expired-pgp-keys: Add basic CI tests

Author: jan-kolarik

dnf-behave-tests/dnf/plugins-core/expired-pgp-keys.feature

@@ -0,0 +1,36 @@
+Feature: expired-pgp-keys plugin functionality
+
+
+Background:
+  Given I enable plugin "expired-pgp-keys"
+    And I configure dnf with
+      | key            | value                                              |
+      | pluginconfpath | {context.dnf.installroot}/etc/dnf/libdnf5-plugins  |
+    And I create file "/etc/dnf/libdnf5-plugins/expired-pgp-keys.conf" with
+    """
+    [main]
+    enabled = 1
+    """
+    And I use repository "dnf-ci-gpg-expiry" with configuration
+        | key      | value                                                                                    |
+        | gpgcheck | 1                                                                                        |
+        | gpgkey   | file://{context.dnf.fixturesdir}/gpgkeys/keys/dnf-ci-gpg-expiry/dnf-ci-gpg-expiry-public |
+    And I use repository "simple-base"
+    And I successfully execute dnf with args "install wget"
+
+
+Scenario: When PGP key is expired, its removal is triggered before transaction
+  Given I move the clock forward to "2 years"
+    And I successfully execute dnf with args "install vagare" 
+   Then stderr contains lines matching
+    """
+    The following PGP key \(0x.*\) is about to be removed:
+     Reason     : Expired on .*
+     UserID     : "dnf-ci-gpg-expiry"
+    """
+
+
+Scenario: When PGP key is expired, its removal is not triggered on non-transactional operations
+  Given I move the clock forward to "2 years"
+    And I successfully execute dnf with args "repoquery vagare" 
+   Then stderr does not contain "The following PGP key \(0x.*\) is about to be removed:"

dnf-behave-tests/fixtures/gpgkeys/keyspecs/dnf-ci-gpg-expiry/config

@@ -0,0 +1 @@
+USE_EXPIRATION_DATE=1

dnf-behave-tests/fixtures/gpgkeys/keyspecs/dnf-ci-gpg-expiry/packages

@@ -0,0 +1 @@
+dnf-ci-gpg-expiry/x86_64/wget-1.19.5-5.fc29.x86_64.rpm

dnf-behave-tests/fixtures/gpgkeys/sign.sh

@@ -16,6 +16,7 @@ for KEY_NAME in $KEYSPECS; do
     # set defaults
     USE_SIGN_SUBKEY=0
     USE_NOEOF_KEYS=0
+    USE_EXPIRATION_DATE=0
 
     # read config file for key
     if [ -f "${DIR}/keyspecs/${KEY_NAME}/config" ]; then
@@ -37,8 +38,15 @@ for KEY_NAME in $KEYSPECS; do
     TMP_KEY_DIR="${TMP_DIR}/gpghome"
     ln -s "${KEY_DIR}" "${TMP_KEY_DIR}"
 
-    # create key (without password, without expire)
-    HOME=${TMP_KEY_DIR} gpg2 --batch --passphrase '' --quick-gen-key "${KEY_NAME}" default default 0
+    # keys are without expiration date by default
+    # if expiration is requested, set it to 1 year from now
+    EXPIRY_DATE=0
+    if [ "${USE_EXPIRATION_DATE}" = "1" ]; then
+        EXPIRY_DATE=$(date -d "+1 year" +%Y-%m-%d)
+    fi
+
+    # create key (without password)
+    HOME=${TMP_KEY_DIR} gpg2 --batch --passphrase '' --quick-gen-key "${KEY_NAME}" default default "${EXPIRY_DATE}"
 
     if [ "${USE_SIGN_SUBKEY}" = "1" ]; then
         # add sign subkey

dnf-behave-tests/fixtures/specs/dnf-ci-gpg-expiry/wget-1.19.5-5.fc29.spec

@@ -0,0 +1,24 @@
+Name: wget
+Version: 1.19.5
+Release: 5%{?dist}
+Summary: A utility for retrieving files using the HTTP or FTP protocols
+
+License: GPLv3+
+Group: Applications/Internet
+Url: http://www.gnu.org/software/wget/
+
+Provides: webclient
+Provides: bundled(gnulib) 
+
+%description
+GNU Wget is a file retrieval utility which can use either the HTTP or
+FTP protocols. Wget features include the ability to work in the
+background while you are logged out, recursive retrieval of
+directories, file name wildcard matching, remote file timestamp
+storage and comparison, use of Rest with FTP servers and Range with
+HTTP servers to retrieve files over slow or unstable connections,
+support for Proxy servers, and configurability.
+
+%files
+
+%changelog