diff options
| author |   Daniel Istrate <daniel.alexandrux.istrate@intel.com> | 2015-11-10 16:38:39 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-11-24 15:55:24 +0000 |
| commit | 6a462fbb11db2085e4b6763a601c7fc4ac0025c8 (patch) | |
| tree | ca47a74e0815b5eeab3fb5833686241766333aa6 /meta | |
| parent | 6b9d22bfd5414b517a1f0468e1229dfa2294b5fd (diff) | |
| download | openembedded-core-contrib-6a462fbb11db2085e4b6763a601c7fc4ac0025c8.tar.gz | |
oeqa/selftest/signing: Added new test for signing sstate.
[YOCTO #8182] Optional signing sstate archives and signature verification
[YOCTO #8559] Signing sstate archives with custom dir for gpg keys
Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/lib/oeqa/selftest/signing.py | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py index 879c3e0e59..c33662b253 100644 --- a/meta/lib/oeqa/selftest/signing.py +++ b/meta/lib/oeqa/selftest/signing.py @@ -2,6 +2,7 @@ from oeqa.selftest.base import oeSelfTest from oeqa.utils.commands import runCmd, bitbake, get_bb_var import os import glob +import re from oeqa.utils.decorators import testcase @@ -74,3 +75,50 @@ class Signing(oeSelfTest): # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK self.assertIn('rsa sha1 md5 OK', ret.output, 'Package signed incorrectly.') + @testcase(1382) + def test_signing_sstate_archive(self): + """ + Summary: Test that sstate archives can be signed + Expected: Package should be signed with the correct key + Product: oe-core + Author: Daniel Istrate <daniel.alexandrux.istrate@intel.com> + AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate@intel.com> + """ + + test_recipe = 'ed' + + builddir = os.environ.get('BUILDDIR') + sstatedir = os.path.join(builddir, 'test-sstate') + + self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe) + self.add_command_to_tearDown('bitbake -c cleansstate %s' % test_recipe) + self.add_command_to_tearDown('rm -rf %s' % sstatedir) + + # Determine the pub key signature + ret = runCmd('gpg --homedir %s --list-keys' % self.gpg_dir) + pub_key = re.search(r'^pub\s+\S+/(\S+)\s+', ret.output, re.M) + self.assertIsNotNone(pub_key, 'Failed to determine the public key signature.') + pub_key = pub_key.group(1) + + feature = 'SSTATE_SIG_KEY ?= "%s"\n' % pub_key + feature += 'SSTATE_SIG_PASSPHRASE ?= "test123"\n' + feature += 'SSTATE_VERIFY_SIG ?= "1"\n' + feature += 'GPG_PATH = "%s"\n' % self.gpg_dir + feature += 'SSTATE_DIR = "%s"\n' % sstatedir + + self.write_config(feature) + + bitbake('-c cleansstate %s' % test_recipe) + bitbake(test_recipe) + + recipe_sig = glob.glob(sstatedir + '/*/*:ed:*_package.tgz.sig') + recipe_tgz = glob.glob(sstatedir + '/*/*:ed:*_package.tgz') + + self.assertEqual(len(recipe_sig), 1, 'Failed to find .sig file.') + self.assertEqual(len(recipe_tgz), 1, 'Failed to find .tgz file.') + + ret = runCmd('gpg --homedir %s --verify %s %s' % (self.gpg_dir, recipe_sig[0], recipe_tgz[0])) + # gpg: Signature made Thu 22 Oct 2015 01:45:09 PM EEST using RSA key ID 61EEFB30 + # gpg: Good signature from "testuser (nocomment) <testuser@email.com>" + self.assertIn('gpg: Good signature from', ret.output, 'Package signed incorrectly.') + |