test/libremakepkg: Verify that it correctly handles source signatures [ci-skip]

4 files changed, 61 insertions, 1 deletions

diff --git a/test/libremakepkg-test.sh b/test/libremakepkg-test.sh
index 363e4f7..6fa7962 100644
--- a/test/libremakepkg-test.sh
+++ b/test/libremakepkg-test.sh
@@ -177,3 +177,29 @@ it_doesnt_symlink_outputs() {
 	[[ -f $(echo "$tmpdir/workdir/pkgdest"/libretools-hello-1.0-1-any.pkg.tar.?z) ]]
 	[[ -f $(echo "$tmpdir/workdir/srcpkgdest"/libretools-hello-1.0-1-any.src.tar.?z) ]]
 }
+
+it_succeeds_with_good_signatures() {
+	require network sudo || return 0
+
+	cp libremakepkg.d/PKGBUILD-signed "$tmpdir/PKGBUILD"
+	cp libremakepkg.d/hello.sh "$tmpdir/hello.sh"
+	cd "$tmpdir"
+	gpg --detach-sign --use-agent --no-armor hello.sh
+
+	libremessages msg 'Creating a chroot, may take a few minutes' &>/dev/tty
+	testsudo libremakepkg -l "$roundup_test_name"
+}
+
+it_fails_with_bad_signatures() {
+	require network sudo || return 0
+
+	cp libremakepkg.d/PKGBUILD-signed "$tmpdir/PKGBUILD"
+	cp libremakepkg.d/hello.sh "$tmpdir/hello.sh"
+	cd "$tmpdir"
+	gpg --detach-sign --use-agent --no-armor hello.sh
+	echo 'echo pwned' >> hello.sh
+	makepkg -g >> PKGBUILD
+
+	libremessages msg 'Creating a chroot, may take a few minutes' &>/dev/tty
+	not testsudo libremakepkg -l "$roundup_test_name"
+}
diff --git a/test/libremakepkg.d/PKGBUILD-signed b/test/libremakepkg.d/PKGBUILD-signed
new file mode 100644
index 0000000..0979a85
--- /dev/null
+++ b/test/libremakepkg.d/PKGBUILD-signed
@@ -0,0 +1,17 @@
+pkgname='libretools-signed'
+pkgver=1.0
+license=('GPL')
+url='https://parabola.nu'
+
+source=(hello.sh{,.sig})
+sha256sums=('1e70cef0dfe5ce1120ccde5e1551c7277bcddaa75a1808f49512f404e6b8aec8'
+            'SKIP')
+
+pkgrel=1
+arch=(any)
+depends=(sh)
+
+package() {
+	cd "$srcdir"
+	install -Dm755 hello.sh "$pkgdir"/usr/bin/libretools-hello
+}
diff --git a/test/libremakepkg.d/hello.sh b/test/libremakepkg.d/hello.sh
new file mode 100644
index 0000000..79a32fd
--- /dev/null
+++ b/test/libremakepkg.d/hello.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+echo "Hello, world!"
diff --git a/test/testenv b/test/testenv
index 36ae826..9357269 100755
--- a/test/testenv
+++ b/test/testenv
@@ -45,14 +45,29 @@
 	export LIBRETOOLS_LIBDIR="$destdir/usr/lib/libretools"
 	export XBS_LIBDIR="$destdir/usr/lib/xbs"
 	export HOME=$TMPDIR/home
+	export GNUPGHOME="$HOME/.gnupg"
 	export XDG_CACHE_HOME="$HOME/.cache"
 	export XDG_CONFIG_HOME="$HOME/.config"
 	export _librelib_conf_sh_sysconfdir="$destdir/etc"
 	export _librelib_conf_sh_pkgconfdir="$destdir/etc/libretools.d"
 
+	mkdir -p -- "$GNUPGHOME"
+	chmod 700 -- "$GNUPGHOME"
+	unset GPGKEY
+	gpg --quiet --no-tty --batch --gen-key <<-eot
+	Key-Type: default
+	Key-Usage: sign
+	Name-Real: Bob Tester
+	Name-Email: tester@localhost
+	Expire-Date: 0
+	%no-protection
+	%commit
+	eot
+	export GPGKEY="$(gpg --quiet --list-secret-keys --with-colons | awk -F: '/^sec:/{print substr($5,9)}')"
+
 	# Hack to respect our variables in sudo
 	_sudo() {
-		local vars=(TMPDIR PATH LIBRETOOLS_LIBDIR XDG_CACHE_HOME XDG_CONFIG_HOME _librelib_conf_sh_sysconfdir)
+		local vars=(TMPDIR PATH LIBRETOOLS_LIBDIR GNUPGHOME XDG_CACHE_HOME XDG_CONFIG_HOME _librelib_conf_sh_sysconfdir GPGKEY)
 		local env=()
 		local var
 		for var in "${vars[@]}"; do