1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
summary: Ensure that the gpg-keys interface works.
details: |
The gpg-keys interface allows to access gpg binary and keys.
# core18 has no gpg
systems: [-ubuntu-core-18-*]
environment:
KEYSDIR: "$HOME/.gnupg"
TRUSTDB: "$HOME/.gnupg/trustdb.gpg"
TESTKEY: "$HOME/.gnupg/testkey"
prepare: |
"$TESTSTOOLS"/snaps-state install-local test-snapd-sh
"$TESTSTOOLS"/fs-state mock-dir "$KEYSDIR"
"$TESTSTOOLS"/fs-state mock-file "$TRUSTDB"
"$TESTSTOOLS"/fs-state mock-file "$TESTKEY"
restore: |
"$TESTSTOOLS"/fs-state restore-dir "$KEYSDIR"
execute: |
echo "The interface is not connected by default"
snap interfaces -i gpg-keys | MATCH '^- +test-snapd-sh:gpg-keys'
echo "When the interface is connected"
snap connect test-snapd-sh:gpg-keys
echo "Then the snap is able to run gpg"
test-snapd-sh.with-gpg-keys-plug -c "gpg --list-keys"
echo "And the snap is able to access to config files"
test-snapd-sh.with-gpg-keys-plug -c "cat /usr/share/gnupg/options.skel"
echo "And the snap is able to read gpg keys and db"
test-snapd-sh.with-gpg-keys-plug -c "cat $TESTKEY"
test-snapd-sh.with-gpg-keys-plug -c "cat $TRUSTDB"
if [ "$(snap debug confinement)" = partial ] ; then
exit 0
fi
echo "And then the snap is not able to write the trust.db file"
if test-snapd-sh.with-gpg-keys-plug -c "sed -i 's/ / /g' $TRUSTDB" 2> call.error; then
echo "Expected permission error accessing to trust db"
exit 1
fi
MATCH "Permission denied" < call.error
echo "When the plug is disconnected"
snap disconnect test-snapd-sh:gpg-keys
echo "Then the snap is not able to read gpg keys"
if test-snapd-sh.with-gpg-keys-plug -c "cat $TESTKEY" 2> call.error; then
echo "Expected permission error accessing to gpg keys"
exit 1
fi
MATCH "Permission denied" < call.error
|
