Add support for package signature checking.

* lisp/emacs-lisp/package.el (url-http-file-exists-p) (epg-make-context, epg-context-set-home-directory) (epg-verify-string, epg-context-result-for) (epg-signature-status, epg-signature-to-string) (epg-check-configuration, epg-configuration) (epg-import-keys-from-file): Declare. (package-check-signature): New user option. (package-unsigned-archives): New user option. (package-desc): Add `signed' field. (package-load-descriptor): Set `signed' field if .signed file exists. (package--archive-file-exists-p): New function. (package--check-signature): New function. (package-install-from-archive): Check package signature. (package--download-one-archive): Check archive signature. (package-delete): Remove .signed file. (package-import-keyring): New command. (package-refresh-contents): Import default keyring. (package-desc-status): Add "unsigned" status. (describe-package-1, package-menu--print-info) (package-menu-mark-delete, package-menu--find-upgrades) (package-menu--status-predicate): Support "unsigned" status. * test/automated/data/package/signed/archive-contents: * test/automated/data/package/signed/archive-contents.sig: * test/automated/data/package/signed/signed-good-1.0.el: * test/automated/data/package/signed/signed-good-1.0.el.sig: * test/automated/data/package/signed/signed-bad-1.0.el: * test/automated/data/package/signed/signed-bad-1.0.el.sig: * test/automated/data/package/key.pub: * test/automated/data/package/key.sec: New files. * test/automated/package-test.el (package-test-update-listing) (package-test-update-archives, package-test-describe-package): Adjust to package.el change. (package-test-signed): New test.
author: Daiki Ueno 2013-10-03 16:11:27 +0900
committer: Daiki Ueno 2013-10-03 16:11:27 +0900
commit: acbadd0046cb1643eeaf8595ede1a69cc25d3158 (patch)
tree: f1b7ffc2d37226d1f20d53b879e008b400f545ae /test
parent: 0a858ebfc57a072ae8ab65f509d8a4901a2ec073 (diff)
download: emacs-acbadd0046cb1643eeaf8595ede1a69cc25d3158.tar.gz
emacs-acbadd0046cb1643eeaf8595ede1a69cc25d3158.zip
10 files changed, 175 insertions, 4 deletions
diff --git a/test/ChangeLog b/test/ChangeLog
index bf8ecbcb9eb..00a49eea936 100644
--- a/test/ChangeLog
+++ b/test/ChangeLog
@@ -1,3 +1,19 @@
+2013-10-03  Daiki Ueno  <ueno@gnu.org>
+        * automated/data/package/signed/archive-contents:
+        * automated/data/package/signed/archive-contents.sig:
+        * automated/data/package/signed/signed-good-1.0.el:
+        * automated/data/package/signed/signed-good-1.0.el.sig:
+        * automated/data/package/signed/signed-bad-1.0.el:
+        * automated/data/package/signed/signed-bad-1.0.el.sig:
+        * automated/data/package/key.pub:
+        * automated/data/package/key.sec: New files.
+        * automated/package-test.el (package-test-update-listing)
+        (package-test-update-archives, package-test-describe-package):
+        Adjust to package.el change.
+        (package-test-signed): New test.
 2013-10-01  Dmitry Gutov  <dgutov@yandex.ru>
        * automated/package-test.el: Update all cases to use :url instead
diff --git a/test/automated/data/package/key.pub b/test/automated/data/package/key.pub
new file mode 100644
index 00000000000..a326d34e54f
--- /dev/null
+++ b/test/automated/data/package/key.pub
@@ -0,0 +1,18 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.14 (GNU/Linux)
+mQENBFJNB8gBCACfbtpvYrM8V1HM0KFlIwatcEJugHqwOHpr/Z9mrCW0fxyQAW/d
+2L+3QVNsN9Tz/K9lLcBUgeR7rhVEzHNqhmhNj/HnikwGqXbIofhp+QbZmBKnAlCz
+d77kg8K9lozHtfTkm1gX/7DdPzQKmgi7WOzzi2395wGubeqJLvYaEcqVbI0Eob+E
+3CzRjNy/e/Tf3TJRW5etTcdZN6LVuIY7tNCHqlQZTwyycON/hfLTX6cLCnzDsqm/
+NxCuwn9aqP9aGRGfIu7Y+If3zTymvrXEPUN98OEID814bOKdx0uVTZRiSMbvuTGI
+8uMa/kpGX/78rqI61gbZV51RFoU7pT2tzwY/ABEBAAG0HkouIFIuIEhhY2tlciA8
+anJoQGV4YW1wbGUuY29tPokBOAQTAQIAIgUCUk0HyAIbAwYLCQgHAwIGFQgCCQoL
+BBYCAwECHgECF4AACgkQtpVAhgkYletuhQf+JAyHYhTZNxjq0UYlikuLX8EtYbXX
+PB+03J0B73SMzEai5XsiTU2ADxqxwr7pveVK1INf+IGLiiXBlQq+4DSOvQY4xLfp
+58jTOYRV1ECvlXK/JtvVOwufXREADaydf9l/MUxA5G2PPBWIuQknh3ysPSsx68OJ
+SzNHFwklLn0DKc4WloE/GLDpTzimnCg7QGzuUo3Iilpjdy8EvTdI5d3jx/mGJIwI
+goB+YZgyxSPM+GjDwh5DEwD7OexNqqa7RynnmU0epmlYyi9UufCHLwgiiEIzjpWi
+6+iF+CQ45ZAKncovByenIUv73J3ImOudrsskeAHBmahljv1he6uV9Egj2Q==
+=b5Kg
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/test/automated/data/package/key.sec b/test/automated/data/package/key.sec
new file mode 100644
index 00000000000..d21e6ae9a45
--- /dev/null
+++ b/test/automated/data/package/key.sec
@@ -0,0 +1,33 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.14 (GNU/Linux)
+lQO+BFJNB8gBCACfbtpvYrM8V1HM0KFlIwatcEJugHqwOHpr/Z9mrCW0fxyQAW/d
+2L+3QVNsN9Tz/K9lLcBUgeR7rhVEzHNqhmhNj/HnikwGqXbIofhp+QbZmBKnAlCz
+d77kg8K9lozHtfTkm1gX/7DdPzQKmgi7WOzzi2395wGubeqJLvYaEcqVbI0Eob+E
+3CzRjNy/e/Tf3TJRW5etTcdZN6LVuIY7tNCHqlQZTwyycON/hfLTX6cLCnzDsqm/
+NxCuwn9aqP9aGRGfIu7Y+If3zTymvrXEPUN98OEID814bOKdx0uVTZRiSMbvuTGI
+8uMa/kpGX/78rqI61gbZV51RFoU7pT2tzwY/ABEBAAH+AwMCKCCpPNXkXuVgF7cz
+eByuvgIO7wImDYGOdJqsASSzV4q0u1acnGtlxg7WphKDF9RnC5+1ZZ1ZcrBcv2uJ
+xZm2jHdjqM3FmgQTN70GVzO1nKEur2wxlKotG4Q+8BtaRDwHdKpQFk+QW9aInH3C
+BkNWTK97iFwZaoUGxKuRJb35qjMe3SsDE7kdbtOqO+tOeppRVeOOZCn7F33ir/6i
+j2gmIME6LFDzvBi6YAyMBSh90Ak70HJINt0QfXlZf5MtX1NaxaEcnsRmwwcNqxh9
+JvcC9q4WrR92NhHCHI+lOsAe7hbwo/VkwRjSSx0HdKkx6kvdcNj/9LeX/jykzLvg
+kEqvAqT4Jmk57W2seqvpNcAO+eUVrJ5D1OR6khsUtikPp2pQH5MDXJDGcie+ZAFb
+w6BwoWBDBjooKtfuP0LKqrdtJG2JLe6yhBhWvfqHPBlUU1SsA7a5aTCLo8FiqgEI
+Kyy60zMx/2Mi48oN1a/mAoV1MTWLhOVUWJlIHM7nVLj1OaX0316LcLX/uTLTq40p
+apHKwERanzY7f8ROiv/Fa/J+9cCsfOLKfjFAjpBVUVoOb39HsyS/vvkGMY4kgaD6
+K6r9JPdsaoYvsLkxk5HyHF7Mk2uS1z1EIArD2/3lRiX6ag+IU1Nl3XDkgfZj06K3
+juS84dGF8CmN49uOEjzAJAQZH9jTs5OKzUuZhGJF+gt0L78vLOoKRr8bu1N1GPqU
+wnS908HWruXzjJl1CAhnuCa8FnDaU+tmEKjYpWuelx85kolpMW7LT5gOFZr84MIj
+Kq3Rt2hU6qQ7Cdy1ep531YKkmyh9Y4l/Tgir1OtnQQqtNuwHI497l7qAUnKZBBHZ
+guApjS9BoHsRXkw2mgDssZ+khOwj/xJm876nFSiQeCD0aIbU/4zJ9e2HUOJAZI1r
+d7QeSi4gUi4gSGFja2VyIDxqcmhAZXhhbXBsZS5jb20+iQE4BBMBAgAiBQJSTQfI
+AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRC2lUCGCRiV626FB/4kDIdi
+FNk3GOrRRiWKS4tfwS1htdc8H7TcnQHvdIzMRqLleyJNTYAPGrHCvum95UrUg1/4
+gYuKJcGVCr7gNI69BjjEt+nnyNM5hFXUQK+Vcr8m29U7C59dEQANrJ1/2X8xTEDk
+bY88FYi5CSeHfKw9KzHrw4lLM0cXCSUufQMpzhaWgT8YsOlPOKacKDtAbO5SjciK
+WmN3LwS9N0jl3ePH+YYkjAiCgH5hmDLFI8z4aMPCHkMTAPs57E2qprtHKeeZTR6m
+aVjKL1S58IcvCCKIQjOOlaLr6IX4JDjlkAqdyi8HJ6chS/vcnciY652uyyR4AcGZ
+qGWO/WF7q5X0SCPZ
+=5FZK
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/test/automated/data/package/signed/archive-contents b/test/automated/data/package/signed/archive-contents
new file mode 100644
index 00000000000..2a773ecba6a
--- /dev/null
+++ b/test/automated/data/package/signed/archive-contents
@@ -0,0 +1,7 @@
+(1
+ (signed-good .
+       [(1 0)
+        nil "A package with good signature" single])
+ (signed-bad .
+       [(1 0)
+        nil "A package with bad signature" single]))
diff --git a/test/automated/data/package/signed/archive-contents.sig b/test/automated/data/package/signed/archive-contents.sig
new file mode 100644
index 00000000000..658edd3f60e
--- /dev/null
+++ b/test/automated/data/package/signed/archive-contents.sig
Binary files differ
diff --git a/test/automated/data/package/signed/signed-bad-1.0.el b/test/automated/data/package/signed/signed-bad-1.0.el
new file mode 100644
index 00000000000..3734823876e
--- /dev/null
+++ b/test/automated/data/package/signed/signed-bad-1.0.el
@@ -0,0 +1,33 @@
+;;; signed-bad.el --- A single-file package with bad signature
+;; Author: J. R. Hacker <jrh@example.com>
+;; Version: 1.0
+;; Keywords: frobnicate
+;; URL: http://doodles.au
+;;; Commentary:
+;; This package provides a minor mode to frobnicate and/or bifurcate
+;; any flanges you desire. To activate it, type "C-M-r M-3 butterfly"
+;; and all your dreams will come true.
+;;; Code:
+(defgroup signed-bad nil "Simply a file"
+  :group 'lisp)
+(defcustom signed-bad-super-sunday t
+  "How great is this?"
+  :type 'boolean
+  :group 'signed-bad)
+(defvar signed-bad-sudo-sandwich nil
+  "Make a sandwich?")
+;;;###autoload
+(define-minor-mode signed-bad-mode
+  "It does good things to stuff")
+(provide 'signed-bad)
+;;; signed-bad.el ends here
diff --git a/test/automated/data/package/signed/signed-bad-1.0.el.sig b/test/automated/data/package/signed/signed-bad-1.0.el.sig
new file mode 100644
index 00000000000..747918794ca
--- /dev/null
+++ b/test/automated/data/package/signed/signed-bad-1.0.el.sig
Binary files differ
diff --git a/test/automated/data/package/signed/signed-good-1.0.el b/test/automated/data/package/signed/signed-good-1.0.el
new file mode 100644
index 00000000000..22718df2763
--- /dev/null
+++ b/test/automated/data/package/signed/signed-good-1.0.el
@@ -0,0 +1,33 @@
+;;; signed-good.el --- A single-file package with good signature
+;; Author: J. R. Hacker <jrh@example.com>
+;; Version: 1.0
+;; Keywords: frobnicate
+;; URL: http://doodles.au
+;;; Commentary:
+;; This package provides a minor mode to frobnicate and/or bifurcate
+;; any flanges you desire. To activate it, type "C-M-r M-3 butterfly"
+;; and all your dreams will come true.
+;;; Code:
+(defgroup signed-good nil "Simply a file"
+  :group 'lisp)
+(defcustom signed-good-super-sunday t
+  "How great is this?"
+  :type 'boolean
+  :group 'signed-good)
+(defvar signed-good-sudo-sandwich nil
+  "Make a sandwich?")
+;;;###autoload
+(define-minor-mode signed-good-mode
+  "It does good things to stuff")
+(provide 'signed-good)
+;;; signed-good.el ends here
diff --git a/test/automated/data/package/signed/signed-good-1.0.el.sig b/test/automated/data/package/signed/signed-good-1.0.el.sig
new file mode 100644
index 00000000000..747918794ca
--- /dev/null
+++ b/test/automated/data/package/signed/signed-good-1.0.el.sig
Binary files differ
diff --git a/test/automated/package-test.el b/test/automated/package-test.el
index 84f520df9bc..ec85432b637 100644
--- a/test/automated/package-test.el
+++ b/test/automated/package-test.el
@@ -254,7 +254,7 @@ Must called from within a `tar-mode' buffer."
      (should (package-installed-p 'simple-single))
      (switch-to-buffer "*Packages*")
      (goto-char (point-min))
-      (should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+installed" nil t))
+      (should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+unsigned" nil t))
      (goto-char (point-min))
      (should-not (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+\\(available\\|new\\)" nil t))
      (kill-buffer buf))))
@@ -276,7 +276,7 @@ Must called from within a `tar-mode' buffer."
        ;; New version should be available and old version should be installed
        (goto-char (point-min))
        (should (re-search-forward "^\\s-+simple-single\\s-+1.4\\s-+new" nil t))
-        (should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+installed" nil t))
+        (should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+unsigned" nil t))
        (goto-char (point-min))
        (should (re-search-forward "^\\s-+new-pkg\\s-+1.0\\s-+\\(available\\|new\\)" nil t))
@@ -307,9 +307,9 @@ Must called from within a `tar-mode' buffer."
    (with-fake-help-buffer
     (describe-package 'simple-single)
     (goto-char (point-min))
-     (should (search-forward "simple-single is an installed package." nil t))
+     (should (search-forward "simple-single is an unsigned package." nil t))
     (should (search-forward
-              (format "Status: Installed in `%s/'."
+              (format "Status: Installed in `%s/' (unsigned)."
                      (expand-file-name "simple-single-1.3" package-user-dir))
              nil t))
     (should (search-forward "Version: 1.3" nil t))
@@ -347,6 +347,37 @@ Must called from within a `tar-mode' buffer."
     (should (search-forward "This is a bare-bones readme file for the multi-file"
                             nil t)))))
+(ert-deftest package-test-signed ()
+  "Test verifying package signature."
+  :expected-result (condition-case nil
+                       (progn
+                         (epg-check-configuration (epg-configuration))
+                         :passed)
+                     (error :failed))
+  (let* ((keyring (expand-file-name "key.pub" package-test-data-dir))
+         (package-test-data-dir
+           (expand-file-name "data/package/signed" package-test-file-dir)))
+    (with-package-test ()
+      (package-initialize)
+      (package-import-keyring keyring)
+      (package-refresh-contents)
+      (should (package-install 'signed-good))
+      (should-error (package-install 'signed-bad))
+      ;; Check if the installed package status is updated.
+      (let ((buf (package-list-packages)))
+        (package-menu-refresh)
+        (should (re-search-forward "^\\s-+signed-good\\s-+1\\.0\\s-+installed"
+                                   nil t)))
+      ;; Check if the package description is updated.
+      (with-fake-help-buffer
+       (describe-package 'signed-good)
+       (goto-char (point-min))
+       (should (search-forward "signed-good is an installed package." nil t))
+       (should (search-forward
+                (format "Status: Installed in `%s/'."
+                        (expand-file-name "signed-good-1.0" package-user-dir))
+                nil t))))))
 (provide 'package-test)
 ;;; package-test.el ends here
author	Daiki Ueno	2013-10-03 16:11:27 +0900
committer	Daiki Ueno	2013-10-03 16:11:27 +0900
commit	acbadd0046cb1643eeaf8595ede1a69cc25d3158 (patch)
tree	f1b7ffc2d37226d1f20d53b879e008b400f545ae /test
parent	0a858ebfc57a072ae8ab65f509d8a4901a2ec073 (diff)
download	emacs-acbadd0046cb1643eeaf8595ede1a69cc25d3158.tar.gz emacs-acbadd0046cb1643eeaf8595ede1a69cc25d3158.zip

diff --git a/test/ChangeLog b/test/ChangeLog index bf8ecbcb9eb..00a49eea936 100644 --- a/test/ChangeLog +++ b/test/ChangeLog
@@ -1,3 +1,19 @@
		1	2013-10-03 Daiki Ueno <ueno@gnu.org>
		2
		3	* automated/data/package/signed/archive-contents:
		4	* automated/data/package/signed/archive-contents.sig:
		5	* automated/data/package/signed/signed-good-1.0.el:
		6	* automated/data/package/signed/signed-good-1.0.el.sig:
		7	* automated/data/package/signed/signed-bad-1.0.el:
		8	* automated/data/package/signed/signed-bad-1.0.el.sig:
		9	* automated/data/package/key.pub:
		10	* automated/data/package/key.sec: New files.
		11
		12	* automated/package-test.el (package-test-update-listing)
		13	(package-test-update-archives, package-test-describe-package):
		14	Adjust to package.el change.
		15	(package-test-signed): New test.
		16
1	2013-10-01 Dmitry Gutov <dgutov@yandex.ru>	17	2013-10-01 Dmitry Gutov <dgutov@yandex.ru>
2		18
3	* automated/package-test.el: Update all cases to use :url instead	19	* automated/package-test.el: Update all cases to use :url instead


diff --git a/test/automated/data/package/key.pub b/test/automated/data/package/key.pub new file mode 100644 index 00000000000..a326d34e54f --- /dev/null +++ b/test/automated/data/package/key.pub
@@ -0,0 +1,18 @@
		1	-----BEGIN PGP PUBLIC KEY BLOCK-----
		2	Version: GnuPG v1.4.14 (GNU/Linux)
		3
		4	mQENBFJNB8gBCACfbtpvYrM8V1HM0KFlIwatcEJugHqwOHpr/Z9mrCW0fxyQAW/d
		5	2L+3QVNsN9Tz/K9lLcBUgeR7rhVEzHNqhmhNj/HnikwGqXbIofhp+QbZmBKnAlCz
		6	d77kg8K9lozHtfTkm1gX/7DdPzQKmgi7WOzzi2395wGubeqJLvYaEcqVbI0Eob+E
		7	3CzRjNy/e/Tf3TJRW5etTcdZN6LVuIY7tNCHqlQZTwyycON/hfLTX6cLCnzDsqm/
		8	NxCuwn9aqP9aGRGfIu7Y+If3zTymvrXEPUN98OEID814bOKdx0uVTZRiSMbvuTGI
		9	8uMa/kpGX/78rqI61gbZV51RFoU7pT2tzwY/ABEBAAG0HkouIFIuIEhhY2tlciA8
		10	anJoQGV4YW1wbGUuY29tPokBOAQTAQIAIgUCUk0HyAIbAwYLCQgHAwIGFQgCCQoL
		11	BBYCAwECHgECF4AACgkQtpVAhgkYletuhQf+JAyHYhTZNxjq0UYlikuLX8EtYbXX
		12	PB+03J0B73SMzEai5XsiTU2ADxqxwr7pveVK1INf+IGLiiXBlQq+4DSOvQY4xLfp
		13	58jTOYRV1ECvlXK/JtvVOwufXREADaydf9l/MUxA5G2PPBWIuQknh3ysPSsx68OJ
		14	SzNHFwklLn0DKc4WloE/GLDpTzimnCg7QGzuUo3Iilpjdy8EvTdI5d3jx/mGJIwI
		15	goB+YZgyxSPM+GjDwh5DEwD7OexNqqa7RynnmU0epmlYyi9UufCHLwgiiEIzjpWi
		16	6+iF+CQ45ZAKncovByenIUv73J3ImOudrsskeAHBmahljv1he6uV9Egj2Q==
		17	=b5Kg
		18	-----END PGP PUBLIC KEY BLOCK-----


diff --git a/test/automated/data/package/key.sec b/test/automated/data/package/key.sec new file mode 100644 index 00000000000..d21e6ae9a45 --- /dev/null +++ b/test/automated/data/package/key.sec
@@ -0,0 +1,33 @@
		1	-----BEGIN PGP PRIVATE KEY BLOCK-----
		2	Version: GnuPG v1.4.14 (GNU/Linux)
		3
		4	lQO+BFJNB8gBCACfbtpvYrM8V1HM0KFlIwatcEJugHqwOHpr/Z9mrCW0fxyQAW/d
		5	2L+3QVNsN9Tz/K9lLcBUgeR7rhVEzHNqhmhNj/HnikwGqXbIofhp+QbZmBKnAlCz
		6	d77kg8K9lozHtfTkm1gX/7DdPzQKmgi7WOzzi2395wGubeqJLvYaEcqVbI0Eob+E
		7	3CzRjNy/e/Tf3TJRW5etTcdZN6LVuIY7tNCHqlQZTwyycON/hfLTX6cLCnzDsqm/
		8	NxCuwn9aqP9aGRGfIu7Y+If3zTymvrXEPUN98OEID814bOKdx0uVTZRiSMbvuTGI
		9	8uMa/kpGX/78rqI61gbZV51RFoU7pT2tzwY/ABEBAAH+AwMCKCCpPNXkXuVgF7cz
		10	eByuvgIO7wImDYGOdJqsASSzV4q0u1acnGtlxg7WphKDF9RnC5+1ZZ1ZcrBcv2uJ
		11	xZm2jHdjqM3FmgQTN70GVzO1nKEur2wxlKotG4Q+8BtaRDwHdKpQFk+QW9aInH3C
		12	BkNWTK97iFwZaoUGxKuRJb35qjMe3SsDE7kdbtOqO+tOeppRVeOOZCn7F33ir/6i
		13	j2gmIME6LFDzvBi6YAyMBSh90Ak70HJINt0QfXlZf5MtX1NaxaEcnsRmwwcNqxh9
		14	JvcC9q4WrR92NhHCHI+lOsAe7hbwo/VkwRjSSx0HdKkx6kvdcNj/9LeX/jykzLvg
		15	kEqvAqT4Jmk57W2seqvpNcAO+eUVrJ5D1OR6khsUtikPp2pQH5MDXJDGcie+ZAFb
		16	w6BwoWBDBjooKtfuP0LKqrdtJG2JLe6yhBhWvfqHPBlUU1SsA7a5aTCLo8FiqgEI
		17	Kyy60zMx/2Mi48oN1a/mAoV1MTWLhOVUWJlIHM7nVLj1OaX0316LcLX/uTLTq40p
		18	apHKwERanzY7f8ROiv/Fa/J+9cCsfOLKfjFAjpBVUVoOb39HsyS/vvkGMY4kgaD6
		19	K6r9JPdsaoYvsLkxk5HyHF7Mk2uS1z1EIArD2/3lRiX6ag+IU1Nl3XDkgfZj06K3
		20	juS84dGF8CmN49uOEjzAJAQZH9jTs5OKzUuZhGJF+gt0L78vLOoKRr8bu1N1GPqU
		21	wnS908HWruXzjJl1CAhnuCa8FnDaU+tmEKjYpWuelx85kolpMW7LT5gOFZr84MIj
		22	Kq3Rt2hU6qQ7Cdy1ep531YKkmyh9Y4l/Tgir1OtnQQqtNuwHI497l7qAUnKZBBHZ
		23	guApjS9BoHsRXkw2mgDssZ+khOwj/xJm876nFSiQeCD0aIbU/4zJ9e2HUOJAZI1r
		24	d7QeSi4gUi4gSGFja2VyIDxqcmhAZXhhbXBsZS5jb20+iQE4BBMBAgAiBQJSTQfI
		25	AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRC2lUCGCRiV626FB/4kDIdi
		26	FNk3GOrRRiWKS4tfwS1htdc8H7TcnQHvdIzMRqLleyJNTYAPGrHCvum95UrUg1/4
		27	gYuKJcGVCr7gNI69BjjEt+nnyNM5hFXUQK+Vcr8m29U7C59dEQANrJ1/2X8xTEDk
		28	bY88FYi5CSeHfKw9KzHrw4lLM0cXCSUufQMpzhaWgT8YsOlPOKacKDtAbO5SjciK
		29	WmN3LwS9N0jl3ePH+YYkjAiCgH5hmDLFI8z4aMPCHkMTAPs57E2qprtHKeeZTR6m
		30	aVjKL1S58IcvCCKIQjOOlaLr6IX4JDjlkAqdyi8HJ6chS/vcnciY652uyyR4AcGZ
		31	qGWO/WF7q5X0SCPZ
		32	=5FZK
		33	-----END PGP PRIVATE KEY BLOCK-----


diff --git a/test/automated/data/package/signed/archive-contents b/test/automated/data/package/signed/archive-contents new file mode 100644 index 00000000000..2a773ecba6a --- /dev/null +++ b/test/automated/data/package/signed/archive-contents
@@ -0,0 +1,7 @@
		1	(1
		2	(signed-good .
		3	[(1 0)
		4	nil "A package with good signature" single])
		5	(signed-bad .
		6	[(1 0)
		7	nil "A package with bad signature" single]))


diff --git a/test/automated/data/package/signed/archive-contents.sig b/test/automated/data/package/signed/archive-contents.sig new file mode 100644 index 00000000000..658edd3f60e --- /dev/null +++ b/test/automated/data/package/signed/archive-contents.sig
Binary files differ


diff --git a/test/automated/data/package/signed/signed-bad-1.0.el b/test/automated/data/package/signed/signed-bad-1.0.el new file mode 100644 index 00000000000..3734823876e --- /dev/null +++ b/test/automated/data/package/signed/signed-bad-1.0.el
@@ -0,0 +1,33 @@
		1	;;; signed-bad.el --- A single-file package with bad signature
		2
		3	;; Author: J. R. Hacker <jrh@example.com>
		4	;; Version: 1.0
		5	;; Keywords: frobnicate
		6	;; URL: http://doodles.au
		7
		8	;;; Commentary:
		9
		10	;; This package provides a minor mode to frobnicate and/or bifurcate
		11	;; any flanges you desire. To activate it, type "C-M-r M-3 butterfly"
		12	;; and all your dreams will come true.
		13
		14	;;; Code:
		15
		16	(defgroup signed-bad nil "Simply a file"
		17	:group 'lisp)
		18
		19	(defcustom signed-bad-super-sunday t
		20	"How great is this?"
		21	:type 'boolean
		22	:group 'signed-bad)
		23
		24	(defvar signed-bad-sudo-sandwich nil
		25	"Make a sandwich?")
		26
		27	;;;###autoload
		28	(define-minor-mode signed-bad-mode
		29	"It does good things to stuff")
		30
		31	(provide 'signed-bad)
		32
		33	;;; signed-bad.el ends here


diff --git a/test/automated/data/package/signed/signed-bad-1.0.el.sig b/test/automated/data/package/signed/signed-bad-1.0.el.sig new file mode 100644 index 00000000000..747918794ca --- /dev/null +++ b/test/automated/data/package/signed/signed-bad-1.0.el.sig
Binary files differ


diff --git a/test/automated/data/package/signed/signed-good-1.0.el b/test/automated/data/package/signed/signed-good-1.0.el new file mode 100644 index 00000000000..22718df2763 --- /dev/null +++ b/test/automated/data/package/signed/signed-good-1.0.el
@@ -0,0 +1,33 @@
		1	;;; signed-good.el --- A single-file package with good signature
		2
		3	;; Author: J. R. Hacker <jrh@example.com>
		4	;; Version: 1.0
		5	;; Keywords: frobnicate
		6	;; URL: http://doodles.au
		7
		8	;;; Commentary:
		9
		10	;; This package provides a minor mode to frobnicate and/or bifurcate
		11	;; any flanges you desire. To activate it, type "C-M-r M-3 butterfly"
		12	;; and all your dreams will come true.
		13
		14	;;; Code:
		15
		16	(defgroup signed-good nil "Simply a file"
		17	:group 'lisp)
		18
		19	(defcustom signed-good-super-sunday t
		20	"How great is this?"
		21	:type 'boolean
		22	:group 'signed-good)
		23
		24	(defvar signed-good-sudo-sandwich nil
		25	"Make a sandwich?")
		26
		27	;;;###autoload
		28	(define-minor-mode signed-good-mode
		29	"It does good things to stuff")
		30
		31	(provide 'signed-good)
		32
		33	;;; signed-good.el ends here


diff --git a/test/automated/data/package/signed/signed-good-1.0.el.sig b/test/automated/data/package/signed/signed-good-1.0.el.sig new file mode 100644 index 00000000000..747918794ca --- /dev/null +++ b/test/automated/data/package/signed/signed-good-1.0.el.sig
Binary files differ


diff --git a/test/automated/package-test.el b/test/automated/package-test.el index 84f520df9bc..ec85432b637 100644 --- a/test/automated/package-test.el +++ b/test/automated/package-test.el
@@ -254,7 +254,7 @@ Must called from within a `tar-mode' buffer."
254	(should (package-installed-p 'simple-single))	254	(should (package-installed-p 'simple-single))
255	(switch-to-buffer "Packages")	255	(switch-to-buffer "Packages")
256	(goto-char (point-min))	256	(goto-char (point-min))
257	(should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+installed" nil t))	257	(should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+unsigned" nil t))
258	(goto-char (point-min))	258	(goto-char (point-min))
259	(should-not (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+\\(available\\\|new\\)" nil t))	259	(should-not (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+\\(available\\\|new\\)" nil t))
260	(kill-buffer buf))))	260	(kill-buffer buf))))
@@ -276,7 +276,7 @@ Must called from within a `tar-mode' buffer."
276	;; New version should be available and old version should be installed	276	;; New version should be available and old version should be installed
277	(goto-char (point-min))	277	(goto-char (point-min))
278	(should (re-search-forward "^\\s-+simple-single\\s-+1.4\\s-+new" nil t))	278	(should (re-search-forward "^\\s-+simple-single\\s-+1.4\\s-+new" nil t))
279	(should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+installed" nil t))	279	(should (re-search-forward "^\\s-+simple-single\\s-+1.3\\s-+unsigned" nil t))
280		280
281	(goto-char (point-min))	281	(goto-char (point-min))
282	(should (re-search-forward "^\\s-+new-pkg\\s-+1.0\\s-+\\(available\\\|new\\)" nil t))	282	(should (re-search-forward "^\\s-+new-pkg\\s-+1.0\\s-+\\(available\\\|new\\)" nil t))
@@ -307,9 +307,9 @@ Must called from within a `tar-mode' buffer."
307	(with-fake-help-buffer	307	(with-fake-help-buffer
308	(describe-package 'simple-single)	308	(describe-package 'simple-single)
309	(goto-char (point-min))	309	(goto-char (point-min))
310	(should (search-forward "simple-single is an installed package." nil t))	310	(should (search-forward "simple-single is an unsigned package." nil t))
311	(should (search-forward	311	(should (search-forward
312	(format "Status: Installed in `%s/'."	312	(format "Status: Installed in `%s/' (unsigned)."
313	(expand-file-name "simple-single-1.3" package-user-dir))	313	(expand-file-name "simple-single-1.3" package-user-dir))
314	nil t))	314	nil t))
315	(should (search-forward "Version: 1.3" nil t))	315	(should (search-forward "Version: 1.3" nil t))
@@ -347,6 +347,37 @@ Must called from within a `tar-mode' buffer."
347	(should (search-forward "This is a bare-bones readme file for the multi-file"	347	(should (search-forward "This is a bare-bones readme file for the multi-file"
348	nil t)))))	348	nil t)))))
349		349
		350	(ert-deftest package-test-signed ()
		351	"Test verifying package signature."
		352	:expected-result (condition-case nil
		353	(progn
		354	(epg-check-configuration (epg-configuration))
		355	:passed)
		356	(error :failed))
		357	(let* ((keyring (expand-file-name "key.pub" package-test-data-dir))
		358	(package-test-data-dir
		359	(expand-file-name "data/package/signed" package-test-file-dir)))
		360	(with-package-test ()
		361	(package-initialize)
		362	(package-import-keyring keyring)
		363	(package-refresh-contents)
		364	(should (package-install 'signed-good))
		365	(should-error (package-install 'signed-bad))
		366	;; Check if the installed package status is updated.
		367	(let ((buf (package-list-packages)))
		368	(package-menu-refresh)
		369	(should (re-search-forward "^\\s-+signed-good\\s-+1\\.0\\s-+installed"
		370	nil t)))
		371	;; Check if the package description is updated.
		372	(with-fake-help-buffer
		373	(describe-package 'signed-good)
		374	(goto-char (point-min))
		375	(should (search-forward "signed-good is an installed package." nil t))
		376	(should (search-forward
		377	(format "Status: Installed in `%s/'."
		378	(expand-file-name "signed-good-1.0" package-user-dir))
		379	nil t))))))
		380
350	(provide 'package-test)	381	(provide 'package-test)
351		382
352	;;; package-test.el ends here	383	;;; package-test.el ends here