[Rt-commit] rt branch, 4.4/update-for-gpg2-and-openssl-1.1.1d, created. rt-4.4.4-156-g0d20bdf79f
Dianne Skoll
dianne at bestpractical.com
Wed Nov 4 12:31:18 EST 2020
The branch, 4.4/update-for-gpg2-and-openssl-1.1.1d has been created
at 0d20bdf79fffd9aed6e2c29d177fc978f00a9b25 (commit)
- Log -----------------------------------------------------------------
commit 1d1745b55eb548636170b2ddb058dbac5edf0e4a
Author: Aaron Trevena <ast at bestpractical.com>
Date: Mon May 4 14:17:13 2020 +0100
Fix uninitialized warnings of $latest_user_main_key for gpg 2.2
$latest_user_main_key is set by USERID_HINT line, which is absent in gpg
2.2 output.
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index 988af8741a..62641f3e50 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -1541,10 +1541,12 @@ sub ParseStatus {
Class => $props[3],
Timestamp => $props[4],
KeyFingerprint => $props[5],
- User => $user_hint{ $latest_user_main_key },
+ ( defined $latest_user_main_key ? ( User => $user_hint{$latest_user_main_key} ) : () )
};
- $res[-1]->{Message} .= ' by '. $user_hint{ $latest_user_main_key }->{'EmailAddress'}
- if $user_hint{ $latest_user_main_key };
+ if ($latest_user_main_key) {
+ $res[-1]->{Message} .= ' by '. $user_hint{ $latest_user_main_key }->{'EmailAddress'}
+ if $user_hint{ $latest_user_main_key };
+ }
}
elsif ( $keyword eq 'INV_RECP' ) {
my ($rcode, $recipient) = split /\s+/, $args, 2;
commit 214ec3857bad78615d61a62bbcd24fa848b4ed78
Author: Aaron Trevena <ast at bestpractical.com>
Date: Fri May 1 21:26:01 2020 +0100
Handle FAILURE keyword for gpg 2.2
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index 62641f3e50..2ffef5ceb9 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -1343,7 +1343,7 @@ my %parse_keyword = map { $_ => 1 } qw(
DECRYPTION_FAILED DECRYPTION_OKAY
BAD_PASSPHRASE GOOD_PASSPHRASE
NO_SECKEY NO_PUBKEY
- NO_RECP INV_RECP NODATA UNEXPECTED
+ NO_RECP INV_RECP NODATA UNEXPECTED FAILURE
);
# keywords we ignore without any messages as we parse them using other
@@ -1571,8 +1571,20 @@ sub ParseStatus {
Reason => $reason,
};
}
+ elsif ( $keyword eq 'FAILURE' ) {
+ # FAILURE encrypt 167772218
+ my ($op, $rcode) = split /\s+/, $args;
+ my $reason = ReasonCodeToText( $keyword, $rcode );
+ push @res, {
+ Operation => ucfirst($op),
+ Status => 'ERROR',
+ Message => "Failed to $op",
+ ReasonCode => $rcode,
+ Reason => $reason,
+ };
+ }
else {
- $RT::Logger->warning("Keyword $keyword is unknown");
+ $RT::Logger->warning("Keyword $keyword is unknown : status line is $line");
next;
}
$res[-1]{'Keyword'} = $keyword if @res && !$res[-1]{'Keyword'};
commit 9cbf7b129633b07b6990c6a57fa3339fc658d196
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat May 16 00:37:00 2020 +0800
Add gpg.conf for gpg 2.2 so we can specify passphrase in command line
The option "pinentry-mode loopback" is invalid in gpg 1.4, so we need to
delete the conf file accordingly.
diff --git a/lib/RT/Test/GnuPG.pm b/lib/RT/Test/GnuPG.pm
index c4865c1b52..ad92a6480b 100644
--- a/lib/RT/Test/GnuPG.pm
+++ b/lib/RT/Test/GnuPG.pm
@@ -52,6 +52,7 @@ use warnings;
use Test::More;
use base qw(RT::Test);
use File::Temp qw(tempdir);
+use 5.010;
our @EXPORT =
qw(create_a_ticket update_ticket cleanup_headers set_queue_crypt_options
@@ -98,6 +99,16 @@ sub bootstrap_more_config {
);
$gnupg_options{homedir} ||= scalar tempdir( CLEANUP => 1 );
+ my $conf = File::Spec->catfile( $gnupg_options{homedir}, 'gpg.conf' );
+ if ( gnupg_version() >= 2 ) {
+ open my $fh, '>', $conf or die $!;
+ print $fh "pinentry-mode loopback\n";
+ close $fh;
+ }
+ else {
+ unlink $conf if -e $conf;
+ }
+
use Data::Dumper;
local $Data::Dumper::Terse = 1; # "{...}" instead of "$VAR1 = {...};"
my $dumped_gnupg_options = Dumper(\%gnupg_options);
@@ -365,3 +376,11 @@ sub create_and_test_outgoing_emails {
}
}
}
+
+sub gnupg_version {
+ GnuPG::Interface->require or return;
+ require version;
+ state $gnupg_version = version->parse(GnuPG::Interface->new->version);
+}
+
+1;
commit b001d35d72ce2c6bebe2a68a0b496db1833f46d3
Author: sunnavy <sunnavy at bestpractical.com>
Date: Fri May 15 20:16:10 2020 +0800
Update warning message tests for gpg 2.2
diff --git a/t/crypt/no-signer-address.t b/t/crypt/no-signer-address.t
index 31ba5ebc2a..4c459c06a8 100644
--- a/t/crypt/no-signer-address.t
+++ b/t/crypt/no-signer-address.t
@@ -36,7 +36,6 @@ my ($status, undef, $msg) = $ticket->Create(
ok( $status, "created ticket" ) or diag "error: $msg";
is( scalar @warnings, 1, "Got a warning" );
-like( $warnings[0], qr{signing failed: secret key not available},
- "Found warning of no secret key");
+like( $warnings[0], qr{signing failed: (?:secret key not available|No secret key)}, "Found warning of no secret key" );
done_testing;
diff --git a/t/mail/gnupg-reverification.t b/t/mail/gnupg-reverification.t
index e5dcf09bb4..1ec9aa19e8 100644
--- a/t/mail/gnupg-reverification.t
+++ b/t/mail/gnupg-reverification.t
@@ -60,11 +60,11 @@ foreach my $file ( @files ) {
);
$m->content_like(qr/This is .*ID:$eid/ims, "$eid: content is there and message is decrypted");
- $m->next_warning_like(qr/public key not found/);
+ $m->next_warning_like(qr/public key not found|No public key/);
# some mails contain multiple signatures
if ($eid == 5 || $eid == 17 || $eid == 18) {
- $m->next_warning_like(qr/public key not found/);
+ $m->next_warning_like(qr/public key not found|No public key/);
}
$m->no_leftover_warnings_ok;
diff --git a/t/security/CVE-2012-4735-incoming-encryption-header.t b/t/security/CVE-2012-4735-incoming-encryption-header.t
index 6c15632979..bd89e67566 100644
--- a/t/security/CVE-2012-4735-incoming-encryption-header.t
+++ b/t/security/CVE-2012-4735-incoming-encryption-header.t
@@ -57,7 +57,7 @@ EOF
warnings_like {
($status, $id) = RT::Test->send_via_mailgate($mail);
ok $id, "created a ticket";
- } [qr/keyring .* created/,
+ } [qr/(?:keyring|keybox) .* created/,
qr/Failure during GnuPG data: No data has been found\. The reason is 'Invalid packet found'/,
qr/Failure during GnuPG data: No data has been found\. The reason is 'No armored data'/,
];
diff --git a/t/web/crypt-gnupg.t b/t/web/crypt-gnupg.t
index 790225c883..b106362618 100644
--- a/t/web/crypt-gnupg.t
+++ b/t/web/crypt-gnupg.t
@@ -355,7 +355,7 @@ warning_like {
$tick->Create(Subject => 'owner lacks pubkey', Queue => 'general',
Owner => $nokey);
} [
- qr/nokey\@example.com: skipped: public key not found/,
+ qr/nokey\@example.com: skipped: public key not found|error retrieving 'nokey\@example.com' via WKD: No data/,
qr/Recipient 'nokey\@example.com' is unusable/,
];
ok(my $id = $tick->id, 'created ticket for owner-without-pubkey');
@@ -377,7 +377,7 @@ my $status;
warning_like {
($status, $id) = RT::Test->send_via_mailgate($mail);
} [
- qr/nokey\@example.com: skipped: public key not found/,
+ qr/nokey\@example.com: skipped: public key not found|error retrieving 'nokey\@example.com' via WKD: No data/,
qr/Recipient 'nokey\@example.com' is unusable/,
];
@@ -458,8 +458,8 @@ like($content, qr/KR-<recipient\@example\.com>-K/,
like($content, qr/KR-nokey \(no pubkey!\)-K/,
"KeyRequestors DOES issue no-pubkey warning for nokey\@example.com");
-$m->next_warning_like(qr/public key not found/);
-$m->next_warning_like(qr/public key not found/);
+$m->next_warning_like(qr/public key not found|No public key/);
+$m->next_warning_like(qr/public key not found|No public key/);
$m->no_leftover_warnings_ok;
done_testing;
diff --git a/t/web/gnupg-select-keys-on-create.t b/t/web/gnupg-select-keys-on-create.t
index 2b9a680833..ee8357d59f 100644
--- a/t/web/gnupg-select-keys-on-create.t
+++ b/t/web/gnupg-select-keys-on-create.t
@@ -28,7 +28,7 @@ diag "check that signing doesn't work if there is no key";
'unable to sign outgoing email messages',
'problems with passphrase'
);
- $m->warning_like(qr/signing failed: secret key not available/);
+ $m->warning_like(qr/signing failed: (?:secret key not available|No secret key)/);
my @mail = RT::Test->fetch_caught_mails;
ok !@mail, 'there are no outgoing emails';
@@ -66,7 +66,7 @@ diag "check that things don't work if there is no key";
my @mail = RT::Test->fetch_caught_mails;
ok !@mail, 'there are no outgoing emails';
- $m->next_warning_like(qr/public key not found/) for 1 .. 2;
+ $m->next_warning_like(qr/public key not found|No public key/) for 1 .. 2;
$m->no_leftover_warnings_ok;
}
commit a1e09f28739fd164d8de73f77dde64e8bcd6c595
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat May 16 03:35:09 2020 +0800
Don't override fingerprint if it exsits already
With gpg 2.2, subkey fingerprints also show up(after mainkeys), thus we
need to prevent them from wrongly overridding ones of mainkeys.
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index 2ffef5ceb9..a26704c023 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -1752,7 +1752,7 @@ sub ParseKeysInfo {
push @{ $res[-1]{'User'} ||= [] }, \%info;
}
elsif ( $tag eq 'fpr' ) {
- $res[-1]{'Fingerprint'} = (split /:/, $line, 10)[8];
+ $res[-1]{'Fingerprint'} ||= (split /:/, $line, 10)[8];
}
}
return @res;
commit 757ccab492182288eb5bdfb94d4af69e60de9bc9
Author: sunnavy <sunnavy at bestpractical.com>
Date: Fri May 15 23:20:56 2020 +0800
Make t/mail/crypt-gnupg.t happy with gpg 2.2
Besides the differences of returned info from gpg 1.4 and 2.2, the
missing passphrase tests are skipped because otherwise the test would
hang(probably waiting for passphrase input)
diff --git a/t/mail/crypt-gnupg.t b/t/mail/crypt-gnupg.t
index 567573e934..a19235fc5a 100644
--- a/t/mail/crypt-gnupg.t
+++ b/t/mail/crypt-gnupg.t
@@ -10,9 +10,11 @@ BEGIN {
qw/data gnupg keyrings/ );
}
-use RT::Test::GnuPG tests => 100, gnupg_options => { homedir => $homedir };
+use RT::Test::GnuPG tests => undef, gnupg_options => { homedir => $homedir, quiet => 1 };
use Test::Warn;
+my $gnupg_version = RT::Test::GnuPG::gnupg_version;
+
use_ok('RT::Crypt');
use_ok('MIME::Entity');
@@ -29,12 +31,22 @@ diag 'only signing. correct passphrase';
my @status = RT::Crypt->ParseStatus(
Protocol => $res{'Protocol'}, Status => $res{'status'}
);
- is( scalar @status, 2, 'two records: passphrase, signing');
- is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct');
- is( $status[0]->{'Status'}, 'DONE', 'good passphrase');
- is( $status[1]->{'Operation'}, 'Sign', 'operation is correct');
- is( $status[1]->{'Status'}, 'DONE', 'done');
- is( $status[1]->{'User'}->{'EmailAddress'}, 'rt at example.com', 'correct email');
+
+ if ( $gnupg_version < 2 ) {
+ is( scalar @status, 2, 'two records: passphrase, signing' );
+ is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct' );
+ is( $status[0]->{'Status'}, 'DONE', 'good passphrase' );
+ is( $status[1]->{'Operation'}, 'Sign', 'operation is correct' );
+ is( $status[1]->{'Status'}, 'DONE', 'done' );
+ is( $status[1]->{'User'}->{'EmailAddress'}, 'rt at example.com', 'correct email' );
+ }
+ else {
+ is( scalar @status, 1, 'one record: signing' );
+ is( $status[0]->{'Operation'}, 'Sign', 'operation is correct' );
+ is( $status[0]->{'Status'}, 'DONE', 'done' );
+ is( $status[0]->{'Message'}, 'Signed message', 'message is correct' );
+ is( $status[0]->{'KeyFingerprint'}, 'F23574193C1BA40ACB8DC6A4B5A462194345F7A5', 'signing key is correct' );
+ }
ok( $entity->is_multipart, 'signed message is multipart' );
is( $entity->parts, 2, 'two parts' );
@@ -56,8 +68,12 @@ diag 'only signing. correct passphrase';
is( $status[0]->{'Trust'}, 'ULTIMATE', 'have trust value');
}
+# To forget passphrase
+system( 'gpg-connect-agent', "--homedir", $homedir, 'reloadagent', '/bye' );
+
diag 'only signing. missing passphrase';
-{
+SKIP: {
+ skip "Test hangs waiting for passphrase", 6 unless $gnupg_version < 2;
my $entity = MIME::Entity->build(
From => 'rt at example.com',
Subject => 'test',
@@ -97,7 +113,7 @@ diag 'only signing. wrong passphrase';
Encrypt => 0,
Passphrase => 'wrong',
);
- } qr/bad passphrase/;
+ } qr/bad passphrase/i;
ok( $res{'exit_code'}, "couldn't sign with bad passphrase");
ok( $res{'error'} || $res{'logger'}, "error is here" );
@@ -106,8 +122,8 @@ diag 'only signing. wrong passphrase';
Protocol => $res{'Protocol'}, Status => $res{'status'}
);
is( scalar @status, 1, 'one record');
- is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct');
- is( $status[0]->{'Status'}, 'BAD', 'wrong passphrase');
+ like( $status[0]->{'Operation'}, qr/PassphraseCheck|Sign/, 'operation is correct');
+ like( $status[0]->{'Status'}, qr/BAD|ERROR/, 'wrong passphrase');
}
diag 'encryption only';
@@ -153,7 +169,7 @@ diag 'encryption only, bad recipient';
Entity => $entity,
Sign => 0,
);
- } qr/public key not found/;
+ } qr/public key not found|error retrieving 'keyless\@example.com' via WKD: No data/;
ok( $res{'exit_code'}, 'no way to encrypt without keys of recipients');
ok( $res{'logger'}, "errors are in logger" );
@@ -161,8 +177,15 @@ diag 'encryption only, bad recipient';
my @status = RT::Crypt->ParseStatus(
Protocol => $res{'Protocol'}, Status => $res{'status'}
);
- is( scalar @status, 1, 'one record');
- is( $status[0]->{'Keyword'}, 'INV_RECP', 'invalid recipient');
+ if ( $gnupg_version < 2 ) {
+ is( scalar @status, 1, 'one record' );
+ is( $status[0]->{'Keyword'}, 'INV_RECP', 'invalid recipient' );
+ }
+ else {
+ is( scalar @status, 2, '2 records' );
+ is( $status[0]->{'Keyword'}, 'INV_RECP', 'invalid recipient' );
+ is( $status[1]->{'Keyword'}, 'FAILURE', 'failure' );
+ }
}
diag 'encryption and signing with combined method';
@@ -175,18 +198,27 @@ diag 'encryption and signing with combined method';
);
my %res = RT::Crypt->SignEncrypt( Entity => $entity, Passphrase => 'test' );
ok( !$res{'exit_code'}, "successful encryption with signing" );
- ok( !$res{'logger'}, "no records in logger" );
+ ok( !$res{'logger'}, "log is here as well" ) or diag $res{'logger'};
my @status = RT::Crypt->ParseStatus(
Protocol => $res{'Protocol'}, Status => $res{'status'}
);
- is( scalar @status, 3, 'three records: passphrase, sign and encrypt');
- is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct');
- is( $status[0]->{'Status'}, 'DONE', 'done');
- is( $status[1]->{'Operation'}, 'Sign', 'operation is correct');
- is( $status[1]->{'Status'}, 'DONE', 'done');
- is( $status[2]->{'Operation'}, 'Encrypt', 'operation is correct');
- is( $status[2]->{'Status'}, 'DONE', 'done');
+ if ($gnupg_version < 2) {
+ is( scalar @status, 3, 'three records: passphrase, sign and encrypt');
+ is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct');
+ is( $status[0]->{'Status'}, 'DONE', 'done');
+ is( $status[1]->{'Operation'}, 'Sign', 'operation is correct');
+ is( $status[1]->{'Status'}, 'DONE', 'done');
+ is( $status[2]->{'Operation'}, 'Encrypt', 'operation is correct');
+ is( $status[2]->{'Status'}, 'DONE', 'done');
+ }
+ else {
+ is( scalar @status, 2, 'two records: sign and encrypt');
+ is( $status[0]->{'Operation'}, 'Sign', 'operation is correct');
+ is( $status[0]->{'Status'}, 'DONE', 'done');
+ is( $status[1]->{'Operation'}, 'Encrypt', 'operation is correct');
+ is( $status[1]->{'Status'}, 'DONE', 'done');
+ }
ok($entity, 'get an encrypted and signed part');
@@ -353,3 +385,4 @@ diag 'verify inline and in attachment signatures';
$parser->filer->purge();
}
+done_testing;
commit c58ada2ba416dd51f1f35043cca9ae38dc6bd803
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat May 16 05:53:55 2020 +0800
Quit gpg-agent after tests for gpg 2.2
diff --git a/lib/RT/Test/GnuPG.pm b/lib/RT/Test/GnuPG.pm
index ad92a6480b..ad5889438c 100644
--- a/lib/RT/Test/GnuPG.pm
+++ b/lib/RT/Test/GnuPG.pm
@@ -383,4 +383,11 @@ sub gnupg_version {
state $gnupg_version = version->parse(GnuPG::Interface->new->version);
}
+END {
+ if ( gnupg_version() >= 2 ) {
+ system( 'gpgconf', '--homedir', RT->Config->Get('GnuPGOptions')->{homedir}, '--quiet', '--kill', 'gpg-agent' )
+ && warn $!;
+ }
+}
+
1;
commit 18b5d085d89c775fd79fe9a20f25ddacf1ae8ef1
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat May 16 07:17:05 2020 +0800
Move signed_old_style_with_attachment.eml to emails directory where it belongs to
diff --git a/t/data/gnupg/keyrings/signed_old_style_with_attachment.eml b/t/data/gnupg/emails/signed_old_style_with_attachment.eml
similarity index 100%
rename from t/data/gnupg/keyrings/signed_old_style_with_attachment.eml
rename to t/data/gnupg/emails/signed_old_style_with_attachment.eml
diff --git a/t/mail/crypt-gnupg.t b/t/mail/crypt-gnupg.t
index a19235fc5a..0f6243aec9 100644
--- a/t/mail/crypt-gnupg.t
+++ b/t/mail/crypt-gnupg.t
@@ -358,7 +358,7 @@ diag 'wrong signed/encrypted parts: wrong proto';
diag 'verify inline and in attachment signatures';
{
- open( my $fh, '<', "$homedir/signed_old_style_with_attachment.eml" ) or die $!;
+ open( my $fh, '<', "t/data/gnupg/emails/signed_old_style_with_attachment.eml" ) or die $!;
my $parser = new MIME::Parser;
my $entity = $parser->parse( $fh );
commit 8750e4b643b5703b3aae52d625e0b59c4a2180f4
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat May 16 07:50:40 2020 +0800
Always use temp gpg homedir to get a cleaner env
There are some temporary files(like gpg.conf) created and also other
content changes in gpg homedir, using a clean gpg homedir is more robust
and could prevent possible conflicts in the future.
diff --git a/lib/RT/Test/GnuPG.pm b/lib/RT/Test/GnuPG.pm
index ad5889438c..7720a5c10e 100644
--- a/lib/RT/Test/GnuPG.pm
+++ b/lib/RT/Test/GnuPG.pm
@@ -52,6 +52,8 @@ use warnings;
use Test::More;
use base qw(RT::Test);
use File::Temp qw(tempdir);
+use IPC::Run3 'run3';
+use File::Copy;
use 5.010;
our @EXPORT =
@@ -97,7 +99,7 @@ sub bootstrap_more_config {
'no-permission-warning' => undef,
$args->{gnupg_options} ? %{ $args->{gnupg_options} } : (),
);
- $gnupg_options{homedir} ||= scalar tempdir( CLEANUP => 1 );
+ $gnupg_options{homedir} ||= new_homedir();
my $conf = File::Spec->catfile( $gnupg_options{homedir}, 'gpg.conf' );
if ( gnupg_version() >= 2 ) {
@@ -383,6 +385,25 @@ sub gnupg_version {
state $gnupg_version = version->parse(GnuPG::Interface->new->version);
}
+sub new_homedir {
+ my $source = shift;
+ my $dir = tempdir();
+
+ if ($source) {
+ opendir my $dh, $source or die $!;
+ for my $file ( grep {/\.gpg$/} readdir $dh ) {
+ copy( File::Spec->catfile( $source, $file ), File::Spec->catfile( $dir, $file ) ) or die $!;
+ }
+ closedir $dh;
+ if ( gnupg_version() >= 2 ) {
+ # Do the data migration
+ run3( [ 'gpg', '--homedir', $dir, '--list-secret-keys' ], \undef, \undef, \undef );
+ }
+ }
+
+ return $dir;
+}
+
END {
if ( gnupg_version() >= 2 ) {
system( 'gpgconf', '--homedir', RT->Config->Get('GnuPGOptions')->{homedir}, '--quiet', '--kill', 'gpg-agent' )
diff --git a/t/mail/crypt-gnupg.t b/t/mail/crypt-gnupg.t
index 0f6243aec9..70c7447831 100644
--- a/t/mail/crypt-gnupg.t
+++ b/t/mail/crypt-gnupg.t
@@ -4,10 +4,9 @@ use warnings;
my $homedir;
BEGIN {
- require RT::Test;
- $homedir =
- RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
- qw/data gnupg keyrings/ );
+ require RT::Test::GnuPG;
+ $homedir = RT::Test::GnuPG::new_homedir(
+ RT::Test::get_abs_relocatable_dir( File::Spec->updir(), qw/data gnupg keyrings/ ) );
}
use RT::Test::GnuPG tests => undef, gnupg_options => { homedir => $homedir, quiet => 1 };
diff --git a/t/mail/gnupg-bad.t b/t/mail/gnupg-bad.t
index a9fd45a493..3ecbdb9bf0 100644
--- a/t/mail/gnupg-bad.t
+++ b/t/mail/gnupg-bad.t
@@ -5,9 +5,9 @@ use RT::Test::GnuPG
tests => 7,
gnupg_options => {
passphrase => 'rt-test',
- homedir => RT::Test::get_abs_relocatable_dir(
+ homedir => RT::Test::GnuPG::new_homedir(RT::Test::get_abs_relocatable_dir(
File::Spec->updir(), qw/data gnupg keyrings/
- ),
+ )),
};
my ($baseurl, $m) = RT::Test->started_ok;
diff --git a/t/mail/gnupg-incoming.t b/t/mail/gnupg-incoming.t
index 54b30d2a36..7b373e54bd 100644
--- a/t/mail/gnupg-incoming.t
+++ b/t/mail/gnupg-incoming.t
@@ -3,10 +3,9 @@ use warnings;
my $homedir;
BEGIN {
- require RT::Test;
- $homedir =
- RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
- qw/data gnupg keyrings/ );
+ require RT::Test::GnuPG;
+ $homedir = RT::Test::GnuPG::new_homedir(
+ RT::Test::get_abs_relocatable_dir( File::Spec->updir(), qw/data gnupg keyrings/ ) ),
}
use RT::Test::GnuPG
commit 298da0b7b1e7dca2e88cff6152dbe168f8b51d6a
Author: Aaron Trevena <ast at bestpractical.com>
Date: Wed May 6 17:00:50 2020 +0100
Add extra ignored keywords for gnupg 2.2.x
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index a26704c023..06569ad9db 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -1353,7 +1353,8 @@ my %ignore_keyword = map { $_ => 1 } qw(
BEGIN_ENCRYPTION SIG_ID VALIDSIG
ENC_TO BEGIN_DECRYPTION END_DECRYPTION GOODMDC
TRUST_UNDEFINED TRUST_NEVER TRUST_MARGINAL TRUST_FULLY TRUST_ULTIMATE
- DECRYPTION_INFO
+ DECRYPTION_INFO KEY_CONSIDERED DECRYPTION_KEY NEWSIG PINENTRY_LAUNCHED
+ IMPORT_OK DECRYPTION_COMPLIANCE_MODE PROGRESS INV_SGNR
);
sub ParseStatus {
commit 0d20bdf79fffd9aed6e2c29d177fc978f00a9b25
Author: Dianne Skoll <dianne at bestpractical.com>
Date: Tue Nov 3 10:07:40 2020 -0500
Fix unit test to cope with variations in how different versions of OpenSSL print certificates.
diff --git a/t/crypt/smime/other-certs.t b/t/crypt/smime/other-certs.t
index 1b4407586b..ee067192d1 100644
--- a/t/crypt/smime/other-certs.t
+++ b/t/crypt/smime/other-certs.t
@@ -28,6 +28,13 @@ ok( !$err, 'no errors' );
chomp $cert;
open my $fh, '<', RT::Test::SMIME->key_path( 'sender at example.com.crt' ) or die $!;
my $sender_cert = do { local $/; <$fh> };
+
+# Variations in how different versions of OpenSSL print certificates
+# can lead to incorrect test falures. So only compare the *actual*
+# certificate data between the BEGIN CERTIFICATE and END CERTIFICATE lines
+$cert =~ s/.*-----BEGIN CERTIFICATE-----/-----BEGIN CERTIFICATE-----/s;
+$sender_cert =~ s/.*-----BEGIN CERTIFICATE-----/-----BEGIN CERTIFICATE-----/s;
+
is( $cert, $sender_cert, 'cert is the same one' );
diag "Has OtherCertificatesToSend";
@@ -56,6 +63,14 @@ is( scalar @certs, 2, 'found 2 certs' );
open $fh, '<', RT::Test::SMIME->key_path( 'demoCA', 'cacert.pem' ) or die $!;
my $ca_cert = do { local $/; <$fh> };
+
+# Variations in how different versions of OpenSSL print certificates
+# can lead to incorrect test falures. So only compare the *actual*
+# certificate data between the BEGIN CERTIFICATE and END CERTIFICATE lines
+$certs[0] =~ s/.*-----BEGIN CERTIFICATE-----/-----BEGIN CERTIFICATE-----/s;
+$certs[1] =~ s/.*-----BEGIN CERTIFICATE-----/-----BEGIN CERTIFICATE-----/s;
+$ca_cert =~ s/.*-----BEGIN CERTIFICATE-----/-----BEGIN CERTIFICATE-----/s;
+
is( $certs[0], $ca_cert, 'got ca cert' );
is( $certs[1], $sender_cert, 'got sender cert' );
-----------------------------------------------------------------------
More information about the rt-commit
mailing list