1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
summary: Run `snap sign` to sign a model assertion
details: |
Check that `snap sign` command can sign a model assertion using
keys created manually through `snap create-key`. Also check that the
model can be passed to `snap sign` as a file or piped through stdin.
# ppc64el disabled because of https://bugs.launchpad.net/snappy/+bug/1655594
# amazon: requires extra gpg-agent setup
systems: [-ubuntu-core-*, -ubuntu-*-ppc64el, -fedora-*, -opensuse-*, -amazon-*, -centos-*]
environment:
VARIANT/stdin: stdin
VARIANT/file: file
prepare: |
#shellcheck source=tests/lib/mkpinentry.sh
. "$TESTSLIB"/mkpinentry.sh
#shellcheck source=tests/lib/random.sh
. "$TESTSLIB"/random.sh
kill_gpg_agent
debug: |
#shellcheck source=tests/lib/random.sh
. "$TESTSLIB"/random.sh
debug_random || true
execute: |
echo "Creating a new key without a password"
expect -f create-key.exp
echo "Ensure we have the new key"
snap keys|MATCH default
key=$(snap keys|grep default|tr -s ' ' |cut -f2 -d' ')
echo "Create an example model assertion"
cat <<EOF >pi3-model.json
{
"type": "model",
"authority-id": "test",
"brand-id": "test",
"series": "16",
"model": "pi3",
"architecture": "armhf",
"gadget": "pi3",
"kernel": "pi2-kernel",
"timestamp": "$(date --utc '+%FT%T%:z')"
}
EOF
echo "Sign the model assertion with our key"
expect -d -f sign-model.exp
echo "Verify that the resulting model assertion is signed"
MATCH "sign-key-sha3-384: $key" < pi3.model
|
