[OE-core] [PATCHv3 2/2] oeqa/selftest/signing: Added new test for signing sstate.

Daniel Istrate daniel.alexandrux.istrate at intel.com
Tue Nov 10 14:38:39 UTC 2015


[YOCTO #8182] Optional signing sstate archives and signature verification
[YOCTO #8559] Signing sstate archives with custom dir for gpg keys

Signed-off-by: Daniel Istrate <daniel.alexandrux.istrate at intel.com>
---
 meta/lib/oeqa/selftest/signing.py | 48 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/meta/lib/oeqa/selftest/signing.py b/meta/lib/oeqa/selftest/signing.py
index 879c3e0..c33662b 100644
--- a/meta/lib/oeqa/selftest/signing.py
+++ b/meta/lib/oeqa/selftest/signing.py
@@ -2,6 +2,7 @@ from oeqa.selftest.base import oeSelfTest
 from oeqa.utils.commands import runCmd, bitbake, get_bb_var
 import os
 import glob
+import re
 from oeqa.utils.decorators import testcase
 
 
@@ -74,3 +75,50 @@ class Signing(oeSelfTest):
         # tmp/deploy/rpm/i586/ed-1.9-r0.i586.rpm: rsa sha1 md5 OK
         self.assertIn('rsa sha1 md5 OK', ret.output, 'Package signed incorrectly.')
 
+    @testcase(1382)
+    def test_signing_sstate_archive(self):
+        """
+        Summary:     Test that sstate archives can be signed
+        Expected:    Package should be signed with the correct key
+        Product:     oe-core
+        Author:      Daniel Istrate <daniel.alexandrux.istrate at intel.com>
+        AutomatedBy: Daniel Istrate <daniel.alexandrux.istrate at intel.com>
+        """
+
+        test_recipe = 'ed'
+
+        builddir = os.environ.get('BUILDDIR')
+        sstatedir = os.path.join(builddir, 'test-sstate')
+
+        self.add_command_to_tearDown('bitbake -c clean %s' % test_recipe)
+        self.add_command_to_tearDown('bitbake -c cleansstate %s' % test_recipe)
+        self.add_command_to_tearDown('rm -rf %s' % sstatedir)
+
+        # Determine the pub key signature
+        ret = runCmd('gpg --homedir %s --list-keys' % self.gpg_dir)
+        pub_key = re.search(r'^pub\s+\S+/(\S+)\s+', ret.output, re.M)
+        self.assertIsNotNone(pub_key, 'Failed to determine the public key signature.')
+        pub_key = pub_key.group(1)
+
+        feature = 'SSTATE_SIG_KEY ?= "%s"\n' % pub_key
+        feature += 'SSTATE_SIG_PASSPHRASE ?= "test123"\n'
+        feature += 'SSTATE_VERIFY_SIG ?= "1"\n'
+        feature += 'GPG_PATH = "%s"\n' % self.gpg_dir
+        feature += 'SSTATE_DIR = "%s"\n' % sstatedir
+
+        self.write_config(feature)
+
+        bitbake('-c cleansstate %s' % test_recipe)
+        bitbake(test_recipe)
+
+        recipe_sig = glob.glob(sstatedir + '/*/*:ed:*_package.tgz.sig')
+        recipe_tgz = glob.glob(sstatedir + '/*/*:ed:*_package.tgz')
+
+        self.assertEqual(len(recipe_sig), 1, 'Failed to find .sig file.')
+        self.assertEqual(len(recipe_tgz), 1, 'Failed to find .tgz file.')
+
+        ret = runCmd('gpg --homedir %s --verify %s %s' % (self.gpg_dir, recipe_sig[0], recipe_tgz[0]))
+        # gpg: Signature made Thu 22 Oct 2015 01:45:09 PM EEST using RSA key ID 61EEFB30
+        # gpg: Good signature from "testuser (nocomment) <testuser at email.com>"
+        self.assertIn('gpg: Good signature from', ret.output, 'Package signed incorrectly.')
+
-- 
2.1.0




More information about the Openembedded-core mailing list