security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-11 22:01:08 +02:00
Code Activity

tests: Simplify tofu test.

Browse Source 
* tests/openpgp/tofu.scm: Simplify now that we only have one db
format.

Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2016-09-12 11:07:48 +02:00
parent eddcba0380
commit aa81e32df7
1 changed files with 61 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
tests/openpgp/tofu.scm
View File

@ -95,70 +95,68 @@
(call-check `(,@GPG --trust-model=tofu ,@args (call-check `(,@GPG --trust-model=tofu ,@args
--tofu-policy ,policy ,keyid))) --tofu-policy ,policy ,keyid)))
(info "Checking tofu policies and trust...")
;; Carefully remove the TOFU db.
(catch '() (unlink (string-append GNUPGHOME "/tofu.db")))
(catch '() (unlink-recursively (string-append GNUPGHOME "/tofu.d")))
;; Verify a message. There should be no conflict and the trust
;; policy should be set to auto.
(call-check `(,@GPG --trust-model=tofu
--verify ,(in-srcdir "tofu-2183839A-1.txt")))
(checkpolicy "2183839A" "auto")
;; Check default trust.
(checktrust "2183839A" "m")
;; Trust should be derived lazily. Thus, if the policy is set to
;; auto and we change --tofu-default-policy, then the trust should
;; change as well. Try it.
(checktrust "2183839A" "f" '--tofu-default-policy=good)
(checktrust "2183839A" "-" '--tofu-default-policy=unknown)
(checktrust "2183839A" "n" '--tofu-default-policy=bad)
;; Change the policy to something other than auto and make sure the
;; policy and the trust are correct.
(for-each-p (for-each-p
"Testing tofu db" "Setting a fixed policy..."
(lambda (1) (lambda (policy)
;; Carefully remove the TOFU db. (let ((expected-trust
(catch '() (unlink (string-append GNUPGHOME "/tofu.db"))) (cond
(catch '() (unlink-recursively (string-append GNUPGHOME "/tofu.d"))) ((string=? "good" policy) "f")
((string=? "unknown" policy) "-")
(else "n"))))
(setpolicy "2183839A" policy)
;; Verify a message. There should be no conflict and the trust ;; Since we have a fixed policy, the trust level shouldn't
;; policy should be set to auto. ;; change if we change the default policy.
(call-check `(,@GPG --trust-model=tofu (for-each-p
--verify ,(in-srcdir "tofu-2183839A-1.txt"))) ""
(lambda (default-policy)
(checkpolicy "2183839A" policy
'--tofu-default-policy default-policy)
(checktrust "2183839A" expected-trust
'--tofu-default-policy default-policy))
'("auto" "good" "unknown" "bad" "ask"))))
'("good" "unknown" "bad"))
(checkpolicy "2183839A" "auto") ;; BC15C85A conflicts with 2183839A. On conflict, this will set
;; Check default trust. ;; BC15C85A to ask. If 2183839A is auto (it's not, it's bad), then
(checktrust "2183839A" "m") ;; it will be set to ask.
(call-check `(,@GPG --trust-model=tofu
--verify ,(in-srcdir "tofu-BC15C85A-1.txt")))
(checkpolicy "BC15C85A" "ask")
(checkpolicy "2183839A" "bad")
;; Trust should be derived lazily. Thus, if the policy is set to ;; EE37CF96 conflicts with 2183839A and BC15C85A. We change
;; auto and we change --tofu-default-policy, then the trust should ;; BC15C85A's policy to auto and leave 2183839A's policy at bad.
;; change as well. Try it. ;; This conflict should cause BC15C85A's policy to be changed to
(checktrust "2183839A" "f" '--tofu-default-policy=good) ;; ask (since it is auto), but not affect 2183839A's policy.
(checktrust "2183839A" "-" '--tofu-default-policy=unknown) (setpolicy "BC15C85A" "auto")
(checktrust "2183839A" "n" '--tofu-default-policy=bad) (checkpolicy "BC15C85A" "auto")
(call-check `(,@GPG --trust-model=tofu
;; Change the policy to something other than auto and make sure the --verify ,(in-srcdir "tofu-EE37CF96-1.txt")))
;; policy and the trust are correct. (checkpolicy "BC15C85A" "ask")
(for-each-p (checkpolicy "2183839A" "bad")
"" (checkpolicy "EE37CF96" "ask")
(lambda (policy)
(let ((expected-trust
(cond
((string=? "good" policy) "f")
((string=? "unknown" policy) "-")
(else "n"))))
(setpolicy "2183839A" policy)
;; Since we have a fixed policy, the trust level shouldn't
;; change if we change the default policy.
(for-each-p
""
(lambda (default-policy)
(checkpolicy "2183839A" policy
'--tofu-default-policy default-policy)
(checktrust "2183839A" expected-trust
'--tofu-default-policy default-policy))
'("auto" "good" "unknown" "bad" "ask"))))
'("good" "unknown" "bad"))
;; BC15C85A conflicts with 2183839A. On conflict, this will set
;; BC15C85A to ask. If 2183839A is auto (it's not, it's bad), then
;; it will be set to ask.
(call-check `(,@GPG --trust-model=tofu
--verify ,(in-srcdir "tofu-BC15C85A-1.txt")))
(checkpolicy "BC15C85A" "ask")
(checkpolicy "2183839A" "bad")
;; EE37CF96 conflicts with 2183839A and BC15C85A. We change
;; BC15C85A's policy to auto and leave 2183839A's policy at bad.
;; This conflict should cause BC15C85A's policy to be changed to
;; ask (since it is auto), but not affect 2183839A's policy.
(setpolicy "BC15C85A" "auto")
(checkpolicy "BC15C85A" "auto")
(call-check `(,@GPG --trust-model=tofu
--verify ,(in-srcdir "tofu-EE37CF96-1.txt")))
(checkpolicy "BC15C85A" "ask")
(checkpolicy "2183839A" "bad")
(checkpolicy "EE37CF96" "ask"))
'("flat"))