tests: Move keys into ./tests/keys/ and add a third ed25519 key.

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

18 files changed, 93 insertions, 61 deletions

diff --git a/Makefile.am b/Makefile.am
index c4ccee65f1..d39052521b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -653,16 +653,18 @@ EXTRA_DIST +=						\
   build-aux/update-guix-package.scm			\
   build-aux/update-NEWS.scm				\
   tests/test.drv					\
-  tests/signing-key.pub					\
-  tests/signing-key.sec					\
   tests/cve-sample.json					\
-  tests/civodul.key					\
-  tests/rsa.key						\
-  tests/dsa.key						\
-  tests/ed25519.key					\
-  tests/ed25519.sec					\
-  tests/ed25519bis.key					\
-  tests/ed25519bis.sec					\
+  tests/keys/signing-key.pub				\
+  tests/keys/signing-key.sec				\
+  tests/keys/civodul.pub				\
+  tests/keys/rsa.pub					\
+  tests/keys/dsa.pub					\
+  tests/keys/ed25519.pub				\
+  tests/keys/ed25519.sec				\
+  tests/keys/ed25519-2.pub				\
+  tests/keys/ed25519-2.sec				\
+  tests/keys/ed25519-3.pub				\
+  tests/keys/ed25519-3.sec				\
   build-aux/config.rpath				\
   bootstrap						\
   doc/build.scm						\
diff --git a/build-aux/test-env.in b/build-aux/test-env.in
index 7efc43206c..ca786437e9 100644
--- a/build-aux/test-env.in
+++ b/build-aux/test-env.in
@@ -73,9 +73,9 @@ then
 	# Copy the keys so that the secret key has the right permissions (the
 	# daemon errors out when this is not the case.)
 	mkdir -p "$GUIX_CONFIGURATION_DIRECTORY"
-	cp "@abs_top_srcdir@/tests/signing-key.sec"	\
-	    "@abs_top_srcdir@/tests/signing-key.pub"	\
-	    "$GUIX_CONFIGURATION_DIRECTORY"
+	cp "@abs_top_srcdir@/tests/keys/signing-key.sec"	\
+	   "@abs_top_srcdir@/tests/keys/signing-key.pub"	\
+	   "$GUIX_CONFIGURATION_DIRECTORY"
 	chmod 400 "$GUIX_CONFIGURATION_DIRECTORY/signing-key.sec"
     fi
 
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index eb8ff63a43..943fd66077 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -28,8 +28,10 @@
 
             %ed25519-public-key-file
             %ed25519-secret-key-file
-            %ed25519bis-public-key-file
-            %ed25519bis-secret-key-file
+            %ed25519-2-public-key-file
+            %ed25519-2-secret-key-file
+            %ed25519-3-public-key-file
+            %ed25519-3-secret-key-file
 
             read-openpgp-packet
             key-fingerprint
@@ -63,13 +65,17 @@ process is terminated afterwards."
   (call-with-fresh-gnupg-setup imported (lambda () exp ...)))
 
 (define %ed25519-public-key-file
-  (search-path %load-path "tests/ed25519.key"))
+  (search-path %load-path "tests/keys/ed25519.pub"))
 (define %ed25519-secret-key-file
-  (search-path %load-path "tests/ed25519.sec"))
-(define %ed25519bis-public-key-file
-  (search-path %load-path "tests/ed25519bis.key"))
-(define %ed25519bis-secret-key-file
-  (search-path %load-path "tests/ed25519bis.sec"))
+  (search-path %load-path "tests/keys/ed25519.sec"))
+(define %ed25519-2-public-key-file
+  (search-path %load-path "tests/keys/ed25519-2.pub"))
+(define %ed25519-2-secret-key-file
+  (search-path %load-path "tests/keys/ed25519-2.sec"))
+(define %ed25519-3-public-key-file
+  (search-path %load-path "tests/keys/ed25519-3.pub"))
+(define %ed25519-3-secret-key-file
+  (search-path %load-path "tests/keys/ed25519-3.sec"))
 
 (define (read-openpgp-packet file)
   (get-openpgp-packet
diff --git a/tests/channels.scm b/tests/channels.scm
index 3e82315b0c..d45c450241 100644
--- a/tests/channels.scm
+++ b/tests/channels.scm
@@ -480,8 +480,8 @@
   #t
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add ".guix-channel"
                ,(object->string
@@ -507,7 +507,7 @@
                          (commit-id-string commit1)
                          (openpgp-public-key-fingerprint
                           (read-openpgp-packet
-                           %ed25519bis-public-key-file)))) ;different key
+                           %ed25519-2-public-key-file)))) ;different key
                (channel (channel (name 'example)
                                  (url (string-append "file://" directory))
                                  (introduction intro))))
@@ -519,7 +519,7 @@
                                    (oid->string (commit-id commit1))
                                    (key-fingerprint %ed25519-public-key-file)
                                    (key-fingerprint
-                                    %ed25519bis-public-key-file))))))
+                                    %ed25519-2-public-key-file))))))
             (authenticate-channel channel directory
                                   (commit-id-string commit2)
                                   #:keyring-reference-prefix "")
@@ -530,8 +530,8 @@
   #t
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add ".guix-channel"
                ,(object->string
@@ -552,12 +552,12 @@
                   (signer ,(key-fingerprint %ed25519-public-key-file)))
           (add "c.txt" "C")
           (commit "third commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
           (branch "channel-keyring")
           (checkout "channel-keyring")
           (add "signer.key" ,(call-with-input-file %ed25519-public-key-file
                                get-string-all))
-          (add "other.key" ,(call-with-input-file %ed25519bis-public-key-file
+          (add "other.key" ,(call-with-input-file %ed25519-2-public-key-file
                               get-string-all))
           (commit "keyring commit")
           (checkout "master"))
@@ -588,7 +588,7 @@
                                  (unauthorized-commit-error-signing-key c))
                                 (openpgp-public-key-fingerprint
                                  (read-openpgp-packet
-                                  %ed25519bis-public-key-file))))))
+                                  %ed25519-2-public-key-file))))))
                  (authenticate-channel channel directory
                                        (commit-id-string commit3)
                                        #:keyring-reference-prefix "")
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index d87eacc659..f66ef191b0 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -161,14 +161,14 @@
 (test-assert "signed commits, .guix-authorizations, unauthorized merge"
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add "signer1.key"
                ,(call-with-input-file %ed25519-public-key-file
                   get-string-all))
           (add "signer2.key"
-               ,(call-with-input-file %ed25519bis-public-key-file
+               ,(call-with-input-file %ed25519-2-public-key-file
                   get-string-all))
           (add ".guix-authorizations"
                ,(object->string
@@ -184,7 +184,7 @@
           (checkout "devel")
           (add "devel/1.txt" "1")
           (commit "first devel commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
           (checkout "master")
           (add "b.txt" "B")
           (commit "second commit"
@@ -203,7 +203,7 @@
                   (openpgp-public-key-fingerprint
                    (unauthorized-commit-error-signing-key c))
                   (openpgp-public-key-fingerprint
-                   (read-openpgp-packet %ed25519bis-public-key-file)))))
+                   (read-openpgp-packet %ed25519-2-public-key-file)))))
 
           (and (authenticate-commits repository (list master1 master2)
                                      #:keyring-reference "master")
@@ -230,14 +230,14 @@
 (test-assert "signed commits, .guix-authorizations, authorized merge"
   (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                 %ed25519-secret-key-file
-                                %ed25519bis-public-key-file
-                                %ed25519bis-secret-key-file)
+                                %ed25519-2-public-key-file
+                                %ed25519-2-secret-key-file)
     (with-temporary-git-repository directory
         `((add "signer1.key"
                ,(call-with-input-file %ed25519-public-key-file
                   get-string-all))
           (add "signer2.key"
-               ,(call-with-input-file %ed25519bis-public-key-file
+               ,(call-with-input-file %ed25519-2-public-key-file
                   get-string-all))
           (add ".guix-authorizations"
                ,(object->string
@@ -258,12 +258,12 @@
                                       %ed25519-public-key-file)
                                     (name "Alice"))
                                    (,(key-fingerprint
-                                      %ed25519bis-public-key-file))))))
+                                      %ed25519-2-public-key-file))))))
           (commit "first devel commit"
                   (signer ,(key-fingerprint %ed25519-public-key-file)))
           (add "devel/2.txt" "2")
           (commit "second devel commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
           (checkout "master")
           (add "b.txt" "B")
           (commit "second commit"
@@ -273,7 +273,7 @@
           ;; After the merge, the second signer is authorized.
           (add "c.txt" "C")
           (commit "third commit"
-                  (signer ,(key-fingerprint %ed25519bis-public-key-file))))
+                  (signer ,(key-fingerprint %ed25519-2-public-key-file))))
       (with-repository directory repository
         (let ((master1 (find-commit repository "first commit"))
               (master2 (find-commit repository "second commit"))
@@ -328,4 +328,3 @@
                  'failed)))))))
 
 (test-end "git-authenticate")
-
diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh
index 3a05b232c1..0de6da1878 100644
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -28,7 +28,7 @@ rm -f "$sig" "$hash"
 
 trap 'rm -f "$sig" "$hash"' EXIT
 
-key="$abs_top_srcdir/tests/signing-key.sec"
+key="$abs_top_srcdir/tests/keys/signing-key.sec"
 key_len="`echo -n $key | wc -c`"
 
 # A hexadecimal string as long as a sha256 hash.
@@ -67,7 +67,7 @@ test "$code" -ne 0
 # encoded independently of the current locale: <https://bugs.gnu.org/43421>.
 hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
 latin1_cafe="caf$(printf '\351')"
-echo "sign 21:tests/signing-key.sec 64:$hash" | guix authenticate \
+echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
     | LC_ALL=C grep "hash sha256 \"$latin1_cafe"
 
 # Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
diff --git a/tests/civodul.key b/tests/keys/civodul.pub
index 272600ac93..272600ac93 100644
--- a/tests/civodul.key
+++ b/tests/keys/civodul.pub
diff --git a/tests/dsa.key b/tests/keys/dsa.pub
index 4727975c63..4727975c63 100644
--- a/tests/dsa.key
+++ b/tests/keys/dsa.pub
diff --git a/tests/ed25519bis.key b/tests/keys/ed25519-2.pub
index f5329105d5..f5329105d5 100644
--- a/tests/ed25519bis.key
+++ b/tests/keys/ed25519-2.pub
diff --git a/tests/ed25519bis.sec b/tests/keys/ed25519-2.sec
index 059765f557..059765f557 100644
--- a/tests/ed25519bis.sec
+++ b/tests/keys/ed25519-2.sec
diff --git a/tests/keys/ed25519-3.pub b/tests/keys/ed25519-3.pub
new file mode 100644
index 0000000000..72f311984c
--- /dev/null
+++ b/tests/keys/ed25519-3.pub
@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldm0FTxleGFtcGxlQGV4YW1wbGUuY29tPoiWBBMWCAA+FiEEjO6M85jMSK68
+7tINGBzA7NyoagkFAmFR/+8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgEC
+F4AACgkQGBzA7Nyoagl3lgEAw6yqIlX11lTqwxBGhZk/Oy34O13cbJSZCGv+m0ja
++hcA/3DCNOmT+oXjgO/w6enQZUQ1m/d6dUjCc2wOLlLz+ZoG
+=+r3i
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/keys/ed25519-3.sec b/tests/keys/ed25519-3.sec
new file mode 100644
index 0000000000..04128a4131
--- /dev/null
+++ b/tests/keys/ed25519-3.sec
@@ -0,0 +1,10 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldkAAP92goSbbzQ0ttElr9lr5Cm6rmQtqUZ2Cu/Jk9fvfZROwxI0tBU8ZXhh
+bXBsZUBleGFtcGxlLmNvbT6IlgQTFggAPhYhBIzujPOYzEiuvO7SDRgcwOzcqGoJ
+BQJhUf/vAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBgcwOzc
+qGoJd5YBAMOsqiJV9dZU6sMQRoWZPzst+Dtd3GyUmQhr/ptI2voXAP9wwjTpk/qF
+44Dv8Onp0GVENZv3enVIwnNsDi5S8/maBg==
+=EmOt
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/ed25519.key b/tests/keys/ed25519.pub
index f6bf906783..f6bf906783 100644
--- a/tests/ed25519.key
+++ b/tests/keys/ed25519.pub
diff --git a/tests/ed25519.sec b/tests/keys/ed25519.sec
index 068738dfab..068738dfab 100644
--- a/tests/ed25519.sec
+++ b/tests/keys/ed25519.sec
diff --git a/tests/rsa.key b/tests/keys/rsa.pub
index 0ef9145ef0..0ef9145ef0 100644
--- a/tests/rsa.key
+++ b/tests/keys/rsa.pub
diff --git a/tests/signing-key.pub b/tests/keys/signing-key.pub
index 092424a15d..092424a15d 100644
--- a/tests/signing-key.pub
+++ b/tests/keys/signing-key.pub
diff --git a/tests/signing-key.sec b/tests/keys/signing-key.sec
index 558e189102..558e189102 100644
--- a/tests/signing-key.sec
+++ b/tests/keys/signing-key.sec
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index c2be26fa49..1f20466772 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -59,18 +59,22 @@ vBSFjNSiVHsuAA==
 (define %civodul-fingerprint
   "3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5")
 
-(define %civodul-key-id #x090B11993D9AEBB5)       ;civodul.key
-
-;; Test keys.  They were generated in a container along these lines:
-;;    guix environment -CP --ad-hoc gnupg pinentry
-;; then, within the container:
-;;    mkdir ~/.gnupg
-;;    echo pinentry-program ~/.guix-profile/bin/pinentry-tty > ~/.gnupg/gpg-agent.conf
-;;    gpg --quick-gen-key '<ludo+test-rsa@chbouib.org>' rsa
-;; or similar.
-(define %rsa-key-id      #xAE25DA2A70DEED59)      ;rsa.key
-(define %dsa-key-id      #x587918047BE8BD2C)      ;dsa.key
-(define %ed25519-key-id  #x771F49CBFAAE072D)      ;ed25519.key
+(define %civodul-key-id #x090B11993D9AEBB5)       ;civodul.pub
+
+#|
+Test keys in ./tests/keys.  They were generated in a container along these lines:
+  guix environment -CP --ad-hoc gnupg pinentry coreutils
+then, within the container:
+  mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg
+  gpg --batch --passphrase '' --quick-gen-key '<example@example.com>' ed25519
+  gpg --armor --export example@example.com
+  gpg --armor --export-secret-key example@example.com
+  # echo pinentry-program ~/.guix-profile/bin/pinentry-curses > ~/.gnupg/gpg-agent.conf
+or similar.
+|#
+(define %rsa-key-id      #xAE25DA2A70DEED59)      ;rsa.pub
+(define %dsa-key-id      #x587918047BE8BD2C)      ;dsa.pub
+(define %ed25519-key-id  #x771F49CBFAAE072D)      ;ed25519.pub
 
 (define %rsa-key-fingerprint
   (base16-string->bytevector
@@ -168,7 +172,7 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
   (not (port-ascii-armored? (open-bytevector-input-port %binary-sample))))
 
 (test-assert "get-openpgp-keyring"
-  (let* ((key (search-path %load-path "tests/civodul.key"))
+  (let* ((key (search-path %load-path "tests/keys/civodul.pub"))
          (keyring (get-openpgp-keyring
                    (open-bytevector-input-port
                     (call-with-input-file key read-radix-64)))))
@@ -228,8 +232,10 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
                          (verify-openpgp-signature signature keyring
                                                    (open-input-string "Hello!\n"))))
              (list status (openpgp-public-key-id key)))))
-       (list "tests/rsa.key" "tests/dsa.key"
-             "tests/ed25519.key" "tests/ed25519.key" "tests/ed25519.key")
+       (list "tests/keys/rsa.pub" "tests/keys/dsa.pub"
+             "tests/keys/ed25519.pub"
+             "tests/keys/ed25519.pub"
+             "tests/keys/ed25519.pub")
        (list %hello-signature/rsa %hello-signature/dsa
              %hello-signature/ed25519/sha256
              %hello-signature/ed25519/sha512
@@ -248,9 +254,9 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
                              (call-with-input-file key read-radix-64))
                             keyring)))
                        %empty-keyring
-                       '("tests/rsa.key" "tests/dsa.key"
-                         "tests/ed25519.key" "tests/ed25519.key"
-                         "tests/ed25519.key"))))
+                       '("tests/keys/rsa.pub" "tests/keys/dsa.pub"
+                         "tests/keys/ed25519.pub" "tests/keys/ed25519.pub"
+                         "tests/keys/ed25519.pub"))))
     (map (lambda (signature)
            (let ((signature (string->openpgp-packet signature)))
              (let-values (((status key)