Improve the automated tests about the included signing key
Why test "old w.r.t. the one we fetch from Tails' website"? What we mainly need to test here (and the reason why this test was added to begin with) is that the key and its subkeys haven't expired, and won't expire any time soon.
#11 Updated by kytv about 5 years ago
- Status changed from Confirmed to In Progress
I updated this branch to include a test for the Debian repository key's expiration as well. This test currently fails because
Scenario: The shipped Tails signing key is up-to-date # features/checks.feature:17 Then the shipped Tails signing key will be valid for the next 3 months # features/step_definitions/checks.rb:1 Scenario: The Tails Debian repository key is up-to-date # features/checks.feature:20 Then the shipped Tails Debian repository key will be valid for the next 3 months # features/step_definitions/checks.rb:1 The shipped signing key will expire within the next 3 months. (MiniTest::Assertion) ./features/step_definitions/checks.rb:16:in `/^the shipped Tails (signing|Debian repository) key will be valid for the next (\d+) months$/' features/checks.feature:21:in `Then the shipped Tails Debian repository key will be valid for the next 3 months'
$ gpg --fingerprint 0xC7988EA7A358D82E pub 4096R/0xC7988EA7A358D82E 2012-02-04 [expires: 2015-02-03] Key fingerprint = 221F 9A3C 6FA3 E09E 182E 060B C798 8EA7 A358 D82E uid deb.tails.boum.org archive signing key
which means the test is doing its job. :)
Ticket #8747 was created for the GPG key's expiration.
#12 Updated by anonym about 5 years ago
- Assignee changed from anonym to bertagaz
- QA Check changed from Ready for QA to Info Needed
I updated this branch to include a test for the Debian repository key's expiration as well. This test currently fails because [...]
That's great! However, until we have a way to tag tests that they currently are expected to fail (#7233) this may be annoying, at least for our sysadmin's current task of automating runs of the test suite. bertagaz, how problematic would it be to you if the automated test suite fails for the devel branch until you update the APT key?
Otherwise the branch looks good (and I really like how you re-use the old code for the APT key test!) and I'll merge it as soon as we have a clarification from bertagaz.
#13 Updated by intrigeri about 5 years ago
I find it useful that our automated test suite tests the bits of our infrastructure that it depends on, until we have proper monitoring for such things. If it fails, then Tails has a problem.
BTW, that's something that would be worth taking note of in some blueprint wrt. the system properties we might want to monitor.
#14 Updated by bertagaz almost 5 years ago
- Assignee changed from bertagaz to anonym
- QA Check changed from Info Needed to Ready for QA
Agree with intrigeri, it seems relevant to have this test failing, and hopefully won't happen that often. So I don't see a problem to merge this branch, and am even glad to see kytv catching this. Good work! :)