diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/lib/oeqa/selftest/signing.py')
-rw-r--r-- | import-layers/yocto-poky/meta/lib/oeqa/selftest/signing.py | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/import-layers/yocto-poky/meta/lib/oeqa/selftest/signing.py b/import-layers/yocto-poky/meta/lib/oeqa/selftest/signing.py index 606bfd3e99..0ac3d1fac9 100644 --- a/import-layers/yocto-poky/meta/lib/oeqa/selftest/signing.py +++ b/import-layers/yocto-poky/meta/lib/oeqa/selftest/signing.py @@ -1,5 +1,5 @@ from oeqa.selftest.base import oeSelfTest -from oeqa.utils.commands import runCmd, bitbake, get_bb_var +from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars import os import glob import re @@ -27,15 +27,17 @@ class Signing(oeSelfTest): cls.pub_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.pub") cls.secret_key_path = os.path.join(cls.testlayer_path, 'files', 'signing', "key.secret") - runCmd('gpg --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path)) + runCmd('gpg --batch --homedir %s --import %s %s' % (cls.gpg_dir, cls.pub_key_path, cls.secret_key_path)) @testcase(1362) def test_signing_packages(self): """ Summary: Test that packages can be signed in the package feed Expected: Package should be signed with the correct key + Expected: Images can be created from signed packages Product: oe-core Author: Daniel Istrate <daniel.alexandrux.istrate@intel.com> + Author: Alexander Kanavin <alexander.kanavin@intel.com> AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com> """ import oe.packagedata @@ -49,7 +51,6 @@ class Signing(oeSelfTest): feature = 'INHERIT += "sign_rpm"\n' feature += 'RPM_GPG_PASSPHRASE = "test123"\n' feature += 'RPM_GPG_NAME = "testuser"\n' - feature += 'RPM_GPG_PUBKEY = "%s"\n' % self.pub_key_path feature += 'GPG_PATH = "%s"\n' % self.gpg_dir self.write_config(feature) @@ -59,30 +60,38 @@ class Signing(oeSelfTest): self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe) - pkgdatadir = get_bb_var('PKGDATA_DIR', test_recipe) + needed_vars = ['PKGDATA_DIR', 'DEPLOY_DIR_RPM', 'PACKAGE_ARCH', 'STAGING_BINDIR_NATIVE'] + bb_vars = get_bb_vars(needed_vars, test_recipe) + pkgdatadir = bb_vars['PKGDATA_DIR'] pkgdata = oe.packagedata.read_pkgdatafile(pkgdatadir + "/runtime/ed") if 'PKGE' in pkgdata: pf = pkgdata['PN'] + "-" + pkgdata['PKGE'] + pkgdata['PKGV'] + '-' + pkgdata['PKGR'] else: pf = pkgdata['PN'] + "-" + pkgdata['PKGV'] + '-' + pkgdata['PKGR'] - deploy_dir_rpm = get_bb_var('DEPLOY_DIR_RPM', test_recipe) - package_arch = get_bb_var('PACKAGE_ARCH', test_recipe).replace('-', '_') - staging_bindir_native = get_bb_var('STAGING_BINDIR_NATIVE') + deploy_dir_rpm = bb_vars['DEPLOY_DIR_RPM'] + package_arch = bb_vars['PACKAGE_ARCH'].replace('-', '_') + staging_bindir_native = bb_vars['STAGING_BINDIR_NATIVE'] pkg_deploy = os.path.join(deploy_dir_rpm, package_arch, '.'.join((pf, package_arch, 'rpm'))) # Use a temporary rpmdb rpmdb = tempfile.mkdtemp(prefix='oeqa-rpmdb') - runCmd('%s/rpm --define "_dbpath %s" --import %s' % + runCmd('%s/rpmkeys --define "_dbpath %s" --import %s' % (staging_bindir_native, rpmdb, self.pub_key_path)) - ret = runCmd('%s/rpm --define "_dbpath %s" --checksig %s' % + ret = runCmd('%s/rpmkeys --define "_dbpath %s" --checksig %s' % (staging_bindir_native, rpmdb, pkg_deploy)) # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK - self.assertIn('rsa sha1 md5 OK', ret.output, 'Package signed incorrectly.') + self.assertIn('rsa sha1 (md5) pgp md5 OK', ret.output, 'Package signed incorrectly.') shutil.rmtree(rpmdb) + #Check that an image can be built from signed packages + self.add_command_to_tearDown('bitbake -c clean core-image-minimal') + bitbake('-c clean core-image-minimal') + bitbake('core-image-minimal') + + @testcase(1382) def test_signing_sstate_archive(self): """ @@ -101,13 +110,7 @@ class Signing(oeSelfTest): self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe) self.add_command_to_tearDown('rm -rf %s' % sstatedir) - # Determine the pub key signature - ret = runCmd('gpg --homedir %s --list-keys' % self.gpg_dir) - pub_key = re.search(r'^pub\s+\S+/(\S+)\s+', ret.output, re.M) - self.assertIsNotNone(pub_key, 'Failed to determine the public key signature.') - pub_key = pub_key.group(1) - - feature = 'SSTATE_SIG_KEY ?= "%s"\n' % pub_key + feature = 'SSTATE_SIG_KEY ?= "testuser"\n' feature += 'SSTATE_SIG_PASSPHRASE ?= "test123"\n' feature += 'SSTATE_VERIFY_SIG ?= "1"\n' feature += 'GPG_PATH = "%s"\n' % self.gpg_dir |