require 'spec_helper_acceptance'
-PUPPETLABS_GPG_KEY_ID = '4BD6EC30'
-PUPPETLABS_APT_URL = 'apt.puppetlabs.com'
-PUPPETLABS_GPG_KEY_FILE = 'pubkey.gpg'
-CENTOS_GPG_KEY_ID = 'C105B9DE'
-CENTOS_REPO_URL = 'ftp.cvut.cz/centos'
-CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'
-
-describe 'apt_key', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+PUPPETLABS_GPG_KEY_SHORT_ID = '4BD6EC30'
+PUPPETLABS_GPG_KEY_LONG_ID = '1054B7A24BD6EC30'
+PUPPETLABS_GPG_KEY_FINGERPRINT = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'
+PUPPETLABS_APT_URL = 'apt.puppetlabs.com'
+PUPPETLABS_GPG_KEY_FILE = 'pubkey.gpg'
+CENTOS_GPG_KEY_SHORT_ID = 'C105B9DE'
+CENTOS_GPG_KEY_LONG_ID = '0946FCA2C105B9DE'
+CENTOS_GPG_KEY_FINGERPRINT = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'
+CENTOS_REPO_URL = 'ftp.cvut.cz/centos'
+CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'
+
+SHOULD_NEVER_EXIST_ID = '4BD6EC30'
+
+KEY_CHECK_COMMAND = "apt-key adv --list-keys --with-colons --fingerprint | grep "
+PUPPETLABS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}"
+CENTOS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}"
+
+describe 'apt_key' do
before(:each) do
- shell("apt-key del #{PUPPETLABS_GPG_KEY_ID}",
+ # Delete twice to make sure everything is cleaned
+ # up after the short key collision
+ shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
+ :acceptable_exit_codes => [0,1,2])
+ shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
:acceptable_exit_codes => [0,1,2])
end
key_versions = {
'32bit key id' => '4BD6EC30',
'64bit key id' => '1054B7A24BD6EC30',
+ '160bit key fingerprint' => '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
'32bit lowercase key id' => '4bd6ec30',
'64bit lowercase key id' => '1054b7a24bd6ec30',
+ '160bit lowercase key fingerprint' => '47b320eb4c7c375aa9dae1a01054b7a24bd6ec30',
'0x formatted 32bit key id' => '0x4BD6EC30',
'0x formatted 64bit key id' => '0x1054B7A24BD6EC30',
+ '0x formatted 160bit key fingerprint' => '0x47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
'0x formatted 32bit lowercase key id' => '0x4bd6ec30',
'0x formatted 64bit lowercase key id' => '0x1054b7a24bd6ec30',
+ '0x formatted 160bit lowercase key fingerprint' => '0x47b320eb4c7c375aa9dae1a01054b7a24bd6ec30',
}
key_versions.each do |key, value|
EOS
apply_manifest(pp, :catch_failures => true)
- expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
+ apply_manifest(pp, :catch_changes => true)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
end
describe 'ensure =>' do
context 'absent' do
+ it 'is removed' do
+ pp = <<-EOS
+ apt_key { 'centos':
+ id => '#{CENTOS_GPG_KEY_LONG_ID}',
+ ensure => 'absent',
+ }
+ EOS
+
+ # Install the key first
+ shell("apt-key adv --keyserver keyserver.ubuntu.com \
+ --recv-keys #{CENTOS_GPG_KEY_FINGERPRINT}")
+ shell(CENTOS_KEY_CHECK_COMMAND)
+
+ # Time to remove it using Puppet
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_failures => true)
+
+ shell(CENTOS_KEY_CHECK_COMMAND,
+ :acceptable_exit_codes => [1])
+
+ shell("apt-key adv --keyserver keyserver.ubuntu.com \
+ --recv-keys #{CENTOS_GPG_KEY_FINGERPRINT}")
+ end
+ end
+
+ context 'absent, added with long key', :unless => (fact('operatingsystem') == 'Debian' and fact('operatingsystemmajrelease') == '6') do
it 'is removed' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'absent',
}
EOS
# Install the key first
shell("apt-key adv --keyserver keyserver.ubuntu.com \
- --recv-keys #{PUPPETLABS_GPG_KEY_ID}")
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
+ --recv-keys #{PUPPETLABS_GPG_KEY_LONG_ID}")
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
# Time to remove it using Puppet
apply_manifest(pp, :catch_failures => true)
- expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ apply_manifest(pp, :catch_failures => true)
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}",
+ shell(PUPPETLABS_KEY_CHECK_COMMAND,
:acceptable_exit_codes => [1])
end
end
it 'works' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}',
ensure => 'present',
content => "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
EOS
apply_manifest(pp, :catch_failures => true)
- expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
+ apply_manifest(pp, :catch_failures => true)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
it 'fails' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
content => 'For posterity: such content, much bogus, wow',
}
it 'works' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
server => 'pgp.mit.edu',
}
EOS
apply_manifest(pp, :catch_failures => true)
- expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
+ apply_manifest(pp, :catch_failures => true)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ end
+ end
+
+ context 'hkp://pgp.mit.edu:80' do
+ it 'works' do
+ pp = <<-EOS
+ apt_key { 'puppetlabs':
+ id => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}',
+ ensure => 'present',
+ server => 'hkp://pgp.mit.edu:80',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_failures => true)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
it 'fails' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
server => 'nonexistant.key.server',
}
EOS
apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/Host not found/)
+ expect(r.stderr).to match(/(Host not found|Couldn't resolve host)/)
+ end
+ end
+ end
+
+ context 'key server start with dot' do
+ it 'fails' do
+ pp = <<-EOS
+ apt_key { 'puppetlabs':
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
+ ensure => 'present',
+ server => '.pgp.key.server',
+ }
+ EOS
+
+ apply_manifest(pp, :expect_failures => true) do |r|
+ expect(r.stderr).to match(/Invalid value \".pgp.key.server\"/)
end
end
end
it 'works' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
}
EOS
apply_manifest(pp, :catch_failures => true)
- expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
+ apply_manifest(pp, :catch_failures => true)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'fails with a 404' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'http://#{PUPPETLABS_APT_URL}/herpderp.gpg',
}
it 'fails with a socket error' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'http://apt.puppetlabss.com/herpderp.gpg',
}
context 'ftp://' do
before(:each) do
- shell("apt-key del #{CENTOS_GPG_KEY_ID}",
+ shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}",
:acceptable_exit_codes => [0,1,2])
end
it 'works' do
pp = <<-EOS
apt_key { 'CentOS 6':
- id => '#{CENTOS_GPG_KEY_ID}',
+ id => '#{CENTOS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'ftp://#{CENTOS_REPO_URL}/#{CENTOS_GPG_KEY_FILE}',
}
EOS
apply_manifest(pp, :catch_failures => true)
- expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
- shell("apt-key list | grep #{CENTOS_GPG_KEY_ID}")
+ apply_manifest(pp, :catch_failures => true)
+ shell(CENTOS_KEY_CHECK_COMMAND)
end
it 'fails with a 550' do
pp = <<-EOS
apt_key { 'CentOS 6':
- id => '#{CENTOS_GPG_KEY_ID}',
+ id => '#{SHOULD_NEVER_EXIST_ID}',
ensure => 'present',
source => 'ftp://#{CENTOS_REPO_URL}/herpderp.gpg',
}
it 'fails with a socket error' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'ftp://apt.puppetlabss.com/herpderp.gpg',
}
it 'works' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
}
EOS
apply_manifest(pp, :catch_failures => true)
- expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
+ apply_manifest(pp, :catch_failures => true)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'fails with a 404' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '4BD6EC30',
+ id => '#{SHOULD_NEVER_EXIST_ID}',
ensure => 'present',
source => 'https://#{PUPPETLABS_APT_URL}/herpderp.gpg',
}
it 'fails with a socket error' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '4BD6EC30',
+ id => '#{SHOULD_NEVER_EXIST_ID}',
ensure => 'present',
source => 'https://apt.puppetlabss.com/herpderp.gpg',
}
EOS
apply_manifest(pp, :catch_failures => true)
- expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
+ apply_manifest(pp, :catch_failures => true)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
it 'fails' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => '/tmp/totally_bogus.file',
}
it 'fails' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => '/tmp/fake-key.gpg',
}
end
end
- describe 'keyserver_options =>' do
+ describe 'options =>' do
context 'debug' do
it 'works' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
- ensure => 'present',
- keyserver_options => 'debug',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
+ ensure => 'present',
+ options => 'debug',
}
EOS
apply_manifest(pp, :catch_failures => true)
- expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
- shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
+ apply_manifest(pp, :catch_failures => true)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'fails on invalid options' do
pp = <<-EOS
apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_ID}',
- ensure => 'present',
- keyserver_options => 'this is totally bonkers',
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
+ ensure => 'present',
+ options => 'this is totally bonkers',
}
EOS
+ shell("apt-key del #{PUPPETLABS_GPG_KEY_FINGERPRINT}", :acceptable_exit_codes => [0,1,2])
apply_manifest(pp, :expect_failures => true) do |r|
expect(r.stderr).to match(/--keyserver-options this is totally/)
end
end
end
end
+
+ describe 'fingerprint validation against source/content' do
+ context 'fingerprint in id matches fingerprint from remote key' do
+ it 'works' do
+ pp = <<-EOS
+ apt_key { 'puppetlabs':
+ id => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}',
+ ensure => 'present',
+ source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_failures => true)
+ end
+ end
+
+ context 'fingerprint in id does NOT match fingerprint from remote key' do
+ it 'works' do
+ pp = <<-EOS
+ apt_key { 'puppetlabs':
+ id => '47B320EB4C7C375AA9DAE1A01054B7A24BD6E666',
+ ensure => 'present',
+ source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
+ }
+ EOS
+
+ apply_manifest(pp, :expect_failures => true) do |r|
+ expect(r.stderr).to match(/do not match/)
+ end
+ end
+ end
+ end
+
end
Code Review / puppet-modules / puppetlabs-apt.git / blobdiff