summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAttila Lendvai <attila@lendvai.name>2021-12-21 22:56:10 +0100
committerMathieu Othacehe <othacehe@gnu.org>2021-12-22 10:53:19 +0100
commit9ebc9ca070a21ba0aeb3f61202a8071bb250ccc8 (patch)
treef29313e0c83112cf7aceeec893f1ee68135af78b
parent5b8ae331f73d970e29566b82c9fe36aa0d77ccb7 (diff)
tests: Move keys into ./tests/keys/ and add a third ed25519 key.
The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
-rw-r--r--Makefile.am20
-rw-r--r--build-aux/test-env.in6
-rw-r--r--guix/tests/gnupg.scm22
-rw-r--r--tests/channels.scm18
-rw-r--r--tests/git-authenticate.scm23
-rw-r--r--tests/guix-authenticate.sh4
-rw-r--r--tests/keys/civodul.pub (renamed from tests/civodul.key)0
-rw-r--r--tests/keys/dsa.pub (renamed from tests/dsa.key)0
-rw-r--r--tests/keys/ed25519-2.pub (renamed from tests/ed25519bis.key)0
-rw-r--r--tests/keys/ed25519-2.sec (renamed from tests/ed25519bis.sec)0
-rw-r--r--tests/keys/ed25519-3.pub9
-rw-r--r--tests/keys/ed25519-3.sec10
-rw-r--r--tests/keys/ed25519.pub (renamed from tests/ed25519.key)0
-rw-r--r--tests/keys/ed25519.sec (renamed from tests/ed25519.sec)0
-rw-r--r--tests/keys/rsa.pub (renamed from tests/rsa.key)0
-rw-r--r--tests/keys/signing-key.pub (renamed from tests/signing-key.pub)0
-rw-r--r--tests/keys/signing-key.sec (renamed from tests/signing-key.sec)0
-rw-r--r--tests/openpgp.scm42
18 files changed, 93 insertions, 61 deletions
diff --git a/Makefile.am b/Makefile.am
index c4ccee65f1..d39052521b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -653,16 +653,18 @@ EXTRA_DIST += \
build-aux/update-guix-package.scm \
build-aux/update-NEWS.scm \
tests/test.drv \
- tests/signing-key.pub \
- tests/signing-key.sec \
tests/cve-sample.json \
- tests/civodul.key \
- tests/rsa.key \
- tests/dsa.key \
- tests/ed25519.key \
- tests/ed25519.sec \
- tests/ed25519bis.key \
- tests/ed25519bis.sec \
+ tests/keys/signing-key.pub \
+ tests/keys/signing-key.sec \
+ tests/keys/civodul.pub \
+ tests/keys/rsa.pub \
+ tests/keys/dsa.pub \
+ tests/keys/ed25519.pub \
+ tests/keys/ed25519.sec \
+ tests/keys/ed25519-2.pub \
+ tests/keys/ed25519-2.sec \
+ tests/keys/ed25519-3.pub \
+ tests/keys/ed25519-3.sec \
build-aux/config.rpath \
bootstrap \
doc/build.scm \
diff --git a/build-aux/test-env.in b/build-aux/test-env.in
index 7efc43206c..ca786437e9 100644
--- a/build-aux/test-env.in
+++ b/build-aux/test-env.in
@@ -73,9 +73,9 @@ then
# Copy the keys so that the secret key has the right permissions (the
# daemon errors out when this is not the case.)
mkdir -p "$GUIX_CONFIGURATION_DIRECTORY"
- cp "@abs_top_srcdir@/tests/signing-key.sec" \
- "@abs_top_srcdir@/tests/signing-key.pub" \
- "$GUIX_CONFIGURATION_DIRECTORY"
+ cp "@abs_top_srcdir@/tests/keys/signing-key.sec" \
+ "@abs_top_srcdir@/tests/keys/signing-key.pub" \
+ "$GUIX_CONFIGURATION_DIRECTORY"
chmod 400 "$GUIX_CONFIGURATION_DIRECTORY/signing-key.sec"
fi
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index eb8ff63a43..943fd66077 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -28,8 +28,10 @@
%ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file
+ %ed25519-3-public-key-file
+ %ed25519-3-secret-key-file
read-openpgp-packet
key-fingerprint
@@ -63,13 +65,17 @@ process is terminated afterwards."
(call-with-fresh-gnupg-setup imported (lambda () exp ...)))
(define %ed25519-public-key-file
- (search-path %load-path "tests/ed25519.key"))
+ (search-path %load-path "tests/keys/ed25519.pub"))
(define %ed25519-secret-key-file
- (search-path %load-path "tests/ed25519.sec"))
-(define %ed25519bis-public-key-file
- (search-path %load-path "tests/ed25519bis.key"))
-(define %ed25519bis-secret-key-file
- (search-path %load-path "tests/ed25519bis.sec"))
+ (search-path %load-path "tests/keys/ed25519.sec"))
+(define %ed25519-2-public-key-file
+ (search-path %load-path "tests/keys/ed25519-2.pub"))
+(define %ed25519-2-secret-key-file
+ (search-path %load-path "tests/keys/ed25519-2.sec"))
+(define %ed25519-3-public-key-file
+ (search-path %load-path "tests/keys/ed25519-3.pub"))
+(define %ed25519-3-secret-key-file
+ (search-path %load-path "tests/keys/ed25519-3.sec"))
(define (read-openpgp-packet file)
(get-openpgp-packet
diff --git a/tests/channels.scm b/tests/channels.scm
index 3e82315b0c..d45c450241 100644
--- a/tests/channels.scm
+++ b/tests/channels.scm
@@ -480,8 +480,8 @@
#t
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add ".guix-channel"
,(object->string
@@ -507,7 +507,7 @@
(commit-id-string commit1)
(openpgp-public-key-fingerprint
(read-openpgp-packet
- %ed25519bis-public-key-file)))) ;different key
+ %ed25519-2-public-key-file)))) ;different key
(channel (channel (name 'example)
(url (string-append "file://" directory))
(introduction intro))))
@@ -519,7 +519,7 @@
(oid->string (commit-id commit1))
(key-fingerprint %ed25519-public-key-file)
(key-fingerprint
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(authenticate-channel channel directory
(commit-id-string commit2)
#:keyring-reference-prefix "")
@@ -530,8 +530,8 @@
#t
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add ".guix-channel"
,(object->string
@@ -552,12 +552,12 @@
(signer ,(key-fingerprint %ed25519-public-key-file)))
(add "c.txt" "C")
(commit "third commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(branch "channel-keyring")
(checkout "channel-keyring")
(add "signer.key" ,(call-with-input-file %ed25519-public-key-file
get-string-all))
- (add "other.key" ,(call-with-input-file %ed25519bis-public-key-file
+ (add "other.key" ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(commit "keyring commit")
(checkout "master"))
@@ -588,7 +588,7 @@
(unauthorized-commit-error-signing-key c))
(openpgp-public-key-fingerprint
(read-openpgp-packet
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(authenticate-channel channel directory
(commit-id-string commit3)
#:keyring-reference-prefix "")
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index d87eacc659..f66ef191b0 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -161,14 +161,14 @@
(test-assert "signed commits, .guix-authorizations, unauthorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add "signer1.key"
,(call-with-input-file %ed25519-public-key-file
get-string-all))
(add "signer2.key"
- ,(call-with-input-file %ed25519bis-public-key-file
+ ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(add ".guix-authorizations"
,(object->string
@@ -184,7 +184,7 @@
(checkout "devel")
(add "devel/1.txt" "1")
(commit "first devel commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(checkout "master")
(add "b.txt" "B")
(commit "second commit"
@@ -203,7 +203,7 @@
(openpgp-public-key-fingerprint
(unauthorized-commit-error-signing-key c))
(openpgp-public-key-fingerprint
- (read-openpgp-packet %ed25519bis-public-key-file)))))
+ (read-openpgp-packet %ed25519-2-public-key-file)))))
(and (authenticate-commits repository (list master1 master2)
#:keyring-reference "master")
@@ -230,14 +230,14 @@
(test-assert "signed commits, .guix-authorizations, authorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add "signer1.key"
,(call-with-input-file %ed25519-public-key-file
get-string-all))
(add "signer2.key"
- ,(call-with-input-file %ed25519bis-public-key-file
+ ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(add ".guix-authorizations"
,(object->string
@@ -258,12 +258,12 @@
%ed25519-public-key-file)
(name "Alice"))
(,(key-fingerprint
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(commit "first devel commit"
(signer ,(key-fingerprint %ed25519-public-key-file)))
(add "devel/2.txt" "2")
(commit "second devel commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(checkout "master")
(add "b.txt" "B")
(commit "second commit"
@@ -273,7 +273,7 @@
;; After the merge, the second signer is authorized.
(add "c.txt" "C")
(commit "third commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file))))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file))))
(with-repository directory repository
(let ((master1 (find-commit repository "first commit"))
(master2 (find-commit repository "second commit"))
@@ -328,4 +328,3 @@
'failed)))))))
(test-end "git-authenticate")
-
diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh
index 3a05b232c1..0de6da1878 100644
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -28,7 +28,7 @@ rm -f "$sig" "$hash"
trap 'rm -f "$sig" "$hash"' EXIT
-key="$abs_top_srcdir/tests/signing-key.sec"
+key="$abs_top_srcdir/tests/keys/signing-key.sec"
key_len="`echo -n $key | wc -c`"
# A hexadecimal string as long as a sha256 hash.
@@ -67,7 +67,7 @@ test "$code" -ne 0
# encoded independently of the current locale: <https://bugs.gnu.org/43421>.
hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
latin1_cafe="caf$(printf '\351')"
-echo "sign 21:tests/signing-key.sec 64:$hash" | guix authenticate \
+echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
| LC_ALL=C grep "hash sha256 \"$latin1_cafe"
# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
diff --git a/tests/civodul.key b/tests/keys/civodul.pub
index 272600ac93..272600ac93 100644
--- a/tests/civodul.key
+++ b/tests/keys/civodul.pub
diff --git a/tests/dsa.key b/tests/keys/dsa.pub
index 4727975c63..4727975c63 100644
--- a/tests/dsa.key
+++ b/tests/keys/dsa.pub
diff --git a/tests/ed25519bis.key b/tests/keys/ed25519-2.pub
index f5329105d5..f5329105d5 100644
--- a/tests/ed25519bis.key
+++ b/tests/keys/ed25519-2.pub
diff --git a/tests/ed25519bis.sec b/tests/keys/ed25519-2.sec
index 059765f557..059765f557 100644
--- a/tests/ed25519bis.sec
+++ b/tests/keys/ed25519-2.sec
diff --git a/tests/keys/ed25519-3.pub b/tests/keys/ed25519-3.pub
new file mode 100644
index 0000000000..72f311984c
--- /dev/null
+++ b/tests/keys/ed25519-3.pub
@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldm0FTxleGFtcGxlQGV4YW1wbGUuY29tPoiWBBMWCAA+FiEEjO6M85jMSK68
+7tINGBzA7NyoagkFAmFR/+8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgEC
+F4AACgkQGBzA7Nyoagl3lgEAw6yqIlX11lTqwxBGhZk/Oy34O13cbJSZCGv+m0ja
++hcA/3DCNOmT+oXjgO/w6enQZUQ1m/d6dUjCc2wOLlLz+ZoG
+=+r3i
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/keys/ed25519-3.sec b/tests/keys/ed25519-3.sec
new file mode 100644
index 0000000000..04128a4131
--- /dev/null
+++ b/tests/keys/ed25519-3.sec
@@ -0,0 +1,10 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldkAAP92goSbbzQ0ttElr9lr5Cm6rmQtqUZ2Cu/Jk9fvfZROwxI0tBU8ZXhh
+bXBsZUBleGFtcGxlLmNvbT6IlgQTFggAPhYhBIzujPOYzEiuvO7SDRgcwOzcqGoJ
+BQJhUf/vAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBgcwOzc
+qGoJd5YBAMOsqiJV9dZU6sMQRoWZPzst+Dtd3GyUmQhr/ptI2voXAP9wwjTpk/qF
+44Dv8Onp0GVENZv3enVIwnNsDi5S8/maBg==
+=EmOt
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/ed25519.key b/tests/keys/ed25519.pub
index f6bf906783..f6bf906783 100644
--- a/tests/ed25519.key
+++ b/tests/keys/ed25519.pub
diff --git a/tests/ed25519.sec b/tests/keys/ed25519.sec
index 068738dfab..068738dfab 100644
--- a/tests/ed25519.sec
+++ b/tests/keys/ed25519.sec
diff --git a/tests/rsa.key b/tests/keys/rsa.pub
index 0ef9145ef0..0ef9145ef0 100644
--- a/tests/rsa.key
+++ b/tests/keys/rsa.pub
diff --git a/tests/signing-key.pub b/tests/keys/signing-key.pub
index 092424a15d..092424a15d 100644
--- a/tests/signing-key.pub
+++ b/tests/keys/signing-key.pub
diff --git a/tests/signing-key.sec b/tests/keys/signing-key.sec
index 558e189102..558e189102 100644
--- a/tests/signing-key.sec
+++ b/tests/keys/signing-key.sec
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index c2be26fa49..1f20466772 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -59,18 +59,22 @@ vBSFjNSiVHsuAA==
(define %civodul-fingerprint
"3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5")
-(define %civodul-key-id #x090B11993D9AEBB5) ;civodul.key
-
-;; Test keys. They were generated in a container along these lines:
-;; guix environment -CP --ad-hoc gnupg pinentry
-;; then, within the container:
-;; mkdir ~/.gnupg
-;; echo pinentry-program ~/.guix-profile/bin/pinentry-tty > ~/.gnupg/gpg-agent.conf
-;; gpg --quick-gen-key '<ludo+test-rsa@chbouib.org>' rsa
-;; or similar.
-(define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.key
-(define %dsa-key-id #x587918047BE8BD2C) ;dsa.key
-(define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.key
+(define %civodul-key-id #x090B11993D9AEBB5) ;civodul.pub
+
+#|
+Test keys in ./tests/keys. They were generated in a container along these lines:
+ guix environment -CP --ad-hoc gnupg pinentry coreutils
+then, within the container:
+ mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg
+ gpg --batch --passphrase '' --quick-gen-key '<example@example.com>' ed25519
+ gpg --armor --export example@example.com
+ gpg --armor --export-secret-key example@example.com
+ # echo pinentry-program ~/.guix-profile/bin/pinentry-curses > ~/.gnupg/gpg-agent.conf
+or similar.
+|#
+(define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.pub
+(define %dsa-key-id #x587918047BE8BD2C) ;dsa.pub
+(define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.pub
(define %rsa-key-fingerprint
(base16-string->bytevector
@@ -168,7 +172,7 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
(not (port-ascii-armored? (open-bytevector-input-port %binary-sample))))
(test-assert "get-openpgp-keyring"
- (let* ((key (search-path %load-path "tests/civodul.key"))
+ (let* ((key (search-path %load-path "tests/keys/civodul.pub"))
(keyring (get-openpgp-keyring
(open-bytevector-input-port
(call-with-input-file key read-radix-64)))))
@@ -228,8 +232,10 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
(verify-openpgp-signature signature keyring
(open-input-string "Hello!\n"))))
(list status (openpgp-public-key-id key)))))
- (list "tests/rsa.key" "tests/dsa.key"
- "tests/ed25519.key" "tests/ed25519.key" "tests/ed25519.key")
+ (list "tests/keys/rsa.pub" "tests/keys/dsa.pub"
+ "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub")
(list %hello-signature/rsa %hello-signature/dsa
%hello-signature/ed25519/sha256
%hello-signature/ed25519/sha512
@@ -248,9 +254,9 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
(call-with-input-file key read-radix-64))
keyring)))
%empty-keyring
- '("tests/rsa.key" "tests/dsa.key"
- "tests/ed25519.key" "tests/ed25519.key"
- "tests/ed25519.key"))))
+ '("tests/keys/rsa.pub" "tests/keys/dsa.pub"
+ "tests/keys/ed25519.pub" "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub"))))
(map (lambda (signature)
(let ((signature (string->openpgp-packet signature)))
(let-values (((status key)