From a82eec628c25f96a15ed7f1443923ff625e0d2bc Mon Sep 17 00:00:00 2001
From: Julien Olivain <ju.o@free.fr>
Date: Wed, 4 Jan 2023 23:20:07 +0100
Subject: [PATCH] support/testing/tests/package/test_gnupg2.py: new runtime
 test

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 DEVELOPERS                                   |   1 +
 support/testing/tests/package/test_gnupg2.py | 114 +++++++++++++++++++
 2 files changed, 115 insertions(+)
 create mode 100644 support/testing/tests/package/test_gnupg2.py

diff --git a/DEVELOPERS b/DEVELOPERS
index e8e0671709..0af1323340 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1708,6 +1708,7 @@ F:	support/testing/tests/package/sample_python_distro.py
 F:	support/testing/tests/package/sample_python_gnupg.py
 F:	support/testing/tests/package/sample_python_pyalsa.py
 F:	support/testing/tests/package/sample_python_spake2.py
+F:	support/testing/tests/package/test_gnupg2.py
 F:	support/testing/tests/package/test_hwloc.py
 F:	support/testing/tests/package/test_ncdu.py
 F:	support/testing/tests/package/test_octave.py
diff --git a/support/testing/tests/package/test_gnupg2.py b/support/testing/tests/package/test_gnupg2.py
new file mode 100644
index 0000000000..4505e1c339
--- /dev/null
+++ b/support/testing/tests/package/test_gnupg2.py
@@ -0,0 +1,114 @@
+import os
+
+import infra.basetest
+
+
+class TestGnupg2(infra.basetest.BRTest):
+    config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
+        """
+        BR2_PACKAGE_GNUPG2=y
+        BR2_TARGET_ROOTFS_CPIO=y
+        # BR2_TARGET_ROOTFS_TAR is not set
+        """
+
+    def test_run(self):
+        cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+        self.emulator.boot(arch="armv5",
+                           kernel="builtin",
+                           options=["-initrd", cpio_file])
+        self.emulator.login()
+
+        # Some common data for all the tests
+        plain_data = "Some plain text data"
+        plain_file = "file.txt"
+        gpg_file = plain_file + ".gpg"
+        asc_file = plain_file + ".asc"
+        sig_file = plain_file + ".sig"
+        good_passphrase = "Good Passphrase"
+        gpg_userid = "br-test@buildroot"
+
+        # Test the program can execute
+        self.assertRunOk("gpg --version")
+
+        # Generate plain text data
+        cmd = "echo '{}' > {}".format(plain_data, plain_file)
+        self.assertRunOk(cmd)
+
+        # Test symmetric encrypt
+        cmd = "gpg --batch --symmetric"
+        cmd += " --passphrase '{}' {}".format(good_passphrase, plain_file)
+        self.assertRunOk(cmd)
+
+        # Test symmetric decrypt
+        cmd = "gpg --batch --decrypt"
+        cmd += " --passphrase '{}' {}".format(good_passphrase, gpg_file)
+        output, exit_code = self.emulator.run(cmd)
+        self.assertEqual(exit_code, 0)
+        self.assertIn(plain_data, output)
+
+        # Test a failed decrypt with a bad password
+        cmd = "gpg --batch --decrypt"
+        cmd += " --passphrase 'A-Bad-Password' {}".format(gpg_file)
+        _, exit_code = self.emulator.run(cmd)
+        self.assertNotEqual(exit_code, 0)
+
+        # Test the generation of an asymmetric key
+        cmd = "gpg --batch --passphrase ''"
+        cmd += " --quick-generate-key {} default default".format(gpg_userid)
+        self.assertRunOk(cmd)
+
+        # Test asymmetric encrypt+sign
+        cmd = "gpg --batch --yes --encrypt --sign"
+        cmd += " --recipient {} {}".format(gpg_userid, plain_file)
+        self.assertRunOk(cmd)
+
+        # Test asymmetric decrypt+verify
+        cmd = "gpg --decrypt {}".format(gpg_file)
+        output, exit_code = self.emulator.run(cmd)
+        self.assertEqual(exit_code, 0)
+        self.assertIn(plain_data, output)
+        self.assertRegex("\n".join(output), r'gpg: Good signature')
+
+        # Test asymmetric armored encrypt+sign
+        cmd = "gpg --batch --yes --armor --encrypt --sign"
+        cmd += " --recipient {} {}".format(gpg_userid, plain_file)
+        self.assertRunOk(cmd)
+
+        # Test asymmetric armored decrypt+verify
+        cmd = "gpg --armor --decrypt {}".format(asc_file)
+        output, exit_code = self.emulator.run(cmd)
+        self.assertEqual(exit_code, 0)
+        self.assertIn(plain_data, output)
+        self.assertRegex("\n".join(output), r'gpg: Good signature')
+
+        # Test detached signature
+        cmd = "gpg --batch --yes --detach-sign {}".format(plain_file)
+        self.assertRunOk(cmd)
+
+        # Test detached signature verification
+        cmd = "gpg --verify {}".format(sig_file)
+        output, exit_code = self.emulator.run(cmd)
+        self.assertEqual(exit_code, 0)
+        self.assertRegex("\n".join(output), r'gpg: Good signature')
+
+        # Test detached armored signature
+        cmd = "gpg --batch --yes --armor --detach-sign {}".format(plain_file)
+        self.assertRunOk(cmd)
+
+        # Test detached armored signature verification
+        cmd = "gpg --armor --verify {}".format(asc_file)
+        output, exit_code = self.emulator.run(cmd)
+        self.assertEqual(exit_code, 0)
+        self.assertRegex("\n".join(output), r'gpg: Good signature')
+
+        # Test the signature verification of a corrupted file actually fails
+        cmd = "echo 'CORRUPTED' >> {}".format(plain_file)
+        self.assertRunOk(cmd)
+
+        cmd = "gpg --verify {}".format(sig_file)
+        _, exit_code = self.emulator.run(cmd)
+        self.assertNotEqual(exit_code, 0)
+
+        cmd = "gpg --armor --verify {}".format(asc_file)
+        _, exit_code = self.emulator.run(cmd)
+        self.assertNotEqual(exit_code, 0)