Skip to content

Commit

Permalink
Enhance gpg.feature to test offline transactions
Browse files Browse the repository at this point in the history
  • Loading branch information
@m-blaha @pkratoch
m-blaha authored and pkratoch committed Sep 17, 2024
1 parent 16d1d44 commit 5607383
Showing 1 changed file with 68 additions and 24 deletions.
92 changes: 68 additions & 24 deletions dnf-behave-tests/dnf/gpg.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,10 @@ Background: Add repository with gpgcheck=1

@dnf5
@dnf5daemon
Scenario: Install masterkey signed package and check GPG key was imported
When I execute dnf with args "install setup"
Scenario Outline: Install <offline> masterkey signed package and check GPG key was imported
When I execute dnf with args "install <offline> setup"
Then the exit code is 0
And Transaction is following
And <transaction> is following
| Action | Package |
| install | setup-0:2.12.1-1.fc29.noarch |
# There is now one imported gpg key in RPM db
Expand All @@ -43,13 +43,18 @@ Scenario: Install masterkey signed package and check GPG key was imported
Then the exit code is 0
And stdout contains "gpg\(dnf-ci-gpg\)"

Examples:
| offline | transaction |
| | Transaction |
| --offline | DNF Transaction |


@dnf5
@dnf5daemon
Scenario: Install subkey signed package with masterkey signed dependency
When I execute dnf with args "install filesystem"
Scenario Outline: Install <offline> subkey signed package with masterkey signed dependency
When I execute dnf with args "install <offline> filesystem"
Then the exit code is 0
And Transaction is following
And <transaction> is following
| Action | Package |
| install | filesystem-0:3.9-2.fc29.x86_64 |
| install-dep | setup-0:2.12.1-1.fc29.noarch |
Expand All @@ -58,11 +63,16 @@ Scenario: Install subkey signed package with masterkey signed dependency
And stdout contains "gpg\(dnf-ci-gpg\)"
And stdout contains "gpg\(dnf-ci-gpg-subkey\)"

Examples:
| offline | transaction |
| | Transaction |
| --offline | DNF Transaction |


@dnf5
# XXX stderr @dnf5daemon
Scenario: Fail to install signed package with incorrectly signed dependency (with key from different repository)
When I execute dnf with args "install glibc"
Scenario Outline: Fail to <offline> install signed package with incorrectly signed dependency (with key from different repository)
When I execute dnf with args "install <offline> glibc"
Then the exit code is 1
And DNF Transaction is following
| Action | Package |
Expand All @@ -79,11 +89,16 @@ Scenario: Fail to install signed package with incorrectly signed dependency (wit
PGP check for package "basesystem-11-6\.fc29\.noarch" \(.*/basesystem-11-6\.fc29\.noarch\.rpm\) from repo "dnf-ci-gpg" has failed: Public key is not installed\.
"""

Examples:
| offline |
| |
| --offline |


@dnf5
# XXX stderr @dnf5daemon
Scenario: Fail to install signed package with incorrect checksum
When I execute dnf with args "install broken-package"
Scenario Outline: Fail to <offline> install signed package with incorrect checksum
When I execute dnf with args "install <offline> broken-package"
Then the exit code is 1
And DNF Transaction is following
| Action | Package |
Expand All @@ -95,79 +110,109 @@ Scenario: Fail to install signed package with incorrect checksum
PGP check for package "broken-package-0\.2\.4-1\.fc29\.noarch" \(.*/broken-package-0\.2\.4-1\.fc29\.noarch\.rpm\) from repo "dnf-ci-gpg" has failed: Problem occurred when opening the package\.
"""

Examples:
| offline |
| |
| --offline |


@dnf5
@dnf5daemon
Scenario: Install masterkey signed, unsigned and masterkey signed with unknown key packages from repo with gpgcheck=0 in repofile
Scenario Outline: Install <offline> masterkey signed, unsigned and masterkey signed with unknown key packages from repo with gpgcheck=0 in repofile
Given I configure repository "dnf-ci-gpg" with
| key | value |
| gpgcheck | 0 |
| gpgkey | file://{context.dnf.fixturesdir}/gpgkeys/keys/dnf-ci-gpg/dnf-ci-gpg-public |
# install masterkey signed package
When I execute dnf with args "install setup"
When I execute dnf with args "install <offline> setup"
Then the exit code is 0
# install unsigned package
When I execute dnf with args "install flac"
When I execute dnf with args "install <offline> flac"
Then the exit code is 0
# install master signed with unknown key package
When I execute dnf with args "install basesystem"
When I execute dnf with args "install <offline> basesystem"
Then the exit code is 0

Examples:
| offline |
| |
| --offline |


@dnf5
# XXX stderr @dnf5daemon
Scenario: Attempt to install unsigned package from repo with gpgcheck=1
When I execute dnf with args "install flac"
Scenario Outline: Attempt to <offline> install unsigned package from repo with gpgcheck=1
When I execute dnf with args "install <offline> flac"
Then the exit code is 1
And stderr contains lines matching
"""
Transaction failed: Signature verification failed
PGP check for package "flac-1\.3\.2-8\.fc29\.x86_64" \(.*/flac-1\.3\.2-8\.fc29\.x86_64\.rpm\) from repo "dnf-ci-gpg" has failed: The package is not signed\.
"""

Examples:
| offline |
| |
| --offline |


@dnf5
Scenario: Install unsigned package from repository without gpgcheck set using option --no-gpgchecks
When I execute dnf with args "install flac --no-gpgchecks"
Scenario Outline: Install <offline> unsigned package from repository without gpgcheck set using option --no-gpgchecks
When I execute dnf with args "install <offline> flac --no-gpgchecks"
Then the exit code is 0
And Transaction is following
And <transaction> is following
| Action | Package |
| install | flac-0:1.3.2-8.fc29.x86_64 |

Examples:
| offline | transaction |
| | Transaction |
| --offline | DNF Transaction |


@dnf5
@bz1314405
Scenario: Fail to install package with incorrect checksum with --no-gpgchecks
Scenario Outline: Fail to <offline> install package with incorrect checksum with --no-gpgchecks
Given I configure repository "dnf-ci-gpg" with
| key | value |
| gpgcheck | |
| gpgkey | |
When I execute dnf with args "install broken-package --no-gpgchecks"
When I execute dnf with args "install <offline> broken-package --no-gpgchecks"
Then the exit code is 1
And DNF Transaction is following
| Action | Package |
| install | broken-package-0:0.2.4-1.fc29.noarch |
And RPMDB Transaction is empty
And stderr contains "Transaction failed: Rpm transaction failed."

Examples:
| offline |
| |
| --offline |


@dnf5
@bz1915990
@bz1932079
@bz1932089
@bz1932090
Scenario: Refuse to install a package with broken gpg signature
Scenario Outline: Refuse to <offline> install a package with broken gpg signature
Given I drop repository "dnf-ci-gpg"
And I use repository "dnf-ci-broken-rpm-signature" generated with exit code "2"
And I configure repository "dnf-ci-broken-rpm-signature" with
| key | value |
| gpgcheck | 1 |
| gpgkey | file://{context.dnf.fixturesdir}/gpgkeys/keys/dnf-ci-gpg/dnf-ci-gpg-public,file://{context.dnf.fixturesdir}/gpgkeys/keys/dnf-ci-gpg-subkey/dnf-ci-gpg-subkey-public |
When I execute dnf with args "install setup"
When I execute dnf with args "install <offline> setup"
Then the exit code is 1
# dnf must not extract any files from the broken package
Then file "/usr/share/doc/setup/README" does not exist

Examples:
| offline |
| |
| --offline |


@xfail
@1941959
Expand All @@ -188,4 +233,3 @@ Scenario: Expire repo when failed to install package with incorrect checksum
"""
["dnf-ci-gpg"]
"""

0 comments on commit 5607383

Please sign in to comment.