|
@@ -1,20 +1,27 @@
|
|
|
require 'spec_helper_acceptance'
|
|
|
|
|
|
-PUPPETLABS_GPG_KEY_ID = '4BD6EC30'
|
|
|
-PUPPETLABS_GPG_LONG_KEY_ID = '1054B7A24BD6EC30'
|
|
|
-PUPPETLABS_APT_URL = 'apt.puppetlabs.com'
|
|
|
-PUPPETLABS_GPG_KEY_FILE = 'pubkey.gpg'
|
|
|
-CENTOS_GPG_KEY_ID = 'C105B9DE'
|
|
|
-CENTOS_REPO_URL = 'ftp.cvut.cz/centos'
|
|
|
-CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'
|
|
|
+PUPPETLABS_GPG_KEY_SHORT_ID = '4BD6EC30'
|
|
|
+PUPPETLABS_GPG_KEY_LONG_ID = '1054B7A24BD6EC30'
|
|
|
+PUPPETLABS_GPG_KEY_FINGERPRINT = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'
|
|
|
+PUPPETLABS_APT_URL = 'apt.puppetlabs.com'
|
|
|
+PUPPETLABS_GPG_KEY_FILE = 'pubkey.gpg'
|
|
|
+CENTOS_GPG_KEY_SHORT_ID = 'C105B9DE'
|
|
|
+CENTOS_GPG_KEY_LONG_ID = '0946FCA2C105B9DE'
|
|
|
+CENTOS_GPG_KEY_FINGERPRINT = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'
|
|
|
+CENTOS_REPO_URL = 'ftp.cvut.cz/centos'
|
|
|
+CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'
|
|
|
+
|
|
|
+KEY_CHECK_COMMAND = "apt-key adv --list-keys --with-colons --fingerprint | grep "
|
|
|
+PUPPETLABS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}"
|
|
|
+CENTOS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}"
|
|
|
|
|
|
describe 'apt_key' do
|
|
|
before(:each) do
|
|
|
# Delete twice to make sure everything is cleaned
|
|
|
# up after the short key collision
|
|
|
- shell("apt-key del #{PUPPETLABS_GPG_KEY_ID}",
|
|
|
+ shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
|
|
|
:acceptable_exit_codes => [0,1,2])
|
|
|
- shell("apt-key del #{PUPPETLABS_GPG_KEY_ID}",
|
|
|
+ shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
|
|
|
:acceptable_exit_codes => [0,1,2])
|
|
|
end
|
|
|
|
|
@@ -22,12 +29,16 @@ describe 'apt_key' do
|
|
|
key_versions = {
|
|
|
'32bit key id' => '4BD6EC30',
|
|
|
'64bit key id' => '1054B7A24BD6EC30',
|
|
|
+ '160bit key fingerprint' => '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
|
|
|
'32bit lowercase key id' => '4bd6ec30',
|
|
|
'64bit lowercase key id' => '1054b7a24bd6ec30',
|
|
|
+ '160bit lowercase key fingerprint' => '47b320eb4c7c375aa9dae1a01054b7a24bd6ec30',
|
|
|
'0x formatted 32bit key id' => '0x4BD6EC30',
|
|
|
'0x formatted 64bit key id' => '0x1054B7A24BD6EC30',
|
|
|
+ '0x formatted 160bit key fingerprint' => '0x47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
|
|
|
'0x formatted 32bit lowercase key id' => '0x4bd6ec30',
|
|
|
'0x formatted 64bit lowercase key id' => '0x1054b7a24bd6ec30',
|
|
|
+ '0x formatted 160bit lowercase key fingerprint' => '0x47b320eb4c7c375aa9dae1a01054b7a24bd6ec30',
|
|
|
}
|
|
|
|
|
|
key_versions.each do |key, value|
|
|
@@ -42,7 +53,7 @@ describe 'apt_key' do
|
|
|
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_changes => true)
|
|
|
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
|
|
|
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
|
|
|
end
|
|
|
end
|
|
|
end
|
|
@@ -67,25 +78,25 @@ describe 'apt_key' do
|
|
|
it 'is removed' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'centos':
|
|
|
- id => '#{CENTOS_GPG_KEY_ID}',
|
|
|
+ id => '#{CENTOS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'absent',
|
|
|
}
|
|
|
EOS
|
|
|
|
|
|
# Install the key first
|
|
|
shell("apt-key adv --keyserver keyserver.ubuntu.com \
|
|
|
- --recv-keys #{CENTOS_GPG_KEY_ID}")
|
|
|
- shell("apt-key list | grep #{CENTOS_GPG_KEY_ID}")
|
|
|
+ --recv-keys #{CENTOS_GPG_KEY_FINGERPRINT}")
|
|
|
+ shell(CENTOS_KEY_CHECK_COMMAND)
|
|
|
|
|
|
# Time to remove it using Puppet
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
|
|
|
- shell("apt-key list | grep #{CENTOS_GPG_KEY_ID}",
|
|
|
+ shell(CENTOS_KEY_CHECK_COMMAND,
|
|
|
:acceptable_exit_codes => [1])
|
|
|
|
|
|
shell("apt-key adv --keyserver keyserver.ubuntu.com \
|
|
|
- --recv-keys #{CENTOS_GPG_KEY_ID}")
|
|
|
+ --recv-keys #{CENTOS_GPG_KEY_FINGERPRINT}")
|
|
|
end
|
|
|
end
|
|
|
|
|
@@ -93,21 +104,21 @@ describe 'apt_key' do
|
|
|
it 'is removed' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'absent',
|
|
|
}
|
|
|
EOS
|
|
|
|
|
|
# Install the key first
|
|
|
shell("apt-key adv --keyserver keyserver.ubuntu.com \
|
|
|
- --recv-keys #{PUPPETLABS_GPG_LONG_KEY_ID}")
|
|
|
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
|
|
|
+ --recv-keys #{PUPPETLABS_GPG_KEY_LONG_ID}")
|
|
|
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
|
|
|
|
|
|
# Time to remove it using Puppet
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
|
|
|
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}",
|
|
|
+ shell(PUPPETLABS_KEY_CHECK_COMMAND,
|
|
|
:acceptable_exit_codes => [1])
|
|
|
end
|
|
|
end
|
|
@@ -118,7 +129,7 @@ describe 'apt_key' do
|
|
|
it 'works' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}',
|
|
|
ensure => 'present',
|
|
|
content => "-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
|
Version: GnuPG v1.4.12 (GNU/Linux)
|
|
@@ -185,7 +196,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
|
|
|
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
|
|
|
end
|
|
|
end
|
|
|
|
|
@@ -193,7 +204,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'fails' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
content => 'For posterity: such content, much bogus, wow',
|
|
|
}
|
|
@@ -211,7 +222,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'works' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
server => 'pgp.mit.edu',
|
|
|
}
|
|
@@ -219,7 +230,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
|
|
|
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
|
|
|
end
|
|
|
end
|
|
|
|
|
@@ -227,7 +238,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'works' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}',
|
|
|
ensure => 'present',
|
|
|
server => 'hkp://pgp.mit.edu:80',
|
|
|
}
|
|
@@ -235,7 +246,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
|
|
|
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
|
|
|
end
|
|
|
end
|
|
|
|
|
@@ -243,7 +254,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'fails' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
server => 'nonexistant.key.server',
|
|
|
}
|
|
@@ -259,7 +270,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'fails' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
server => '.pgp.key.server',
|
|
|
}
|
|
@@ -277,7 +288,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'works' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
source => 'http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
|
|
|
}
|
|
@@ -285,13 +296,13 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
|
|
|
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
|
|
|
end
|
|
|
|
|
|
it 'fails with a 404' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
source => 'http://#{PUPPETLABS_APT_URL}/herpderp.gpg',
|
|
|
}
|
|
@@ -305,7 +316,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'fails with a socket error' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
source => 'http://apt.puppetlabss.com/herpderp.gpg',
|
|
|
}
|
|
@@ -319,14 +330,14 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
|
|
|
context 'ftp://' do
|
|
|
before(:each) do
|
|
|
- shell("apt-key del #{CENTOS_GPG_KEY_ID}",
|
|
|
+ shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}",
|
|
|
:acceptable_exit_codes => [0,1,2])
|
|
|
end
|
|
|
|
|
|
it 'works' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'CentOS 6':
|
|
|
- id => '#{CENTOS_GPG_KEY_ID}',
|
|
|
+ id => '#{CENTOS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
source => 'ftp://#{CENTOS_REPO_URL}/#{CENTOS_GPG_KEY_FILE}',
|
|
|
}
|
|
@@ -334,13 +345,13 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
- shell("apt-key list | grep #{CENTOS_GPG_KEY_ID}")
|
|
|
+ shell(CENTOS_KEY_CHECK_COMMAND)
|
|
|
end
|
|
|
|
|
|
it 'fails with a 550' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'CentOS 6':
|
|
|
- id => '#{CENTOS_GPG_KEY_ID}',
|
|
|
+ id => '#{CENTOS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
source => 'ftp://#{CENTOS_REPO_URL}/herpderp.gpg',
|
|
|
}
|
|
@@ -354,7 +365,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'fails with a socket error' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
source => 'ftp://apt.puppetlabss.com/herpderp.gpg',
|
|
|
}
|
|
@@ -370,7 +381,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'works' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
|
|
|
}
|
|
@@ -378,7 +389,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
|
|
|
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
|
|
|
end
|
|
|
|
|
|
it 'fails with a 404' do
|
|
@@ -431,7 +442,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
|
|
|
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
|
|
|
end
|
|
|
end
|
|
|
|
|
@@ -439,7 +450,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'fails' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
source => '/tmp/totally_bogus.file',
|
|
|
}
|
|
@@ -462,7 +473,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'fails' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
source => '/tmp/fake-key.gpg',
|
|
|
}
|
|
@@ -480,7 +491,7 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
it 'works' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
keyserver_options => 'debug',
|
|
|
}
|
|
@@ -488,19 +499,19 @@ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
|
|
|
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
apply_manifest(pp, :catch_failures => true)
|
|
|
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
|
|
|
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
|
|
|
end
|
|
|
|
|
|
it 'fails on invalid options' do
|
|
|
pp = <<-EOS
|
|
|
apt_key { 'puppetlabs':
|
|
|
- id => '#{PUPPETLABS_GPG_KEY_ID}',
|
|
|
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
|
|
|
ensure => 'present',
|
|
|
keyserver_options => 'this is totally bonkers',
|
|
|
}
|
|
|
EOS
|
|
|
|
|
|
- shell("apt-key del #{PUPPETLABS_GPG_KEY_ID}", :acceptable_exit_codes => [0,1,2])
|
|
|
+ shell("apt-key del #{PUPPETLABS_GPG_KEY_FINGERPRINT}", :acceptable_exit_codes => [0,1,2])
|
|
|
apply_manifest(pp, :expect_failures => true) do |r|
|
|
|
expect(r.stderr).to match(/--keyserver-options this is totally/)
|
|
|
end
|