1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
# Copyright 2013-2018 Lawrence Livermore National Security, LLC and other
# Spack Project Developers. See the top-level COPYRIGHT file for details.
#
# SPDX-License-Identifier: (Apache-2.0 OR MIT)
import os
import pytest
from spack.paths import mock_gpg_data_path, mock_gpg_keys_path
import spack.util.gpg as gpg_util
from spack.main import SpackCommand
from spack.util.executable import ProcessError
@pytest.fixture(scope='function')
def testing_gpg_directory(tmpdir):
old_gpg_path = gpg_util.GNUPGHOME
gpg_util.GNUPGHOME = str(tmpdir.join('gpg'))
yield
gpg_util.GNUPGHOME = old_gpg_path
@pytest.fixture(scope='function')
def gpg():
return SpackCommand('gpg')
def has_gnupg2():
try:
gpg_util.Gpg.gpg()('--version', output=os.devnull)
return True
except Exception:
return False
@pytest.mark.maybeslow
@pytest.mark.skipif(not has_gnupg2(),
reason='These tests require gnupg2')
def test_gpg(gpg, tmpdir, testing_gpg_directory):
# Verify a file with an empty keyring.
with pytest.raises(ProcessError):
gpg('verify', os.path.join(mock_gpg_data_path, 'content.txt'))
# Import the default key.
gpg('init', '--from', mock_gpg_keys_path)
# List the keys.
# TODO: Test the output here.
gpg('list', '--trusted')
gpg('list', '--signing')
# Verify the file now that the key has been trusted.
gpg('verify', os.path.join(mock_gpg_data_path, 'content.txt'))
# Untrust the default key.
gpg('untrust', 'Spack testing')
# Now that the key is untrusted, verification should fail.
with pytest.raises(ProcessError):
gpg('verify', os.path.join(mock_gpg_data_path, 'content.txt'))
# Create a file to test signing.
test_path = tmpdir.join('to-sign.txt')
with open(str(test_path), 'w+') as fout:
fout.write('Test content for signing.\n')
# Signing without a private key should fail.
with pytest.raises(RuntimeError) as exc_info:
gpg('sign', str(test_path))
assert exc_info.value.args[0] == 'no signing keys are available'
# Create a key for use in the tests.
keypath = tmpdir.join('testing-1.key')
gpg('create',
'--comment', 'Spack testing key',
'--export', str(keypath),
'Spack testing 1',
'spack@googlegroups.com')
keyfp = gpg_util.Gpg.signing_keys()[0]
# List the keys.
# TODO: Test the output here.
gpg('list')
gpg('list', '--trusted')
gpg('list', '--signing')
# Signing with the default (only) key.
gpg('sign', str(test_path))
# Verify the file we just verified.
gpg('verify', str(test_path))
# Export the key for future use.
export_path = tmpdir.join('export.testing.key')
gpg('export', str(export_path))
# Create a second key for use in the tests.
gpg('create',
'--comment', 'Spack testing key',
'Spack testing 2',
'spack@googlegroups.com')
# List the keys.
# TODO: Test the output here.
gpg('list', '--trusted')
gpg('list', '--signing')
test_path = tmpdir.join('to-sign-2.txt')
with open(str(test_path), 'w+') as fout:
fout.write('Test content for signing.\n')
# Signing with multiple signing keys is ambiguous.
with pytest.raises(RuntimeError) as exc_info:
gpg('sign', str(test_path))
assert exc_info.value.args[0] == \
'multiple signing keys are available; please choose one'
# Signing with a specified key.
gpg('sign', '--key', keyfp, str(test_path))
# Untrusting signing keys needs a flag.
with pytest.raises(ProcessError):
gpg('untrust', 'Spack testing 1')
# Untrust the key we created.
gpg('untrust', '--signing', keyfp)
# Verification should now fail.
with pytest.raises(ProcessError):
gpg('verify', str(test_path))
# Trust the exported key.
gpg('trust', str(export_path))
# Verification should now succeed again.
gpg('verify', str(test_path))
|
