_recipe + '_' + get_bb_var('PV', test_recipe) + '.bbappend'
+        recipe_append_path = os.path.join(self.testlayer_path, 'recipes-test', test_recipe, recipe_append_file)
+        feature = 'SUMMARY += "test locked signature"\n'
+
+        os.mkdir(os.path.join(self.testlayer_path, 'recipes-test', test_recipe))
+        write_file(recipe_append_path, feature)
+
+        self.add_command_to_tearDown('rm -rf %s' % os.path.join(self.testlayer_path, 'recipes-test', test_recipe))
+
+        # Build the recipe again
+        ret = bitbake(test_recipe)
+
+        # Verify you get the warning and that the real task *isn't* run (i.e. the locked signature has worked)
+        patt = r'WARNING: The %s:do_package sig \S+ changed, use locked sig \S+ to instead' % test_recipe
+        found_warn = re.search(patt, ret.output)
+
+        self.assertIsNotNone(found_warn, "Didn't find the expected warning message. Output: %s" % ret.output)