pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads¶
Location: Pulp 2 Tests → Tests → pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads
Tests for repository importer signature checks.
As of Pulp 2.10, it’s possible to configure an RPM repository importer to perform checks on all synced-in and uploaded packages. Two new importer options are available:
require_signature
- A boolean. If true, imported packages must be signed with a key listed in
allowed_keys
. allowed_keys
- A list of 32-bit key IDs, as hex characters. (e.g.
["deadbeef"]
) An empty list is treated as the list of all possible key IDs.
Beware that if a package has a signature, its signature must be listed in
allowed_keys
, even when require_signature
is false. The only importer
configuration that allows all packages is {'require_signature': False,
'allowed_keys': []}
.
To test this feature, importers with at least the following options should be created:
{'require_signature': False, 'allowed_keys': ['invalid key id']}
{'require_signature': False, 'allowed_keys': ['valid key id']}
{'require_signature': False, 'allowed_keys': []}
{'require_signature': True, 'allowed_keys': ['invalid key id']}
{'require_signature': True, 'allowed_keys': ['valid key id']}
{'require_signature': True, 'allowed_keys': []}
In addition, at least the following types of packages should be imported:
* Signed DRPMs
* Signed RPMs
* Signed SRPMs
* Unsigned DRPMs
* Unsigned RPMs
* Unsigned SRPMs
Finally, importer options may be changed in some circumstances, and Pulp should gracefully handle those changes.
For more information, see Pulp #1991 and Pulp Smash #347.
-
class
pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads.
AllowAnyKeyTestCase
(methodName='runTest')¶ Bases:
unittest.case.TestCase
Use an importer that allows unsigned packages and has no key IDs.
The importer should have the following pseudocode configuration:
{"require_signature": false, "allowed_keys": []}
-
classmethod
setUpClass
()¶ Create a repository with an importer.
-
classmethod
tearDownClass
()¶ Clean up resources.
-
test_all_packages
()¶ Import signed and unsigned DRPM, RPM & SRPM packages into the repo.
Verify that each import succeeds.
-
classmethod
-
class
pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads.
AllowInvalidKeyTestCase
(*args, **kwargs)¶ Bases:
pulp_smash.pulp2.utils.BaseAPITestCase
Use an importer that allows unsigned packages and has an invalid key ID.
The importer should have the following pseudocode configuration:
{"require_signature": false, "allowed_keys": ["invalid key id"]}
-
classmethod
setUpClass
()¶ Create a repository with an importer.
-
test_signed_packages
()¶ Import signed DRPM, RPM and SRPM packages into the repository.
Verify that each import fails.
-
test_unsigned_packages
()¶ Import unsigned DRPM, RPM and SRPM packages into the repository.
Verify that each import succeeds.
-
classmethod
-
class
pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads.
AllowValidKeyTestCase
(*args, **kwargs)¶ Bases:
pulp_smash.pulp2.utils.BaseAPITestCase
Use an importer that allows unsigned packages and has a valid key ID.
The importer should have the following pseudocode configuration:
{"require_signature": false, "allowed_keys": ["valid key id"]}
-
classmethod
setUpClass
()¶ Create a repository with an importer.
-
test_all_packages
()¶ Import signed and unsigned DRPM, RPM & SRPM packages into the repo.
Verify that each import succeeds.
-
classmethod
-
class
pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads.
KeyLengthTestCase
(methodName='runTest')¶ Bases:
unittest.case.TestCase
Verify pulp rejects key IDs that are not 32-bits long.
An OpenPGP-compatible key ID (key fingerprint) is traditionally a 32-bit value. Newer OpenPGP key handling software allows for longer key IDs, and this is recommended, as it’s extremely easy to find colliding key IDs. [1] However, Pulp allows only the short key IDs.
[1] https://evil32.com/ -
test_key_ids
()¶ Create importers with key IDs shorter and longer than 32 bits.
Pulp should prevent the importers from being created.
-
-
class
pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads.
RequireAnyKeyTestCase
(*args, **kwargs)¶ Bases:
pulp_smash.pulp2.utils.BaseAPITestCase
Use an importer that requires signatures and has no key IDs.
The importer should have the following pseudocode configuration:
{"require_signature": true, "allowed_keys": []}
-
classmethod
setUpClass
()¶ Create a repository with an importer.
-
test_signed_packages
()¶ Import signed DRPM, RPM and SRPM packages into the repo.
Verify that each import succeeds.
-
test_unsigned_packages
()¶ Import unsigned DRPM, RPM and SRPM packages into the repo.
Verify that each import fails.
-
classmethod
-
class
pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads.
RequireInvalidKeyTestCase
(*args, **kwargs)¶ Bases:
pulp_smash.pulp2.utils.BaseAPITestCase
Use an importer that requires signatures and has an invalid key ID.
The importer should have the following pseudocode configuration:
{"require_signature": true, "allowed_keys": ["invalid key id"]}
-
classmethod
setUpClass
()¶ Create a repository with an importer.
-
test_all_packages
()¶ Import signed and unsigned DRPM, RPM & SRPM packages into the repo.
Verify that each import fails.
-
classmethod
-
class
pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads.
RequireValidKeyTestCase
(*args, **kwargs)¶ Bases:
pulp_smash.pulp2.utils.BaseAPITestCase
Use an importer that requires signatures and has a valid key ID.
The importer should have the following pseudocode configuration:
{"require_signature": true, "allowed_keys": ["valid key id"]}
-
classmethod
setUpClass
()¶ Create a repository with an importer.
-
test_signed_packages
()¶ Import signed DRPM, RPM and SRPM packages into the repository.
Verify that each import succeeds.
-
test_unsigned_packages
()¶ Import unsigned DRPM, RPM and SRPM packages into the repository.
Verify that each import fails.
-
classmethod
-
pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads.
setUpModule
()¶ Conditionally skip tests. Cache packages to be uploaded to repos.
Skip the tests in this module if:
- The RPM plugin is unsupported.
- Pulp #1991 is untestable for the version of Pulp under test.
-
pulp_2_tests.tests.rpm.api_v2.test_signatures_checked_for_uploads.
tearDownModule
()¶ Delete the cached set of packages to be uploaded to repos.