ci: add back dpkg-signed tests

Signed-off-by: Carlos Alexandro Becker <[email protected]>
goreleaser · Nov 10, 2024 · afeac6e · afeac6e
1 parent 666ef77
commit afeac6e
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 18 deletions.
diff --git a/acceptance_test.go b/acceptance_test.go
@@ -318,25 +318,30 @@ func TestRPMSign(t *testing.T) {
 func TestDebSign(t *testing.T) {
 	t.Parallel()
 	for _, arch := range formatArchs["deb"] {
-		func(t *testing.T, testArch string) {
-			t.Run(fmt.Sprintf("deb/%s", testArch), func(t *testing.T) {
-				t.Parallel()
-				target := "signed"
-				if testArch == "ppc64le" && os.Getenv("NO_TEST_PPC64LE") == "true" {
-					t.Skip("ppc64le arch not supported in pipeline")
-				}
-				accept(t, acceptParms{
-					Name:   "debsign_sign_" + testArch,
-					Conf:   "deb.debsign.sign.yaml",
-					Format: "deb",
-					Docker: dockerParams{
-						File:   "deb.dockerfile",
-						Target: target,
-						Arch:   testArch,
-					},
+		for _, sigtype := range []string{"dpkg-sig", "debsign"} {
+			func(t *testing.T, testSigtype, testArch string) {
+				t.Run(fmt.Sprintf("deb/%s/%s", testArch, testSigtype), func(t *testing.T) {
+					t.Parallel()
+					target := "signed"
+					if testSigtype == "dpkg-sig" {
+						target = "dpkg-signed"
+					}
+					if testArch == "ppc64le" && os.Getenv("NO_TEST_PPC64LE") == "true" {
+						t.Skip("ppc64le arch not supported in pipeline")
+					}
+					accept(t, acceptParms{
+						Name:   fmt.Sprintf("%s_sign_%s", testSigtype, testArch),
+						Conf:   fmt.Sprintf("deb.%s.sign.yaml", testSigtype),
+						Format: "deb",
+						Docker: dockerParams{
+							File:   "deb.dockerfile",
+							Target: target,
+							Arch:   testArch,
+						},
+					})
 				})
-			})
-		}(t, arch)
+			}(t, sigtype, arch)
+		}
 	}
 }
 

diff --git a/testdata/acceptance/deb.dockerfile b/testdata/acceptance/deb.dockerfile
@@ -85,6 +85,15 @@ RUN debsig-verify /tmp/foo.deb | grep "debsig: Verified package from 'Test packa
 RUN echo "" > /etc/dpkg/dpkg.cfg
 RUN dpkg -i /tmp/foo.deb
 
+# ---- signed dpkg-sig test ----
+FROM test_base AS dpkg-signed
+COPY keys/pubkey.gpg /tmp/gpg.key
+RUN apt update -y
+RUN apt install -y gnupg
+RUN gpg --import /tmp/gpg.key
+RUN gpg --verify /tmp/foo.deb
+RUN dpkg -i /tmp/foo.deb
+
 # ---- overrides test ----
 FROM min AS overrides
 RUN test -e /usr/bin/fake

diff --git a/testdata/acceptance/deb.dpkg-sig.sign.yaml b/testdata/acceptance/deb.dpkg-sig.sign.yaml
@@ -0,0 +1,15 @@
+name: "foo"
+arch: "${BUILD_ARCH}"
+platform: "linux"
+version: "v1.0.0"
+maintainer: "John Doe <[email protected]>"
+description: This package is signed
+vendor: "FooBarCorp"
+homepage: "http://example.com"
+contents:
+- src: ./testdata/fake
+  dst: /usr/bin/fake
+deb:
+  signature:
+    method: dpkg-sig
+    key_file: ./internal/sign/testdata/privkey_unprotected.asc