[Rpm-maint] [rpm-software-management/rpm] Add test for key update behavior (PR #3367)
Panu Matilainen
notifications at github.com
Thu Oct 10 07:48:07 UTC 2024
Add a new subkey to the rpm.org testkey and a package signed with it, test that verification fails with the original key material and succeeds after importing the new material.
Test both the rpmdb and fs keystores, but this is pretty kludgey just now because the fs keystore lacks real --list support.
Note the new subkey is in different algorithm (EdDSA) from the primary key. This was accidental but then, it's a scenario that can occur in the real world so testing the behavior makes sense, so it's actually one of those useful accidents.
Such tests should've been in commit edbcb4501ce6f2322ee8cc1caa228c56f886a189 really but it seems I was too excited about the feature to demand tests...
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/3367
-- Commit Summary --
* Add test for key update behavior
-- File Changes --
A tests/data/RPMS/hello-2.0-1.x86_64-signed-with-new-subkey.rpm (0)
A tests/data/keys/rpm.org-rsa-2048-add-subkey.asc (43)
A tests/data/keys/rpm.org-rsa-2048-add-subkey.secret (71)
M tests/rpmsigdig.at (79)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/3367.patch
https://github.com/rpm-software-management/rpm/pull/3367.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3367
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3367 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241010/2ed12e4c/attachment.html>
More information about the Rpm-maint
mailing list