summaryrefslogtreecommitdiffstats
path: root/meta/lib/oeqa/selftest/signing.py
Commit message (Collapse)AuthorAgeFilesLines
* oe-selftest: no need to parse gpg output to determine the name of the ↵Alexander Kanavin2018-05-151-7/+1
| | | | | | | | | | | | | | | | signing key The parsing fails on my machine, and we use a key with a hardcoded name, and so can provide it directly. (From OE-Core rev: b69bad2c4e51a24868422f39619a0598fd2a0533) (From OE-Core rev: 9ef0bbcc319676436ddce0bab3f599288f57852e) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest/signing: add --batch to gpg invocation when importing keysAlexander Kanavin2018-04-051-1/+1
| | | | | | | | | | | | | | | Otherwise it may pop up windows asking for passphrases which breaks automated testing. Newer YP releases and master already have the fix. [YOCTO #12521] (From OE-Core rev: 863916169fbe2686015b4f2279f49f08f41e9a47) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest/cases/signing: ignore removal errors when cleaning temporary gpg ↵Leonardo Sandoval2017-10-101-2/+5
| | | | | | | | | | | | | | | | | | | | | | | directory The high-level method tempfile.TemporaryDirectory give us no way to ignore erros on removal thus use tempfile.mkdtemp instead. Ignoring possible issues on removal is neccesary because it contains gpg sockets that are automatically removed by the system once the process terminates, otherwise the following log is observed: .. .. File "/usr/lib/python3.5/shutil.py", line 436, in _rmtree_safe_fd os.unlink(name, dir_fd=topfd) FileNotFoundError: [Errno 2] No such file or directory: 'S.gpg-agent.browser' [YOCTO #11821] (From OE-Core rev: e7f139c5d97a3871215c88c5bfc07ecf4e8fd7f3) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest: Avoid sstate corruption by calling cleansstateMariano Lopez2017-05-271-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently selftest doesn't use sstates because some tests clean sstate cache; using sstates would give a performance boost instead of building everything from scratch. With this sstates are not corrupted using different methods depending on tests: devtool: These tests needed to delete the cache so SSTATE_DIR as SSTATE_MIRRORS and set a temporal SSTATE_DIR. sstatetests: This module already used a temporal SSTATE_DIR, so just set up the SSTATE_MIRRORS. Rest: Removed cleansstate, some of them required to force a certain task, others were just removed or changed for another task. [YOCTO #10929] (From OE-Core rev: 62c61087a10cc3b26fbff32c9e2efd1704a39724) (From OE-Core rev: 44ca8b1c23e4b2cf470e9be42705e3cca23b7f85) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest: Disable SSTATE_MIRRORS for sstate signing testRichard Purdie2017-05-271-0/+2
| | | | | | | | | | | | | | | | | | | | | Building ed into an sstate mirror, then leaving it enabled for oe-selftest -r signing.Signing.test_signing_sstate_archive results in: NOTE: recipe ed-1.14.1-r0: task do_populate_lic_setscene: Started WARNING: ed-1.14.1-r0 do_populate_lic_setscene: Failed to fetch URL file://29/sstate:ed::1.14.1:r0::3:290bbc39f3b25cc27028dafce4b5aa48_populate_lic.tgz.sig;downloadfilename=29/sstate:ed::1.14.1:r0::3:290bbc39f3b25cc27028dafce4b5aa48_populate_lic.tgz.sig, attempting MIRRORS if available ERROR: ed-1.14.1-r0 do_populate_lic_setscene: Fetcher failure: Unable to find file file://29/sstate:ed::1.14.1:r0::3:290bbc39f3b25cc27028dafce4b5aa48_populate_lic.tgz.sig;downloadfilename=29/sstate:ed::1.14.1:r0::3:290bbc39f3b25cc27028dafce4b5aa48_populate_lic.tgz.sig anywhere. The paths that were searched were: /media/build1/poky/build/test-sstate /media/build1/poky/build/test-sstate WARNING: ed-1.14.1-r0 do_populate_lic_setscene: Cannot verify signature on sstate package /media/build1/poky/build/test-sstate/29/sstate:ed::1.14.1:r0::3:290bbc39f3b25cc27028dafce4b5aa48_populate_lic.tgz NOTE: recipe ed-1.14.1-r0: task do_populate_lic_setscene: Succeeded so we need to disable SSTATE_MIRRORS for this test. (From OE-Core rev: 2ce9962851fe58c099599679340fd87e90f426ec) (From OE-Core rev: 9bb708cf31850f5a3e53660ee9ea5a9ba7615e43) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/signing: check that we have GPG in setupRoss Burton2016-07-261-0/+4
| | | | | | | (From OE-Core rev: 6eb6fde2567a2692afccb7ee0546b2c992c168aa) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/signing: use a temporary directory for GPG homeRoss Burton2016-07-261-22/+10
| | | | | | | | | | | | | | Instead of using a directory in the layer as the GPG home and carefully deleting the right files from it, use tempfile to create a temporary directory which will be cleaned up for us. Also change the public/secret key variables to be absolute paths as they're always used as absolute paths. (From OE-Core rev: d4a5b5d11c6d7d5aba5f2eb88db091c1b98ef87c) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstatesig.py: Split single locked sigs check into multiple checksRandy Witt2016-04-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add the SIGGEN_LOCKEDSIGS_TASKSIG_CHECK and SIGGEN_LOCKEDSIGS_SSTATE_EXISTS_CHECK variables to replace SIGGEN_LOCKEDSIGS_CHECK_LEVEL. SIGGEN_LOCKEDSIGS_TASKSIG_CHECK will no control whether there is a warning or error if a task's hash in the locked signature file doesn't match the computed hash from the current metadata. SIGGEN_LOCKEDSIGS_SSTATE_EXISTS_CHECK will control whther there is a warning or error if a task that supports sstate is in the locked signature file, but no sstate exists for the task. Previously you could only have warning/errors for both controlled by SIGGEN_LOCKEDSIGS_CHECK_LEVEL. This was an issue in the extensible sdk, because we know sstate won't exist for certain items in the reverse dependencies list for tasks. However, we still want to error if task signatures don't match. [YOCTO #9195] (From OE-Core rev: 0fe2a5e5ffd01e926d0f3d4c78ad9910296e2d1a) Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest/signing: Use packagedata to obtain PR value for signing testRichard Purdie2016-04-011-1/+7
| | | | | | | | | | | Using PF to calculate the rpm filename doesn't work when PR server is enabled and an extra PR value can be injected. Add code to use packagedata to obtain the full name, allowing the test to work when PR server is in use. (From OE-Core rev: 322904f62f11e794543362f04212242567c556a0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest/signing.py: RPM_GPG_PASSPHRASE_FILE -> RPM_GPG_PASSPHRASERobert Yang2016-03-251-1/+1
| | | | | | | (From OE-Core rev: ce14964d99741f1a4579bae18da5013498c365fd) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/signing: Added test for locked signaturesDaniel Istrate2016-02-281-0/+48
| | | | | | | | | | fix for [YOCTO #8706] (From OE-Core rev: 9b704ae44d9dc1d3d5c3aee6d7a5530b642070c4) Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/signing: use temporary rpmdbMarkus Lehtonen2016-01-241-2/+10
| | | | | | | | | | | | | | Use temporary rpmdb when importing gpg public key and checking rpm signature. This patch should fix a problem where test_signing_packages() sometimes fails with "pmdb: BDB1540 configured environment flags incompatible with existing environment" (From OE-Core rev: e2ddf409f405ab570ea7f6ed87180789b3a54607) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/signing: Added new test for signing sstate.Daniel Istrate2015-11-241-0/+48
| | | | | | | | | | | [YOCTO #8182] Optional signing sstate archives and signature verification [YOCTO #8559] Signing sstate archives with custom dir for gpg keys (From OE-Core rev: 6a462fbb11db2085e4b6763a601c7fc4ac0025c8) Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/signing: New test for Signing packages in the package feeds.Daniel Istrate2015-11-241-0/+76
[YOCTO # 8134] This test verifies features introduced in bug 8134. It requires as resources the files from meta-selftest/files/signing: For 'gpg --gen-key' the used input was: key: RSA key-size: 2048 key-valid: 0 realname: testuser email: testuser@email.com comment: nocomment passphrase: test123 (From OE-Core rev: 6b9d22bfd5414b517a1f0468e1229dfa2294b5fd) Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-04-24 11:07:38 +0000