From: Jacob Bachmeyer Date: Fri, 10 Mar 2023 04:12:49 +0000 (-0600) Subject: Add support for key revocation in mock gpg tool X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=5a405cb16d124f896541c5752f3dc4bd21ed0d3a;p=gatekeeper.git Add support for key revocation in mock gpg tool --- diff --git a/testsuite/lib/exec/mockgpg b/testsuite/lib/exec/mockgpg index d323b71..a46d78b 100755 --- a/testsuite/lib/exec/mockgpg +++ b/testsuite/lib/exec/mockgpg @@ -188,6 +188,20 @@ function list_keyring() { fi } +# import_key +function import_key() { + [ -f "$1" ] || return + KRTmpFile=mockgpg-import.$$ + cat "$1" >> "$2" + sort -u -t : -k 1 -k 2 -k 4 -o "$2" "$2" + awk -F: 'BEGIN { OFS = FS } + $2 == "R" { RevKeyID = $1 } + $1 == RevKeyID { $2 = "R" } + { print }' "$2" > "$KRTmpFile" + sort -u -t : -k 1 -k 4 -o "$2" "$KRTmpFile" + rm -f "$KRTmpFile" +} + case ${Command:?no command given} in import) # The mock keyring format is such that import is accomplished by @@ -195,7 +209,7 @@ case ${Command:?no command given} in if [ "${#Files[*]}" -gt 0 ]; then for file in "${Files[@]}"; do for keyring in "${Keyrings[@]}"; do - [ -f "$file" ] && cat "$file" >>"$keyring" + import_key "$file" "$keyring" done done else @@ -203,7 +217,7 @@ case ${Command:?no command given} in TmpFile=mockgpg-scratchpad.$$ cat >"$TmpFile" for keyring in "${Keyrings[@]}"; do - cat "$TmpFile" >>"$keyring" + import_key "$TmpFile" "$keyring" done rm -f "$TmpFile" fi diff --git a/testsuite/mock.gpg/keymgr.exp b/testsuite/mock.gpg/keymgr.exp index fe66f5a..a72a128 100644 --- a/testsuite/mock.gpg/keymgr.exp +++ b/testsuite/mock.gpg/keymgr.exp @@ -55,6 +55,58 @@ check_test_keyring "simple import" [testfile K1.gpg] { { id 1002 name {test 1-2} } } +run_gpg [testfile K1.gpg] --import [testfile k1a.pgp] + +check_test_keyring "duplicate import" [testfile K1.gpg] { + { id 1001 name {test 1-1} } + { id 1002 name {test 1-2} } +} + +write_test_keyring [testfile k1a1.pgp] { + { id 1001 name {test 1-1a} } +} + +run_gpg [testfile K1.gpg] --import [testfile k1a1.pgp] + +check_test_keyring "merge import" [testfile K1.gpg] { + { id 1001 name {test 1-1} } + { id 1001 name {test 1-1a} } + { id 1002 name {test 1-2} } +} + +write_test_keyring [testfile k1b1.pgp] { + { id 1002 name {test 1-2} is revoked } +} + +run_gpg [testfile K1.gpg] --import [testfile k1b1.pgp] + +check_test_keyring "import revocation certificate" [testfile K1.gpg] { + { id 1001 name {test 1-1} } + { id 1001 name {test 1-1a} } + { id 1002 name {test 1-2} is revoked } +} + +write_test_keyring [testfile k1c.pgp] { + { id 1003 name {test 1-3} } + { id 1004 name {test 1-4} } +} + +write_test_keyring [testfile k1c1.pgp] { + { id 1003 name {test 1-3r} is revoked } +} + +run_gpg [testfile K1.gpg] --import [testfile k1c.pgp] +run_gpg [testfile K1.gpg] --import [testfile k1c1.pgp] + +check_test_keyring "import revocation merge" [testfile K1.gpg] { + { id 1001 name {test 1-1} } + { id 1001 name {test 1-1a} } + { id 1002 name {test 1-2} is revoked } + { id 1003 name {test 1-3} is revoked } + { id 1003 name {test 1-3r} is revoked } + { id 1004 name {test 1-4} } +} + # write_test_keyring [testfile K2.gpg] {