[Bps-public-commit] GnuPG-Interface branch, work-with-both-gnupgs, updated. 0.52-42-g5f7fded

Aaron Trevena ast at bestpractical.com
Fri Apr 24 16:29:44 EDT 2020


The branch, work-with-both-gnupgs has been updated
       via  5f7fded96a711cd4e65ec8322a9ef788bc270f9f (commit)
       via  f5a8fc2e332a792ea74b64c7e9755261ed9c58e4 (commit)
       via  00bf6f175bba3bb38a581955d8f9c9ac21d8d3bc (commit)
       via  67d18c86d1ca3b25b4b12570dc6deaeaf7fece17 (commit)
       via  26cf1b506e16cf416fb1015baa097c4be588e784 (commit)
       via  2a573192319e4acc9364d1ad89e2fcb97203a0df (commit)
       via  0528f629372610afb5989d2f6119a43023220eac (commit)
      from  7f5c845cd4ba52a7a04d25f634b0766495a70bba (commit)

Summary of changes:
 Changes                 |  8 ++++++++
 lib/GnuPG/Interface.pm  | 36 ++++++++++++++++++++----------------
 lib/GnuPG/Key.pm        |  9 +++++----
 lib/GnuPG/Options.pm    | 11 +++++++++++
 lib/GnuPG/PrimaryKey.pm |  2 --
 t/000_setup.t           | 40 +++++++++++++++++++++++++++-------------
 t/MyTestSpecific.pm     | 23 +++++++++++++++++++++++
 t/decrypt.t             |  7 +++----
 t/get_public_keys.t     | 22 ++++++----------------
 9 files changed, 103 insertions(+), 55 deletions(-)

- Log -----------------------------------------------------------------
commit 0528f629372610afb5989d2f6119a43023220eac
Author: Michael Schout <mschout at gkg.net>
Date:   Mon Jan 8 18:26:54 2018 -0600

    add missing waitpid() in version()

diff --git a/lib/GnuPG/Interface.pm b/lib/GnuPG/Interface.pm
index d433392..5e3a55e 100644
--- a/lib/GnuPG/Interface.pm
+++ b/lib/GnuPG/Interface.pm
@@ -806,9 +806,12 @@ sub _version {
 
     my $out = IO::Handle->new;
     my $handles = GnuPG::Handles->new( stdout => $out );
-    $self->wrap_call( commands => [ '--no-options', '--version' ], handles => $handles );
+    my $pid = $self->wrap_call( commands => [ '--no-options', '--version' ], handles => $handles );
     my $line = $out->getline;
     $line =~ /(\d+\.\d+\.\d+)/;
+
+    waitpid $pid, 0;
+
     return $1;
 }
 

commit 2a573192319e4acc9364d1ad89e2fcb97203a0df
Author: Aaron Trevena <aaron at aarontrevena.co.uk>
Date:   Thu Apr 23 15:58:21 2020 +0100

    Update testing of public keys for GPG 2.2
    
    GnuPG 2.2 returns different validity and empty user_id_string for expired sigs

diff --git a/t/MyTestSpecific.pm b/t/MyTestSpecific.pm
index 1599949..32d2070 100644
--- a/t/MyTestSpecific.pm
+++ b/t/MyTestSpecific.pm
@@ -144,4 +144,27 @@ sub file_match
 
 
 
+# blank user_id_string and different validity for expired sig in GPG 2.2.x vs 1.x, 2.1
+sub get_expired_test_sig_params {
+    my $gnupg = shift;
+    my $version = $gnupg->version;
+
+    my %sig_params = (
+        date_string => '2000-03-16',
+        hex_id => '56FFD10A260C4FA3',
+        sig_class => 0x10,
+        algo_num => 17,
+        is_exportable => 1,
+    );
+    if ($gnupg->cmp_version($gnupg->version, '2.2') > 0) {
+        $sig_params{user_id_string} = '';
+        $sig_params{validity} = '?';
+    }
+    else {
+        $sig_params{user_id_string} = 'Frank J. Tobin <ftobin at neverending.org>',
+        $sig_params{validity} = '!';
+    }
+    return %sig_params
+}
+
 1;
diff --git a/t/get_public_keys.t b/t/get_public_keys.t
index 7893625..aa1be93 100644
--- a/t/get_public_keys.t
+++ b/t/get_public_keys.t
@@ -54,6 +54,7 @@ TEST
       );
 
 
+    # Note, blank user_id_string and different validity for expired sig in GPG 2.2.x
     my $uid0 = GnuPG::UserId->new( as_string =>  'GnuPG test key (for testing purposes only)',
                                    validity => '-');
     $uid0->push_signatures(
@@ -67,14 +68,9 @@ TEST
                             sig_class => 0x13,
                             validity => '!'),
       GnuPG::Signature->new(
+                            get_expired_test_sig_params($gnupg),
                             date => 953180097,
-                            algo_num => 17,
-                            is_exportable => 1,
-                            user_id_string => 'Frank J. Tobin <ftobin at neverending.org>',
-                            date_string => '2000-03-16',
-                            hex_id => '56FFD10A260C4FA3',
-                            sig_class => 0x10,
-                            validity => '!'),
+      ),
       GnuPG::Signature->new(
                             date => 949813093,
                             algo_num => 17,
@@ -95,6 +91,7 @@ TEST
                             validity => '!'),
                           );
 
+    # Note, blank user_id_string and different validity for expired sig in GPG 2.2.x
     my $uid1 = GnuPG::UserId->new( as_string =>  'Foo Bar (1)',
                                    validity => '-');
     $uid1->push_signatures(
@@ -108,14 +105,9 @@ TEST
                             sig_class => 0x13,
                             validity => '!'),
       GnuPG::Signature->new(
+                            get_expired_test_sig_params($gnupg),
                             date => 953180103,
-                            algo_num => 17,
-                            is_exportable => 1,
-                            user_id_string => 'Frank J. Tobin <ftobin at neverending.org>',
-                            date_string => '2000-03-16',
-                            hex_id => '56FFD10A260C4FA3',
-                            sig_class => 0x10,
-                            validity => '!'),
+      ),
       GnuPG::Signature->new(
                             date => 953179891,
                             algo_num => 17,
@@ -126,8 +118,6 @@ TEST
                             sig_class => 0x13,
                             validity => '!'));
 
-
-
     $handmade_key->push_user_ids($uid0, $uid1);
 
     my $subkey_signature = GnuPG::Signature->new

commit 26cf1b506e16cf416fb1015baa097c4be588e784
Author: Aaron Trevena <aaron at aarontrevena.co.uk>
Date:   Fri Apr 24 10:48:09 2020 +0100

    Updated options to add ignore_mdc_error and logging
    
    Newer GnuPG will force failure for some old ciphertext unless ignore_mdc_error is set, now defaults to true
    Added debug_level and logger_file options to aid troubleshooting problems

diff --git a/lib/GnuPG/Options.pm b/lib/GnuPG/Options.pm
index 7788662..fc86168 100644
--- a/lib/GnuPG/Options.pm
+++ b/lib/GnuPG/Options.pm
@@ -35,6 +35,7 @@ use constant BOOLEANS => qw(
     meta_pgp_5_compatible
     meta_pgp_2_compatible
     meta_interactive
+    ignore_mdc_error
 );
 
 use constant SCALARS => qw(
@@ -49,6 +50,8 @@ use constant SCALARS => qw(
     options
     meta_signing_key
     meta_signing_key_id
+    debug_level
+    logger_file
 );
 
 use constant LISTS => qw(
@@ -93,6 +96,9 @@ for my $list (LISTS) {
 
 sub BUILD {
     my ( $self, $args ) = @_;
+    # Newer GnuPG will force failure for old ciphertext unless set
+    $args->{ignore_mdc_error} //= 1;
+
     $self->hash_init( meta_interactive => 1 );
     $self->hash_init(%$args);
 }
@@ -157,6 +163,11 @@ sub get_option_args {
     push @args, map { ( '--recipient',  $_ ) } $self->recipients();
     push @args, map { ( '--encrypt-to', $_ ) } $self->encrypt_to();
 
+    push @args, '--debug-level', $self->debug_level() if ($self->debug_level);
+    push @args, '--logger-file', $self->logger_file() if ($self->logger_file());
+
+    push @args, '--ignore-mdc-error' if ($self->ignore_mdc_error());
+
     return @args;
 }
 

commit 67d18c86d1ca3b25b4b12570dc6deaeaf7fece17
Author: Aaron Trevena <aaron at aarontrevena.co.uk>
Date:   Fri Apr 24 16:46:56 2020 +0100

    Updated tests to skip using gpg-agent unless ENV var set
    
    setup and decryption tests will skip gnupg-agent setup and testing
    unless TEST_USE_GPG_AGENT is true and gnupg is version 2.2 or higher

diff --git a/t/000_setup.t b/t/000_setup.t
index b336427..752eda0 100644
--- a/t/000_setup.t
+++ b/t/000_setup.t
@@ -10,24 +10,38 @@ use Cwd;
 use File::Path qw (make_path);
 use File::Copy;
 
+# $gnupg->options->debug_level(4);
+# $gnupg->options->logger_file("/tmp/gnupg-$$-setup-".time().".log");
+
 TEST
 {
     my $homedir = $gnupg->options->homedir();
     make_path($homedir, { mode => 0700 });
-    my $agentconf = IO::File->new( "> " . $homedir . "/gpg-agent.conf" );
-    # Classic gpg can't use loopback pinentry programs like fake-pinentry.pl.
-    $agentconf->write(
-	"allow-loopback-pinentry\n".
-	"pinentry-program " . getcwd() . "/test/fake-pinentry.pl\n"
-    ) if $gnupg->cmp_version($gnupg->version, '2.1') >= 0;
-    $agentconf->close();
-    copy('test/gpg.conf', $homedir . '/gpg.conf');
-    # In classic gpg, gpgconf cannot kill gpg-agent. But these tests
-    # will not start an agent when using classic gpg. For modern gpg,
-    # reset the state of any long-lived gpg-agent, ignoring errors:
-    if ($gnupg->cmp_version($gnupg->version, '2.1') >= 0) {
+
+    if ($gnupg->cmp_version($gnupg->version, '2.2') >= 0 and $ENV{TEST_USE_GPG_AGENT}) {
+        my $agentconf = IO::File->new( "> " . $homedir . "/gpg-agent.conf" );
+        # Classic gpg can't use loopback pinentry programs like fake-pinentry.pl.
+        $agentconf->write(
+            "allow-preset-passphrase\n".
+                "allow-loopback-pinentry\n".
+                "pinentry-program " . getcwd() . "/test/fake-pinentry.pl\n"
+            );
+        $agentconf->close();
+        copy('test/gpg.conf', $homedir . '/gpg.conf');
+
+        # In classic gpg, gpgconf cannot kill gpg-agent. But these tests
+        # will not start an agent when using classic gpg. For modern gpg,
+        # reset the state of any long-lived gpg-agent, ignoring errors:
 	$ENV{'GNUPGHOME'} = $homedir;
-	system('gpgconf', '--quiet', '--kill', 'gpg-agent');
+	my $error = system('gpgconf', '--quiet', '--kill', 'gpg-agent', ' > /tmp/gpgconf.log  2> /tmp/gpgconf.error_log');
+        if ($error) {
+            warn "gpgconf returned error : $error";
+        }
+        $error = system('gpg-connect-agent', 'reloadagent', '/bye');
+        if ($error) {
+            warn "gpg-connect-agent returned error : $error";
+        }
+
 	delete $ENV{'GNUPGHOME'};
     }
     reset_handles();
diff --git a/t/decrypt.t b/t/decrypt.t
index b72b782..0c7a596 100644
--- a/t/decrypt.t
+++ b/t/decrypt.t
@@ -60,10 +60,10 @@ TEST
 };
 
 
-# test without default_passphrase (that is, by using the agent)
+# test without default_passphrase (that is, by using the agent, if ENV flag set)
 TEST
 {
-    return 1 unless $gnupg->cmp_version($gnupg->version, '2.1') >= 0;
+    return 1 unless ($gnupg->cmp_version($gnupg->version, '2.2') >= 0 and $ENV{TEST_USE_GPG_AGENT});
 
     reset_handles();
 
@@ -85,7 +85,6 @@ TEST
 
 TEST
 {
-    return 1 unless $gnupg->cmp_version($gnupg->version, '2.1') >= 0;
-
+    return 1 unless ($gnupg->cmp_version($gnupg->version, '2.2') >= 0 and $ENV{TEST_USE_GPG_AGENT});
     return compare( $texts{alt_plain}->fn(), $texts{temp}->fn() ) == 0;
 };

commit 00bf6f175bba3bb38a581955d8f9c9ac21d8d3bc
Author: Aaron Trevena <aaron at aarontrevena.co.uk>
Date:   Fri Apr 24 19:17:49 2020 +0100

    Added local_id field to GnuPG::Key comparson

diff --git a/lib/GnuPG/Key.pm b/lib/GnuPG/Key.pm
index c450821..243cd5b 100644
--- a/lib/GnuPG/Key.pm
+++ b/lib/GnuPG/Key.pm
@@ -88,11 +88,12 @@ sub compare {
     hex_data
     expiration_date
     expiration_date_string
+    local_id
   );
   foreach $field (@can_be_undef) {
-    return 0 unless (defined $self->$field) == (defined $other->$field);
-    if (defined $self->$field) {
-      return 0 unless $self->$field eq $other->$field;
+    return 0 unless ((defined $self->$field && ( $self->$field ne '') ) == (defined $other->$field && ( $other->$field ne '')));
+    if (defined $self->$field && ( $self->$field ne '')  ) {
+      return 0 unless ($self->$field eq $other->$field);
     }
   }
   my @objs = qw(

commit f5a8fc2e332a792ea74b64c7e9755261ed9c58e4
Author: Aaron Trevena <aaron at aarontrevena.co.uk>
Date:   Fri Apr 24 19:37:24 2020 +0100

    Update changelog for release

diff --git a/Changes b/Changes
index b42fd07..a26cf80 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,13 @@
 Revision history for GnuPG-Interface
 
+0.53
+ - Limit support to GnuPG 2.2+ and 1.4
+ - Additional information from keys when using GnuPG 2.2 or higher
+ - Add support for use of agent/pinentry
+ - Updated options to add ignore_mdc_error and logging
+ - Improvements to tests
+ - Update pubkey_data documentation
+
 0.52 - 2016-02-16
  - Skip "grp" records, generated by GPG 2.1; this suppresses "unknown
    record type" warnings

commit 5f7fded96a711cd4e65ec8322a9ef788bc270f9f
Author: Aaron Trevena <aaron at aarontrevena.co.uk>
Date:   Fri Apr 24 21:28:23 2020 +0100

    Restrict to version 1.4 or 2.2+
    
    Throw error unless supported version, updated documentation

diff --git a/lib/GnuPG/Interface.pm b/lib/GnuPG/Interface.pm
index 5e3a55e..74ca6e7 100644
--- a/lib/GnuPG/Interface.pm
+++ b/lib/GnuPG/Interface.pm
@@ -38,16 +38,14 @@ has $_ => (
 
 # NB: GnuPG versions
 #
-# There are three primary "branches" of GnuPG: classic, stable, and
-# modern. They each behave slightly differently. Each branch
-# corresponds to contiguous versions of GnuPG.
+# There are now two supported versions of GnuPG: legacy 1.4 and stable 2.2
+# They are detected and each behave slightly differently.
 #
 # When using features specific to branches, check that the system's
 # version of gpg corresponds to the branch.
 #
-# classic: < 2.0
-# stable:  >= 2.0 and < 2.1
-# modern:  >= 2.1
+# legacy: 1.4
+# stable: >= 2.2
 #
 # You can find examples of version comparison in the tests.
 has version => (
@@ -131,14 +129,14 @@ sub fork_attach_exec( $% ) {
     my $handles = $args{handles} or croak 'no GnuPG::Handles passed';
     my $use_loopback_pinentry = 0;
 
-    # Don't use loopback pintentry for non-modern GPG
+    # Don't use loopback pintentry for legacy (1.4) GPG
     #
     # Check that $version is populated before running cmp_version. If
     # we are invoked as part of BUILD to populate $version, then any
     # methods that depend on $version will fail. We don't care about
     # loopback when we're called just to check gpg version.
     $use_loopback_pinentry = 1
-      if ($handles->passphrase() && $self->version && $self->cmp_version($self->version, '2.1') > 0 );
+      if ($handles->passphrase() && $self->version && $self->cmp_version($self->version, '2.2') > 0 );
 
     # deprecation support
     $args{commands} ||= $args{gnupg_commands};
@@ -696,17 +694,16 @@ sub encrypt( $% ) {
 
 sub encrypt_symmetrically( $% ) {
     my ( $self, %args ) = @_;
-    # Strip the homedir and put it back after encrypting; gpg > 2.0.0
-    # and < 2.1.0 fail symmetric encryption when one is passed.
+    # Strip the homedir and put it back after encrypting;
     my $homedir = $self->options->homedir;
     $self->options->clear_homedir
-        unless $self->cmp_version($self->version, '2.1') >= 0;
+        unless $self->cmp_version($self->version, '2.2') >= 0;
     my $pid = $self->wrap_call(
         %args,
         commands => ['--symmetric']
     );
     $self->options->homedir($homedir)
-        unless $self->cmp_version($self->version, '2.1') >= 0;
+        unless $self->cmp_version($self->version, '2.2') >= 0;
     return $pid;
 }
 
@@ -810,9 +807,13 @@ sub _version {
     my $line = $out->getline;
     $line =~ /(\d+\.\d+\.\d+)/;
 
+    my $version = $1;
+    unless ($self->cmp_version($version, '2.2') >= 0 or $self->cmp_version($version, '1.4') == 0 ) {
+        croak "GnuPG Version 1.4 or 2.2+ required";
+    }
     waitpid $pid, 0;
 
-    return $1;
+    return $version;
 }
 
 sub cmp_version($$) {
@@ -1072,8 +1073,8 @@ If neither the B<passphrase> data member of the GnuPG::Interface nor
 the B<passphrase> data member of the B<handles> object is defined,
 then GnuPG::Interface assumes that access and control over the secret
 key will be handled by the running gpg-agent process.  This represents
-the simplest mode of operation with the GnuPG "modern" suite (version
-2.1 and later).  It is also the preferred mode for tools intended to
+the simplest mode of operation with the GnuPG "stable" suite (version
+2.2 and later).  It is also the preferred mode for tools intended to
 be user-facing, since the user will be prompted directly by gpg-agent
 for use of the secret key material.  Note that for programmatic use,
 this mode requires the gpg-agent and pinentry to already be correctly
diff --git a/lib/GnuPG/Key.pm b/lib/GnuPG/Key.pm
index 243cd5b..e8d743b 100644
--- a/lib/GnuPG/Key.pm
+++ b/lib/GnuPG/Key.pm
@@ -209,7 +209,7 @@ instantiated, and should always be undef.
 
 A list of Math::BigInt objects that correspond to the public key
 material for the given key. This member is empty on secret keys in
-GnuPG < 2.1.0. It is populated on secret keys In GnuPG >= 2.1.0.
+GnuPG 1.4. It is populated on secret keys In GnuPG >= 2.2.0.
 
 For DSA keys, the values are: prime (p), group order (q), group generator (g), y
 
diff --git a/lib/GnuPG/PrimaryKey.pm b/lib/GnuPG/PrimaryKey.pm
index 3776588..e26cdc7 100644
--- a/lib/GnuPG/PrimaryKey.pm
+++ b/lib/GnuPG/PrimaryKey.pm
@@ -48,8 +48,6 @@ has $_ => (
 sub compare {
   my ($self, $other, $deep) = @_;
 
-  # not comparing local_id because it is meaningless in modern
-  # versions of GnuPG.
   my @comparison_fields = qw (
      owner_trust
   );

-----------------------------------------------------------------------


More information about the Bps-public-commit mailing list