diff options
author | Daniel Istrate <daniel.alexandrux.istrate@intel.com> | 2015-11-10 16:38:39 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-11-24 15:55:41 +0000 |
commit | 92328b43bcda730839bdfbf7fa8ac5171d784868 (patch) | |
tree | 091efb2cef774976ef2ac26edff3b4a00b892b1c /meta/lib/oeqa | |
parent | fbb03a8c900e89f3dff3d3f6176240f055bd8a0f (diff) | |
download | poky-92328b43bcda730839bdfbf7fa8ac5171d784868.tar.gz |
oeqa/selftest/signing: Added new test for signing sstate.
[YOCTO #8182] Optional signing sstate archives and signature verification
[YOCTO #8559] Signing sstate archives with custom dir for gpg keys
(From OE-Core rev: 6a462fbb11db2085e4b6763a601c7fc4ac0025c8)
Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib/oeqa')
-rw-r--r-- | meta/lib/oeqa/selftest/signing.py | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py index 879c3e0e59..c33662b253 100644 --- a/meta/lib/oeqa/selftest/signing.py +++ b/meta/lib/oeqa/selftest/signing.py | |||
@@ -2,6 +2,7 @@ from oeqa.selftest.base import oeSelfTest | |||
2 | from oeqa.utils.commands import runCmd, bitbake, get_bb_var | 2 | from oeqa.utils.commands import runCmd, bitbake, get_bb_var |
3 | import os | 3 | import os |
4 | import glob | 4 | import glob |
5 | import re | ||
5 | from oeqa.utils.decorators import testcase | 6 | from oeqa.utils.decorators import testcase |
6 | 7 | ||
7 | 8 | ||
@@ -74,3 +75,50 @@ class Signing(oeSelfTest): | |||
74 | # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK | 75 | # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK |
75 | self.assertIn('rsa sha1 md5 OK', ret.output, 'Package signed incorrectly.') | 76 | self.assertIn('rsa sha1 md5 OK', ret.output, 'Package signed incorrectly.') |
76 | 77 | ||
78 | @testcase(1382) | ||
79 | def test_signing_sstate_archive(self): | ||
80 | """ | ||
81 | Summary: Test that sstate archives can be signed | ||
82 | Expected: Package should be signed with the correct key | ||
83 | Product: oe-core | ||
84 | Author: Daniel Istrate <daniel.alexandrux.istrate@intel.com> | ||
85 | AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com> | ||
86 | """ | ||
87 | |||
88 | test_recipe = 'ed' | ||
89 | |||
90 | builddir = os.environ.get('BUILDDIR') | ||
91 | sstatedir = os.path.join(builddir, 'test-sstate') | ||
92 | |||
93 | self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe) | ||
94 | self.add_command_to_tearDown('bitbake -c cleansstate %s' % test_recipe) | ||
95 | self.add_command_to_tearDown('rm -rf %s' % sstatedir) | ||
96 | |||
97 | # Determine the pub key signature | ||
98 | ret = runCmd('gpg --homedir %s --list-keys' % self.gpg_dir) | ||
99 | pub_key = re.search(r'^pub\s+\S+/(\S+)\s+', ret.output, re.M) | ||
100 | self.assertIsNotNone(pub_key, 'Failed to determine the public key signature.') | ||
101 | pub_key = pub_key.group(1) | ||
102 | |||
103 | feature = 'SSTATE_SIG_KEY ?= "%s"\n' % pub_key | ||
104 | feature += 'SSTATE_SIG_PASSPHRASE ?= "test123"\n' | ||
105 | feature += 'SSTATE_VERIFY_SIG ?= "1"\n' | ||
106 | feature += 'GPG_PATH = "%s"\n' % self.gpg_dir | ||
107 | feature += 'SSTATE_DIR = "%s"\n' % sstatedir | ||
108 | |||
109 | self.write_config(feature) | ||
110 | |||
111 | bitbake('-c cleansstate %s' % test_recipe) | ||
112 | bitbake(test_recipe) | ||
113 | |||
114 | recipe_sig = glob.glob(sstatedir + '/*/*:ed:*_package.tgz.sig') | ||
115 | recipe_tgz = glob.glob(sstatedir + '/*/*:ed:*_package.tgz') | ||
116 | |||
117 | self.assertEqual(len(recipe_sig), 1, 'Failed to find .sig file.') | ||
118 | self.assertEqual(len(recipe_tgz), 1, 'Failed to find .tgz file.') | ||
119 | |||
120 | ret = runCmd('gpg --homedir %s --verify %s %s' % (self.gpg_dir, recipe_sig[0], recipe_tgz[0])) | ||
121 | # gpg: Signature made Thu 22 Oct 2015 01:45:09 PM EEST using RSA key ID 61EEFB30 | ||
122 | # gpg: Good signature from "testuser (nocomment) <testuser@email.com>" | ||
123 | self.assertIn('gpg: Good signature from', ret.output, 'Package signed incorrectly.') | ||
124 | |||