[OE-core] [PATCHv3 2/2] oeqa/selftest/signing: Added new test for signing sstate.
Daniel Istrate
daniel.alexandrux.istrate at intel.com
Tue Nov 10 14:38:39 UTC 2015
[YOCTO #8182] Optional signing sstate archives and signature verification
[YOCTO #8559] Signing sstate archives with custom dir for gpg keys
Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate at intel.com>
---
meta/lib/oeqa/selftest/signing.py | 48 +++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py
index 879c3e0..c33662b 100644
--- a/meta/lib/oeqa/selftest/signing.py
+++ b/meta/lib/oeqa/selftest/signing.py
@@ -2,6 +2,7 @@ from oeqa.selftest.base import oeSelfTest
from oeqa.utils.commands import runCmd, bitbake, get_bb_var
import os
import glob
+import re
from oeqa.utils.decorators import testcase
@@ -74,3 +75,50 @@ class Signing(oeSelfTest):
# tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK
self.assertIn('rsa sha1 md5 OK', ret.output, 'Package signed incorrectly.')
+ @testcase(1382)
+ def test_signing_sstate_archive(self):
+ """
+ Summary: Test that sstate archives can be signed
+ Expected: Package should be signed with the correct key
+ Product: oe-core
+ Author: Daniel Istrate <daniel.alexandrux.istrate at intel.com>
+ AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate at intel.com>
+ """
+
+ test_recipe = 'ed'
+
+ builddir = os.environ.get('BUILDDIR')
+ sstatedir = os.path.join(builddir, 'test-sstate')
+
+ self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe)
+ self.add_command_to_tearDown('bitbake -c cleansstate %s' % test_recipe)
+ self.add_command_to_tearDown('rm -rf %s' % sstatedir)
+
+ # Determine the pub key signature
+ ret = runCmd('gpg --homedir %s --list-keys' % self.gpg_dir)
+ pub_key = re.search(r'^pub\s+\S+/(\S+)\s+', ret.output, re.M)
+ self.assertIsNotNone(pub_key, 'Failed to determine the public key signature.')
+ pub_key = pub_key.group(1)
+
+ feature = 'SSTATE_SIG_KEY ?= "%s"\n' % pub_key
+ feature += 'SSTATE_SIG_PASSPHRASE ?= "test123"\n'
+ feature += 'SSTATE_VERIFY_SIG ?= "1"\n'
+ feature += 'GPG_PATH = "%s"\n' % self.gpg_dir
+ feature += 'SSTATE_DIR = "%s"\n' % sstatedir
+
+ self.write_config(feature)
+
+ bitbake('-c cleansstate %s' % test_recipe)
+ bitbake(test_recipe)
+
+ recipe_sig = glob.glob(sstatedir + '/*/*:ed:*_package.tgz.sig')
+ recipe_tgz = glob.glob(sstatedir + '/*/*:ed:*_package.tgz')
+
+ self.assertEqual(len(recipe_sig), 1, 'Failed to find .sig file.')
+ self.assertEqual(len(recipe_tgz), 1, 'Failed to find .tgz file.')
+
+ ret = runCmd('gpg --homedir %s --verify %s %s' % (self.gpg_dir, recipe_sig[0], recipe_tgz[0]))
+ # gpg: Signature made Thu 22 Oct 2015 01:45:09 PM EEST using RSA key ID 61EEFB30
+ # gpg: Good signature from "testuser (nocomment) <testuser at email.com>"
+ self.assertIn('gpg: Good signature from', ret.output, 'Package signed incorrectly.')
+
--
2.1.0
More information about the Openembedded-core
mailing list