Re: [PATCH 5/5] dnf: expand dnf selftest to test signed package feeds

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
To: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 5/5] dnf: expand dnf selftest to test signed package feeds
Date: Fri, 11 Aug 2017 09:08:56 -0500	[thread overview]
Message-ID: <1502460536.29285.36.camel@linux.intel.com> (raw)
In-Reply-To: <4eb7062b1b49a2e67dd84a274e371234021b3ce5.1502447434.git.markus.lehtonen@linux.intel.com>

On Fri, 2017-08-11 at 13:51 +0300, Markus Lehtonen wrote:
> [YOCTO #12099]

seems that the bugzilla ID does not exit.

> 
> Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
> ---
>  meta-selftest/files/signing/key.passphrase          |  1 +
>  meta-selftest/lib/oeqa/runtime/cases/dnf_runtime.py | 12 ++++++++++++
>  meta/lib/oeqa/selftest/cases/runtime_test.py        | 13 ++++++++++++-
>  3 files changed, 25 insertions(+), 1 deletion(-)
>  create mode 100644 meta-selftest/files/signing/key.passphrase
> 
> diff --git a/meta-selftest/files/signing/key.passphrase b/meta-selftest/files/signing/key.passphrase
> new file mode 100644
> index 0000000000..5271a52680
> --- /dev/null
> +++ b/meta-selftest/files/signing/key.passphrase
> @@ -0,0 +1 @@
> +test123
> diff --git a/meta-selftest/lib/oeqa/runtime/cases/dnf_runtime.py b/meta-selftest/lib/oeqa/runtime/cases/dnf_runtime.py
> index 68e56f2c5e..3a299c75f6 100644
> --- a/meta-selftest/lib/oeqa/runtime/cases/dnf_runtime.py
> +++ b/meta-selftest/lib/oeqa/runtime/cases/dnf_runtime.py
> @@ -31,12 +31,24 @@ class DnfSelftest(DnfTest):
>          temp_file = os.path.join(self.temp_dir.name, 'tmp.repo')
>          self.tc.target.copyFrom("/etc/yum.repos.d/oe-remote-repo.repo", temp_file)
>          fixed_config = open(temp_file, "r").read().replace("bogus_ip", self.tc.target.server_ip).replace("bogus_port", str(self.repo_server.port))
> +        fixed_config += 'repo_gpgcheck=1\n'
>          with open(temp_file, "w") as f:
>              f.write(fixed_config)
>          self.tc.target.copyTo(temp_file, "/etc/yum.repos.d/oe-remote-repo.repo")
>  
> +        # First try should fail as the gpg pubkey is not available for dnf
>          import re
>          output_makecache = self.dnf('makecache')
> +        self.assertTrue(re.match(r".*Failed to synchronize cache", output_makecache, re.DOTALL) is not None, msg = "dnf makecache should have failed: %s" %(output_makecache))
> +
> +        # Add public key to dnf config -> now we should succeed
> +        fixed_config += 'gpgkey=file:///etc/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-%s\n' % self.tc.td['DISTRO_VERSION']
> +        with open(temp_file, "w") as f:
> +            f.write(fixed_config)
> +        self.tc.target.copyTo(temp_file, "/etc/yum.repos.d/oe-remote-repo.repo")
> +
> +        output_makecache = self.dnf('-y makecache')
> +        self.assertTrue(re.match(r".*Failed to synchronize cache", output_makecache, re.DOTALL) is None, msg = "dnf makecache failed to synchronize repo: %s" %(output_makecache))
>          self.assertTrue(re.match(r".*Metadata cache created", output_makecache, re.DOTALL) is not None, msg = "dnf makecache failed: %s" %(output_makecache))
>  
>          output_repoinfo = self.dnf('repoinfo')
> diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
> index 07d05b5972..e603c71f90 100644
> --- a/meta/lib/oeqa/selftest/cases/runtime_test.py
> +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
> @@ -3,6 +3,7 @@ from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars, runqem
>  from oeqa.core.decorator.oeid import OETestID
>  import os
>  import re
> +import tempfile
>  
>  class TestExport(OESelftestTestCase):
>  
> @@ -143,7 +144,17 @@ class TestImage(OESelftestTestCase):
>          # in at the start of the on-image test
>          features += 'PACKAGE_FEED_URIS = "http://bogus_ip:bogus_port"\n'
>          features += 'EXTRA_IMAGE_FEATURES += "package-management"\n'
> -        features += 'PACKAGE_CLASSES = "package_rpm"'
> +        features += 'PACKAGE_CLASSES = "package_rpm"\n'
> +
> +        # Enable package feed signing
> +        self.gpg_home = tempfile.TemporaryDirectory(prefix="oeqa-feed-sign-")
> +        signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing')
> +        runCmd('gpg --batch --homedir %s --import %s' % (self.gpg_home.name, os.path.join(signing_key_dir, 'key.secret')))
> +        features += 'INHERIT += "sign_package_feed"\n'
> +        features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n'
> +        features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase')
> +        features += 'GPG_PATH = "%s"\n' % self.gpg_home.name
> +        features += 'IMAGE_INSTALL_append  = "signing-keys-packagefeed"\n'
>          self.write_config(features)
>  
>          # Build core-image-sato and testimage
> -- 
> 2.12.3
>

     prev parent reply	other threads:[~2017-08-11 14:00 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-11 10:51 [PATCH 0/5] Support signed RPM package feeds Markus Lehtonen
2017-08-11 10:51 ` [PATCH 1/5] lib/oe/package_manager: re-implement rpm feed signing Markus Lehtonen
2017-08-11 10:51 ` [PATCH 2/5] dnf: rrecommend gnupg Markus Lehtonen
2017-08-11 10:51 ` [PATCH 3/5] oeqa: fix dnf tests Markus Lehtonen
2017-08-11 10:51 ` [PATCH 4/5] oeqa: fix temp file handling in dnf package feed test Markus Lehtonen
2017-08-11 10:51 ` [PATCH 5/5] dnf: expand dnf selftest to test signed package feeds Markus Lehtonen
2017-08-11 11:11   ` Alexander Kanavin
2017-08-11 12:54     ` Markus Lehtonen
2017-08-11 12:58       ` Alexander Kanavin
2017-08-11 13:20       ` Alexander Kanavin
2017-08-11 14:08   ` Leonardo Sandoval [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1502460536.29285.36.camel@linux.intel.com \
    --to=leonardo.sandoval.gonzalez@linux.intel.com \
    --cc=markus.lehtonen@linux.intel.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.