launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/launchpad:fix-sync-signingkeys-fit into launchpad:master

To: mp+387037@xxxxxxxxxxxxxxxxxx
From: Colin Watson <cjwatson@xxxxxxxxxxxxx>
Date: Wed, 08 Jul 2020 11:32:24 -0000
Reply-to: mp+387037@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/launchpad:fix-sync-signingkeys-fit into launchpad:master.

Commit message:
Fix path to FIT keys in sync-signingkeys

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/387037

sync-signingkeys looked for FIT keys in the wrong paths and so failed to inject them.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:fix-sync-signingkeys-fit into launchpad:master.

diff --git a/lib/lp/archivepublisher/scripts/sync_signingkeys.py b/lib/lp/archivepublisher/scripts/sync_signingkeys.py
index 1cd56c1..e0b89d2 100644
--- a/lib/lp/archivepublisher/scripts/sync_signingkeys.py
+++ b/lib/lp/archivepublisher/scripts/sync_signingkeys.py
@@ -63,7 +63,9 @@ class SyncSigningKeysScript(LaunchpadScript):
             SigningKeyType.KMOD: ("kmod.pem", "kmod.x509"),
             SigningKeyType.OPAL: ("opal.pem", "opal.x509"),
             SigningKeyType.SIPL: ("sipl.pem", "sipl.x509"),
-            SigningKeyType.FIT: ("fit.key", "fit.crt"),
+            SigningKeyType.FIT: (
+                os.path.join("fit", "fit.key"),
+                os.path.join("fit", "fit.crt")),
         }
         found_keys_per_type = {}
         for key_type in SigningKeyType.items:
diff --git a/lib/lp/archivepublisher/tests/test_sync_signingkeys.py b/lib/lp/archivepublisher/tests/test_sync_signingkeys.py
index cb38a3c..eb185de 100644
--- a/lib/lp/archivepublisher/tests/test_sync_signingkeys.py
+++ b/lib/lp/archivepublisher/tests/test_sync_signingkeys.py
@@ -113,17 +113,25 @@ class TestSyncSigningKeysScript(TestCaseWithFactory):
     def test_get_keys_per_type(self):
         keys_dir = self.signing_root_dir
 
-        # Create fake uefi keys, and missing opal pem
-        for filename in ["uefi.key", "uefi.crt", "opal.x509"]:
+        # Create fake UEFI and FIT keys, and missing OPAL PEM.
+        for filename in ("uefi.key", "uefi.crt", "opal.x509"):
             with open(os.path.join(keys_dir, filename), 'wb') as fd:
                 fd.write(b"something something")
+        # Create fake FIT keys, which live in a subdirectory.
+        os.makedirs(os.path.join(keys_dir, "fit"))
+        for filename in ("fit.key", "fit.crt"):
+            with open(os.path.join(keys_dir, "fit", filename), 'wb') as fd:
+                fd.write(b"something something")
 
         script = self.makeScript([])
         self.assertThat(script.getKeysPerType(keys_dir), MatchesDict({
             SigningKeyType.UEFI: Equals(
                 (os.path.join(keys_dir, "uefi.key"),
-                 os.path.join(keys_dir, "uefi.crt")))
-        }))
+                 os.path.join(keys_dir, "uefi.crt"))),
+            SigningKeyType.FIT: Equals(
+                (os.path.join(keys_dir, "fit", "fit.key"),
+                 os.path.join(keys_dir, "fit", "fit.crt"))),
+            }))
 
     def test_get_series_paths(self):
         distro = self.factory.makeDistribution()
@@ -153,16 +161,23 @@ class TestSyncSigningKeysScript(TestCaseWithFactory):
 
         archive_root = key_dirs[None]
 
-        # Create fake uefi keys for the root
-        for filename in ["uefi.key", "uefi.crt"]:
+        # Create fake UEFI keys for the root
+        for filename in ("uefi.key", "uefi.crt"):
             with open(os.path.join(archive_root, filename), 'wb') as fd:
                 fd.write(b"Root %s" % filename)
 
-        # Create fake opal keys for series1
-        for filename in ["opal.pem", "opal.x509", "kmod.pem", "kmod.x509"]:
+        # Create fake OPAL and Kmod keys for series1
+        for filename in ("opal.pem", "opal.x509", "kmod.pem", "kmod.x509"):
             with open(os.path.join(key_dirs[series1], filename), 'wb') as fd:
                 fd.write(b"Series 1 %s" % filename)
 
+        # Create fake FIT keys for series1
+        os.makedirs(os.path.join(key_dirs[series1], "fit"))
+        for filename in ("fit.key", "fit.crt"):
+            with open(os.path.join(key_dirs[series1], "fit", filename),
+                      'wb') as fd:
+                fd.write(b"Series 1 %s" % filename)
+
         script = self.makeScript([])
         script.getArchives = mock.Mock(return_value=[archive])
         script.inject = mock.Mock()
@@ -178,6 +193,10 @@ class TestSyncSigningKeysScript(TestCaseWithFactory):
                 os.path.join(key_dirs[series1], "opal.pem"),
                 os.path.join(key_dirs[series1], "opal.x509")),
             mock.call(
+                archive, SigningKeyType.FIT, series1,
+                os.path.join(key_dirs[series1], "fit", "fit.key"),
+                os.path.join(key_dirs[series1], "fit", "fit.crt")),
+            mock.call(
                 archive, SigningKeyType.UEFI, None,
                 os.path.join(archive_root, "uefi.key"),
                 os.path.join(archive_root, "uefi.crt"))],
@@ -204,6 +223,12 @@ class TestSyncSigningKeysScript(TestCaseWithFactory):
             content)
         self.assertIn(
             tpl % (
+                os.path.join(key_dirs[series1], "fit", "fit.key"),
+                os.path.join(key_dirs[series1], "fit", "fit.crt"),
+                SigningKeyType.FIT, series1.name),
+            content)
+        self.assertIn(
+            tpl % (
                 os.path.join(archive_root, "uefi.key"),
                 os.path.join(archive_root, "uefi.crt"),
                 SigningKeyType.UEFI, None),