diff options
author | Daniel Istrate <daniel.alexandrux.istrate@intel.com> | 2015-11-10 16:38:38 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-11-24 15:55:41 +0000 |
commit | fbb03a8c900e89f3dff3d3f6176240f055bd8a0f (patch) | |
tree | daef7fe321be87d0a25692a13b1217b83951246d /meta/lib | |
parent | 13a4c383c1f6f04ee6927d10c0d700e58b8f201b (diff) | |
download | poky-fbb03a8c900e89f3dff3d3f6176240f055bd8a0f.tar.gz |
oeqa/selftest/signing: New test for Signing packages in the package feeds.
[YOCTO # 8134] This test verifies features introduced in bug 8134.
It requires as resources the files from meta-selftest/files/signing:
For 'gpg --gen-key' the used input was:
key: RSA
key-size: 2048
key-valid: 0
realname: testuser
email: testuser@email.com
comment: nocomment
passphrase: test123
(From OE-Core rev: 6b9d22bfd5414b517a1f0468e1229dfa2294b5fd)
Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
-rw-r--r-- | meta/lib/oeqa/selftest/signing.py | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py new file mode 100644 index 0000000000..879c3e0e59 --- /dev/null +++ b/meta/lib/oeqa/selftest/signing.py | |||
@@ -0,0 +1,76 @@ | |||
1 | from oeqa.selftest.base import oeSelfTest | ||
2 | from oeqa.utils.commands import runCmd, bitbake, get_bb_var | ||
3 | import os | ||
4 | import glob | ||
5 | from oeqa.utils.decorators import testcase | ||
6 | |||
7 | |||
8 | class Signing(oeSelfTest): | ||
9 | |||
10 | gpg_dir = "" | ||
11 | pub_key_name = 'key.pub' | ||
12 | secret_key_name = 'key.secret' | ||
13 | |||
14 | @classmethod | ||
15 | def setUpClass(cls): | ||
16 | # Import the gpg keys | ||
17 | |||
18 | cls.gpg_dir = os.path.join(cls.testlayer_path, 'files/signing/') | ||
19 | |||
20 | # key.secret key.pub are located in gpg_dir | ||
21 | pub_key_location = cls.gpg_dir + cls.pub_key_name | ||
22 | secret_key_location = cls.gpg_dir + cls.secret_key_name | ||
23 | runCmd('gpg --homedir %s --import %s %s' % (cls.gpg_dir, pub_key_location, secret_key_location)) | ||
24 | |||
25 | @classmethod | ||
26 | def tearDownClass(cls): | ||
27 | # Delete the files generated by 'gpg --import' | ||
28 | |||
29 | gpg_files = glob.glob(cls.gpg_dir + '*.gpg*') | ||
30 | random_seed_file = cls.gpg_dir + 'random_seed' | ||
31 | gpg_files.append(random_seed_file) | ||
32 | |||
33 | for gpg_file in gpg_files: | ||
34 | runCmd('rm -f ' + gpg_file) | ||
35 | |||
36 | @testcase(1362) | ||
37 | def test_signing_packages(self): | ||
38 | """ | ||
39 | Summary: Test that packages can be signed in the package feed | ||
40 | Expected: Package should be signed with the correct key | ||
41 | Product: oe-core | ||
42 | Author: Daniel Istrate <daniel.alexandrux.istrate@intel.com> | ||
43 | AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com> | ||
44 | """ | ||
45 | |||
46 | package_classes = get_bb_var('PACKAGE_CLASSES') | ||
47 | if 'package_rpm' not in package_classes: | ||
48 | self.skipTest('This test requires RPM Packaging.') | ||
49 | |||
50 | test_recipe = 'ed' | ||
51 | |||
52 | feature = 'INHERIT += "sign_rpm"\n' | ||
53 | feature += 'RPM_GPG_PASSPHRASE_FILE = "%ssecret.txt"\n' % self.gpg_dir | ||
54 | feature += 'RPM_GPG_NAME = "testuser"\n' | ||
55 | feature += 'RPM_GPG_PUBKEY = "%s%s"\n' % (self.gpg_dir, self.pub_key_name) | ||
56 | feature += 'GPG_PATH = "%s"\n' % self.gpg_dir | ||
57 | |||
58 | self.write_config(feature) | ||
59 | |||
60 | bitbake('-c cleansstate %s' % test_recipe) | ||
61 | bitbake(test_recipe) | ||
62 | self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe) | ||
63 | |||
64 | pf = get_bb_var('PF', test_recipe) | ||
65 | deploy_dir_rpm = get_bb_var('DEPLOY_DIR_RPM', test_recipe) | ||
66 | package_arch = get_bb_var('PACKAGE_ARCH', test_recipe).replace('-', '_') | ||
67 | staging_bindir_native = get_bb_var('STAGING_BINDIR_NATIVE') | ||
68 | |||
69 | pkg_deploy = os.path.join(deploy_dir_rpm, package_arch, '.'.join((pf, package_arch, 'rpm'))) | ||
70 | |||
71 | runCmd('%s/rpm --import %s%s' % (staging_bindir_native, self.gpg_dir, self.pub_key_name)) | ||
72 | |||
73 | ret = runCmd('%s/rpm --checksig %s' % (staging_bindir_native, pkg_deploy)) | ||
74 | # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK | ||
75 | self.assertIn('rsa sha1 md5 OK', ret.output, 'Package signed incorrectly.') | ||
76 | |||