diff options
| author | Slack Coder <slackcoder@server.ky> | 2024-12-10 14:06:06 -0500 |
|---|---|---|
| committer | Slack Coder <slackcoder@server.ky> | 2025-01-21 15:36:10 -0500 |
| commit | ba81bf24d8df5153830f06deb7c2b780fe5c292f (patch) | |
| tree | d8c0aefac933b7ed41e4b8faae75b9feaf0b9f1d | |
| parent | 82b061208df57c0d1d46b06ffa15ad6846db883b (diff) | |
| download | sbotools2-ba81bf24d8df5153830f06deb7c2b780fe5c292f.tar.xz | |
GPG verification
| -rw-r--r-- | SBO-Lib/lib/SBO/App/Snap.pm | 17 | ||||
| -rw-r--r-- | SBO-Lib/lib/SBO/Lib.pm | 7 | ||||
| -rw-r--r-- | SBO-Lib/lib/SBO/Lib/Cryptography.pm | 159 | ||||
| -rw-r--r-- | SBO-Lib/lib/SBO/Lib/Repo.pm | 147 | ||||
| -rw-r--r-- | SBO-Lib/lib/SBO/Lib/Util.pm | 5 | ||||
| -rw-r--r-- | completions/zsh/_sboconfig | 1 | ||||
| -rw-r--r-- | docker/sbotools2-test:14.0.dockerfile | 33 | ||||
| -rw-r--r-- | docker/sbotools2-test:14.1.dockerfile | 32 | ||||
| -rw-r--r-- | docker/sbotools2-test:14.2.dockerfile | 32 | ||||
| -rw-r--r-- | key/slackbuilds-devel@slackbuilds.org.asc | 31 | ||||
| -rw-r--r-- | man1/sboconfig.1 | 5 | ||||
| -rw-r--r-- | man1/sbosnap.1 | 2 | ||||
| -rw-r--r-- | man5/sbotools.conf.5 | 5 | ||||
| -rwxr-xr-x | sboconfig | 9 | ||||
| -rw-r--r-- | slackbuild/sbotools2/sbotools2.SlackBuild | 2 | ||||
| -rwxr-xr-x | t/01-unit.t | 12 | ||||
| -rwxr-xr-x | t/02.2-unit-repo.t | 2 | ||||
| -rwxr-xr-x | t/03-travis.t | 45 | ||||
| -rwxr-xr-x | t/05-upgrade.t | 11 | ||||
| -rwxr-xr-x | t/11-git.t | 3 | ||||
| -rwxr-xr-x | t/15-usage.t | 3 | ||||
| -rwxr-xr-x | t/17-find.t | 3 | ||||
| -rwxr-xr-x | t/18-snap.t | 4 | ||||
| -rwxr-xr-x | t/22-race.t | 12 | ||||
| -rwxr-xr-x | t/27-race-sbofind.t | 3 | ||||
| -rwxr-xr-x | t/Test/Execute.pm | 16 | ||||
| -rw-r--r-- | t/Test/Sbotools.pm | 3 | ||||
| -rw-r--r-- | t/sbotools.conf | 1 |
28 files changed, 543 insertions, 62 deletions
diff --git a/SBO-Lib/lib/SBO/App/Snap.pm b/SBO-Lib/lib/SBO/App/Snap.pm index 00aea38..d2b0f57 100644 --- a/SBO-Lib/lib/SBO/App/Snap.pm +++ b/SBO-Lib/lib/SBO/App/Snap.pm @@ -13,12 +13,12 @@ package SBO::App::Snap; use 5.16.0; use strict; use warnings FATAL => 'all'; -use SBO::Lib qw/ fetch_tree update_tree %config show_version /; +use SBO::Lib qw/ fetch_tree import_gpg_key update_tree %config show_version /; use Getopt::Long qw/ GetOptionsFromArray /; use parent 'SBO::App'; -our $VERSION = '2.7.2'; +our $VERSION = '2.7.4'; sub _parse_opts { my $class = shift; @@ -49,6 +49,7 @@ Options: Commands: fetch: initialize a local copy of the slackbuilds.org tree. + import-key [path or url]: import GPG for verifying the slackbuilds.org tree. Defaults to the key shipped with sbotools2. update: update an existing local copy of the slackbuilds.org tree. (generally, you may prefer "sbocheck" over "$fname update") @@ -67,9 +68,17 @@ sub run { $args[0] //= ''; if ($args[0] eq 'fetch') { - fetch_tree() + fetch_tree(); + } elsif ($args[0] eq 'import-key') { + my $key_path_or_url = "/usr/doc/sbotools2-$VERSION/slackbuilds-devel\@slackbuilds.org.asc"; + if ($args[1]) { + $key_path_or_url = $args[1]; + } + my $key_id = $config{'GPG_KEY'}; + + import_gpg_key($key_path_or_url, $key_id); } elsif ($args[0] eq 'update') { - update_tree() + update_tree(); } else { $self->show_usage(); return 1; diff --git a/SBO-Lib/lib/SBO/Lib.pm b/SBO-Lib/lib/SBO/Lib.pm index ae67b23..edb418a 100644 --- a/SBO-Lib/lib/SBO/Lib.pm +++ b/SBO-Lib/lib/SBO/Lib.pm @@ -10,7 +10,7 @@ use strict; use warnings FATAL => 'all'; package SBO::Lib; -our $VERSION = '2.7.2'; +our $VERSION = '2.7.4'; =pod @@ -33,6 +33,8 @@ exporting all of their exports. =over +=item L<SBO::Lib::Cryptography> + =item L<SBO::Lib::Util> =item L<SBO::Lib::Info> @@ -53,6 +55,7 @@ exporting all of their exports. =cut +use SBO::Lib::Cryptography qw/ :all /; use SBO::Lib::Util qw/ :all /; use SBO::Lib::Info qw/ :all /; use SBO::Lib::Repo qw/ :all /; @@ -65,6 +68,7 @@ use SBO::Lib::Download qw/ :all /; use Exporter 'import'; our @EXPORT_OK = ( + @SBO::Lib::Cryptography::EXPORT_OK, @SBO::Lib::Util::EXPORT_OK, @SBO::Lib::Info::EXPORT_OK, @SBO::Lib::Repo::EXPORT_OK, @@ -77,6 +81,7 @@ our @EXPORT_OK = ( our %EXPORT_TAGS = ( all => \@EXPORT_OK, + cryptography => \@SBO::Lib::Cryptography::EXPORT_OK, util => \@SBO::Lib::Util::EXPORT_OK, info => \@SBO::Lib::Info::EXPORT_OK, repo => \@SBO::Lib::Repo::EXPORT_OK, diff --git a/SBO-Lib/lib/SBO/Lib/Cryptography.pm b/SBO-Lib/lib/SBO/Lib/Cryptography.pm new file mode 100644 index 0000000..4fca277 --- /dev/null +++ b/SBO-Lib/lib/SBO/Lib/Cryptography.pm @@ -0,0 +1,159 @@ +package SBO::Lib::Cryptography; + +use 5.016; +use strict; +use warnings; + +our $VERSION = '2.7.2'; + +use Cwd; +use File::Temp "tempdir"; +use IPC::Open3; + +use constant { + BAD_SIGNATURE => 'bad signature', + EXPIRED_KEY => 'expired key', + VALID_SIGNATURE => 'good signature', +}; + +use Exporter 'import'; + +our @EXPORT_OK = qw{ + has_valid_gpg_signature + import_gpg_key + verify_gpg_signed_file + + BAD_SIGNATURE + EXPIRED_KEY + VALID_SIGNATURE +}; + +our %EXPORT_TAGS = ( + all => \@EXPORT_OK, +); + +=pod + +=encoding UTF-8 + +=head2 + + has_valid_gpg_signature(@output, $key_id); + +C<has_valid_gpg_siganture()> validates whether the captured gpg status output +contains a good signature for the given GPG key. + +=cut + +sub has_valid_gpg_signature { + my $output = shift; + my $key_id = shift; + + # VALIDSIG contains the hex key ID, GOODSIG is required for certainty. More + # information can be found in 'DETAILS' in the gnupg2 documentation folder. + my $is_good_sig = 0; + my $is_valid_sig = 0; + + my $line; + foreach $line (@$output) { + if ($line =~ /^\[GNUPG\:] VALIDSIG $key_id/) { + $is_valid_sig = 1; + } elsif ($line =~ /^\[GNUPG\:] GOODSIG /) { + $is_good_sig = 1; + } + + if ($is_good_sig && $is_valid_sig) { + return 1; + } + } + + return 0; +} + +=head2 import_gpg_key + + import_gpg_key($key); + +C<import_gpg_key()> will import the key into the systems keychain. An error will +be reported if the configured key fingerprint does not match the imported one. + +=cut + +sub import_gpg_key { + script_error('import_gpg_key requires two arguments.') unless @_ == 2; + + my $key = shift; + my $key_id = shift; + + my $key_source; + if ($key =~ m!^http://! || $key =~ m!^https://!) { + open3(undef, $key_source, ">&STDERR", "wget", $key, "-O", "-") || die("could not download key from $key"); + } else { + open($key_source, "<", $key) || die("could not read '$key': $!"); + } + + my $old = $ENV{'GNUPGHOME'}; + + $ENV{'GNUPGHOME'} = tempdir(CLEANUP => 1); + + my $gpg_cmd; + open3($gpg_cmd, undef, undef, "gpg", "--batch", "--yes", "--import", "-") || die("could not import key: $!\n"); + + while (my $line = <$key_source>) { + print($gpg_cmd $line); + } + + close($gpg_cmd); + close($key_source); + + sleep(1); + + if (system(">/dev/null gpg --list-keys $key_id")) { + die("GPG key '$key_id' not found. Confirm the correct key is configured or is being imported.\n"); + } + + my $gpg_export; + open($gpg_export, "-|", "gpg", "--export", $key_id) || die("could not export key: $!\n"); + + $ENV{'GNUPGHOME'} = $old; + + my $gpg_import; + open3($gpg_import, ">&STDOUT", ">&STDOUT", "gpg", "--batch", "--yes", "--import", "-") || die("could not import key: $!\n"); + + while (my $line = <$gpg_export>) { + print($gpg_import $line); + } + + close($gpg_export); + close($gpg_import); + + print("key imported\n"); +} + +=head2 verify_gpg_signed_file + + verify_gpg_signed_file($file_path, $key_id); + +C<verify_gpg_signed_file()> verifies the C<file_path> is signed by C<key_id>. + +=cut + +sub verify_gpg_signed_file { + script_error('verify_gpg_signed_file requires two arguments.') unless @_ == 2; + + my $file_path = shift; + my $key_id = shift; + + my @output; + open3(undef, my $std_out, undef, "gpg", "--status-fd=1", "--verify", $file_path) or die("dead"); + while (my $line = <$std_out>) { + push(@output, $line); + } + close($std_out); + + if (! has_valid_gpg_signature(\@output, $key_id)) { + return BAD_SIGNATURE; + } + + return VALID_SIGNATURE; +} diff --git a/SBO-Lib/lib/SBO/Lib/Repo.pm b/SBO-Lib/lib/SBO/Lib/Repo.pm index 35ed4c9..6c7babb 100644 --- a/SBO-Lib/lib/SBO/Lib/Repo.pm +++ b/SBO-Lib/lib/SBO/Lib/Repo.pm @@ -6,13 +6,17 @@ use warnings; our $VERSION = '2.7.2'; -use SBO::Lib::Util qw/ %config prompt usage_error get_slack_version get_slack_version_url script_error open_fh open_read in _ERR_DOWNLOAD /; +use SBO::Lib::Util qw/ %config prompt usage_error get_slack_version get_slack_version_key get_slack_version_url script_error open_fh open_read in _ERR_DOWNLOAD /; +use SBO::Lib::Cryptography qw/ has_valid_gpg_signature verify_gpg_signed_file VALID_SIGNATURE /; use Cwd; use File::Copy; use File::Find; +use File::Temp "tempdir"; use File::Path qw/ make_path remove_tree /; +use IPC::Open3; use Sort::Versions; +use Symbol "gensym"; use Exporter 'import'; @@ -211,9 +215,26 @@ sub generate_slackbuilds_txt { return 1; } +sub latest_git_tag { + my $version = shift; + my $tag = ''; + + open(my $std_out, "git tag |") or die("dead"); + while (my $line = <$std_out>) { + if ($line =~ /^$version-/) { + $tag = $line; + } + } + close($std_out); + + chomp($tag); + + return $tag; +} + =head2 git_sbo_tree - my $bool = git_sbo_tree($url); + my $bool = git_sbo_tree($url, $key_id); C<git_sbo_tree()> will C<git clone> the repository specified by C<$url> to the C<$repo_path> if the C<$url> repository isn't already there. If it is, it will @@ -225,28 +246,62 @@ true value. =cut sub git_sbo_tree { - script_error('git_sbo_tree requires an argument.') unless @_ == 1; + script_error('git_sbo_tree requires two arguments.') unless @_ == 2; my $url = shift; + my $key_id = shift; + my $cwd = getcwd(); - my $res; - if (-d "$repo_path/.git" and check_git_remote($repo_path, $url)) { - _race::cond '$repo_path can be deleted after -d check'; - chdir $repo_path or return 0; - $res = eval { - die unless system(qw! git fetch !) == 0; # if system() doesn't return 0, there was an error - _race::cond 'git repo could be changed or deleted here'; - die unless system(qw! git reset --hard origin !) == 0; - unlink "$repo_path/SLACKBUILDS.TXT"; - 1; - }; - } else { + + if ((! -d "$repo_path/.git") || ! check_git_remote($repo_path, $url)) { chdir $config{SBO_HOME} or return 0; + remove_tree($repo_path) if -d $repo_path; - $res = system(qw/ git clone --no-local /, $url, $repo_path) == 0; + if (system(qw/ git clone --no-local /, $url, $repo_path)) { + return 0; + } + } + + _race::cond '$repo_path can be deleted after -d check'; + chdir($repo_path) or return 0; + + return 0 unless system("git fetch") == 0; + + unlink "$repo_path/SLACKBUILDS.TXT"; + + my $git_ref = 'origin'; + my $verify_cmd = 'verify-commit'; + + my $tag = latest_git_tag(get_slack_version()); + if ($tag ne '') { + $git_ref = $tag; + $verify_cmd = 'verify-tag'; + } + + if ($key_id) { + my @output; + + print("Verifying $git_ref...\n"); + open3(undef, undef, my $std_err = gensym, "git", $verify_cmd, "--raw", "$git_ref"); + while (my $line = <$std_err>) { + push(@output, $line); + } + close($std_err); + + if (! has_valid_gpg_signature(\@output, $key_id)) { + print(STDERR "Repository GPG verification failed.\n"); + + chdir $cwd; + return 0; + } } + + _race::cond 'git repo could be changed or deleted here'; + return 0 unless system('git', 'reset', '--hard', $git_ref) == 0; + _race::cond '$cwd could be deleted here'; - return 1 if chdir $cwd and $res; - return 0; + return 0 unless chdir $cwd; + + return 1; } =head2 migrate_repo @@ -292,14 +347,26 @@ sub pull_sbo_tree { } else { unlink($slackbuilds_txt); } + + my $key_id = ''; + if ($config{GPG_KEY} ne 'FALSE') { + $key_id = $config{GPG_KEY}; + }; + my $res = 0; if ($url =~ m!^rsync://!) { - $res = rsync_sbo_tree($url); + $res = rsync_sbo_tree($url, $key_id); } else { - $res = git_sbo_tree($url); + $res = git_sbo_tree($url, $key_id); } - if ($res == 0) { warn "Could not sync from $url.\n"; exit _ERR_DOWNLOAD; } + if ($res == 0) { + warn "Could not sync from $url.\n"; + if ($url eq 'https://github.com/Ponce/slackbuilds.git' && $key_id ne '') { + warn "This URL is known not to use GPG verification. You likely want to disable with 'sboconfig --gpg-key FALSE'." + } + exit _ERR_DOWNLOAD; + } my $wanted = sub { chown 0, 0, $File::Find::name; }; find($wanted, $repo_path) if -d $repo_path; @@ -310,7 +377,7 @@ sub pull_sbo_tree { =head2 rsync_sbo_tree - my $bool = rsync_sbo_tree($url); + my $bool = rsync_sbo_tree($url, $key_id); C<rsync_sbo_tree()> syncs the SlackBuilds.org repository to C<$repo_path> from the C<$url> provided. @@ -319,14 +386,46 @@ the C<$url> provided. # rsync the sbo tree from slackbuilds.org to $repo_path sub rsync_sbo_tree { - script_error('rsync_sbo_tree requires an argument.') unless @_ == 1; + script_error('rsync_sbo_tree requires two arguments.') unless @_ == 2; + my $url = shift; $url .= '/' unless $url =~ m!/$!; # make sure $url ends with / + my $key_id = shift; + my @info; # only slackware versions above 14.1 have an rsync that supports --info=progress2 if (versioncmp(get_slack_version(), '14.1') == 1) { @info = ('--info=progress2'); } + my @args = ('rsync', @info, '-a', '--delete', $url); - return system(@args, $repo_path) == 0; + return 0 unless system(@args, $repo_path) == 0; + + my $cwd = getcwd(); + chdir($repo_path); + + if ($key_id) { + if (versioncmp(get_slack_version(), '14.1') == -1) { + print("GPG verification is not present for 14.0 and earlier. You should consider disabling GPG verification.") + } + + print("Verifying CHECKSUMS.md5...\n"); + my $res = verify_gpg_signed_file('CHECKSUMS.md5.asc', $key_id); + if ($res ne VALID_SIGNATURE) { + print(STDERR "Respository CHECKSUMS.md5 GPG verification failed.\n"); + + chdir($cwd); + return 0; + } + } + + if ( -e "CHECKSUMS.md5" ) { + print("Verifying file integrity using CHECKSUMS.md5...\n"); + if (system('tail +13 CHECKSUMS.md5 | md5sum -c --quiet -')) { + chdir($cwd); + return 0; + } + } + + return chdir($cwd); } =head2 slackbuilds_or_fetch diff --git a/SBO-Lib/lib/SBO/Lib/Util.pm b/SBO-Lib/lib/SBO/Lib/Util.pm index d6327c1..3c611b8 100644 --- a/SBO-Lib/lib/SBO/Lib/Util.pm +++ b/SBO-Lib/lib/SBO/Lib/Util.pm @@ -40,6 +40,7 @@ our @EXPORT_OK = ( get_kernel_version get_sbo_from_loc get_slack_version + get_slack_version_key get_slack_version_url idx in @@ -97,7 +98,7 @@ the values will change according to the configuration, and C<SBO_HOME> will by default get changed to C</usr/sbo>. The supported keys are: C<NOCLEAN>, C<DISTCLEAN>, C<JOBS>, C<PKG_DIR>, -C<SBO_HOME>, C<LOCAL_OVERRIDES>, C<SLACKWARE_VERSION>, C<REPO>. +C<SBO_HOME>, C<LOCAL_OVERRIDES>, C<SLACKWARE_VERSION>, C<REPO>, C<GPG_KEY>. =cut @@ -113,6 +114,7 @@ our %config = ( LOCAL_OVERRIDES => 'FALSE', SLACKWARE_VERSION => 'FALSE', REPO => 'FALSE', + GPG_KEY => 'D3076BC3E783EE747F09B8B70368EF579C7BA3B6', ); read_config(); @@ -242,7 +244,6 @@ sub get_slack_version_url { return $supported{get_slack_version()}; } - =head2 idx my $idx = idx($needle, @haystack); diff --git a/completions/zsh/_sboconfig b/completions/zsh/_sboconfig index 6485f56..69e2984 100644 --- a/completions/zsh/_sboconfig +++ b/completions/zsh/_sboconfig @@ -10,6 +10,7 @@ _arguments \ - commands \ '(-c --noclean)'{-c,--noclean}'[If TRUE, then do not clean working directories after build.]:clean work dirs?:((TRUE\:"Clean works directories" FALSE\:"Keep work directories"))' \ '(-d --distclean)'{-d,--distclean}'[If TRUE, then remove source code after building.]:clean source?:((TRUE\:"Remove source" FALSE\:"Keep source"))' \ + '(-g --gpg-key)'{-g,--gpg-key}'[The gpg key used for verification, FALSE to disable.]:use gpg?:((FALSE\:"Do not verify"))' \ '(-j --jobs)'{-j,--jobs}'[Number fed to -j# for make.]:number of jobs (make):()' \ '(-p --pkg-dir)'{-p,--pkg-dir}'[Directory to store built packages in.]:package directory:_files -/' \ '(-s --sbo-home)'{-s,--sbo-home}'[Directory for SBo tree (default /usr/sbo).]:SBo home dir:_files -/' \ diff --git a/docker/sbotools2-test:14.0.dockerfile b/docker/sbotools2-test:14.0.dockerfile new file mode 100644 index 0000000..f12465e --- /dev/null +++ b/docker/sbotools2-test:14.0.dockerfile @@ -0,0 +1,33 @@ +# docker run -v $(realpath .):/root/sbotools2 -t sbotools2-test:14.0 + +FROM vbatts/slackware:14.0 + +# Project must be mounted here. +VOLUME /root/sbotools2 + +# Upgrade and install all +RUN sed -i 's/^WGETFLAGS=".*"/WGETFLAGS="--quiet --no-check-certificate"/g' /etc/slackpkg/slackpkg.conf +RUN yes y | slackpkg update && \ + slackpkg install-new -terse && \ + slackpkg upgrade-all -terse -batch=yes -default_answer=yes && \ + slackpkg install -terse -batch=yes -default_answer=yes a ap d f n l t tcl + +# Fix SSL certificate errors +RUN yes y | slackpkg reinstall ca-certificates + +RUN cpan install \ + Capture::Tiny \ + Devel::Cover\ + Test::Diff \ + Test::Exit \ + Test::More + +# Git configuration some test's setup. +RUN git config --global user.name root \ + && git config --global user.email root@localhost + +WORKDIR /root/sbotools2 + +CMD prove -v t/*.t + + diff --git a/docker/sbotools2-test:14.1.dockerfile b/docker/sbotools2-test:14.1.dockerfile new file mode 100644 index 0000000..6e29280 --- /dev/null +++ b/docker/sbotools2-test:14.1.dockerfile @@ -0,0 +1,32 @@ +# docker run -v $(realpath .):/root/sbotools2 -t sbotools2-test:14.1 + +FROM vbatts/slackware:14.1 + +# Project must be mounted here. +VOLUME /root/sbotools2 + +# Upgrade and install all +RUN sed -i 's/^WGETFLAGS=".*"/WGETFLAGS="--quiet --no-check-certificate"/g' /etc/slackpkg/slackpkg.conf +RUN yes y | slackpkg update && \ + slackpkg install-new -terse && \ + slackpkg upgrade-all -terse -batch=yes -default_answer=yes && \ + slackpkg install -terse -batch=yes -default_answer=yes a ap d f n l t tcl + +# Fix SSL certificate errors +RUN yes y | slackpkg reinstall ca-certificates + +RUN cpan install \ + Capture::Tiny \ + Devel::Cover\ + Test::Diff \ + Test::Exit \ + Test::More + +# Git configuration some test's setup. +RUN git config --global user.name root \ + && git config --global user.email root@localhost + +WORKDIR /root/sbotools2 + +CMD prove -v t/*.t + diff --git a/docker/sbotools2-test:14.2.dockerfile b/docker/sbotools2-test:14.2.dockerfile new file mode 100644 index 0000000..a55f004 --- /dev/null +++ b/docker/sbotools2-test:14.2.dockerfile @@ -0,0 +1,32 @@ +# docker run -v $(realpath .):/root/sbotools2 -t sbotools2-test:14.2 + +FROM vbatts/slackware:14.2 + +# Project must be mounted here. +VOLUME /root/sbotools2 + +# Upgrade and install all +RUN sed -i 's/^WGETFLAGS=".*"/WGETFLAGS="--quiet --no-check-certificate"/g' /etc/slackpkg/slackpkg.conf +RUN yes y | slackpkg update && \ + slackpkg install-new -terse && \ + slackpkg upgrade-all -terse -batch=yes -default_answer=yes && \ + slackpkg install -terse -batch=yes -default_answer=yes a ap d f n l t tcl + +# Fix SSL certificate errors +RUN yes y | slackpkg reinstall ca-certificates + +RUN cpan install \ + Capture::Tiny \ + Devel::Cover\ + Test::Diff \ + Test::Exit \ + Test::More + +# Git configuration some test's setup. +RUN git config --global user.name root \ + && git config --global user.email root@localhost + +WORKDIR /root/sbotools2 + +CMD prove -v t/*.t + diff --git a/key/slackbuilds-devel@slackbuilds.org.asc b/key/slackbuilds-devel@slackbuilds.org.asc new file mode 100644 index 0000000..58ae9ff --- /dev/null +++ b/key/slackbuilds-devel@slackbuilds.org.asc @@ -0,0 +1,31 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBEW7wrQRBACGHoowXtnvW1U6Edzscu7vv1ZOnt62bAWlSp6wrHowfu7ienyI +/VsqEnu+X0H850Nq7Lv1xWPWurkTnuyTGJaP58206xM0GjG7nhGrh8N1kYQ0P0oI +lXgUnHu0mpjixHfjpzztwfS5Z6vBMJeKVbV4Bme5eelvcFNle5RtihwpUwCgwP0B +EzkyLvxfJEPZwTeq+3Cd3f8D/jdhWv5dOw/zdyiDVenZyfK171K6HS3fNNaphDqR +faow5P7v9iZeRnXtEz7eMcEPYEciAjeQhb1JdUut+8yL5uDNvmrD3hYnEwHk6Ncl +mVy3KDbWdxO+obU5uYpBYyY11sjpil5nF+af2wY5zkNAvR2+Y0mWQjCJ6Qt0Q+xR ++zdwA/0VNfH30DGgvYfU6uByIqGRcgqR7qYJiauvkr6NlGZFGz0qYUu1rhvwEmdI +7rLYsx8GnV9YSsCn34yJoXm8B9BTuYNbwfiiVW5TZw8i5dxv7HSkBchrDlCKJhDi +VjM2WFk68x2urSJCygm9Vm3rkGFn2KlGZlcz3Wd4mdfW8F059rREU2xhY2tCdWls +ZHMub3JnIERldmVsb3BtZW50IFRlYW0gPHNsYWNrYnVpbGRzLWRldmVsQHNsYWNr +YnVpbGRzLm9yZz6IYAQTEQIAIAUCRbvCtAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4B +AheAAAoJEANo71ece6O2k/gAmwXsZIv83hxD9lnAAHrHCd4W4G0/AKCwVlX8jj2U +FdF9PEPRw/0wB2mhKohGBBARAgAGBQJRPupFAAoJEGpEY8BAECIzY2cAnRzkgvAq +s4a4qJacPat/kbscooBhAKCLVX3eY+fIBCBYT7rJfm4WkX1YO7kCDQRFu8LQEAgA +x0h1F8qyggHavyVXyhJfYYX/oVIQRppgRjxWmtBJPvoquDTe/Ch1pX9IdLcR7mji +/ABa2fajdLlqU0R8qKJ7lL9aEq9AFyP4TdRFT8aV8P+jJ3HEYWpV/HY28O1tae/x +KdlmkL+WL0iqHYq+Dd5bcp/oNTuo9oLyRwi/TkroR+bu/EUbjuuLuywXB/9CAAsN +wEFY8SqlMcdZ0tBqQWzvlptNDq6igzvt20QQNDevgF7aFgumddCJebVN892xK0T/ +bA1p6TOZzztmh98tKAFYAPQiaJLpu5wk0q8s1u1VqraN+kt8rj0i06X8u5iaGo9Q +5uJM63j/yYLRHAv3Z45jHwADBwf+OnPfd/4xENYeACaKHiUdQNmh/xwe5pxLVCfz +lfVHg11dJwOu47O4YZgZNugQMye7qGD29qo2BxiPYceCV0FhpSd5IeYD+Z2hOhTo +yAadWEHajLCbXtI0GaIr3OcjA3Qv7iYPJr6yyEulypJ/t62HFITAHCYu7Koo3HoS +LE8/DW8XsFkCYNSZUB3QjLSDlMmkkiTTXir79A94lEGrD+QOnkz1NhTjhQxhyl0P +EgoL371P3G5vQaRDFKFiN+0p8qpVJJbkHsrL4t3PDk71qCOkAMfe/zanrs5/yWuc +k6G3WJmMs56EO23dRWK4Da6SCbfliwVKd8ZKaUm09ChpRaf13ohJBBgRAgAJBQJF +u8LQAhsMAAoJEANo71ece6O2MYEAnAwq32EdW1TQ4SPrKVBrCDCvacI2AJ0fJ6sR +sznGAOmqpiyZ5f0968vKuQ== +=8bvN +-----END PGP PUBLIC KEY BLOCK----- diff --git a/man1/sboconfig.1 b/man1/sboconfig.1 index 109d067..f2acc15 100644 --- a/man1/sboconfig.1 +++ b/man1/sboconfig.1 @@ -40,6 +40,11 @@ DISTCLEAN: If TRUE, then DO remove the source code after building the slackbuild JOBS: If numeric (2,5,10, etc), then that number will be fed to the "-j" argument to make when a slackbuild which invokes "make" is run. This only makes sense on multicore systems, where one might set the JOBS to the number of available cores, or half that number, etc. .RE .P +-g|--gpg-key (FALSE|KEY_ID) +.RS +GPG_KEY: Use GPG to verify the slackbuilds.org tree on download using this GPG key. The default is configured to slackbuild.org's key 'D3076BC3E783EE747F09B8B70368EF579C7BA3B6'. You may want to disable if you are using Slackware current. Set to FALSE to disable. +.RE +.P -p|--pkg-dir (FALSE|/path) .RS PKG_DIR: If set to a path, packages will be stored at the given location after building and installing. By default, packages are left where they are deposited by slackbuilds, which is typically (probably always) /tmp (or $OUTPUT). If PKG_DIR is FALSE and DISTCLEAN is TRUE (either in sbotools.conf(5) or at sboupgrade/sboinstall runtime), the package will be deleted. If this option is set to a path in the filesystem, the package will be stored in that directory, regardless of any DISTCLEAN option. diff --git a/man1/sbosnap.1 b/man1/sbosnap.1 index be2d8a7..ff562cd 100644 --- a/man1/sbosnap.1 +++ b/man1/sbosnap.1 @@ -4,7 +4,7 @@ sbosnap - slackbuilds.org tree fetch and update command. .SH SYNAPSES .P -sbosnap [-h|-v] (fetch|update) +sbosnap [-h|-v] (fetch|import-key|update) .SH DESCRIPTION .P sbosnap is used to download and update a local copy of the slackbuilds.org tree, minus the .tar.gz{,.asc} files. Note that sbocheck(1) will also update the tree, and will then also check for updated slackbuilds. rsync is used for both operations. diff --git a/man5/sbotools.conf.5 b/man5/sbotools.conf.5 index a01a817..becb122 100644 --- a/man5/sbotools.conf.5 +++ b/man5/sbotools.conf.5 @@ -18,6 +18,11 @@ JOBS=(FALSE|#) If numeric (2,5,10, etc), then that number will be fed to the "-j" argument to make when a SlackBuild which invokes "make" is run. This only makes sense on multicore systems, where one might set the JOBS to the number of available cores, or half that number, etc. .RE .P +GPG_KEy=(FALSE|KEY_ID) +.RS +GPG_KEy: Use GPG to verify the slackbuilds.org tree on download using this GPG key. The default is configured to slackbuild.org's key 'D3076BC3E783EE747F09B8B70368EF579C7BA3B6'. You may want to disable if you are using Slackware current. Set to FALSE to disable. +.RE +.P NOCLEAN=(FALSE|TRUE) .RS If TRUE, then DO NOT clean working directories after building the slackbuild. These are the directories where the source is unpacked and compiled, and where the package is put together in, which are under /tmp/SBo (or $TMP). By default, these directories are removed after building a slackbuild. Setting this option to TRUE causes the working directories to not be cleaned by default. This can be overridden when running sboupgrade(1)/sboinstall(1). @@ -41,6 +41,8 @@ Config options (defaults shown): DISTCLEAN: if TRUE, DO clean distfiles by default after building. -j|--jobs FALSE: JOBS: numeric -j setting to feed to make for multicore systems. + -g|--gpg-key D3076BC3E783EE747F09B8B70368EF579C7BA3B6: + GPG_KEY GPG key ID for verification. -p|--pkg-dir FALSE: PKG_DIR: set a directory to store packages in. -s|--sbo-home /usr/sbo: @@ -60,7 +62,7 @@ my %options; GetOptions(\%options, 'help|h', 'version|v', 'list|l', 'noclean|c=s', 'distclean|d=s', 'jobs|j=s', 'pkg-dir|p=s', 'sbo-home|s=s', - 'local-overrides|o=s', 'slackware-version|V=s', 'repo|r=s'); + 'local-overrides|o=s', 'slackware-version|V=s', 'repo|r=s', 'gpg-key|g=s'); if ($options{help}) { show_usage(); exit 0 } if ($options{version}) { show_version(); exit 0 } @@ -69,6 +71,7 @@ my %valid_confs = ( noclean => 'NOCLEAN', distclean => 'DISTCLEAN', jobs => 'JOBS', + 'gpg-key' => 'GPG_KEY', 'pkg-dir' => 'PKG_DIR', 'sbo-home' => 'SBO_HOME', 'local-overrides' => 'LOCAL_OVERRIDES', @@ -80,6 +83,7 @@ my %params = ( NOCLEAN => 'c|--noclean', DISTCLEAN => 'd|--distclean', JOBS => 'j|--jobs', + GPG_KEY => 'g|--gpg-key', PKG_DIR => 'p|--pkg-dir', SBO_HOME => 's|--sbo-home', LOCAL_OVERRIDES => 'o|--local-overrides', @@ -116,6 +120,9 @@ if (exists $changes{DISTCLEAN}) { if (exists $changes{JOBS}) { usage_error("$warn -j") unless $changes{JOBS} =~ /^(\d+|FALSE)$/; } +if (exists $changes{GPG_KEY}) { + usage_error("$warn -g") unless $changes{GPG_KEY} =~ /^([0-9A-F]+|FALSE)$/; +} if (exists $changes{PKG_DIR}) { usage_error("$warn -p") unless $changes{PKG_DIR} =~ qr#^(/|FALSE$)#; } diff --git a/slackbuild/sbotools2/sbotools2.SlackBuild b/slackbuild/sbotools2/sbotools2.SlackBuild index 3e98a3f..d879ce9 100644 --- a/slackbuild/sbotools2/sbotools2.SlackBuild +++ b/slackbuild/sbotools2/sbotools2.SlackBuild @@ -89,7 +89,7 @@ find $PKG -depth -type d -empty -delete || true mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/SBO-Lib cp -a SBO-Lib/README $PKG/usr/doc/$PRGNAM-$VERSION/SBO-Lib cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild -cp -a LICENSE.txt ChangeLog.md $PKG/usr/doc/$PRGNAM-$VERSION/ +cp -a LICENSE.txt ChangeLog.md 'key/slackbuilds-devel@slackbuilds.org.asc' $PKG/usr/doc/$PRGNAM-$VERSION/ mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc diff --git a/t/01-unit.t b/t/01-unit.t index d94fd9b..73f905c 100755 --- a/t/01-unit.t +++ b/t/01-unit.t @@ -11,7 +11,7 @@ use Capture::Tiny qw/ capture_merged /; use File::Temp 'tempdir'; use Cwd; -plan tests => 61; +plan tests => 62; # 1-2: test script_error(); { @@ -149,7 +149,7 @@ SKIP: { local $config{SLACKWARE_VERSION} = '14.1'; my $res; - my $out = capture_merged { $res = SBO::Lib::rsync_sbo_tree('/foo-bar'); }; + my $out = capture_merged { $res = SBO::Lib::rsync_sbo_tree('/foo-bar', ''); }; ok (!$res, q"rsync_sbo_tree('/foo-bar') returned false"); like ($out, qr!rsync: (.*)change_dir "/foo-bar" failed!, q"rsync_sbo_tree('/foo-bar') gave correct output"); @@ -161,7 +161,7 @@ SKIP: { system(qw! mkdir -p /usr/sbo/repo/.git !); my $res; - capture_merged { $res = SBO::Lib::git_sbo_tree(''); }; + capture_merged { $res = SBO::Lib::git_sbo_tree('', ''); }; is ($res, 0, q!git_sbo_tree('') returned 0!); system(qw! rm -r /usr/sbo/repo !) if -d '/usr/sbo/repo'; @@ -171,10 +171,10 @@ SKIP: { close $fh; undef $res; - capture_merged { $res = SBO::Lib::git_sbo_tree(''); }; + capture_merged { $res = SBO::Lib::git_sbo_tree('', ''); }; is ($res, 0, q!git_sbo_tree('') with .git/config returned 0 !); undef $res; - capture_merged { $res = SBO::Lib::git_sbo_tree('foo'); }; + capture_merged { $res = SBO::Lib::git_sbo_tree('foo', ''); }; is ($res, 0, q!git_sbo_tree('foo') returned 0!); system(qw! rm -r /usr/sbo/repo !) if -d '/usr/sbo/repo'; @@ -203,7 +203,7 @@ SKIP: { my $cwd = getcwd(); undef $res; - my $out = capture_merged { $res = SBO::Lib::git_sbo_tree(''); }; + my $out = capture_merged { $res = SBO::Lib::git_sbo_tree('', ''); }; is ($out, '', 'git_sbo_tree() no output'); is ($res, 0, 'git_sbo_tree() returned 0'); diff --git a/t/02.2-unit-repo.t b/t/02.2-unit-repo.t index e06fc82..a47dc7d 100755 --- a/t/02.2-unit-repo.t +++ b/t/02.2-unit-repo.t @@ -27,7 +27,7 @@ note "rsync $url:\n" . capture_merged { no warnings 'redefine'; local *SBO::Lib::Repo::get_slack_version = sub { '14.1' }; - $rsync_res = exit_code { rsync_sbo_tree($url); }; + $rsync_res = exit_code { rsync_sbo_tree($url, 'FALSE'); }; }; if (defined $rsync_res) { diff --git a/t/03-travis.t b/t/03-travis.t index 7b6c97f..cfe517e 100755 --- a/t/03-travis.t +++ b/t/03-travis.t @@ -11,7 +11,7 @@ use lib "$RealBin/../SBO-Lib/lib"; use Test::Sbotools qw/ sboconfig sbosnap sbofind sboinstall sboremove sbocheck sboupgrade /; if (defined $ENV{TRAVIS} and $ENV{TRAVIS} eq 'true') { - plan tests => 26; + plan tests => 41; } else { plan skip_all => 'Only run these tests under Travis CI (TRAVIS=true)'; } @@ -20,8 +20,11 @@ $ENV{TEST_ONLINE} //= 0; # Since this is only run under Travis CI, we can blow away the repo without consequence system(qw! rm -rf /usr/sbo !); +# Disable GPG verification +sboconfig qw/ --gpg-key FALSE /; + # 1-3: Test SLACKWARE_VERSION -sboconfig qw/ -V 14.1 /, { expected => "Setting SLACKWARE_VERSION to 14.1...\n" }; +sboconfig qw/ -V 15.0 /, { expected => "Setting SLACKWARE_VERSION to 15.0...\n" }; SKIP: { skip 'Not doing online tests without TEST_ONLINE=1', 2 if $ENV{TEST_ONLINE} ne '1'; @@ -118,6 +121,44 @@ sboupgrade qw/ -f -z nonexistentslackbuild4 /, { expected => qr/nonexistentslackbuild5 added to upgrade queue.*nonexistentslackbuild4 added to upgrade queue.*Upgrade queue: nonexistentslackbuild5 nonexistentslackbuild4\n/s }; +# 27-34: Test GPG verification +SKIP: { + skip 'Not doing online tests without TEST_ONLINE=1', 4 if $ENV{TEST_ONLINE} ne '1'; + + # Since this is only run under Travis CI, we can blow away the repo without consequence + system(qw! rm -rf /usr/sbo !); + system(qw! gpg --batch --yes --delete-key D3076BC3E783EE747F09B8B70368EF579C7BA3B6 2>&1 >/dev/null !); + + sboconfig qw/ --gpg-key D3076BC3E783EE747F09B8B70368EF579C7BA3B6 /; + sbosnap(("import-key", "https://slackbuilds.org/GPG-KEY"), { expected => qr!.*key imported.*! }); + + sboconfig qw! -r https://git.slackbuilds.org/slackbuilds !, { expected => "Setting REPO to https://git.slackbuilds.org/slackbuilds...\n", name => 'Official Git' }; + + sbosnap 'fetch', { expected => qr!Pulling SlackBuilds tree.*Cloning into '/usr/sbo/repo'.*Verifying.*!s }; + ok (-e "/usr/sbo/repo/SLACKBUILDS.TXT", "SLACKBUILDS.TXT exists (REPO)"); + ok (! -e "/usr/sbo/repo/SLACKBUILDS.TXT.gz", "SLACKBUILDS.TXT.gz doesn't exist (REPO)"); + sbofind 'sbotools', { expected => qr"SBo: sbotools .*\nPath: /usr/sbo/repo/system/sbotools\n\n" }; +} + +# 35-41 Test GPG verification +SKIP: { + skip 'Not doing online tests without TEST_ONLINE=1', 4 if $ENV{TEST_ONLINE} ne '1'; + + # Since this is only run under Travis CI, we can blow away the repo without consequence + system(qw! rm -rf /usr/sbo !); + system(qw! gpg --batch --yes --delete-key D3076BC3E783EE747F09B8B70368EF579C7BA3B6 2>&1 >/dev/null !); + + sboconfig qw/ --gpg-key D3076BC3E783EE747F09B8B70368EF579C7BA3B6 /; + sbosnap(("import-key", "https://slackbuilds.org/GPG-KEY"), { expected => qr!.*key imported.*! }); + + sboconfig qw! -r rsync://slackbuilds.org/slackbuilds/15.0/ !, { expected => "Setting REPO to rsync://slackbuilds.org/slackbuilds/15.0/...\n", name => 'Official Rsync' }; + + sbosnap 'fetch', { expected => qr!Pulling SlackBuilds tree.*Verifying CHECKSUMS.md5.*Verifying file integrity using CHECKSUMS.md5.*!s }; + ok (-e "/usr/sbo/repo/SLACKBUILDS.TXT", "SLACKBUILDS.TXT exists (REPO)"); + ok (-e "/usr/sbo/repo/SLACKBUILDS.TXT.gz", "SLACKBUILDS.TXT.gz exists (REPO)"); + sbofind 'sbotools', { expected => qr"SBo: sbotools .*\nPath: /usr/sbo/repo/system/sbotools\n\n" }; +} + # Cleanup capture_merged { system(qw!/sbin/removepkg nonexistentslackbuild!); diff --git a/t/05-upgrade.t b/t/05-upgrade.t index b976d8c..b34bcde 100755 --- a/t/05-upgrade.t +++ b/t/05-upgrade.t @@ -7,7 +7,7 @@ use Test::More; use Capture::Tiny qw/ capture_merged /; use FindBin '$RealBin'; use lib $RealBin; -use Test::Sbotools qw/ make_slackbuilds_txt set_lo sboconfig sboinstall sboupgrade restore_perf_dummy set_repo sbosnap /; +use Test::Sbotools qw/ make_slackbuilds_txt set_gpg_verify set_lo sboconfig sboinstall sboupgrade restore_perf_dummy set_repo sbosnap /; use File::Temp 'tempdir'; if ($ENV{TEST_INSTALL}) { @@ -70,6 +70,7 @@ sub cleanup { cleanup(); make_slackbuilds_txt(); +set_gpg_verify('FALSE'); set_lo("$RealBin/LO"); restore_perf_dummy(); @@ -119,7 +120,13 @@ sboupgrade qw/ -f nonexistentslackbuild4 /, { input => "y\ny\ny", expected => qr # 13-16: sbosnap + sboupgrade --all my $temp = tempdir(CLEANUP => 1); set_repo("file://$temp"); -capture_merged { system("cd $temp; git init;"); }; +capture_merged { system(<<"END"); }; +cd "$temp"; +git init; +echo hello > README.txt; +git add README.txt; +git commit -am init; +END sbosnap 'fetch', { expected => qr/Pulling SlackBuilds tree[.][.][.]/ }; install( 'LO2', 'nonexistentslackbuild' ); my @sbos = glob("/var/log/packages/*_SBo"); @@ -7,7 +7,7 @@ use Test::More; use Capture::Tiny qw/ capture_merged /; use FindBin '$RealBin'; use lib $RealBin; -use Test::Sbotools qw/ set_repo sbosnap /; +use Test::Sbotools qw/ set_gpg_verify set_repo sbosnap /; if ($ENV{TEST_INSTALL}) { plan tests => 5; @@ -65,6 +65,7 @@ git config --system --add safe.directory /tmp/gitrepo/.git END } +set_gpg_verify('FALSE'); set_repo("/tmp/gitrepo/"); # 1: sbosnap get initial repo diff --git a/t/15-usage.t b/t/15-usage.t index f14ef84..c528444 100755 --- a/t/15-usage.t +++ b/t/15-usage.t @@ -64,6 +64,8 @@ Config options (defaults shown): DISTCLEAN: if TRUE, DO clean distfiles by default after building. -j|--jobs FALSE: JOBS: numeric -j setting to feed to make for multicore systems. + -g|--gpg-key D3076BC3E783EE747F09B8B70368EF579C7BA3B6: + GPG_KEY GPG key ID for verification. -p|--pkg-dir FALSE: PKG_DIR: set a directory to store packages in. -s|--sbo-home /usr/sbo: @@ -172,6 +174,7 @@ Options: Commands: fetch: initialize a local copy of the slackbuilds.org tree. + import-key [path or url]: import GPG for verifying the slackbuilds.org tree. Defaults to the key shipped with sbotools2. update: update an existing local copy of the slackbuilds.org tree. (generally, you may prefer "sbocheck" over "sbosnap update") diff --git a/t/17-find.t b/t/17-find.t index c911d4c..149616c 100755 --- a/t/17-find.t +++ b/t/17-find.t @@ -7,12 +7,13 @@ use Test::More; use Capture::Tiny qw/ capture_merged /; use FindBin '$RealBin'; use lib $RealBin; -use Test::Sbotools qw/ make_slackbuilds_txt set_lo sbofind replace_tags_txt set_repo sbosnap /; +use Test::Sbotools qw/ make_slackbuilds_txt set_gpg_verify set_lo sbofind replace_tags_txt set_repo sbosnap /; use File::Temp 'tempdir'; plan tests => 10; make_slackbuilds_txt(); +set_gpg_verify('FALSE'); set_lo("$RealBin/LO"); # 1: basic sbofind testing diff --git a/t/18-snap.t b/t/18-snap.t index 0b2fdb1..2e028a1 100755 --- a/t/18-snap.t +++ b/t/18-snap.t @@ -7,7 +7,7 @@ use Test::More; use Capture::Tiny qw/ capture_merged /; use FindBin '$RealBin'; use lib $RealBin; -use Test::Sbotools qw/ sbosnap set_repo set_sbo_home /; +use Test::Sbotools qw/ sbosnap set_gpg_verify set_repo set_sbo_home /; use File::Temp 'tempdir'; plan tests => 4; @@ -23,6 +23,7 @@ Options: Commands: fetch: initialize a local copy of the slackbuilds.org tree. + import-key [path or url]: import GPG for verifying the slackbuilds.org tree. Defaults to the key shipped with sbotools2. update: update an existing local copy of the slackbuilds.org tree. (generally, you may prefer "sbocheck" over "sbosnap update") @@ -36,6 +37,7 @@ sbosnap 'invalid', { exit => 1, expected => $usage }; # 3: sbosnap update when /usr/sbo/repo is empty my $tmp = tempdir(CLEANUP => 1); +set_gpg_verify('FALSE'); set_repo("file://$tmp"); capture_merged { system <<"END"; }; cd $tmp diff --git a/t/22-race.t b/t/22-race.t index 8323a75..7ff39ca 100755 --- a/t/22-race.t +++ b/t/22-race.t @@ -58,13 +58,14 @@ SKIP: { my $tempdir = tempdir(CLEANUP => 1); my $repo = '/usr/sbo/repo'; + system('mkdir', '-p', $repo); system('mv', $repo, "$repo.bak"); capture_merged { system <<"GIT"; }; cd $tempdir git init - mkdir -p test/nonexistentslackbuild - cp "$RealBin/nonexistentslackbuild/*" test/nonexistentslackbuild + mkdir -p test + cp -R "$RealBin/LO/nonexistentslackbuild" test git add test git commit -m 'added test/nonexistentslackbuild' @@ -76,7 +77,8 @@ GIT *_race::cond = sub { system('rm', '-rf', $repo) if $_[0] eq '$repo_path can be deleted after -d check' }; my $res; - my $out = capture_merged { $res = SBO::Lib::git_sbo_tree("file://$tempdir"); }; + my $out = capture_merged { $res = SBO::Lib::git_sbo_tree("file://$tempdir", ''); }; + note($out); is ($out, '', 'git_sbo_tree() no output'); is ($res, 0, 'git_sbo_tree() returned 0'); @@ -91,10 +93,10 @@ GIT }; undef $res; - $out = capture_merged { $res = SBO::Lib::git_sbo_tree("file://$tempdir"); }; + $out = capture_merged { $res = SBO::Lib::git_sbo_tree("file://$tempdir", ''); }; - is ($res, 0, 'git_sbo_tree() returned 0'); is ($out, "fatal: not a git repository (or any of the parent directories): .git\n", 'git_sbo_tree() gave correct output'); + is ($res, 0, 'git_sbo_tree() returned 0'); chdir $cwd; system('rm', '-rf', $repo); diff --git a/t/27-race-sbofind.t b/t/27-race-sbofind.t index c4384e8..39ac51c 100755 --- a/t/27-race-sbofind.t +++ b/t/27-race-sbofind.t @@ -6,7 +6,7 @@ use Test::More; use Test::Exit; use FindBin '$RealBin'; use lib $RealBin; -use Test::Sbotools 'load'; +use Test::Sbotools qw/set_gpg_verify load/; use Capture::Tiny qw/ capture_merged /; use File::Temp 'tempdir'; use Cwd; @@ -14,6 +14,7 @@ use feature 'state'; plan tests => 9; +set_gpg_verify('FALSE'); load('sbofind'); my $tags_file = '/usr/sbo/repo/TAGS.txt'; diff --git a/t/Test/Execute.pm b/t/Test/Execute.pm index 0d4798f..e319c2e 100755 --- a/t/Test/Execute.pm +++ b/t/Test/Execute.pm @@ -70,14 +70,7 @@ sub run { subtest $name => sub { plan tests => 2; - # 1: Test exit value - if (not defined $exit) { - SKIP: { skip "Expected exit value undefined", 1 } - } else { - is ($return, $exit, "$name - exit value"); - } - - # 2: Test output + # 1: Test output if (not defined $expected) { SKIP: { skip "Expected output undefined", 1 } } elsif (ref $expected eq 'Regexp') { @@ -88,6 +81,13 @@ sub run { } else { is ($output, $expected, "$name - output"); } + + # 2: Test exit value + if (not defined $exit) { + SKIP: { skip "Expected exit value undefined", 1 } + } else { + is ($return, $exit, "$name - exit value"); + } }; } diff --git a/t/Test/Sbotools.pm b/t/Test/Sbotools.pm index 8be5536..6f181ea 100644 --- a/t/Test/Sbotools.pm +++ b/t/Test/Sbotools.pm @@ -25,6 +25,7 @@ our @EXPORT_OK = qw/ sboupgrade set_noclean set_distclean + set_gpg_verify set_jobs set_repo set_lo @@ -50,6 +51,7 @@ sub sboupgrade { script('sboupgrade', @_); } sub set_noclean { _set_config('NOCLEAN', @_); } sub set_distclean { _set_config('DISTCLEAN', @_); } +sub set_gpg_verify { _set_config('GPG_KEY', @_); } sub set_jobs { _set_config('JOBS', @_); } sub set_pkg_dir { _set_config('PKG_DIR', @_); } sub set_sbo_home { _set_config('SBO_HOME', @_); } @@ -73,6 +75,7 @@ sub set_repo { my %config; my %settings = ( DISTCLEAN => '-d', + GPG_KEY => '-g', JOBS => '-j', LOCAL_OVERRIDES => '-o', NOCLEAN => '-c', diff --git a/t/sbotools.conf b/t/sbotools.conf index 0f505dc..a3e3d1e 100644 --- a/t/sbotools.conf +++ b/t/sbotools.conf @@ -1,3 +1,4 @@ JOBS=2 SBO_HOME=/usr/sbo DISTCLEAN=FALSE +GPG_KEY=FALSE |