From 4c7a7a1d498f4ca418a649a0b3e3a056569aec15 Mon Sep 17 00:00:00 2001
From: Nicolas Graves <ngraves@ngraves.fr>
Date: Sun, 1 Mar 2026 17:38:09 +0100
Subject: [PATCH] tests: keys: Moving to openpgp subdirectory.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* tests/keys/*.(pub|sec): Move to tests/keys/openpgp/*.(pub|sec)
* build-aux/test-env.in: Adapt accordingly.
* Makefile.am: Likewise.
* guix/tests/gnupg.scm: Likewise.
* tests/guix-authenticate.sh: Likewise.
* tests/openpgp.scm: Likewise.

Change-Id: If8897cec9851cc51a4ebadcc5927dc0e0520b881
Reviewed-by: Danny Milosavljevic <dannym@friendly-machines.com>
Signed-off-by: Nguyễn Gia Phong <cnx@loang.net>
---
 Makefile.am                              | 22 +++++++++++-----------
 build-aux/test-env.in                    |  4 ++--
 guix/tests/gnupg.scm                     | 12 ++++++------
 tests/guix-authenticate.sh               |  4 ++--
 tests/keys/{ => openpgp}/civodul.pub     |  0
 tests/keys/{ => openpgp}/dsa.pub         |  0
 tests/keys/{ => openpgp}/ed25519-2.pub   |  0
 tests/keys/{ => openpgp}/ed25519-2.sec   |  0
 tests/keys/{ => openpgp}/ed25519-3.pub   |  0
 tests/keys/{ => openpgp}/ed25519-3.sec   |  0
 tests/keys/{ => openpgp}/ed25519.pub     |  0
 tests/keys/{ => openpgp}/ed25519.sec     |  0
 tests/keys/{ => openpgp}/rsa.pub         |  0
 tests/keys/{ => openpgp}/signing-key.pub |  0
 tests/keys/{ => openpgp}/signing-key.sec |  0
 tests/openpgp.scm                        | 19 +++++++++++--------
 16 files changed, 32 insertions(+), 29 deletions(-)
 rename tests/keys/{ => openpgp}/civodul.pub (100%)
 rename tests/keys/{ => openpgp}/dsa.pub (100%)
 rename tests/keys/{ => openpgp}/ed25519-2.pub (100%)
 rename tests/keys/{ => openpgp}/ed25519-2.sec (100%)
 rename tests/keys/{ => openpgp}/ed25519-3.pub (100%)
 rename tests/keys/{ => openpgp}/ed25519-3.sec (100%)
 rename tests/keys/{ => openpgp}/ed25519.pub (100%)
 rename tests/keys/{ => openpgp}/ed25519.sec (100%)
 rename tests/keys/{ => openpgp}/rsa.pub (100%)
 rename tests/keys/{ => openpgp}/signing-key.pub (100%)
 rename tests/keys/{ => openpgp}/signing-key.sec (100%)

diff --git a/Makefile.am b/Makefile.am
index 1ef57af7a58..976c5cad742 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -802,17 +802,17 @@ EXTRA_DIST +=						\
   etc/manifests/upgrade.scm				\
   scripts/guix.in					\
   tests/cve-sample.json					\
-  tests/keys/civodul.pub				\
-  tests/keys/dsa.pub					\
-  tests/keys/ed25519-2.pub				\
-  tests/keys/ed25519-2.sec				\
-  tests/keys/ed25519-3.pub				\
-  tests/keys/ed25519-3.sec				\
-  tests/keys/ed25519.pub				\
-  tests/keys/ed25519.sec				\
-  tests/keys/rsa.pub					\
-  tests/keys/signing-key.pub				\
-  tests/keys/signing-key.sec				\
+  tests/keys/openpgp/civodul.pub			\
+  tests/keys/openpgp/dsa.pub				\
+  tests/keys/openpgp/ed25519-2.pub			\
+  tests/keys/openpgp/ed25519-2.sec			\
+  tests/keys/openpgp/ed25519-3.pub			\
+  tests/keys/openpgp/ed25519-3.sec			\
+  tests/keys/openpgp/ed25519.pub			\
+  tests/keys/openpgp/ed25519.sec			\
+  tests/keys/openpgp/rsa.pub				\
+  tests/keys/openpgp/signing-key.pub			\
+  tests/keys/openpgp/signing-key.sec			\
   tests/test.drv					\
   $(TESTS)
 
diff --git a/build-aux/test-env.in b/build-aux/test-env.in
index 86c2e585d73..ade0190f08b 100644
--- a/build-aux/test-env.in
+++ b/build-aux/test-env.in
@@ -73,8 +73,8 @@ then
 	# Copy the keys so that the secret key has the right permissions (the
 	# daemon errors out when this is not the case.)
 	mkdir -p "$GUIX_CONFIGURATION_DIRECTORY"
-	cp "@abs_top_srcdir@/tests/keys/signing-key.sec"	\
-	   "@abs_top_srcdir@/tests/keys/signing-key.pub"	\
+	cp "@abs_top_srcdir@/tests/keys/openpgp/signing-key.sec"	\
+	   "@abs_top_srcdir@/tests/keys/openpgp/signing-key.pub"	\
 	   "$GUIX_CONFIGURATION_DIRECTORY"
 	chmod 400 "$GUIX_CONFIGURATION_DIRECTORY/signing-key.sec"
     fi
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index 0e4573ae4da..104c621502c 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -65,17 +65,17 @@ process is terminated afterwards."
   (call-with-fresh-gnupg-setup imported (lambda () exp ...)))
 
 (define %ed25519-public-key-file
-  (search-path %load-path "tests/keys/ed25519.pub"))
+  (search-path %load-path "tests/keys/openpgp/ed25519.pub"))
 (define %ed25519-secret-key-file
-  (search-path %load-path "tests/keys/ed25519.sec"))
+  (search-path %load-path "tests/keys/openpgp/ed25519.sec"))
 (define %ed25519-2-public-key-file
-  (search-path %load-path "tests/keys/ed25519-2.pub"))
+  (search-path %load-path "tests/keys/openpgp/ed25519-2.pub"))
 (define %ed25519-2-secret-key-file
-  (search-path %load-path "tests/keys/ed25519-2.sec"))
+  (search-path %load-path "tests/keys/openpgp/ed25519-2.sec"))
 (define %ed25519-3-public-key-file
-  (search-path %load-path "tests/keys/ed25519-3.pub"))
+  (search-path %load-path "tests/keys/openpgp/ed25519-3.pub"))
 (define %ed25519-3-secret-key-file
-  (search-path %load-path "tests/keys/ed25519-3.sec"))
+  (search-path %load-path "tests/keys/openpgp/ed25519-3.sec"))
 
 (define (read-openpgp-packet file)
   (get-openpgp-packet
diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh
index ddd39d09c44..3fe974955c3 100644
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -28,7 +28,7 @@ rm -f "$sig" "$hash"
 
 trap 'rm -f "$sig" "$hash"' EXIT
 
-key="$abs_top_srcdir/tests/keys/signing-key.sec"
+key="$abs_top_srcdir/tests/keys/openpgp/signing-key.sec"
 key_len="`echo -n $key | wc -c`"
 
 # A hexadecimal string as long as a sha256 hash.
@@ -67,7 +67,7 @@ test "$code" -ne 0
 # encoded independently of the current locale: <https://bugs.gnu.org/43421>.
 hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
 latin1_cafe="caf$(printf '\351')"
-echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
+echo "sign 34:tests/keys/openpgp/signing-key.sec 64:$hash" | guix authenticate \
     | LC_ALL=C grep "hash sha256 \"$latin1_cafe"
 
 # Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
diff --git a/tests/keys/civodul.pub b/tests/keys/openpgp/civodul.pub
similarity index 100%
rename from tests/keys/civodul.pub
rename to tests/keys/openpgp/civodul.pub
diff --git a/tests/keys/dsa.pub b/tests/keys/openpgp/dsa.pub
similarity index 100%
rename from tests/keys/dsa.pub
rename to tests/keys/openpgp/dsa.pub
diff --git a/tests/keys/ed25519-2.pub b/tests/keys/openpgp/ed25519-2.pub
similarity index 100%
rename from tests/keys/ed25519-2.pub
rename to tests/keys/openpgp/ed25519-2.pub
diff --git a/tests/keys/ed25519-2.sec b/tests/keys/openpgp/ed25519-2.sec
similarity index 100%
rename from tests/keys/ed25519-2.sec
rename to tests/keys/openpgp/ed25519-2.sec
diff --git a/tests/keys/ed25519-3.pub b/tests/keys/openpgp/ed25519-3.pub
similarity index 100%
rename from tests/keys/ed25519-3.pub
rename to tests/keys/openpgp/ed25519-3.pub
diff --git a/tests/keys/ed25519-3.sec b/tests/keys/openpgp/ed25519-3.sec
similarity index 100%
rename from tests/keys/ed25519-3.sec
rename to tests/keys/openpgp/ed25519-3.sec
diff --git a/tests/keys/ed25519.pub b/tests/keys/openpgp/ed25519.pub
similarity index 100%
rename from tests/keys/ed25519.pub
rename to tests/keys/openpgp/ed25519.pub
diff --git a/tests/keys/ed25519.sec b/tests/keys/openpgp/ed25519.sec
similarity index 100%
rename from tests/keys/ed25519.sec
rename to tests/keys/openpgp/ed25519.sec
diff --git a/tests/keys/rsa.pub b/tests/keys/openpgp/rsa.pub
similarity index 100%
rename from tests/keys/rsa.pub
rename to tests/keys/openpgp/rsa.pub
diff --git a/tests/keys/signing-key.pub b/tests/keys/openpgp/signing-key.pub
similarity index 100%
rename from tests/keys/signing-key.pub
rename to tests/keys/openpgp/signing-key.pub
diff --git a/tests/keys/signing-key.sec b/tests/keys/openpgp/signing-key.sec
similarity index 100%
rename from tests/keys/signing-key.sec
rename to tests/keys/openpgp/signing-key.sec
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index 1f204667721..30be6644684 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -172,7 +172,7 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
   (not (port-ascii-armored? (open-bytevector-input-port %binary-sample))))
 
 (test-assert "get-openpgp-keyring"
-  (let* ((key (search-path %load-path "tests/keys/civodul.pub"))
+  (let* ((key (search-path %load-path "tests/keys/openpgp/civodul.pub"))
          (keyring (get-openpgp-keyring
                    (open-bytevector-input-port
                     (call-with-input-file key read-radix-64)))))
@@ -232,10 +232,11 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
                          (verify-openpgp-signature signature keyring
                                                    (open-input-string "Hello!\n"))))
              (list status (openpgp-public-key-id key)))))
-       (list "tests/keys/rsa.pub" "tests/keys/dsa.pub"
-             "tests/keys/ed25519.pub"
-             "tests/keys/ed25519.pub"
-             "tests/keys/ed25519.pub")
+       (list "tests/keys/openpgp/rsa.pub"
+             "tests/keys/openpgp/dsa.pub"
+             "tests/keys/openpgp/ed25519.pub"
+             "tests/keys/openpgp/ed25519.pub"
+             "tests/keys/openpgp/ed25519.pub")
        (list %hello-signature/rsa %hello-signature/dsa
              %hello-signature/ed25519/sha256
              %hello-signature/ed25519/sha512
@@ -254,9 +255,11 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
                              (call-with-input-file key read-radix-64))
                             keyring)))
                        %empty-keyring
-                       '("tests/keys/rsa.pub" "tests/keys/dsa.pub"
-                         "tests/keys/ed25519.pub" "tests/keys/ed25519.pub"
-                         "tests/keys/ed25519.pub"))))
+                       '("tests/keys/openpgp/rsa.pub"
+                         "tests/keys/openpgp/dsa.pub"
+                         "tests/keys/openpgp/ed25519.pub"
+                         "tests/keys/openpgp/ed25519.pub"
+                         "tests/keys/openpgp/ed25519.pub"))))
     (map (lambda (signature)
            (let ((signature (string->openpgp-packet signature)))
              (let-values (((status key)