summaryrefslogtreecommitdiffstats
path: root/meta/lib/oeqa
diff options
context:
space:
mode:
Diffstat (limited to 'meta/lib/oeqa')
-rw-r--r--meta/lib/oeqa/selftest/cases/signing.py67
1 files changed, 48 insertions, 19 deletions
diff --git a/meta/lib/oeqa/selftest/cases/signing.py b/meta/lib/oeqa/selftest/cases/signing.py
index 97e9cfd44d..76c587a5c2 100644
--- a/meta/lib/oeqa/selftest/cases/signing.py
+++ b/meta/lib/oeqa/selftest/cases/signing.py
@@ -1,10 +1,12 @@
1from oeqa.selftest.case import OESelftestTestCase 1from oeqa.selftest.case import OESelftestTestCase
2from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars 2from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars
3import os 3import os
4import oe
4import glob 5import glob
5import re 6import re
6import shutil 7import shutil
7import tempfile 8import tempfile
9from contextlib import contextmanager
8from oeqa.core.decorator.oeid import OETestID 10from oeqa.core.decorator.oeid import OETestID
9from oeqa.utils.ftools import write_file 11from oeqa.utils.ftools import write_file
10 12
@@ -16,9 +18,7 @@ class Signing(OESelftestTestCase):
16 secret_key_path = "" 18 secret_key_path = ""
17 19
18 def setup_gpg(self): 20 def setup_gpg(self):
19 # Check that we can find the gpg binary and fail early if we can't 21 bitbake('gnupg-native -c addto_recipe_sysroot')
20 if not shutil.which("gpg"):
21 self.skipTest('gpg binary not found')
22 22
23 self.gpg_dir = tempfile.mkdtemp(prefix="oeqa-signing-") 23 self.gpg_dir = tempfile.mkdtemp(prefix="oeqa-signing-")
24 self.track_for_cleanup(self.gpg_dir) 24 self.track_for_cleanup(self.gpg_dir)
@@ -26,7 +26,30 @@ class Signing(OESelftestTestCase):
26 self.pub_key_path = os.path.join(self.testlayer_path, 'files', 'signing', "key.pub") 26 self.pub_key_path = os.path.join(self.testlayer_path, 'files', 'signing', "key.pub")
27 self.secret_key_path = os.path.join(self.testlayer_path, 'files', 'signing', "key.secret") 27 self.secret_key_path = os.path.join(self.testlayer_path, 'files', 'signing', "key.secret")
28 28
29 runCmd('gpg --batch --homedir %s --import %s %s' % (self.gpg_dir, self.pub_key_path, self.secret_key_path)) 29 nsysroot = get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native")
30 runCmd('gpg --batch --homedir %s --import %s %s' % (self.gpg_dir, self.pub_key_path, self.secret_key_path), native_sysroot=nsysroot)
31 return nsysroot + get_bb_var("bindir_native")
32
33
34 @contextmanager
35 def create_new_builddir(self, builddir, newbuilddir):
36 bb.utils.mkdirhier(newbuilddir)
37 oe.path.copytree(builddir + "/conf", newbuilddir + "/conf")
38 oe.path.copytree(builddir + "/cache", newbuilddir + "/cache")
39
40 origenv = os.environ.copy()
41
42 for e in os.environ:
43 if builddir in os.environ[e]:
44 os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
45
46 os.chdir(newbuilddir)
47 try:
48 yield
49 finally:
50 for e in origenv:
51 os.environ[e] = origenv[e]
52 os.chdir(builddir)
30 53
31 @OETestID(1362) 54 @OETestID(1362)
32 def test_signing_packages(self): 55 def test_signing_packages(self):
@@ -105,13 +128,12 @@ class Signing(OESelftestTestCase):
105 128
106 test_recipe = 'ed' 129 test_recipe = 'ed'
107 130
108 builddir = os.environ.get('BUILDDIR') 131 # Since we need gpg but we can't use gpg-native for sstate signatures, we
132 # build gpg-native in our original builddir then run the tests in a second one.
133 builddir = os.environ.get('BUILDDIR') + "-testsign"
109 sstatedir = os.path.join(builddir, 'test-sstate') 134 sstatedir = os.path.join(builddir, 'test-sstate')
110 135
111 self.setup_gpg() 136 nsysroot = self.setup_gpg()
112
113 self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe)
114 self.add_command_to_tearDown('rm -rf %s' % sstatedir)
115 137
116 feature = 'SSTATE_SIG_KEY ?= "testuser"\n' 138 feature = 'SSTATE_SIG_KEY ?= "testuser"\n'
117 feature += 'SSTATE_SIG_PASSPHRASE ?= "test123"\n' 139 feature += 'SSTATE_SIG_PASSPHRASE ?= "test123"\n'
@@ -123,19 +145,26 @@ class Signing(OESelftestTestCase):
123 145
124 self.write_config(feature) 146 self.write_config(feature)
125 147
126 bitbake('-c clean %s' % test_recipe) 148 with self.create_new_builddir(os.environ['BUILDDIR'], builddir):
127 bitbake(test_recipe) 149
150 os.environ["PATH"] = nsysroot + ":" + os.environ["PATH"]
151 self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe)
152 self.add_command_to_tearDown('rm -rf %s' % sstatedir)
153 self.add_command_to_tearDown('rm -rf %s' % builddir)
154
155 bitbake('-c clean %s' % test_recipe)
156 bitbake(test_recipe)
128 157
129 recipe_sig = glob.glob(sstatedir + '/*/*:ed:*_package.tgz.sig') 158 recipe_sig = glob.glob(sstatedir + '/*/*:ed:*_package.tgz.sig')
130 recipe_tgz = glob.glob(sstatedir + '/*/*:ed:*_package.tgz') 159 recipe_tgz = glob.glob(sstatedir + '/*/*:ed:*_package.tgz')
131 160
132 self.assertEqual(len(recipe_sig), 1, 'Failed to find .sig file.') 161 self.assertEqual(len(recipe_sig), 1, 'Failed to find .sig file.')
133 self.assertEqual(len(recipe_tgz), 1, 'Failed to find .tgz file.') 162 self.assertEqual(len(recipe_tgz), 1, 'Failed to find .tgz file.')
134 163
135 ret = runCmd('gpg --homedir %s --verify %s %s' % (self.gpg_dir, recipe_sig[0], recipe_tgz[0])) 164 ret = runCmd('gpg --homedir %s --verify %s %s' % (self.gpg_dir, recipe_sig[0], recipe_tgz[0]))
136 # gpg: Signature made Thu 22 Oct 2015 01:45:09 PM EEST using RSA key ID 61EEFB30 165 # gpg: Signature made Thu 22 Oct 2015 01:45:09 PM EEST using RSA key ID 61EEFB30
137 # gpg: Good signature from "testuser (nocomment) <testuser@email.com>" 166 # gpg: Good signature from "testuser (nocomment) <testuser@email.com>"
138 self.assertIn('gpg: Good signature from', ret.output, 'Package signed incorrectly.') 167 self.assertIn('gpg: Good signature from', ret.output, 'Package signed incorrectly.')
139 168
140 169
141class LockedSignatures(OESelftestTestCase): 170class LockedSignatures(OESelftestTestCase):
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-14 23:07:16 +0000