implement keyring package generator

2025-07-24 19:29:57 +00:00 · 2023-05-05 16:22:53 +03:00
parent 21ea9a4dd1
commit 070d1d6d62
26 changed files with 790 additions and 43 deletions
--- a/tests/ahriman/application/handlers/test_handler_validate.py
+++ b/tests/ahriman/application/handlers/test_handler_validate.py
@ -62,6 +62,8 @@ def test_schema(configuration: Configuration) -> None:
    assert schema.pop("email")
    assert schema.pop("github")
    assert schema.pop("html")
+    assert schema.pop("keyring")
+    assert schema.pop("keyring_generator")
    assert schema.pop("mirrorlist")
    assert schema.pop("mirrorlist_generator")
    assert schema.pop("report")
--- a/tests/ahriman/application/test_ahriman.py
+++ b/tests/ahriman/application/test_ahriman.py
@ -373,6 +373,24 @@ def test_subparsers_repo_check_option_refresh(parser: argparse.ArgumentParser) -
    assert args.refresh == 2


+def test_subparsers_repo_create_keyring(parser: argparse.ArgumentParser) -> None:
+    """
+    repo-create-keyring command must imply trigger
+    """
+    args = parser.parse_args(["repo-create-keyring"])
+    assert args.trigger == ["ahriman.core.support.KeyringTrigger"]
+
+
+def test_subparsers_repo_create_keyring_architecture(parser: argparse.ArgumentParser) -> None:
+    """
+    repo-create-keyring command must correctly parse architecture list
+    """
+    args = parser.parse_args(["repo-create-keyring"])
+    assert args.architecture is None
+    args = parser.parse_args(["-a", "x86_64", "repo-create-keyring"])
+    assert args.architecture == ["x86_64"]
+
+
 def test_subparsers_repo_create_mirrorlist(parser: argparse.ArgumentParser) -> None:
    """
    repo-create-mirrorlist command must imply trigger
--- a/tests/ahriman/core/conftest.py
+++ b/tests/ahriman/core/conftest.py
@ -4,6 +4,7 @@ import pytest
 from ahriman.core.alpm.repo import Repo
 from ahriman.core.build_tools.task import Task
 from ahriman.core.configuration import Configuration
+from ahriman.core.sign.gpg import GPG
 from ahriman.core.tree import Leaf
 from ahriman.models.package import Package
 from ahriman.models.repository_paths import RepositoryPaths
@ -63,6 +64,20 @@ def repo(configuration: Configuration, repository_paths: RepositoryPaths) -> Rep
    return Repo(configuration.get("repository", "name"), repository_paths, [])


+@pytest.fixture
+def gpg(configuration: Configuration) -> GPG:
+    """
+    fixture for empty GPG
+
+    Args:
+        configuration(Configuration): configuration fixture
+
+    Returns:
+        GPG: GPG test instance
+    """
+    return GPG(configuration)
+
+
@pytest.fixture
 def task_ahriman(package_ahriman: Package, configuration: Configuration, repository_paths: RepositoryPaths) -> Task:
    """
--- a/tests/ahriman/core/report/test_html.py
+++ b/tests/ahriman/core/report/test_html.py
@ -16,4 +16,4 @@ def test_generate(configuration: Configuration, package_ahriman: Package, mocker

    report = HTML("x86_64", configuration, "html")
    report.generate([package_ahriman], Result())
-    write_mock.assert_called_once_with(pytest.helpers.anyvar(int))
+    write_mock.assert_called_once_with(pytest.helpers.anyvar(int), encoding="utf8")
--- a/tests/ahriman/core/sign/conftest.py
+++ b/tests/ahriman/core/sign/conftest.py
@ -1,23 +1,8 @@
 import pytest

-from ahriman.core.configuration import Configuration
 from ahriman.core.sign.gpg import GPG


-@pytest.fixture
-def gpg(configuration: Configuration) -> GPG:
-    """
-    fixture for empty GPG
-
-    Args:
-        configuration(Configuration): configuration fixture
-
-    Returns:
-        GPG: GPG test instance
-    """
-    return GPG("x86_64", configuration)
-
-
@pytest.fixture
 def gpg_with_key(gpg: GPG) -> GPG:
    """
--- a/tests/ahriman/core/sign/test_gpg.py
+++ b/tests/ahriman/core/sign/test_gpg.py
@ -97,6 +97,33 @@ def test_key_download_failure(gpg: GPG, mocker: MockerFixture) -> None:
        gpg.key_download("keyserver.ubuntu.com", "0xE989490C")


+def test_key_export(gpg: GPG, mocker: MockerFixture) -> None:
+    """
+    must export gpg key correctly
+    """
+    check_output_mock = mocker.patch("ahriman.core.sign.gpg.GPG._check_output", return_value="key")
+    assert gpg.key_export("k") == "key"
+    check_output_mock.assert_called_once_with("gpg", "--armor", "--no-emit-version", "--export", "k",
+                                              logger=pytest.helpers.anyvar(int))
+
+
+def test_key_fingerprint(gpg: GPG, mocker: MockerFixture) -> None:
+    """
+    must extract fingerprint
+    """
+    check_output_mock = mocker.patch(
+        "ahriman.core.sign.gpg.GPG._check_output",
+        return_value="""tru::1:1576103830:0:3:1:5
+fpr:::::::::C6EBB9222C3C8078631A0DE4BD2AC8C5E989490C:
+sub:-:4096:1:7E3A4240CE3C45C2:1615121387::::::e::::::23:
+fpr:::::::::43A663569A07EE1E4ECC55CC7E3A4240CE3C45C2:""")
+
+    key = "0xCE3C45C2"
+    assert gpg.key_fingerprint(key) == "C6EBB9222C3C8078631A0DE4BD2AC8C5E989490C"
+    check_output_mock.assert_called_once_with("gpg", "--with-colons", "--fingerprint", key,
+                                              logger=pytest.helpers.anyvar(int))
+
+
 def test_key_import(gpg: GPG, mocker: MockerFixture) -> None:
    """
    must import PGP key from the server
@ -108,6 +135,21 @@ def test_key_import(gpg: GPG, mocker: MockerFixture) -> None:
    check_output_mock.assert_called_once_with("gpg", "--import", input_data="key", logger=pytest.helpers.anyvar(int))


+def test_keys(gpg: GPG) -> None:
+    """
+    must extract keys
+    """
+    assert gpg.keys() == []
+
+    gpg.default_key = "key"
+    assert gpg.keys() == [gpg.default_key]
+
+    gpg.configuration.set_option("sign", "key_a", "key1")
+    gpg.configuration.set_option("sign", "key_b", "key1")
+    gpg.configuration.set_option("sign", "key_c", "key2")
+    assert gpg.keys() == ["key", "key1", "key2"]
+
+
 def test_process(gpg_with_key: GPG, mocker: MockerFixture) -> None:
    """
    must call process method correctly
--- a/tests/ahriman/core/support/pkgbuild/conftest.py
+++ b/tests/ahriman/core/support/pkgbuild/conftest.py
@ -1,8 +1,26 @@
 import pytest

+from ahriman.core.configuration import Configuration
+from ahriman.core.sign.gpg import GPG
+from ahriman.core.support.pkgbuild.keyring_generator import KeyringGenerator
 from ahriman.core.support.pkgbuild.pkgbuild_generator import PkgbuildGenerator


+@pytest.fixture
+def keyring_generator(gpg: GPG, configuration: Configuration) -> KeyringGenerator:
+    """
+    fixture for keyring pkgbuild generator
+
+    Args:
+        gpg(GPG): empty GPG fixture
+        configuration(Configuration): configuration fixture
+
+    Returns:
+        KeyringGenerator: keyring generator test instance
+    """
+    return KeyringGenerator(gpg, configuration, "keyring")
+
+
@pytest.fixture
 def pkgbuild_generator() -> PkgbuildGenerator:
    """
--- a/tests/ahriman/core/support/pkgbuild/test_keyring_generator.py
+++ b/tests/ahriman/core/support/pkgbuild/test_keyring_generator.py
@ -0,0 +1,185 @@
+import pytest
+
+from pathlib import Path
+from pytest_mock import MockerFixture
+from unittest.mock import MagicMock, call as MockCall
+
+from ahriman.core.configuration import Configuration
+from ahriman.core.exceptions import PkgbuildGeneratorError
+from ahriman.core.sign.gpg import GPG
+from ahriman.core.support.pkgbuild.keyring_generator import KeyringGenerator
+
+
+def test_init_packagers(gpg: GPG, configuration: Configuration, mocker: MockerFixture) -> None:
+    """
+    must extract packagers keys
+    """
+    mocker.patch("ahriman.core.sign.gpg.GPG.keys", return_value=["key"])
+
+    assert KeyringGenerator(gpg, configuration, "keyring").packagers == ["key"]
+
+    configuration.set_option("keyring", "packagers", "key1")
+    assert KeyringGenerator(gpg, configuration, "keyring").packagers == ["key1"]
+
+
+def test_init_revoked(gpg: GPG, configuration: Configuration) -> None:
+    """
+    must extract revoked keys
+    """
+    assert KeyringGenerator(gpg, configuration, "keyring").revoked == []
+
+    configuration.set_option("keyring", "revoked", "key1")
+    assert KeyringGenerator(gpg, configuration, "keyring").revoked == ["key1"]
+
+
+def test_init_trusted(gpg: GPG, configuration: Configuration) -> None:
+    """
+    must extract trusted keys
+    """
+    assert KeyringGenerator(gpg, configuration, "keyring").trusted == []
+
+    gpg.default_key = "key"
+    assert KeyringGenerator(gpg, configuration, "keyring").trusted == ["key"]
+
+    configuration.set_option("keyring", "trusted", "key1")
+    assert KeyringGenerator(gpg, configuration, "keyring").trusted == ["key1"]
+
+
+def test_license(gpg: GPG, configuration: Configuration) -> None:
+    """
+    must generate correct licenses list
+    """
+    assert KeyringGenerator(gpg, configuration, "keyring").license == ["Unlicense"]
+
+    configuration.set_option("keyring", "license", "GPL MPL")
+    assert KeyringGenerator(gpg, configuration, "keyring").license == ["GPL", "MPL"]
+
+
+def test_pkgdesc(gpg: GPG, configuration: Configuration) -> None:
+    """
+    must generate correct pkgdesc property
+    """
+    assert KeyringGenerator(gpg, configuration, "keyring").pkgdesc == "aur-clone PGP keyring"
+
+    configuration.set_option("keyring", "description", "description")
+    assert KeyringGenerator(gpg, configuration, "keyring").pkgdesc == "description"
+
+
+def test_pkgname(gpg: GPG, configuration: Configuration) -> None:
+    """
+    must generate correct pkgname property
+    """
+    assert KeyringGenerator(gpg, configuration, "keyring").pkgname == "aur-clone-keyring"
+
+    configuration.set_option("keyring", "package", "keyring")
+    assert KeyringGenerator(gpg, configuration, "keyring").pkgname == "keyring"
+
+
+def test_url(gpg: GPG, configuration: Configuration) -> None:
+    """
+    must generate correct url property
+    """
+    assert KeyringGenerator(gpg, configuration, "keyring").url == ""
+
+    configuration.set_option("keyring", "homepage", "homepage")
+    assert KeyringGenerator(gpg, configuration, "keyring").url == "homepage"
+
+
+def test_generate_gpg(keyring_generator: KeyringGenerator, mocker: MockerFixture) -> None:
+    """
+    must correctly generate file with all PGP keys
+    """
+    file_mock = MagicMock()
+    export_mock = mocker.patch("ahriman.core.sign.gpg.GPG.key_export", side_effect=lambda key: key)
+    open_mock = mocker.patch("pathlib.Path.open")
+    open_mock.return_value.__enter__.return_value = file_mock
+    keyring_generator.packagers = ["key"]
+    keyring_generator.revoked = ["revoked"]
+    keyring_generator.trusted = ["trusted", "key"]
+
+    keyring_generator._generate_gpg(Path("local"))
+    open_mock.assert_called_once_with("w")
+    export_mock.assert_has_calls([MockCall("key"), MockCall("revoked"), MockCall("trusted")])
+    file_mock.write.assert_has_calls([
+        MockCall("key"), MockCall("\n"),
+        MockCall("revoked"), MockCall("\n"),
+        MockCall("trusted"), MockCall("\n"),
+    ])
+
+
+def test_generate_revoked(keyring_generator: KeyringGenerator, mocker: MockerFixture) -> None:
+    """
+    must correctly generate file with revoked keys
+    """
+    file_mock = MagicMock()
+    fingerprint_mock = mocker.patch("ahriman.core.sign.gpg.GPG.key_fingerprint", side_effect=lambda key: key)
+    open_mock = mocker.patch("pathlib.Path.open")
+    open_mock.return_value.__enter__.return_value = file_mock
+    keyring_generator.revoked = ["revoked"]
+
+    keyring_generator._generate_revoked(Path("local"))
+    open_mock.assert_called_once_with("w")
+    fingerprint_mock.assert_called_once_with("revoked")
+    file_mock.write.assert_has_calls([MockCall("revoked"), MockCall("\n")])
+
+
+def test_generate_trusted(keyring_generator: KeyringGenerator, mocker: MockerFixture) -> None:
+    """
+    must correctly generate file with trusted keys
+    """
+    file_mock = MagicMock()
+    fingerprint_mock = mocker.patch("ahriman.core.sign.gpg.GPG.key_fingerprint", side_effect=lambda key: key)
+    open_mock = mocker.patch("pathlib.Path.open")
+    open_mock.return_value.__enter__.return_value = file_mock
+    keyring_generator.trusted = ["trusted", "trusted"]
+
+    keyring_generator._generate_trusted(Path("local"))
+    open_mock.assert_called_once_with("w")
+    fingerprint_mock.assert_called_once_with("trusted")
+    file_mock.write.assert_has_calls([MockCall("trusted"), MockCall(":4:\n")])
+
+
+def test_generate_trusted_empty(keyring_generator: KeyringGenerator) -> None:
+    """
+    must raise PkgbuildGeneratorError if no trusted keys set
+    """
+    with pytest.raises(PkgbuildGeneratorError):
+        keyring_generator._generate_trusted(Path("local"))
+
+
+def test_install(keyring_generator: KeyringGenerator) -> None:
+    """
+    must return install functions
+    """
+    assert keyring_generator.install() == """post_upgrade() {
+  if usr/bin/pacman-key -l >/dev/null 2>&1; then
+    usr/bin/pacman-key --populate aur-clone
+    usr/bin/pacman-key --updatedb
+  fi
+}
+
+post_install() {
+  if [ -x usr/bin/pacman-key ]; then
+    post_upgrade
+  fi
+}"""
+
+
+def test_package(keyring_generator: KeyringGenerator) -> None:
+    """
+    must generate package function correctly
+    """
+    assert keyring_generator.package() == """{
+  install -Dm644 "$srcdir/aur-clone.gpg" "$pkgdir/usr/share/pacman/keyrings/aur-clone.gpg"
+  install -Dm644 "$srcdir/aur-clone-revoked" "$pkgdir/usr/share/pacman/keyrings/aur-clone-revoked"
+  install -Dm644 "$srcdir/aur-clone-trusted" "$pkgdir/usr/share/pacman/keyrings/aur-clone-trusted"
+}"""
+
+
+def test_sources(keyring_generator: KeyringGenerator) -> None:
+    """
+    must return valid sources files list
+    """
+    assert keyring_generator.sources().get("aur-clone.gpg")
+    assert keyring_generator.sources().get("aur-clone-revoked")
+    assert keyring_generator.sources().get("aur-clone-trusted")
--- a/tests/ahriman/core/support/pkgbuild/test_mirrorlist_generator.py
+++ b/tests/ahriman/core/support/pkgbuild/test_mirrorlist_generator.py
@ -1,6 +1,4 @@
 from pathlib import Path
-from unittest.mock import MagicMock
-
 from pytest_mock import MockerFixture

 from ahriman.core.configuration import Configuration
@ -61,14 +59,9 @@ def test_generate_mirrorlist(mirrorlist_generator: MirrorlistGenerator, mocker:
    """
    must correctly generate mirrorlist file
    """
-    path = Path("local")
-    file_mock = MagicMock()
-    open_mock = mocker.patch("pathlib.Path.open")
-    open_mock.return_value.__enter__.return_value = file_mock
-
-    mirrorlist_generator._generate_mirrorlist(path)
-    open_mock.assert_called_once_with("w")
-    file_mock.writelines.assert_called_once_with(["Server = http://localhost\n"])
+    write_mock = mocker.patch("pathlib.Path.write_text")
+    mirrorlist_generator._generate_mirrorlist(Path("local"))
+    write_mock.assert_called_once_with("Server = http://localhost\n", encoding="utf8")


 def test_package(mirrorlist_generator: MirrorlistGenerator) -> None:
--- a/tests/ahriman/core/support/pkgbuild/test_pkgbuild_generator.py
+++ b/tests/ahriman/core/support/pkgbuild/test_pkgbuild_generator.py
@ -48,6 +48,13 @@ def test_url(pkgbuild_generator: PkgbuildGenerator) -> None:
    assert pkgbuild_generator.url == ""


+def test_install(pkgbuild_generator: PkgbuildGenerator) -> None:
+    """
+    must return empty install function
+    """
+    assert pkgbuild_generator.install() is None
+
+
 def test_package(pkgbuild_generator: PkgbuildGenerator) -> None:
    """
    must raise NotImplementedError on missing package function
@ -70,6 +77,25 @@ def test_sources(pkgbuild_generator: PkgbuildGenerator) -> None:
    assert pkgbuild_generator.sources() == {}


+def test_write_install(pkgbuild_generator: PkgbuildGenerator, mocker: MockerFixture) -> None:
+    """
+    must write install file
+    """
+    mocker.patch.object(PkgbuildGenerator, "pkgname", "package")
+    mocker.patch("ahriman.core.support.pkgbuild.pkgbuild_generator.PkgbuildGenerator.install", return_value="content")
+    write_mock = mocker.patch("pathlib.Path.write_text")
+
+    assert pkgbuild_generator.write_install(Path("local")) == [PkgbuildPatch("install", "package.install")]
+    write_mock.assert_called_once_with("content")
+
+
+def test_write_install_empty(pkgbuild_generator: PkgbuildGenerator) -> None:
+    """
+    must return empty patch list for missing install function
+    """
+    assert pkgbuild_generator.write_install(Path("local")) == []
+
+
 def test_write_pkgbuild(pkgbuild_generator: PkgbuildGenerator, mocker: MockerFixture) -> None:
    """
    must write PKGBUILD content to file
@ -80,14 +106,17 @@ def test_write_pkgbuild(pkgbuild_generator: PkgbuildGenerator, mocker: MockerFix
    mocker.patch("ahriman.core.support.pkgbuild.pkgbuild_generator.PkgbuildGenerator.package", return_value="{}")
    patches_mock = mocker.patch("ahriman.core.support.pkgbuild.pkgbuild_generator.PkgbuildGenerator.patches",
                                return_value=[PkgbuildPatch("property", "value")])
+    install_mock = mocker.patch("ahriman.core.support.pkgbuild.pkgbuild_generator.PkgbuildGenerator.write_install",
+                                return_value=[PkgbuildPatch("install", "pkgname.install")])
    sources_mock = mocker.patch("ahriman.core.support.pkgbuild.pkgbuild_generator.PkgbuildGenerator.write_sources",
                                return_value=[PkgbuildPatch("source", []), PkgbuildPatch("sha512sums", [])])
    write_mock = mocker.patch("ahriman.models.pkgbuild_patch.PkgbuildPatch.write")

    pkgbuild_generator.write_pkgbuild(path)
    patches_mock.assert_called_once_with()
+    install_mock.assert_called_once_with(path)
    sources_mock.assert_called_once_with(path)
-    write_mock.assert_has_calls([MockCall(path / "PKGBUILD")] * 11)
+    write_mock.assert_has_calls([MockCall(path / "PKGBUILD")] * 12)


 def test_write_sources(pkgbuild_generator: PkgbuildGenerator, mocker: MockerFixture) -> None:
--- a/tests/ahriman/core/support/test_keyring_trigger.py
+++ b/tests/ahriman/core/support/test_keyring_trigger.py
@ -0,0 +1,30 @@
+from pytest_mock import MockerFixture
+
+from ahriman.core.configuration import Configuration
+from ahriman.core.sign.gpg import GPG
+from ahriman.core.support import KeyringTrigger
+from ahriman.models.context_key import ContextKey
+
+
+def test_configuration_sections(configuration: Configuration) -> None:
+    """
+    must correctly parse target list
+    """
+    configuration.set_option("keyring", "target", "a b c")
+    assert KeyringTrigger.configuration_sections(configuration) == ["a", "b", "c"]
+
+    configuration.remove_option("keyring", "target")
+    assert KeyringTrigger.configuration_sections(configuration) == []
+
+
+def test_on_start(configuration: Configuration, mocker: MockerFixture) -> None:
+    """
+    must run report for specified targets
+    """
+    gpg_mock = mocker.patch("ahriman.core._Context.get")
+    run_mock = mocker.patch("ahriman.core.support.package_creator.PackageCreator.run")
+
+    trigger = KeyringTrigger("x86_64", configuration)
+    trigger.on_start()
+    gpg_mock.assert_called_once_with(ContextKey("sign", GPG))
+    run_mock.assert_called_once_with()
--- a/tests/ahriman/core/support/test_mirrorlist_trigger.py
+++ b/tests/ahriman/core/support/test_mirrorlist_trigger.py
@ -19,7 +19,6 @@ def test_on_start(configuration: Configuration, mocker: MockerFixture) -> None:
    """
    must run report for specified targets
    """
-    configuration.set_option("mirrorlist", "target", "mirrorlist")
    run_mock = mocker.patch("ahriman.core.support.package_creator.PackageCreator.run")

    trigger = MirrorlistTrigger("x86_64", configuration)
--- a/tests/testresources/core/ahriman.ini
+++ b/tests/testresources/core/ahriman.ini
@ -25,7 +25,7 @@ ignore_packages =
 makechrootpkg_flags =
 makepkg_flags = --skippgpcheck
 triggers = ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger
-triggers_known = ahriman.core.support.MirrorlistTrigger
+triggers_known = ahriman.core.support.KeyringTrigger ahriman.core.support.MirrorlistTrigger

 [repository]
 name = aur-clone
@ -34,6 +34,9 @@ root = ../../../
 [sign]
 target =

+[keyring]
+target = keyring
+
 [mirrorlist]
 target = mirrorlist
 servers = http://localhost