From fa4afa22523331e9d0325bdbb5b6f92115686bce Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 25 Oct 2008 17:33:27 -0400 Subject: [PATCH] more work on test suite. --- etc/gnupg-authentication.conf | 2 +- tests/basic | 40 ++++++++++++++++++---------- tests/home/admin/.gnupg/gpg.conf | 2 -- tests/home/admin/.gnupg/pubring.gpg | Bin 421 -> 4331 bytes tests/home/admin/.gnupg/trustdb.gpg | Bin 1280 -> 1760 bytes tests/home/testuser/.gnupg/gpg.conf | 3 +++ 6 files changed, 30 insertions(+), 17 deletions(-) delete mode 100644 tests/home/admin/.gnupg/gpg.conf diff --git a/etc/gnupg-authentication.conf b/etc/gnupg-authentication.conf index e00d317..7e5620b 100644 --- a/etc/gnupg-authentication.conf +++ b/etc/gnupg-authentication.conf @@ -8,7 +8,7 @@ primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg # PGP keyserver to use for PGP queries. -keyserver hkp://pgp.mit.edu +keyserver hkp://pool.sks-keyservers.net # GPG list options. It is recommended that you have at least # "show-uid-validity". diff --git a/tests/basic b/tests/basic index fc7dfba..81f3b91 100755 --- a/tests/basic +++ b/tests/basic @@ -12,6 +12,9 @@ # NOTE: these tests have *not* themselves been tested yet # (2008-09-13). Please exercise with caution! +# fail on fail +set -e + # these tests assume a commonly-trusted "Admin's key", a fake key # permanently stored in ./home/admin/.gnupg: gpgadmin() { @@ -20,6 +23,9 @@ gpgadmin() { # cleanup: cleanup() { + + read -p "press enter to cleanup and remove tmp:" + # FIXME: stop the sshd process echo @@ -63,16 +69,21 @@ export SOCKET="$TEMPDIR"/ssh-socket ### SERVER TESTS -# create the temp gnupghome directories +# setup monkeysphere temp gnupghome directories mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/gnupg-host mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication - -# add the quick-random option to the gpg host config -echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf +cat < "$MONKEYSPHERE_SYSDATADIR"/gnupg-authentication/gpg.conf +primary-keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-authentication/pubring.gpg +keyring ${MONKEYSPHERE_SYSDATADIR}/gnupg-host/pubring.gpg +EOF # create a new host key echo "### generating server key..." +# add gpg.conf with quick-random +echo "quick-random" >> "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost +# remove the gpg.conf +rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ ) @@ -80,7 +91,7 @@ HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ ) # (this would normally be done via keyservers) echo "### certifying server key..." monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | gpgadmin --import -gpgadmin --sign-key "$HOSTKEYID" +echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" # FIXME: how can we test publish-key without flooding junk into the # keyservers? @@ -89,7 +100,7 @@ gpgadmin --sign-key "$HOSTKEYID" # host echo "### adding admin as certifier..." -monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg +echo y | monkeysphere-server add-identity-certifier "$TESTDIR"/home/admin/.gnupg/pubkey.gpg # initialize base sshd_config cp etc/ssh/sshd_config "$SSHD_CONFIG" @@ -101,12 +112,13 @@ EOF # launch test sshd with the new host key. echo "### starting sshd..." -socat EXEC:'/usr/sbin/sshd -f '"$SSHD_CONFIG"' -i -d -d -d -D -e' "UNIX-LISTEN:${SOCKET}" & +socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -d -d -d -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log & ### TESTUSER TESTS # copy testuser home directory into temp dir +echo "### seting up testuser home..." cp -r "$TESTDIR"/home/testuser "$TEMPDIR"/ # generate an auth subkey for the test user @@ -115,19 +127,19 @@ MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \ monkeysphere gen-subkey --expire 0 # add server key to testuser keychain -monkeysphere-server gpg-authentication-cmd "--armor --export $HOSTKEYID" | \ +echo "### export server key to testuser..." +gpgadmin --armor --export "$HOSTKEYID" | \ GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --import +#GNUPGHOME="$TEMPDIR"/testuser/.gnupg gpg --list-keys +#read -p "?" + # connect to test sshd, using monkeysphere to verify the identity # before connection. -echo "### connecting to sshd socket..." +echo "### testuser connecting to sshd socket..." PROXY_COMMAND="monkeysphere-ssh-proxycommand --no-connect %h && socat STDIO UNIX:${SOCKET}" -ssh -oProxyCommand="$PROXY_COMMAND" testhost +GNUPGHOME="$TEMPDIR"/testuser/.gnupg ssh -oProxyCommand="$PROXY_COMMAND" testhost # create a new client side key, certify it with the "CA", use it to # log in. ## FIXME: implement! - - -### FINISH -read -p "press enter to cleanup tmp:" diff --git a/tests/home/admin/.gnupg/gpg.conf b/tests/home/admin/.gnupg/gpg.conf deleted file mode 100644 index 34bf93a..0000000 --- a/tests/home/admin/.gnupg/gpg.conf +++ /dev/null @@ -1,2 +0,0 @@ -# command to avoid depleting the system entropy -quick-random diff --git a/tests/home/admin/.gnupg/pubring.gpg b/tests/home/admin/.gnupg/pubring.gpg index ce19633ff712ce1b49a0e66815c3e657e412196b..8e10c4ad1cf25ac577b010b66bb1ed246d94fc48 100644 GIT binary patch literal 4331 zcmajfbyO4j`@nJ71`>ieQeuoQ>6n5HBqu1{C5RiN5s*tc*#x9F=@0}d0VxSVN*a+4 zX%H!C>6Rb&{LZ=8bHC^4|IZ)K=lwd*CovL)*kZ6D1`!RKGxOr%CtxxvEuFH~wYu)m z>D|CGUMg9QmMR!=%Fz|ClptYEjyY{wD|tD*ssWi3zw$MWk@h}b@Q@-hp4hzkm@qQ& z{^ecwcRMyGB>fFqsZk;>e0Ig5(OxR;lG9@g*oOCSwV6b-(=O?N%w;qxZfk7#J>p>c zVx{vVT~?atDlrjpxye0O7e}OzhZ`E{j)WQ@Jv^cMkL^8?P&FGzB=q(}XL}cW4^MX+ zPkS#U)X)Rz4&_(ThH7aWKn?X(IXE~3ptn#LlQw@3Dk8mYoZXy|A}&Zzct|CPmKZ<; zB?0{XUH}V_l#-n65)c5Q2ao|l3;-Z8074943?QN)r;$1LE^{LptWU}S5yg6*?CZRq z8BdXS0VVxpgXJ*gH_2tog=|NTB|FthstGN;fAd|s8@>l$(rycMH+lU)cH8Kcp|he{ z4hk)}Gm>T@a?Fr@gMdXBGl#uoh~iW+H*gd8c-Bp~;p&$hVjH4h2hLNZ5Ap>i9cHWS zGwm*@Cx$IqD;vl)&Go8L^_2jKfQgZyJHY4d7fA2XjKYpxhK}-MPDIQFC3Xch410t! z?@vT@*14#dOWnTjd2#KB46HOIC+_aSv)>cjC=ez}Ttm!hxKYd- zf#;z~P)@@Tzvez)sBi8v6uG3qm%N>lQZQmklU{t81zD|J3z!a5dl@ufng5edy<{zE z{PX`KQG0lxWkp3jFLcnZ9-jZE{d-FQ3&(HL20YK632$}F_Z$Why=qHnW#5mfGDX%8 zOhB#^n1io8(R@-eBGug^{xLdtZ%iZZEp>(Y6XDG!i!WuWCdQUTW% zt$QF%YEN>w%=nv^DQxv~Y`bF=48SM$Ogizq5Axbv8nb9xuxQFVuG)KJ-mkNE z0}zj?M_Idu4AFFM2LGfDiN8oY43)rx`c3_}wlw(ElQpBl(X2^#F|ph&C6wd3GhqSD z3R&erl3PXBS4h2FBx4<#XJ48PpeWq#$Ac}|?5JXSnJ3(Uf(n$vt-+2o52Dy`9$^lc zXe+yonfm@)f^jRjky7Zmc6ZlnXjS!a;Z|;gHLO9}H*ahhGx_nOD!TcPX+z?FpSDe% zDe0j-aP(0C@QkLbP5tzWgCJ$xSInZUX$b#^PRCD&R`ITL9Mr1T_*fp@oet+&@%qf7 z#w22&0Wlms?z~QR-RF`6b!M$asxZye5BcUMf?TyjFuFVw_N9O4CMxORDei`=X2bK2 z%$w6#V;0TvXl=Suw-jDNPTuCH=1h1V%;reE1EZB+c7HsmFU=HlW=NdR|%Aql_U zRY?tqs7a@%DAz(Y_&tdGs!>Q8qqJHd_mzNl)oU-+Cc19=D{0c@S~=LnhC)Jo7S~RB ztwg*oTOD!CR9VIfdtqPi9o%-`sV?(vU-Y%zZvV`&XT;=#DBXI!&^Uj|I2yhw;3!r< zCH_H03P||odOxloawQ>=!ZVjVPDApNB4-=R^`L+7BLpw-kCy#160iri1RPaZ%=V_t z2aA1|_xDW5r=CI-rm@vmldkr2v54vX4*0qY_{x;r@ z5OvM>F3hl_Bt3cy(R4%ciYXOgEKR_d7xcHhMJ4us+-ey-k{V$Ah^OL{7h&{<2 zl&Jv!lTL5dlAjLYEFTkn<{t;+7C3gAy*!&>JSfqzHmbNDox21(IJHldfs;CEwWp1yDSAF!Gj`jyEo5o~ z;O{W;wq#H2(HhGt&@}?K7AKl;P`rA+9&fS1w9Mi3KlqW@3;Y3+S|9NxDQxcsHRL2y zX4`KM+A}euIh(p<8o#P&vrHv~zl{DC=brx}Q+k=Wl~-dk)QUl7DXmXoZmp**w>p|# z=rPA8`IWMuNs#O3)=1uifM_}hSTL*5C#|J&2m&69X}>YN9LhTH6M86`iVNt8TWpT) zizeNtV0a%R==ewcNbK+NA1YG-UkI{obaR1-;^C>uo!T9Bqug{T#e#*Z!qv77a{BD8 zerv&wEVC==Z)8#_%{poNMSFXKADNIdyYCja*%Bnbs=uFWcx@)&*8g}hS2OXJ5cvw1%_(7owDIW_ z#eeZ5alhibeg_eS!|V0-Xhhqo>Yfmty?9Z?Jrz};v)qMH-7{47&Y|cA+$l%>D9>lN zKMoBI%jt~M-d)xiyyj;Z#R&EjOX!iAg3o-xPp(^GyIZX8_3IZ#N4mHL*9h`Mj{R4s5UYTy>w;ASd!&i5E0JZi9PEEy~-gz@P&gp)@6Xqq*dIg9lhgqWO>l6U;{(>&=KSf1imtGRo+=8B889!{CiAE^jzpe8#B+mEBGPMP?D zjh~F!CopCR*q{B?61n|ZAY8|Y^}bu6o2Y#n|8cBVz_C`8C&MAcU&yYa-nF-(x0zGW zb?SfcD}TiooVmC)47?g`&D`|N_GMAa7cvjjtLP*VBK4(EV?1Fk+r-w#{Zr;nGCS|} z`&FbNHQo#=x()RiQ-+|fkVKZDRmMDxMErvF_q`to>CKZml~PHr=EDgVSRBWPPbKGV zO6%Y+Ihx@NI?gxQn(4@jHdGikf&SagmP}9Iu!T3%dt8tB2Okf+z^@dHZ<{P@e3hKQ zgPCyBtE#7^)Tc$o2KwXPea{rCaa>s}kLzKnpMI6&QUUs)vHBFp&fT77?q%!jEPppH z4M$u#;qvivjPxBp$e@s6Td!iaP`@nxMtd__G$FaQ+U2|CU!%y~@KtttNi_H!9d*uT z5c7oCc7vVFBGsVl(4W73JnZ-Q$7VmTjly5%OHcrRazf)68%*?N8eQniv%XdIC(&E3 zsbc!{hvhCZ*34-Z}C#l{GyF|c@NE8 zaTrF~_+NZH>{on7B=9G%m91y|YO?8F4c0x!I@{wGg{t!v75-+fj21QJ@>^`IpK8f9 zv5LTm7B~Z5zi{jZ?o>n%LK|GmmoVuS(#iNh{D@ zSyEQsk688hGeq`Yr(1rwMeCiq5v=u;yRlCt{jI-?%~&VaSYHFfoq^PwmkV4bt4UIYaWH&2 z0Go+b?&VA83^^F?$~bxnB#(T1&PuDi$#um<;i|tb^Ws-*n|%oe=VcKi@p`0n7!ib@ zZ_$PItK8^!R1<09dl$BH`;V88clbR%k0L~94rhl+zXm*aUO9>&Eq`+tYQeTImw;i2 zL48r4*~ZSx`MM-4LfmtL)J>*CJ9F(D#d*`#;-)tU>C9IZy#w}jj`}{Rr!h~r5afe1d903tqS3jMNmX6cPh&ISnLUf#-;#q_Vh34?B?1Ypv)vLJ>JOA4m z=TGmRMZ`G{=UZb>Zw@a;gh7k~V`m=*b4_G}opr{QG&G#-nr7}R|ASAUy1=hTuJdaS zV!rC|Y>(;Jq)=>=bd?iN@Y5jd#`}gc3(i&BjsCLzNWor{L~U~?GQqS^r2kN1K2w=9 zDV!B=M2P&iB)Q^dmO@{HkBJ4ime$T%9)OUqp(0T(27Gc07alw$c9=pFs61K8O@}{$PLD%CDO`VFYrLGnv*X@$g!q)L-O59&9(K2T4k= zNVf72E69s|%9TF&semsBgwd){cxWBgk;Crf-4pv-t;0~2i{;z(6PXK$yf(g+6DlC_ z?xC5vD2;loKDcyMY8Vk)yJvTc56^km9~ba{hLv7yNc4X! CQ$P~{ delta 7 OcmaE@xRiOrQbqs`+5-y! diff --git a/tests/home/admin/.gnupg/trustdb.gpg b/tests/home/admin/.gnupg/trustdb.gpg index 77ef133c12fbb7a93b04dea69c5d51ad465804df..171a89121997867a735f6db865a92ea842d62434 100644 GIT binary patch literal 1760 zcmZQfFGy!*W@Ke#U|{fMp1=#FKumPN$b~L~gFkH5X<_#;*uP3ha&ky)Bqqt>qK2dy z3zKB?u$X}?M3#9f$R?n&$ubYs2o&C+Hcx?pVNkmd7?MNIeHtjy59jbOIF+i;nJVqIQm)ZY{%>}HN_pw3b<>AU0co}k^-^%RCk)3uW;Xr}cgW{4c>sR|h)ghEI@Gxx7 ziFH2E(tKg|ncTu-?h-RoGMR5c6(}MU@-k%i{a(&1tgVx&B&lV1vCdvIx7C{!qyVM7 ztn#XM0<_8rt5 zRdUP=daf}4#Lw2akEO+TmP^#FR&O+)2{lKZ9P|G3CJXTKOj@<$XS>F)sDF|-?B=Y3 knxjdMd6sYb^QPa{eEY5L+6`3)Iqk2*+Zv`IG)0HP(Ci6T~M52u==U^w?a