ci: add back dpkg-signed tests

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-06-19 08:05:04 +00:00 · 2024-11-10 09:58:11 -03:00
parent 666ef77cd4
commit afeac6e542
3 changed files with 47 additions and 18 deletions
@@ -318,25 +318,30 @@ func TestRPMSign(t *testing.T) {
 func TestDebSign(t *testing.T) {
 	t.Parallel()
 	for _, arch := range formatArchs["deb"] {
-		func(t *testing.T, testArch string) {
-			t.Run(fmt.Sprintf("deb/%s", testArch), func(t *testing.T) {
-				t.Parallel()
-				target := "signed"
-				if testArch == "ppc64le" && os.Getenv("NO_TEST_PPC64LE") == "true" {
-					t.Skip("ppc64le arch not supported in pipeline")
-				}
-				accept(t, acceptParms{
-					Name:   "debsign_sign_" + testArch,
-					Conf:   "deb.debsign.sign.yaml",
-					Format: "deb",
-					Docker: dockerParams{
-						File:   "deb.dockerfile",
-						Target: target,
-						Arch:   testArch,
-					},
+		for _, sigtype := range []string{"dpkg-sig", "debsign"} {
+			func(t *testing.T, testSigtype, testArch string) {
+				t.Run(fmt.Sprintf("deb/%s/%s", testArch, testSigtype), func(t *testing.T) {
+					t.Parallel()
+					target := "signed"
+					if testSigtype == "dpkg-sig" {
+						target = "dpkg-signed"
+					}
+					if testArch == "ppc64le" && os.Getenv("NO_TEST_PPC64LE") == "true" {
+						t.Skip("ppc64le arch not supported in pipeline")
+					}
+					accept(t, acceptParms{
+						Name:   fmt.Sprintf("%s_sign_%s", testSigtype, testArch),
+						Conf:   fmt.Sprintf("deb.%s.sign.yaml", testSigtype),
+						Format: "deb",
+						Docker: dockerParams{
+							File:   "deb.dockerfile",
+							Target: target,
+							Arch:   testArch,
+						},
+					})
 				})
-			})
-		}(t, arch)
+			}(t, sigtype, arch)
+		}
 	}
 }

@@ -85,6 +85,15 @@ RUN debsig-verify /tmp/foo.deb | grep "debsig: Verified package from 'Test packa
 RUN echo "" > /etc/dpkg/dpkg.cfg
 RUN dpkg -i /tmp/foo.deb

+# ---- signed dpkg-sig test ----
+FROM test_base AS dpkg-signed
+COPY keys/pubkey.gpg /tmp/gpg.key
+RUN apt update -y
+RUN apt install -y gnupg
+RUN gpg --import /tmp/gpg.key
+RUN gpg --verify /tmp/foo.deb
+RUN dpkg -i /tmp/foo.deb
+
 # ---- overrides test ----
 FROM min AS overrides
 RUN test -e /usr/bin/fake
@@ -0,0 +1,15 @@
+name: "foo"
+arch: "${BUILD_ARCH}"
+platform: "linux"
+version: "v1.0.0"
+maintainer: "John Doe <john@example.com>"
+description: This package is signed
+vendor: "FooBarCorp"
+homepage: "http://example.com"
+contents:
+- src: ./testdata/fake
+  dst: /usr/bin/fake
+deb:
+  signature:
+    method: dpkg-sig
+    key_file: ./internal/sign/testdata/privkey_unprotected.asc