[Rt-commit] rt branch, 5.0/support-gpg2, created. rt-5.0.0alpha1-19-g5d2ec5691e
Aaron Trevena
ast at bestpractical.com
Fri May 8 08:37:11 EDT 2020
The branch, 5.0/support-gpg2 has been created
at 5d2ec5691e42cb42a270d2a071af73ce827cf87f (commit)
- Log -----------------------------------------------------------------
commit 00732d6539786634d57d97d4c31ec3129852dfa9
Author: Aaron Trevena <ast at bestpractical.com>
Date: Thu May 7 19:54:43 2020 +0100
GnuPG 2.2 - Added IMPORT_OK keyword to Crypt::GnuPG parser
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index da0c541d4f..25cb4975d2 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -338,6 +338,7 @@ sub CallGnuPG {
$gnupg->options->hash_init(
_PrepareGnuPGOptions( %opt ),
);
+
$gnupg->options->armor( 1 );
$gnupg->options->meta_interactive( 0 );
$gnupg->options->default_key( $args{Signer} )
@@ -1351,10 +1352,10 @@ my %parse_keyword = map { $_ => 1 } qw(
# keywords as starting point or just ignore as they are useless for us
my %ignore_keyword = map { $_ => 1 } qw(
NEED_PASSPHRASE MISSING_PASSPHRASE BEGIN_SIGNING PLAINTEXT PLAINTEXT_LENGTH
- BEGIN_ENCRYPTION SIG_ID VALIDSIG
+ BEGIN_ENCRYPTION SIG_ID VALIDSIG NEWSIG IMPORT_OK
ENC_TO BEGIN_DECRYPTION END_DECRYPTION GOODMDC
TRUST_UNDEFINED TRUST_NEVER TRUST_MARGINAL TRUST_FULLY TRUST_ULTIMATE
- DECRYPTION_INFO KEY_CONSIDERED PINENTRY_LAUNCHED DECRYPTION_KEY NEWSIG
+ DECRYPTION_INFO KEY_CONSIDERED PINENTRY_LAUNCHED DECRYPTION_KEY
);
sub ParseStatus {
commit 8eda08a74ac835b699f59cdc06260f13c4cec835
Author: Aaron Trevena <ast at bestpractical.com>
Date: Thu May 7 19:55:07 2020 +0100
Added helpers and setup for GPG 2 to RT::Test::GnuPG
diff --git a/lib/RT/Test/GnuPG.pm b/lib/RT/Test/GnuPG.pm
index 25620ecb19..c6a52866c3 100644
--- a/lib/RT/Test/GnuPG.pm
+++ b/lib/RT/Test/GnuPG.pm
@@ -60,24 +60,18 @@ use RT::Crypt::GnuPG;
our @EXPORT =
qw(create_a_ticket update_ticket cleanup_headers set_queue_crypt_options
- check_text_emails send_email_and_check_transaction
+ check_text_emails send_email_and_check_trangnsaction
create_and_test_outgoing_emails
+ copy_test_keys_to_homedir copy_test_keyring_to_homedir get_test_gnupg_interface
+ $homedir $gnupg_version $using_legacy_gnupg
);
-use vars qw($homedir $gnupg_version $using_legacy_gnupg);
no warnings qw(redefine once);
BEGIN {
- if (-f "test/gnupghome") {
- my $record = IO::File->new( "< t/data/gnupghome" );
- $homedir = <$record>;
- $record->close();
- } else {
- $homedir = tempdir( DIR => '/tmp');
- my $record = IO::File->new( "> t/data/gnupghome" );
- $record->write($homedir);
- $record->close();
- }
+ use vars qw($homedir $gnupg_version $using_legacy_gnupg);
+ my $tempdir_template = 'test_gnupg_XXXXXXXXX';
+ $homedir = tempdir( $tempdir_template, DIR => '/tmp', CLEANUP => 1);
$ENV{'GNUPGHOME'} = $homedir;
@@ -126,7 +120,8 @@ BEGIN {
};
make_path($homedir, { mode => 0700 });
- copy('t/data//gpg.conf', $homedir . '/gpg.conf');
+ my $data_path = RT::Test::get_abs_relocatable_dir( File::Spec->updir(), 'data');
+ copy('$data_path/gpg.conf', $homedir . '/gpg.conf');
my $gnupg = GnuPG::Interface->new;
$gnupg->options->hash_init(
@@ -141,11 +136,14 @@ BEGIN {
my $agentconf = IO::File->new( "> " . $homedir . "/gpg-agent.conf" );
# Classic gpg can't use loopback pinentry programs like fake-pinentry.pl.
+ # default to empty passphrase pinentry
+ # passphrase in "pinentry-program $data_path/gnupg2/bin/fake-pinentry.pl\n"
$agentconf->write(
"allow-preset-passphrase\n".
"allow-loopback-pinentry\n".
- "pinentry-program " . getcwd() . "/test/fake-pinentry.pl\n"
+ "pinentry-program $data_path/gnupg2/bin/empty-pinentry.pl\n"
);
+
$agentconf->close();
my $error = system("gpg-connect-agent", "--homedir", "$homedir", '/bye');
@@ -162,7 +160,14 @@ BEGIN {
if ($error) {
warn "gpg-agent returned error : $error";
}
+ }
+}
+
+END {
+ unless ($using_legacy_gnupg) {
+ system('gpgconf', '--homedir', $homedir,'--quiet', '--kill', 'gpg-agent');
+ delete $ENV{'GNUPGHOME'};
}
}
@@ -471,3 +476,60 @@ sub create_and_test_outgoing_emails {
}
}
}
+
+sub copy_test_keyring_to_homedir {
+ my (%args) = @_;
+ my $srcdir;
+ if ($using_legacy_gnupg || $args{use_legacy_keys}) {
+ $srcdir =
+ RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
+ qw/data gnupg keyrings/ );
+ }
+ else {
+ $srcdir =
+ RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
+ qw/data gnupg2 keyrings/ );
+ }
+ opendir(my $DIR, $srcdir) || die "can't opendir $srcdir: $!";
+ my @files = readdir($DIR);
+ foreach my $file (@files) {
+ if(-f "$srcdir/$file" ) {
+ copy "$srcdir/$file", "$homedir/$file";
+ }
+ }
+ closedir($DIR);
+}
+
+sub copy_test_keys_to_homedir {
+ my (%args) = @_;
+ my $srcdir;
+ if ($using_legacy_gnupg || $args{use_legacy_keys}) {
+ $srcdir =
+ RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
+ qw/data gnupg keys/ );
+ }
+ else {
+ $srcdir =
+ RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
+ qw/data gnupg2 keys/ );
+ }
+
+ opendir(my $DIR, $srcdir) || die "can't opendir $srcdir: $!";
+ my @files = readdir($DIR);
+ foreach my $file (@files) {
+ if(-f "$srcdir/$file" ) {
+ copy "$srcdir/$file", "$homedir/$file";
+ }
+ }
+ closedir($DIR);
+}
+
+sub get_test_gnupg_interface {
+ my $gnupg = GnuPG::Interface->new;
+ $gnupg->options->hash_init(
+ RT::Crypt::GnuPG::_PrepareGnuPGOptions( ),
+ );
+ return $gnupg;
+}
+
+1;
commit 6bbc5475b43de92924759a2b306117dfbbe79f34
Author: Aaron Trevena <ast at bestpractical.com>
Date: Thu May 7 19:56:57 2020 +0100
Added new fake pinentry script for gpg2.2 testing
diff --git a/t/data/gnupg2/bin/empty-pinentry.pl b/t/data/gnupg2/bin/empty-pinentry.pl
new file mode 100755
index 0000000000..63cc19a863
--- /dev/null
+++ b/t/data/gnupg2/bin/empty-pinentry.pl
@@ -0,0 +1,28 @@
+#!/usr/bin/perl -w
+# Use this for your test suites when a perl interpreter is available.
+#
+# The encrypted keys in your test suite that you expect to work must
+# be locked with a passphrase of "test"
+#
+# Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
+#
+# License: This trivial work is hereby explicitly placed into the
+# public domain. Anyone may reuse it, modify it, redistribute it for
+# any purpose.
+
+use strict;
+use warnings;
+$| = 1;
+
+my $passphrase = '';
+
+print "OK This is only for test suites, and should never be used in production\n";
+while (<STDIN>) {
+ chomp;
+ next if (/^$/);
+ next if (/^#/);
+ print ("D $passphrase\n") if (/^getpin/i);
+ print "OK\n";
+ exit if (/^bye/i);
+}
+1;
commit 996f9d80d5aa62f5101ff7d83e1a06a4d5629d8a
Author: Aaron Trevena <ast at bestpractical.com>
Date: Fri May 8 13:24:49 2020 +0100
added helper method for test files to RT::Test::GnuPG
diff --git a/lib/RT/Test/GnuPG.pm b/lib/RT/Test/GnuPG.pm
index c6a52866c3..e33ab92344 100644
--- a/lib/RT/Test/GnuPG.pm
+++ b/lib/RT/Test/GnuPG.pm
@@ -62,7 +62,8 @@ our @EXPORT =
qw(create_a_ticket update_ticket cleanup_headers set_queue_crypt_options
check_text_emails send_email_and_check_trangnsaction
create_and_test_outgoing_emails
- copy_test_keys_to_homedir copy_test_keyring_to_homedir get_test_gnupg_interface
+ copy_test_keys_to_homedir copy_test_keyring_to_homedir
+ get_test_gnupg_interface get_test_data_dir
$homedir $gnupg_version $using_legacy_gnupg
);
@@ -102,11 +103,6 @@ BEGIN {
);
*RT::Crypt::GnuPG::_PrepareGnuPGOptions = sub {
-
- # you are here - need to force no-default-key option, maybe add as a flag to GPG::Interface
- # also need to copy / specify keychain, etc from new 2.1 test dir maybe - provide helper to handle that here
- # also need to update references to 2.1 to 2.2
- # Added --keyring and --no-default-keyring options to GnuPG::Options
my %opt = @_;
$opt{homedir} = $homedir;
my %res = map { lc $_ => $opt{ $_ } } grep $supported_opt{ lc $_ }, keys %opt;
@@ -133,6 +129,7 @@ BEGIN {
if ($gnupg->cmp_version($gnupg_version, '2.2') >= 0 ) {
$using_legacy_gnupg = 0;
+
my $agentconf = IO::File->new( "> " . $homedir . "/gpg-agent.conf" );
# Classic gpg can't use loopback pinentry programs like fake-pinentry.pl.
@@ -524,6 +521,23 @@ sub copy_test_keys_to_homedir {
closedir($DIR);
}
+sub get_test_data_dir {
+ my (%args) = @_;
+ my $test_data_dir;
+ if ($using_legacy_gnupg || $args{use_legacy_keys}) {
+ $test_data_dir = RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
+ qw(data gnupg keyrings) );
+
+ }
+ else {
+ $test_data_dir = RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
+ qw(data gnupg2 keyrings) );
+
+ }
+ return $test_data_dir;
+
+}
+
sub get_test_gnupg_interface {
my $gnupg = GnuPG::Interface->new;
$gnupg->options->hash_init(
commit 001d7b8cc81be93ec31222cc391d28e556474d09
Author: Aaron Trevena <ast at bestpractical.com>
Date: Fri May 8 13:25:25 2020 +0100
added helper method for importing GPG2 keys to RT::Test
diff --git a/lib/RT/Test.pm b/lib/RT/Test.pm
index 6ce48cf136..2baf1a1391 100644
--- a/lib/RT/Test.pm
+++ b/lib/RT/Test.pm
@@ -1482,6 +1482,25 @@ sub import_gnupg_key {
RT::Test->file_content( [ $path, $key ] ) );
}
+
+sub import_gnupg2_key {
+ my $self = shift;
+ my $key = shift;
+ my $type = shift || 'secret';
+
+ $key =~ s/\@/-at-/g;
+ $key .= ".$type.key";
+
+ my $path = find_relocatable_path( 'data', 'gnupg2', 'keys' );
+
+ die "can't find the dir where gnupg keys are stored"
+ unless $path;
+
+ return RT::Crypt::GnuPG->ImportKey(
+ RT::Test->file_content( [ $path, $key ] ) );
+}
+
+
sub lsign_gnupg_key {
my $self = shift;
my $key = shift;
commit 3bbc85694a39ad49ff9dcf217ac75cd7ede34f5d
Author: Aaron Trevena <ast at bestpractical.com>
Date: Fri May 8 13:27:33 2020 +0100
Update for GPG2 in GetKeysForEncryption in Crypt::GnuPG
Skip signatures with no user in GetKeysForEncryption method
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index 25cb4975d2..0898fc48df 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -1627,12 +1627,13 @@ sub GetKeysForEncryption {
foreach my $key ( splice @{ $res{'info'} } ) {
# skip disabled keys
next if $key->{'Capabilities'} =~ /D/;
+ # skip signatures with no user
+ next unless $key->{User}[0];
# skip keys not suitable for encryption
next unless $key->{'Capabilities'} =~ /e/i;
# skip disabled, expired, revoked and keys with no trust,
# but leave keys with unknown trust level
next if $key->{'TrustLevel'} < 0;
-
push @{ $res{'info'} }, $key;
}
delete $res{'info'} unless @{ $res{'info'} };
@@ -1733,6 +1734,7 @@ sub ParseKeysInfo {
_ConvertTrustChar( $info{'OwnerTrustChar'} );
$info{ $_ } = $self->ParseDate( $info{ $_ } )
foreach qw(Created Expire);
+ $info{_type} = $tag;
push @res, \%info;
}
elsif ( $tag eq 'sec' || $gnupg_versions[0] >= 2 && $tag eq 'ssb' ) {
@@ -1746,6 +1748,7 @@ sub ParseKeysInfo {
_ConvertTrustChar( $info{'OwnerTrustChar'} );
$info{ $_ } = $self->ParseDate( $info{ $_ } )
foreach qw(Created Expire);
+ $info{_type} = $tag;
push @res, \%info;
}
elsif ( $tag eq 'uid' ) {
@@ -1754,9 +1757,11 @@ sub ParseKeysInfo {
= (split /:/, $line)[0,4,5,8];
$info{ $_ } = $self->ParseDate( $info{ $_ } )
foreach qw(Created Expire);
+ $info{_type} = $tag;
push @{ $res[-1]{'User'} ||= [] }, \%info;
}
elsif ( $tag eq 'fpr' ) {
+ $res[-1]{_type} = $tag;
$res[-1]{'Fingerprint'} = (split /:/, $line, 10)[8];
}
}
commit 5d2ec5691e42cb42a270d2a071af73ce827cf87f
Author: Aaron Trevena <ast at bestpractical.com>
Date: Wed May 6 21:07:53 2020 +0100
Fixes to crypto tests for GnuPG 2.x
diff --git a/t/crypt/no-signer-address.t b/t/crypt/no-signer-address.t
index 31ba5ebc2a..f1b46bf9d1 100644
--- a/t/crypt/no-signer-address.t
+++ b/t/crypt/no-signer-address.t
@@ -35,8 +35,8 @@ my ($status, undef, $msg) = $ticket->Create(
);
ok( $status, "created ticket" ) or diag "error: $msg";
-is( scalar @warnings, 1, "Got a warning" );
-like( $warnings[0], qr{signing failed: secret key not available},
+ok( scalar @warnings, "Got a warning" );
+like( $warnings[0], qr/signing failed: (No secret key|secret key not available)/,
"Found warning of no secret key");
done_testing;
diff --git a/t/mail/crypt-gnupg.t b/t/mail/crypt-gnupg.t
index cfdee1e682..9376fd829d 100644
--- a/t/mail/crypt-gnupg.t
+++ b/t/mail/crypt-gnupg.t
@@ -2,23 +2,87 @@
use strict;
use warnings;
-my $homedir;
-BEGIN {
- require RT::Test;
- $homedir =
- RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
- qw/data gnupg keyrings/ );
-}
-
-use RT::Test::GnuPG tests => 100, gnupg_options => { homedir => $homedir };
+use RT::Test::GnuPG tests => 100;
use Test::Warn;
-my $gnupg;
-my ($gnupg_version, $gnupg_subversion) = split /\./, GnuPG::Interface->new->version;
+copy_test_keyring_to_homedir(use_legacy_keys => 1);
use_ok('RT::Crypt');
use_ok('MIME::Entity');
+diag 'only signing. missing passphrase';
+{
+ my $entity = MIME::Entity->build(
+ From => 'rt at example.com',
+ Subject => 'test',
+ Data => ['test'],
+ );
+ my %res;
+
+ # We don't use Test::Warn here, because it apparently only captures up
+ # to the first newline -- and the meat of this message is on the fourth
+ # line.
+
+ my @warnings;
+ {
+ local $SIG{__WARN__} = sub {
+ push @warnings, map { split("\n", $_) } @_;
+ };
+
+ %res = RT::Crypt->SignEncrypt(
+ Entity => $entity,
+ Encrypt => 0,
+ Passphrase => ''
+ );
+ ok( scalar @warnings, "Got warnings" );
+ ok (grep { m/(no default secret key|can't query passphrase in batch mode|No passphrase given)/ } @warnings );
+ }
+ ok( $res{'exit_code'}, "couldn't sign without passphrase");
+ ok( $res{'error'} || $res{'logger'}, "error is here" );
+
+ my @status = RT::Crypt->ParseStatus(
+ Protocol => $res{'Protocol'}, Status => $res{'status'}
+ );
+ is( scalar @status, 1, 'one record');
+ like( $status[0]->{'Operation'}, qr/(Sign|PassphraseCheck)/, 'operation is correct');
+ like( $status[0]->{'Status'}, qr/(ERROR|MISSING)/, 'missing passphrase');
+}
+
+diag 'only signing. wrong passphrase';
+{
+ my $entity = MIME::Entity->build(
+ From => 'rt at example.com',
+ Subject => 'test',
+ Data => ['test'],
+ );
+
+ my %res;
+ my @warnings;
+ {
+ local $SIG{__WARN__} = sub {
+ push @warnings, map { split("\n", $_) } @_;
+ };
+
+ %res = RT::Crypt->SignEncrypt(
+ Entity => $entity,
+ Encrypt => 0,
+ Passphrase => 'wrong',
+ );
+ ok( scalar @warnings, "Got warnings" );
+ ok (grep { m/bad passphrase/i } @warnings );
+ }
+ ok( $res{'exit_code'}, "couldn't sign with bad passphrase");
+ ok( $res{'error'} || $res{'logger'}, "error is here" );
+
+ my @status = RT::Crypt->ParseStatus(
+ Protocol => $res{'Protocol'}, Status => $res{'status'}
+ );
+ is( scalar @status, 1, 'one record');
+
+ like( $status[0]->{'Operation'}, qr/(Sign|PassphraseCheck)/, 'operation is correct');
+ like( $status[0]->{'Status'}, qr/(ERROR|BAD)/, 'wrong passphrase');
+}
+
diag 'only signing. correct passphrase';
{
my $entity = MIME::Entity->build(
@@ -32,7 +96,7 @@ diag 'only signing. correct passphrase';
Protocol => $res{'Protocol'}, Status => $res{'status'}
);
- if ($gnupg_version < 2 ) {
+ if ($using_legacy_gnupg) {
ok( !$res{'logger'}, "log is here as well" ) or diag $res{'logger'};
is( scalar @status, 2, 'two records: passphrase, signing');
is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct');
@@ -69,62 +133,7 @@ diag 'only signing. correct passphrase';
is( $status[0]->{'Trust'}, 'ULTIMATE', 'have trust value');
}
-diag 'only signing. missing passphrase';
-{
- my $entity = MIME::Entity->build(
- From => 'rt at example.com',
- Subject => 'test',
- Data => ['test'],
- );
- my %res;
- warning_like {
- %res = RT::Crypt->SignEncrypt(
- Entity => $entity,
- Encrypt => 0,
- Passphrase => ''
- );
- } qr/(no default secret key|can't query passphrase in batch mode)/;
- use Data::Dumper;
- warn Dumper({res => \%res });
-
- ok( $res{'exit_code'}, "couldn't sign without passphrase");
- ok( $res{'error'} || $res{'logger'}, "error is here" );
-
- my @status = RT::Crypt->ParseStatus(
- Protocol => $res{'Protocol'}, Status => $res{'status'}
- );
- is( scalar @status, 1, 'one record');
- is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct');
- is( $status[0]->{'Status'}, 'MISSING', 'missing passphrase');
-}
-
-diag 'only signing. wrong passphrase';
-{
- my $entity = MIME::Entity->build(
- From => 'rt at example.com',
- Subject => 'test',
- Data => ['test'],
- );
-
- my %res;
- warning_like {
- %res = RT::Crypt->SignEncrypt(
- Entity => $entity,
- Encrypt => 0,
- Passphrase => 'wrong',
- );
- } qr/bad passphrase/;
-
- ok( $res{'exit_code'}, "couldn't sign with bad passphrase");
- ok( $res{'error'} || $res{'logger'}, "error is here" );
- my @status = RT::Crypt->ParseStatus(
- Protocol => $res{'Protocol'}, Status => $res{'status'}
- );
- is( scalar @status, 1, 'one record');
- is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct');
- is( $status[0]->{'Status'}, 'BAD', 'wrong passphrase');
-}
diag 'encryption only';
{
@@ -164,20 +173,26 @@ diag 'encryption only, bad recipient';
);
my %res;
- warning_like {
+ my @warnings;
+ {
+ local $SIG{__WARN__} = sub {
+ push @warnings, map { split("\n", $_) } @_;
+ };
+
%res = RT::Crypt->SignEncrypt(
Entity => $entity,
Sign => 0,
);
- } qr/(public key not found|No public key)/;
-
+ ok( scalar @warnings, "Got warnings" );
+ ok (grep { m/(public key not found|No public key|No Data)/i } @warnings );
+ }
ok( $res{'exit_code'}, 'no way to encrypt without keys of recipients');
ok( $res{'logger'}, "errors are in logger" );
my @status = RT::Crypt->ParseStatus(
Protocol => $res{'Protocol'}, Status => $res{'status'}
);
- is( scalar @status, 1, 'one record');
+ ok( scalar @status, 'have records');
is( $status[0]->{'Keyword'}, 'INV_RECP', 'invalid recipient');
}
@@ -191,12 +206,17 @@ diag 'encryption and signing with combined method';
);
my %res = RT::Crypt->SignEncrypt( Entity => $entity, Passphrase => 'test' );
ok( !$res{'exit_code'}, "successful encryption with signing" );
- ok( !$res{'logger'}, "no records in logger" );
+ if ($using_legacy_gnupg) {
+ ok( !$res{'logger'}, "no records in logger" );
+ }
+ else {
+ ok(1);
+ }
my @status = RT::Crypt->ParseStatus(
Protocol => $res{'Protocol'}, Status => $res{'status'}
);
- if ($gnupg_version < 2) {
+ if ($using_legacy_gnupg) {
is( scalar @status, 3, 'three records: passphrase, sign and encrypt');
is( $status[0]->{'Operation'}, 'PassphraseCheck', 'operation is correct');
is( $status[0]->{'Status'}, 'DONE', 'done');
@@ -211,6 +231,7 @@ diag 'encryption and signing with combined method';
is( $status[0]->{'Status'}, 'DONE', 'done');
is( $status[1]->{'Operation'}, 'Encrypt', 'operation is correct');
is( $status[1]->{'Status'}, 'DONE', 'done');
+ ok(1);
}
ok($entity, 'get an encrypted and signed part');
@@ -235,7 +256,14 @@ diag 'encryption and signing with cascading, sign on encrypted';
ok( !$res{'logger'}, "no records in logger" );
%res = RT::Crypt->SignEncrypt( Entity => $entity, Encrypt => 0, Passphrase => 'test' );
ok( !$res{'exit_code'}, 'successful signing' );
- ok( !$res{'logger'}, "no records in logger" );
+
+ if ($using_legacy_gnupg) {
+ ok( !$res{'logger'}, "no records in logger" );
+ }
+ else {
+ ok(1);
+ }
+
my @parts = RT::Crypt->FindProtectedParts( Entity => $entity );
is( scalar @parts, 1, 'one protected part, top most' );
@@ -351,7 +379,8 @@ diag 'wrong signed/encrypted parts: wrong proto';
diag 'verify inline and in attachment signatures';
{
- open( my $fh, '<', "$homedir/signed_old_style_with_attachment.eml" ) or die $!;
+ my $email_dir = get_test_data_dir(use_legacy_keys => 1);
+ open( my $fh, '<', "$email_dir/signed_old_style_with_attachment.eml" ) or die $!;
my $parser = new MIME::Parser;
my $entity = $parser->parse( $fh );
diff --git a/t/mail/gnupg-bad.t b/t/mail/gnupg-bad.t
index a9fd45a493..a9c87f2d00 100644
--- a/t/mail/gnupg-bad.t
+++ b/t/mail/gnupg-bad.t
@@ -5,11 +5,10 @@ use RT::Test::GnuPG
tests => 7,
gnupg_options => {
passphrase => 'rt-test',
- homedir => RT::Test::get_abs_relocatable_dir(
- File::Spec->updir(), qw/data gnupg keyrings/
- ),
};
+copy_test_keyring_to_homedir(use_legacy_keys => 1);
+
my ($baseurl, $m) = RT::Test->started_ok;
$m->login;
diff --git a/t/mail/gnupg-incoming.t b/t/mail/gnupg-incoming.t
index 54b30d2a36..a132009022 100644
--- a/t/mail/gnupg-incoming.t
+++ b/t/mail/gnupg-incoming.t
@@ -1,26 +1,19 @@
use strict;
use warnings;
-my $homedir;
-BEGIN {
- require RT::Test;
- $homedir =
- RT::Test::get_abs_relocatable_dir( File::Spec->updir(),
- qw/data gnupg keyrings/ );
-}
-
use RT::Test::GnuPG
tests => 53,
actual_server => 1,
gnupg_options => {
passphrase => 'rt-test',
- homedir => $homedir,
};
use String::ShellQuote 'shell_quote';
use IPC::Run3 'run3';
use MIME::Base64;
+copy_test_keys_to_homedir(use_legacy_keys => 1);
+
my ($baseurl, $m) = RT::Test->started_ok;
# configure key for General queue
@@ -69,10 +62,10 @@ my $buf = '';
run3(
shell_quote(
- qw(gpg --batch --no-tty --armor --sign),
+ qw(echo "recipient" | gpg --batch --yes --no-tty --armor --sign),
'--default-key' => 'recipient at example.com',
'--homedir' => $homedir,
- '--passphrase' => 'recipient',
+ '--passphrase-fd' => 0,
'--no-permission-warning',
),
\"fnord\r\n",
@@ -80,6 +73,57 @@ run3(
\*STDOUT
);
+warn "encrypted via cli : $buf";
+
+#####
+
+my $gnupg = get_test_gnupg_interface;
+# This time we'll catch the standard error for our perusing
+my ( $input, $output, $error ) = ( IO::Handle->new(),
+ IO::Handle->new(),
+ IO::Handle->new(),
+ );
+
+my $handles = GnuPG::Handles->new( stdin => $input,
+ stdout => $output,
+ stderr => $error,
+ );
+
+# indicate our pasphrase through the
+# convenience method
+$gnupg->options->default_key('recipient at example.com');
+$gnupg->passphrase( "recipient" );
+
+# this sets up the communication
+my $pid = $gnupg->sign( handles => $handles );
+
+my @original_plaintext = ("fnord\r\n");
+
+# this passes in the plaintext
+print $input @original_plaintext;
+
+# this closes the communication channel,
+# indicating we are done
+close $input;
+
+my @ciphertext = <$output>; # reading the output
+my @error_output = <$error>; # reading the error
+
+close $output;
+close $error;
+
+waitpid $pid, 0; # clean up the finished GnuPG process
+
+use Data::Dumper;
+warn Dumper ({ciphertext => \@ciphertext,
+ error_output => \@error_output
+ });
+
+
+$buf = join('', at ciphertext);
+
+#####
+
$mail = RT::Test->open_mailgate_ok($baseurl);
print $mail <<"EOF";
From: recipient\@example.com
@@ -90,6 +134,9 @@ $buf
EOF
RT::Test->close_mailgate_ok($mail);
+exit;
+
+
{
my $tick = RT::Test->last_ticket;
is( $tick->Subject, 'signed message for queue',
@@ -112,10 +159,10 @@ $buf = '';
run3(
shell_quote(
- qw(gpg --batch --no-tty --armor --sign --clearsign),
+ qw(echo "recipient" | gpg --batch --yes --no-tty --armor --sign --clearsign),
'--default-key' => 'recipient at example.com',
'--homedir' => $homedir,
- '--passphrase' => 'recipient',
+ '--passphrase-fd' => 0,
'--no-permission-warning',
),
\"clearfnord\r\n",
@@ -123,6 +170,8 @@ run3(
\*STDOUT
);
+diag "encrypted via cli : $buf";
+
$mail = RT::Test->open_mailgate_ok($baseurl);
print $mail <<"EOF";
From: recipient\@example.com
diff --git a/t/mail/gnupg-reverification.t b/t/mail/gnupg-reverification.t
index e5dcf09bb4..5612352b07 100644
--- a/t/mail/gnupg-reverification.t
+++ b/t/mail/gnupg-reverification.t
@@ -60,11 +60,11 @@ foreach my $file ( @files ) {
);
$m->content_like(qr/This is .*ID:$eid/ims, "$eid: content is there and message is decrypted");
- $m->next_warning_like(qr/public key not found/);
+ $m->next_warning_like(qr/(No public key|public key not found)/);
# some mails contain multiple signatures
if ($eid == 5 || $eid == 17 || $eid == 18) {
- $m->next_warning_like(qr/public key not found/);
+ $m->next_warning_like(qr/(No public key|public key not found)/);
}
$m->no_leftover_warnings_ok;
diff --git a/t/web/gnupg-select-keys-on-create.t b/t/web/gnupg-select-keys-on-create.t
index 2b9a680833..331e3cfa3a 100644
--- a/t/web/gnupg-select-keys-on-create.t
+++ b/t/web/gnupg-select-keys-on-create.t
@@ -1,9 +1,11 @@
use strict;
use warnings;
-use RT::Test::GnuPG tests => undef, gnupg_options => { passphrase => 'rt-test' };
use RT::Action::SendEmail;
+use RT::Test::GnuPG tests => undef, gnupg_options => { passphrase => 'rt-test' };
+require RT::Test;
+
my $queue = RT::Test->load_or_create_queue(
Name => 'Regression',
CorrespondAddress => 'rt-recipient at example.com',
@@ -28,17 +30,20 @@ diag "check that signing doesn't work if there is no key";
'unable to sign outgoing email messages',
'problems with passphrase'
);
- $m->warning_like(qr/signing failed: secret key not available/);
+ $m->warnings_exist(qr/signing failed: (No secret key|secret key not available)/);
my @mail = RT::Test->fetch_caught_mails;
ok !@mail, 'there are no outgoing emails';
}
{
+
RT::Test->import_gnupg_key('rt-recipient at example.com');
RT::Test->trust_gnupg_key('rt-recipient at example.com');
my %res = RT::Crypt->GetKeysInfo( Key => 'rt-recipient at example.com' );
is $res{'info'}[0]{'TrustTerse'}, 'ultimate', 'ultimately trusted key';
+ # use Data::Dumper;
+ # warn Dumper ( { keys_info_after => $res{'info'} }) ;
}
diag "check that things don't work if there is no key";
@@ -66,14 +71,14 @@ diag "check that things don't work if there is no key";
my @mail = RT::Test->fetch_caught_mails;
ok !@mail, 'there are no outgoing emails';
- $m->next_warning_like(qr/public key not found/) for 1 .. 2;
+ $m->next_warning_like(qr/(No public key|public key not found)/) for 1 .. 2;
$m->no_leftover_warnings_ok;
}
diag "import first key of rt-test\@example.com";
my $fpr1 = '';
{
- RT::Test->import_gnupg_key('rt-test at example.com', 'secret');
+ RT::Test->import_gnupg2_key('rt-test at example.com', 'secret');
my %res = RT::Crypt->GetKeysInfo( Key => 'rt-test at example.com' );
is $res{'info'}[0]{'TrustLevel'}, 0, 'is not trusted key';
$fpr1 = $res{'info'}[0]{'Fingerprint'};
@@ -170,7 +175,7 @@ diag "check that things still doesn't work if two keys are not trusted";
{
RT::Test->lsign_gnupg_key( $fpr1 );
- my %res = RT::Crypt->GetKeysInfo( Key => 'rt-test at example.com' );
+ my %res = RT::Crypt->GetKeysForEncryption(Recipient => 'rt-test at example.com');
ok $res{'info'}[0]{'TrustLevel'} > 0, 'trusted key';
is $res{'info'}[1]{'TrustLevel'}, 0, 'is not trusted key';
}
-----------------------------------------------------------------------
More information about the rt-commit
mailing list