| |
@@ -2,17 +2,17 @@
|
| |
import tempfile
|
| |
import shutil
|
| |
import time
|
| |
+ from unittest import mock
|
| |
+ from unittest.mock import MagicMock
|
| |
|
| |
from munch import Munch
|
| |
import pytest
|
| |
|
| |
from copr_backend.exceptions import CoprSignError, CoprSignNoKeyError, CoprKeygenRequestError
|
| |
-
|
| |
- from unittest import mock
|
| |
- from unittest.mock import MagicMock
|
| |
-
|
| |
- from copr_backend.sign import get_pubkey, _sign_one, sign_rpms_in_dir, create_user_keys
|
| |
-
|
| |
+ from copr_backend.sign import (
|
| |
+ get_pubkey, _sign_one, sign_rpms_in_dir, create_user_keys,
|
| |
+ gpg_hashtype_for_chroot,
|
| |
+ )
|
| |
|
| |
STDOUT = "stdout"
|
| |
STDERR = "stderr"
|
| |
@@ -29,6 +29,7 @@
|
| |
self.tmp_dir_path = None
|
| |
|
| |
self.opts = Munch(keygen_host="example.com")
|
| |
+ self.opts.gently_gpg_sha256 = False
|
| |
|
| |
def teardown_method(self, method):
|
| |
if self.tmp_dir_path:
|
| |
@@ -118,10 +119,11 @@
|
| |
mc_popen.return_value = mc_handle
|
| |
|
| |
fake_path = "/tmp/pkg.rpm"
|
| |
- result = _sign_one(fake_path, self.usermail, MagicMock())
|
| |
+ result = _sign_one(fake_path, self.usermail, "sha1", MagicMock())
|
| |
assert STDOUT, STDERR == result
|
| |
|
| |
- expected_cmd = ['/bin/sign', '-u', self.usermail, '-r', fake_path]
|
| |
+ expected_cmd = ['/bin/sign', "-h", "sha1", "-u", self.usermail,
|
| |
+ "-r", fake_path]
|
| |
assert mc_popen.call_args[0][0] == expected_cmd
|
| |
|
| |
@mock.patch("copr_backend.sign.Popen")
|
| |
@@ -130,7 +132,7 @@
|
| |
|
| |
fake_path = "/tmp/pkg.rpm"
|
| |
with pytest.raises(CoprSignError):
|
| |
- _sign_one(fake_path, self.usermail, MagicMock())
|
| |
+ _sign_one(fake_path, self.usermail, "sha256", MagicMock())
|
| |
|
| |
@mock.patch("copr_backend.sign.Popen")
|
| |
def test_sign_one_cmd_erro(self, mc_popen):
|
| |
@@ -141,7 +143,7 @@
|
| |
|
| |
fake_path = "/tmp/pkg.rpm"
|
| |
with pytest.raises(CoprSignError):
|
| |
- _sign_one(fake_path, self.usermail, MagicMock())
|
| |
+ _sign_one(fake_path, self.usermail, "sha256", MagicMock())
|
| |
|
| |
@mock.patch("copr_backend.sign.request")
|
| |
def test_create_user_keys(self, mc_request):
|
| |
@@ -182,7 +184,8 @@
|
| |
tmp_dir):
|
| |
# empty target dir doesn't produce error
|
| |
sign_rpms_in_dir(self.username, self.projectname,
|
| |
- self.tmp_dir_path, self.opts, log=MagicMock())
|
| |
+ self.tmp_dir_path, "epel-8-x86_64", self.opts,
|
| |
+ log=MagicMock())
|
| |
|
| |
assert not mc_gp.called
|
| |
assert not mc_cuk.called
|
| |
@@ -195,7 +198,8 @@
|
| |
tmp_dir, tmp_files):
|
| |
|
| |
sign_rpms_in_dir(self.username, self.projectname,
|
| |
- self.tmp_dir_path, self.opts, log=MagicMock())
|
| |
+ self.tmp_dir_path, "fedora-rawhide-x86_64",
|
| |
+ self.opts, log=MagicMock())
|
| |
|
| |
assert mc_gp.called
|
| |
assert not mc_cuk.called
|
| |
@@ -218,7 +222,8 @@
|
| |
mc_gp.side_effect = CoprSignError("foobar")
|
| |
with pytest.raises(CoprSignError):
|
| |
sign_rpms_in_dir(self.username, self.projectname,
|
| |
- self.tmp_dir_path, self.opts, log=MagicMock())
|
| |
+ self.tmp_dir_path, "epel-7-x86_64", self.opts,
|
| |
+ log=MagicMock())
|
| |
|
| |
assert mc_gp.called
|
| |
assert not mc_cuk.called
|
| |
@@ -233,7 +238,8 @@
|
| |
mc_gp.side_effect = CoprSignNoKeyError("foobar")
|
| |
|
| |
sign_rpms_in_dir(self.username, self.projectname,
|
| |
- self.tmp_dir_path, self.opts, log=MagicMock())
|
| |
+ self.tmp_dir_path, "rhel-7-x86_64", self.opts,
|
| |
+ log=MagicMock())
|
| |
|
| |
assert mc_gp.called
|
| |
assert mc_cuk.called
|
| |
@@ -250,7 +256,8 @@
|
| |
]
|
| |
with pytest.raises(CoprSignError):
|
| |
sign_rpms_in_dir(self.username, self.projectname,
|
| |
- self.tmp_dir_path, self.opts, log=MagicMock())
|
| |
+ self.tmp_dir_path, "fedora-36-x86_64", self.opts,
|
| |
+ log=MagicMock())
|
| |
|
| |
assert mc_gp.called
|
| |
assert not mc_cuk.called
|
| |
@@ -266,9 +273,60 @@
|
| |
mc_so.side_effect = CoprSignError("foobar")
|
| |
with pytest.raises(CoprSignError):
|
| |
sign_rpms_in_dir(self.username, self.projectname,
|
| |
- self.tmp_dir_path, self.opts, log=MagicMock())
|
| |
+ self.tmp_dir_path, "fedora-36-i386", self.opts,
|
| |
+ log=MagicMock())
|
| |
|
| |
assert mc_gp.called
|
| |
assert not mc_cuk.called
|
| |
|
| |
assert mc_so.called
|
| |
+
|
| |
+
|
| |
+ def test_chroot_gpg_hashes():
|
| |
+ chroots = [
|
| |
+ ("fedora-26-x86_64", "sha1"),
|
| |
+ ("fedora-27-s390x", "sha256"),
|
| |
+ ("fedora-eln-x86_64", "sha256"),
|
| |
+ ("fedora-rawhide-x86_64", "sha256"),
|
| |
+ ("mageia-8-x86_64", "sha256"),
|
| |
+ ("opensuse-tumbleweed-aarch64", "sha256"),
|
| |
+ ("epel-7-ppc64", "sha1"),
|
| |
+ ("centos-7.dev-aarch64", "sha1"),
|
| |
+ ("epel-8-aarch64", "sha256"),
|
| |
+ ("rhel-8.dev-ppc64le", "sha256"),
|
| |
+ ("oraclelinux-9-s390x", "sha256"),
|
| |
+ ("centos-stream-8-s390x", "sha256"),
|
| |
+ ("centos-stream-9-s390x", "sha256"),
|
| |
+ ("rhel-rawhide-s390x", "sha256"),
|
| |
+ # we don't expect stream 7 will ever exist, otherwise we'll have to
|
| |
+ # check for sha1 here
|
| |
+ ("centos-stream-7-aarch64", "sha256"),
|
| |
+ ("srpm-builds", "sha256"),
|
| |
+ ]
|
| |
+
|
| |
+ opts = Munch()
|
| |
+ opts.gently_gpg_sha256 = False
|
| |
+
|
| |
+ for chroot, exp_type in chroots:
|
| |
+ assert (chroot, exp_type) == (chroot, gpg_hashtype_for_chroot(chroot, opts))
|
| |
+
|
| |
+ opts.gently_gpg_sha256 = True
|
| |
+ chroots = [
|
| |
+ ("fedora-26-x86_64", "sha1"),
|
| |
+ ("fedora-27-s390x", "sha1"),
|
| |
+ ("fedora-eln-x86_64", "sha1"),
|
| |
+ ("fedora-rawhide-x86_64", "sha1"),
|
| |
+ ("mageia-8-x86_64", "sha1"),
|
| |
+ ("opensuse-tumbleweed-aarch64", "sha1"),
|
| |
+ ("epel-7-ppc64", "sha1"),
|
| |
+ ("centos-7.dev-aarch64", "sha1"),
|
| |
+ ("epel-8-aarch64", "sha256"),
|
| |
+ ("rhel-8.dev-ppc64le", "sha256"),
|
| |
+ ("oraclelinux-9-s390x", "sha256"),
|
| |
+ ("centos-stream-8-s390x", "sha256"),
|
| |
+ ("centos-stream-9-s390x", "sha256"),
|
| |
+ ("rhel-rawhide-s390x", "sha1"),
|
| |
+ ("srpm-builds", "sha1"),
|
| |
+ ]
|
| |
+ for chroot, exp_type in chroots:
|
| |
+ assert (chroot, exp_type) == (chroot, gpg_hashtype_for_chroot(chroot, opts))
|
| |
I don't know what rhel-rawhide is but it sounds like it belongs to "start signing with sha256 for EL8+" ?