tests/sources/ostree.py: Add test of fetching a signed repo.tristan/bst-1/fix-ostree-api

This consequently adds:

  * A gpg home directory with a gpg key

  * An exported public gpg key for the test

8 files changed, 86 insertions, 0 deletions

diff --git a/tests/sources/ostree.py b/tests/sources/ostree.py
index e059a882f..eb04a74ff 100644
--- a/tests/sources/ostree.py
+++ b/tests/sources/ostree.py
@@ -55,3 +55,40 @@ def test_submodule_track_no_ref_or_track(cli, tmpdir, datafiles):
     result = cli.run(project=project, args=['show', 'target.bst'])
     result.assert_main_error(ErrorDomain.SOURCE, "missing-track-and-ref")
     result.assert_task_error(None, None)
+
+
+@pytest.mark.datafiles(os.path.join(DATA_DIR, 'template'))
+def test_fetch_gpg_verify(cli, tmpdir, datafiles):
+    project = os.path.join(datafiles.dirname, datafiles.basename)
+
+    gpg_homedir = os.path.join(DATA_DIR, "gpghome")
+
+    # Create the repo from 'repofiles' subdir
+    repo = create_repo('ostree', str(tmpdir))
+    ref = repo.create(
+        os.path.join(project, 'repofiles'),
+        gpg_sign="FFFF54C070353B52D046DEB087FA0F41A6EFD9E9",
+        gpg_homedir=gpg_homedir
+    )
+
+    # Write out our test target
+    ostreesource = repo.source_config(ref=ref, gpg_key='test.gpg')
+    element = {
+        'kind': 'import',
+        'sources': [
+            ostreesource
+        ]
+    }
+
+    _yaml.dump(element, os.path.join(project, 'target.bst'))
+
+    # Assert that a fetch is needed
+    assert cli.get_element_state(project, 'target.bst') == 'fetch needed'
+
+    # Now try to fetch it
+    result = cli.run(project=project, args=['fetch', 'target.bst'])
+    result.assert_success()
+
+    # Assert that we are now buildable because the source is
+    # now cached.
+    assert cli.get_element_state(project, 'target.bst') == 'buildable'
diff --git a/tests/sources/ostree/gpghome/openpgp-revocs.d/FFFF54C070353B52D046DEB087FA0F41A6EFD9E9.rev b/tests/sources/ostree/gpghome/openpgp-revocs.d/FFFF54C070353B52D046DEB087FA0F41A6EFD9E9.rev
new file mode 100644
index 000000000..e5d1cbdb5
--- /dev/null
+++ b/tests/sources/ostree/gpghome/openpgp-revocs.d/FFFF54C070353B52D046DEB087FA0F41A6EFD9E9.rev
@@ -0,0 +1,29 @@
+This is a revocation certificate for the OpenPGP key:
+
+pub   rsa1024 2020-05-10 [S]
+      FFFF54C070353B52D046DEB087FA0F41A6EFD9E9
+uid          Ponyman (It's a flying pony) <pony@man.com>
+
+A revocation certificate is a kind of "kill switch" to publicly
+declare that a key shall not anymore be used.  It is not possible
+to retract such a revocation certificate once it has been published.
+
+Use it to revoke this key in case of a compromise or loss of
+the secret key.  However, if the secret key is still accessible,
+it is better to generate a new revocation certificate and give
+a reason for the revocation.  For details see the description of
+of the gpg command "--generate-revocation" in the GnuPG manual.
+
+To avoid an accidental use of this file, a colon has been inserted
+before the 5 dashes below.  Remove this colon with a text editor
+before importing and publishing this revocation certificate.
+
+:-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: This is a revocation certificate
+
+iLYEIAEKACAWIQT//1TAcDU7UtBG3rCH+g9Bpu/Z6QUCXrfEHAIdAAAKCRCH+g9B
+pu/Z6ez3BACQL3lnMaePfXhewvavv4iHChRXBZ7sMXdBVOvQb56d/5YIr/YzdFo/
+O8Xt/5DFw4uwcs6pTVgc5i4GyJsouTmZSqCeQzQ2i4BjXd4HBlYw6OUAQTdOJfwg
+1XlvSbMfNA6qh6eFOknf3VWpbDK6Fc0v9qEbyUxVyCggOZdT8EC2jA==
+=yz0g
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/sources/ostree/gpghome/private-keys-v1.d/C68F72B3B1BABC2986B2D5C311D8B8F5F26D59C3.key b/tests/sources/ostree/gpghome/private-keys-v1.d/C68F72B3B1BABC2986B2D5C311D8B8F5F26D59C3.key
new file mode 100644
index 000000000..8efda3464
--- /dev/null
+++ b/tests/sources/ostree/gpghome/private-keys-v1.d/C68F72B3B1BABC2986B2D5C311D8B8F5F26D59C3.key
diff --git a/tests/sources/ostree/gpghome/private-keys-v1.d/E18E82A1918D5926329EEB985E537DEB5E6934B5.key b/tests/sources/ostree/gpghome/private-keys-v1.d/E18E82A1918D5926329EEB985E537DEB5E6934B5.key
new file mode 100644
index 000000000..237eba3cb
--- /dev/null
+++ b/tests/sources/ostree/gpghome/private-keys-v1.d/E18E82A1918D5926329EEB985E537DEB5E6934B5.key
diff --git a/tests/sources/ostree/gpghome/pubring.kbx b/tests/sources/ostree/gpghome/pubring.kbx
new file mode 100644
index 000000000..fd57843e8
--- /dev/null
+++ b/tests/sources/ostree/gpghome/pubring.kbx
diff --git a/tests/sources/ostree/gpghome/pubring.kbx~ b/tests/sources/ostree/gpghome/pubring.kbx~
new file mode 100644
index 000000000..0a4a27504
--- /dev/null
+++ b/tests/sources/ostree/gpghome/pubring.kbx~
diff --git a/tests/sources/ostree/gpghome/trustdb.gpg b/tests/sources/ostree/gpghome/trustdb.gpg
new file mode 100644
index 000000000..bf256b9a6
--- /dev/null
+++ b/tests/sources/ostree/gpghome/trustdb.gpg
diff --git a/tests/sources/ostree/template/test.gpg b/tests/sources/ostree/template/test.gpg
new file mode 100644
index 000000000..fa2cc973a
--- /dev/null
+++ b/tests/sources/ostree/template/test.gpg
@@ -0,0 +1,20 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mI0EXrfECQEEALtcIRRbUcGnLiDULztXaUboEKNQQIJeEOgG8wjmMsRnhjX78A7S
+ScsxtBhtZUm/s/KciTCTSwv43KHi9VOBwuBGUZAGpMCkJwF8E/WsVh+fxCxWS4hC
+s1lYky6VBhDKJJ6vkTkgHwVxf1Nf4C+MhIYu4K5EZ7SSOIkcY7ulqQkJABEBAAG0
+K1BvbnltYW4gKEl0J3MgYSBmbHlpbmcgcG9ueSkgPHBvbnlAbWFuLmNvbT6IzgQT
+AQoAOBYhBP//VMBwNTtS0EbesIf6D0Gm79npBQJet8QJAhsDBQsJCAcCBhUKCQgL
+AgQWAgMBAh4BAheAAAoJEIf6D0Gm79np548D/jXDKOc0jphHllI99vRUuQyMEJVo
+LzP+2fskSKeCokePGCPlE5BdE05kcUNed6yDAceg8r2m4UEglhsGvKb6xdMSJ1la
+PLhMCbtr7UQo4Dg/SyPYql/S5tqRz/ayhVtTQ7jbO70LKjm/QvbkYZGM1riYFpmX
+fHlX/ux1JRnn982TuI0EXrfECQEEAN66k8damFTpQDocTPg0ta/scT0hGTiPwwDz
+8dn+pG/el7v1/pVkXsXY0eUmJcOC8ea/cXfOk+wVWZ5TpkpvyxnOzs3bGdRk8pL2
+lyr4r14O9g3rQbR3j401n7FhvgWRR2lWGLuoHrZaW8Zz4l1PqMcUZExvQvtRwjq8
+OiTIlDqJABEBAAGItgQYAQoAIBYhBP//VMBwNTtS0EbesIf6D0Gm79npBQJet8QJ
+AhsMAAoJEIf6D0Gm79np/2UD/2+nEwRykN3YmImtST11edEUQ66sxxhzZFQRWn1s
+MgyJVM7xgHyxk1XLAASZS1IXDqNtF5uuwEZimTjbBByLqHayMfRukpXVj82+Uhuo
+JpaitHtph2N0eJTP4S3ia6qTOpaSORTxDdFhf/6Rfj7A0TJSLedhWFJqcUDKDzN4
+cwBu
+=dIhT
+-----END PGP PUBLIC KEY BLOCK-----