-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The only use of the GPG keys is to validate the buildroot source. With `mmdebstrap` a full GPG keyring was required. However, the `ostree` `--gpg-import` option accepts individual keys and builds the remote trusted keyring on its own. Stop creating the keyring and just pass the key paths to `ostree`. After that the explicit host `gnupg` dependency is no longer required (although `ostree` internally uses `gnupg`). https://phabricator.endlessm.com/T35019
- Loading branch information
1 parent
a8d0732
commit c582949
Showing
6 changed files
with
88 additions
and
174 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
# Tests for eib ostree trusted key handling | ||
|
||
import eib | ||
import os | ||
import pytest | ||
import shutil | ||
|
||
from ..util import TESTSDIR | ||
|
||
|
||
@pytest.fixture | ||
def keys_config(tmp_path, config): | ||
config['build']['tmpdir'] = str(tmp_path) | ||
|
||
datadir = tmp_path / 'data' | ||
config['build']['datadir'] = str(datadir) | ||
|
||
localdatadir = tmp_path / 'local' / 'data' | ||
config['build']['localdatadir'] = str(localdatadir) | ||
|
||
return config | ||
|
||
|
||
def test_errors(keys_config): | ||
"""Test errors from get_ostree_trusted_keys""" | ||
with pytest.raises(eib.ImageBuildError, match='No gpg keys directories'): | ||
eib.get_ostree_trusted_keys(keys_config) | ||
|
||
os.makedirs(os.path.join(keys_config['build']['datadir'], 'keys')) | ||
os.makedirs(os.path.join(keys_config['build']['localdatadir'], 'keys')) | ||
with pytest.raises(eib.ImageBuildError, match='No gpg keys in'): | ||
eib.get_ostree_trusted_keys(keys_config) | ||
|
||
|
||
def test_get_keys(keys_config): | ||
"""Test the keys are gathered correctly""" | ||
keysdir = os.path.join(keys_config['build']['datadir'], 'keys') | ||
localkeysdir = os.path.join(keys_config['build']['localdatadir'], | ||
'keys') | ||
testdatadir = os.path.join(TESTSDIR, 'data') | ||
os.makedirs(keysdir) | ||
os.makedirs(localkeysdir) | ||
|
||
shutil.copy2(os.path.join(testdatadir, 'test1.asc'), keysdir) | ||
keys = eib.get_ostree_trusted_keys(keys_config) | ||
assert keys == [os.path.join(keysdir, 'test1.asc')] | ||
|
||
shutil.copy2(os.path.join(testdatadir, 'test2.asc'), keysdir) | ||
keys = eib.get_ostree_trusted_keys(keys_config) | ||
assert keys == [ | ||
os.path.join(keysdir, 'test1.asc'), | ||
os.path.join(keysdir, 'test2.asc'), | ||
] | ||
|
||
shutil.copy2(os.path.join(testdatadir, 'test3.asc'), localkeysdir) | ||
keys = eib.get_ostree_trusted_keys(keys_config) | ||
assert keys == [ | ||
os.path.join(keysdir, 'test1.asc'), | ||
os.path.join(keysdir, 'test2.asc'), | ||
os.path.join(localkeysdir, 'test3.asc'), | ||
] |