Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance gpg.feature to test offline transactions #1549

Merged
merged 1 commit into from
Sep 17, 2024
Merged

Enhance gpg.feature to test offline transactions #1549

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 68 additions & 24 deletions dnf-behave-tests/dnf/gpg.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,10 @@ Background: Add repository with gpgcheck=1

@dnf5
@dnf5daemon
Scenario: Install masterkey signed package and check GPG key was imported
When I execute dnf with args "install setup"
Scenario Outline: Install <offline> masterkey signed package and check GPG key was imported
When I execute dnf with args "install <offline> setup"
Then the exit code is 0
And Transaction is following
And <transaction> is following
| Action | Package |
| install | setup-0:2.12.1-1.fc29.noarch |
# There is now one imported gpg key in RPM db
Expand All @@ -43,13 +43,18 @@ Scenario: Install masterkey signed package and check GPG key was imported
Then the exit code is 0
And stdout contains "gpg\(dnf-ci-gpg\)"

Examples:
| offline | transaction |
| | Transaction |
| --offline | DNF Transaction |


@dnf5
@dnf5daemon
Scenario: Install subkey signed package with masterkey signed dependency
When I execute dnf with args "install filesystem"
Scenario Outline: Install <offline> subkey signed package with masterkey signed dependency
When I execute dnf with args "install <offline> filesystem"
Then the exit code is 0
And Transaction is following
And <transaction> is following
| Action | Package |
| install | filesystem-0:3.9-2.fc29.x86_64 |
| install-dep | setup-0:2.12.1-1.fc29.noarch |
Expand All @@ -58,11 +63,16 @@ Scenario: Install subkey signed package with masterkey signed dependency
And stdout contains "gpg\(dnf-ci-gpg\)"
And stdout contains "gpg\(dnf-ci-gpg-subkey\)"

Examples:
| offline | transaction |
| | Transaction |
| --offline | DNF Transaction |


@dnf5
# XXX stderr @dnf5daemon
Scenario: Fail to install signed package with incorrectly signed dependency (with key from different repository)
When I execute dnf with args "install glibc"
Scenario Outline: Fail to <offline> install signed package with incorrectly signed dependency (with key from different repository)
When I execute dnf with args "install <offline> glibc"
Then the exit code is 1
And DNF Transaction is following
| Action | Package |
Expand All @@ -79,11 +89,16 @@ Scenario: Fail to install signed package with incorrectly signed dependency (wit
PGP check for package "basesystem-11-6\.fc29\.noarch" \(.*/basesystem-11-6\.fc29\.noarch\.rpm\) from repo "dnf-ci-gpg" has failed: Public key is not installed\.
"""

Examples:
| offline |
| |
| --offline |


@dnf5
# XXX stderr @dnf5daemon
Scenario: Fail to install signed package with incorrect checksum
When I execute dnf with args "install broken-package"
Scenario Outline: Fail to <offline> install signed package with incorrect checksum
When I execute dnf with args "install <offline> broken-package"
Then the exit code is 1
And DNF Transaction is following
| Action | Package |
Expand All @@ -95,79 +110,109 @@ Scenario: Fail to install signed package with incorrect checksum
PGP check for package "broken-package-0\.2\.4-1\.fc29\.noarch" \(.*/broken-package-0\.2\.4-1\.fc29\.noarch\.rpm\) from repo "dnf-ci-gpg" has failed: Problem occurred when opening the package\.
"""

Examples:
| offline |
| |
| --offline |


@dnf5
@dnf5daemon
Scenario: Install masterkey signed, unsigned and masterkey signed with unknown key packages from repo with gpgcheck=0 in repofile
Scenario Outline: Install <offline> masterkey signed, unsigned and masterkey signed with unknown key packages from repo with gpgcheck=0 in repofile
Given I configure repository "dnf-ci-gpg" with
| key | value |
| gpgcheck | 0 |
| gpgkey | file://{context.dnf.fixturesdir}/gpgkeys/keys/dnf-ci-gpg/dnf-ci-gpg-public |
# install masterkey signed package
When I execute dnf with args "install setup"
When I execute dnf with args "install <offline> setup"
Then the exit code is 0
# install unsigned package
When I execute dnf with args "install flac"
When I execute dnf with args "install <offline> flac"
Then the exit code is 0
# install master signed with unknown key package
When I execute dnf with args "install basesystem"
When I execute dnf with args "install <offline> basesystem"
Then the exit code is 0

Examples:
| offline |
| |
| --offline |


@dnf5
# XXX stderr @dnf5daemon
Scenario: Attempt to install unsigned package from repo with gpgcheck=1
When I execute dnf with args "install flac"
Scenario Outline: Attempt to <offline> install unsigned package from repo with gpgcheck=1
When I execute dnf with args "install <offline> flac"
Then the exit code is 1
And stderr contains lines matching
"""
Transaction failed: Signature verification failed
PGP check for package "flac-1\.3\.2-8\.fc29\.x86_64" \(.*/flac-1\.3\.2-8\.fc29\.x86_64\.rpm\) from repo "dnf-ci-gpg" has failed: The package is not signed\.
"""

Examples:
| offline |
| |
| --offline |


@dnf5
Scenario: Install unsigned package from repository without gpgcheck set using option --no-gpgchecks
When I execute dnf with args "install flac --no-gpgchecks"
Scenario Outline: Install <offline> unsigned package from repository without gpgcheck set using option --no-gpgchecks
When I execute dnf with args "install <offline> flac --no-gpgchecks"
Then the exit code is 0
And Transaction is following
And <transaction> is following
| Action | Package |
| install | flac-0:1.3.2-8.fc29.x86_64 |

Examples:
| offline | transaction |
| | Transaction |
| --offline | DNF Transaction |


@dnf5
@bz1314405
Scenario: Fail to install package with incorrect checksum with --no-gpgchecks
Scenario Outline: Fail to <offline> install package with incorrect checksum with --no-gpgchecks
Given I configure repository "dnf-ci-gpg" with
| key | value |
| gpgcheck | |
| gpgkey | |
When I execute dnf with args "install broken-package --no-gpgchecks"
When I execute dnf with args "install <offline> broken-package --no-gpgchecks"
Then the exit code is 1
And DNF Transaction is following
| Action | Package |
| install | broken-package-0:0.2.4-1.fc29.noarch |
And RPMDB Transaction is empty
And stderr contains "Transaction failed: Rpm transaction failed."

Examples:
| offline |
| |
| --offline |


@dnf5
@bz1915990
@bz1932079
@bz1932089
@bz1932090
Scenario: Refuse to install a package with broken gpg signature
Scenario Outline: Refuse to <offline> install a package with broken gpg signature
Given I drop repository "dnf-ci-gpg"
And I use repository "dnf-ci-broken-rpm-signature" generated with exit code "2"
And I configure repository "dnf-ci-broken-rpm-signature" with
| key | value |
| gpgcheck | 1 |
| gpgkey | file://{context.dnf.fixturesdir}/gpgkeys/keys/dnf-ci-gpg/dnf-ci-gpg-public,file://{context.dnf.fixturesdir}/gpgkeys/keys/dnf-ci-gpg-subkey/dnf-ci-gpg-subkey-public |
When I execute dnf with args "install setup"
When I execute dnf with args "install <offline> setup"
Then the exit code is 1
# dnf must not extract any files from the broken package
Then file "/usr/share/doc/setup/README" does not exist

Examples:
| offline |
| |
| --offline |


@xfail
@1941959
Expand All @@ -188,4 +233,3 @@ Scenario: Expire repo when failed to install package with incorrect checksum
"""
["dnf-ci-gpg"]
"""

Loading