From 503bac7e04330c5bd82ba3e7d9878b85d5024a94 Mon Sep 17 00:00:00 2001 From: Michał Górny Date: Sat, 17 Sep 2022 12:02:20 +0200 Subject: Fix update w/ require_secure_hashes to require at least one hash MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Górny --- tests/test_openpgp.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'tests/test_openpgp.py') diff --git a/tests/test_openpgp.py b/tests/test_openpgp.py index d11e0c1..7b02e0e 100644 --- a/tests/test_openpgp.py +++ b/tests/test_openpgp.py @@ -986,7 +986,8 @@ def test_recursive_manifest_loader_require_secure(tmp_path, privkey_env, f.write(SIGNED_MANIFEST) ctx = (pytest.raises(ManifestInsecureHashes) - if insecure and sign is not False and require_secure is not False + if insecure is not None and sign is not False + and require_secure is not False else contextlib.nullcontext()) with ctx: m = ManifestRecursiveLoader(tmp_path / "Manifest", @@ -1023,7 +1024,7 @@ def test_update_require_secure_cli(base_tree, caplog, hashes_arg, if str(OpenPGPNoImplementation('install gpg')) in caplog.text: pytest.skip('OpenPGP implementation missing') - expected = (1 if insecure and sign != "--no-sign" + expected = (1 if insecure is not None and sign != "--no-sign" and require_secure != "--no-require-secure_hashes" else 0) assert retval == expected -- cgit v1.2.3