From Fedora Project Wiki

No edit summary
m (moved QA:TestCase ABRT GPG Keys to QA:Testcase ABRT GPG Keys: Renamed with proper QA:Testcase prefix)
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{QA/Test_Case
{{QA/Test_Case
|description=
|description=
This is testing [[Features/ABRT|ABRT]] GPG check using '''custom GPG Keys'''
This test case checks whether [[Features/ABRT|ABRT]] can GPG check using custom GPG keys. That means you can add trusted GPG keys used to sign packages from third-party repositories. See also [[QA:Testcase_abrt_GPG_check]].
That means you can add other trusted GPG keys used to sign packages from some repository (e.g. RPM Fusion). See also [[QA:Testcase_abrt_GPG_check]].
{{admon/important|This test case can run only with correctly signed packages.|This test case can't be run on Rawhide or Rawhide-based builds because the packages are not properly signed in these distributions.}}
{{admon/important|This can be tested on Fedora 11 only|This test case can't be tested on Rawhide or provided LiveCD because the packages are not properly signed in these distributions.}}
|actions=
|actions=
Edit config file /etc/abrt/abrt.conf, where you should find lines:
# Edit config file {{filename|/etc/abrt/abrt.conf}}, and make sure ''OpenGPGCheck'' is set to yes.
<pre>
# Install a package which is signed, but not with an official Fedora project signature - such as a package from a popular third-party repository - and cause an application from the package to crash.
OpenGPGCheck = yes
# Add the GPG key with which the package is signed to the file {{filename|/etc/abrt/gpg_keys}}. Every separate key should be on a new line.
OpenGPGPublicKeys = /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora, /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora
# Restart ABRT with the command {{command|su -c 'service abrtd restart'}}.
</pre>
# Again cause the application to crash.
 
'''Please rename <code>EnableOpenGPG</code> to <code>OpenGPGCheck</code>''' (it is a mistake in the config file) and set it to ''yes'' or ''no''.
 
Set ''EnableOpenGPG'' to ''yes''.
Add path to GPG signature, delimited by colon.
Restart ABRT: <pre># service abrt restart</pre>
 
Install package from the repository to which the new GPG key belongs to. Crash an application from this package - abrt should ignore it this time. Leave gpg check on and import the gpg key from the repo (if you haven't already). Add the gpg key into ABRT config, crash something from the package - and this time it should be reported.  
 
'''<fixme: which repository to add as an example? how to install gpg key?>'''
 
|results=
|results=
ABRT should notice only crashes of applications from signed packages when OpenGPGCheck = yes, it should ignore packages from unsupported archives
# The first crash should not be reported by ABRT.
# The second crash should be reported by ABRT.
# The reporting to BZ will fail, as ABRT will try to report the crash to our BZ.
}}
}}
[[Category:ABRT_Test_Cases]]
[[Category:Package_abrt_test_cases]]

Latest revision as of 12:05, 9 May 2011

Description

This test case checks whether ABRT can GPG check using custom GPG keys. That means you can add trusted GPG keys used to sign packages from third-party repositories. See also QA:Testcase_abrt_GPG_check.

This test case can run only with correctly signed packages.
This test case can't be run on Rawhide or Rawhide-based builds because the packages are not properly signed in these distributions.


How to test

  1. Edit config file /etc/abrt/abrt.conf, and make sure OpenGPGCheck is set to yes.
  2. Install a package which is signed, but not with an official Fedora project signature - such as a package from a popular third-party repository - and cause an application from the package to crash.
  3. Add the GPG key with which the package is signed to the file /etc/abrt/gpg_keys. Every separate key should be on a new line.
  4. Restart ABRT with the command su -c 'service abrtd restart'.
  5. Again cause the application to crash.

Expected Results

  1. The first crash should not be reported by ABRT.
  2. The second crash should be reported by ABRT.
  3. The reporting to BZ will fail, as ABRT will try to report the crash to our BZ.