* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
(keyedit_quick_revuid): Use find_userid() instead of iterating over the
nodes of the keyblock.
* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
user ID specified by its hash.
--
This makes it possible to specify the user ID to revoke as UID hash when
calling --quick-revoke-uid.
GnuPG-bug-id: 5936
* Makefile.am (all-local): New to setup symlinks.
(distclean-local): New.
* tests/Makefile.am: Remove the gpgconf related targets. Just keep
gpgconf.ctl.in in EXTRA_DIST
* tests/cms/Makefile.am (GNUPG_BUILD_ROOT):
* tests/gpgme/Makefile.am (GPGSCM_PATH):
* tests/openpgp/Makefile.am (GNUPG_BUILD_ROOT):
* tests/pkits/Makefile.am (GNUPG_BUILD_ROOT):
* tests/tpm2dtests/defs.scm (tools): Revert to the former values.
* tests/openpgp/defs.scm (tools): Ditto.
--
This
Fixes-commit: 399ebf6d873d4178c1d527aa4df34bf16a76360e
Fixes-commit: 84fcd8e6eb7e0786399e1f6461c3f60b0db2d070
because we ran into problems with the idea of first doing a
test-install for the checks. "make distcheck" turned out to
be too problematic. Symlinks are a better way of doing this.
Also fixes
GnuPG-bug-id: 5634
* tests/openpgp/defs.scm: We expect that stuff is now installed.
(tools): Fix the names.
(intsalled?, bin-prefix): Remove.
(tool-hardcoded): Simplify.
(gpg-conf'): Simplify.
(GNUPG_BUILDDIR): Do not anymore set this envvar.
* tests/tpm2dtests/defs.scm: Ditto.
--
This simplifies things a bit.
* tests/gpgconf.ctl.in: New.
* tests/Makefile.am (EXTRA_DIST): Add new file.
(TESTINST_DIRS): New.
(clean-local): New.
(clean-local-testinst): New.
(check-recursive): New hook.
(bin/gpgconf.ctl): Run a test install.
* tests/cms/Makefile.am (TESTS_ENVIRONMENT): Set new envvar
GNUPG_BUILD_ROOT.
* tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto.
--
Right now this helps only with the global configuraion dir which is
now not set and thus the build host'ss own /etc/gnupg does not anymore
affect the build.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/comopt.c, common/comopt.h: New.
* common/Makefile.am: Add them.
* g10/gpg.c: Include comopt.h.
(main): Also parse common.conf.
* sm/gpgsm.c: Include comopt.h.
(main): Set a flag for the --no-logfile option. Parse common.conf.
* tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
pseudo option "use_keyboxd".
(known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
(known_options_gpgsm): Remove "use-keyboxd".
* tests/openpgp/defs.scm (create-gpghome): Create common.conf.
* doc/examples/common.conf: New.
--
Note that --use-keybox still works but prints a warning. We will
eventually remove this option becuase it was marked as an experimental
feature anyway.
It would be too confusing if gpg and gpgsm use different key storages.
Further, other components (e.g. dirmngr or gpg-wks-client) which call
gpg or gpgsm need to be aware that the keyboxd is used and pass that
option on the command line. Now that common.conf is always read (even
if --no-options is used) those tools will work instantly.
* g10/gpg.c: New option --allow-old-cipher-algos.
(set_compliance_option): Set --rfc4880bis explictly to SHA256 and
AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440.
* g10/options.h (opt): Add flags.allow_old_cipher_algos.
* g10/misc.c (print_sha1_keysig_rejected_note): Always print the note
unless in --quiet mode.
* g10/encrypt.c (setup_symkey): Disallow by default algos with a
blocklengt < 128.
(encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES.
* g10/pkclist.c (algo_available): Take care of old cipher also.
(select_algo_from_prefs): Use AES as implicit algorithm by default.
* tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos.
--
GnuPG-bug-id: 3415
* tests/openpgp/all-tests.scm (all-tests): Replace extended-key-format
mode with a new keyboxd mode.
* tests/openpgp/defs.scm (create-gpghome): Ditto.
* tests/openpgp/gpgv.scm: Adjust for keyboxd mode.
* tests/openpgp/issue2419.scm: Fix to allow setting a log-file into
gpg.conf for debugging.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/defs.scm (pipe:gpg): Remove stray dash.
--
The extra dash is problematic at export and import because this does
not export a single key as intended by the tests but does two key
lookups where the second fails because that userid is always "-". For
the current keyring and keybox code this does not matter because it is
ignored. The keyboxd code however is more picky and returns an error.
Fixes-commit: 9609cb20e4caee739b9fc4fd36797029d2970041
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Take care: Running under valgrind takes loooong and in some case you
may run into an valgrind internal error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list. Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--
There is no need to read the list of options from the components
unless they convey a default value. It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed. Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
new field TAG.
* g10/kbnode.c (alloc_node): Change accordingly.
* g10/import.c (import_one): Add arg r_valid.
(sec_to_pub_keyblock): Set tags.
(resync_sec_with_pub_keyblock): New.
(import_secret_one): Change return code to gpg_error_t. Return an
error code if sec_to_pub_keyblock failed. Resync secret keyblock.
--
When importing an invalid secret key ring for example without key
binding signatures or no UIDs, gpg used to let gpg-agent store the
secret keys anyway. This is clearly a bug because the diagnostics
before claimed that for example the subkeys have been skipped.
Importing the secret key parameters then anyway is surprising in
particular because a gpg -k does not show the key. After importing
the public key the secret keys suddenly showed up.
This changes the behaviour of
GnuPG-bug-id: 4392
to me more consistent but is not a solution to the actual bug.
Caution: The ecc.scm test now fails because two of the sample keys
don't have binding signatures.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/defs.scm: Add "disable-scdaemon". Remove
"scdaemon-program".
* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"
--
Before this change, running "make check" accesses USB device by
scdaemon on host computer. If there is any smartcard/token available,
it may affect test results. Because default key choice depends on
smartcard/token availability now and existing tests have nothing about
testing smartcard/token, disabling scdaemon is good.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (oAllowMultisigVerification)
(oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
(opts): Turn --allow-multisig-verification, --allow-multiple-messages
and --no-allow-multiple-messages into NOPs
* g10/options.h (struct opt): Remove flags.allow_multiple_messages.
* g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
false.
--
These options are very old compatibility hacks and should not be used
anymore. We keep them as dummy options in case someone has them in
the conf file.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpgscm/gnupg.scm (with-ephemeral-home-directory): Add
teadown-fn.
* tests/gpgsm/export.scm: Use -no-atexit version and stop-agent.
* tests/openpgp/decrypt-session-key.scm: Likewise.
* tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
* tests/openpgp/defs.scm (have-opt-always-trust): Likewise.
(setup-environment-no-atexit): New.
(start-agent): Support no use of atexit.
* tests/gpgsm/gpgsm-defs.scm (setup-gpgsm-environment-no-atexit): New.
* tests/migrations/common.scm (untar-armored): Follow the change
of with-ephemeral-home-directory.
--
When gpg-agent detects homedir removal, it will automatically exit.
Then, call of 'gpgconf --kill all' will fail. So, stop-agent should
be called before the removal of homedir.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (opts): Add new option.
(opt_set_iobuf_size): New var.
(set_debug): Set the option.
* tests/openpgp/armor.scm: Use this option to revert the buffer size
to the one which used to exhibit the tested bugs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/Makefile.am [DISABLE_REGEX] (EXTRA_DIST, XTESTS):
Conditionalize.
* tests/openpgp/all-tests.scm (all-tests): Input file is Makefile.
--
The feature is only valid with !DISABLE_REGEX.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/Makefile.am (XTESTS): Add trust-pgp-4.scm.
(EXTRA_DIST): Remove the test file from EXTRA_DIST.
--
Now that issue 2923 is fixed, the trust-pgp-4 test passes as
expected and we can enable it again. That should help prevent
a future regression on this issue.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* tests/openpgp/defs.scm (create-gpghome): Add s2k-count.
--
My tests show only 2.5% improvement, but as we have that option now
let's use it.
real 9m12.604s
user 2m20.720s
sys 0m11.452s
real 8m3.815s
user 2m16.700s
sys 0m11.544s
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.
--
We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.
GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.
--
We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.
GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
comparison.
--
This is a bug fix for Amelia Earhart who is probably in UTC-12.
When expiration date is specified, GnuPG interprets it as noon of the
date in local time.
Before this fix, the test compared the value by 2145916800 which is
2038-01-01 00:00:00 in UTC with allowance of 1 day. When the test
was ran in UTC-12 timezone, it failed because of noon in the timezone
is midnight of the next day in UTC.
GnuPG-bug-id: 3393
Reported-by: Daniel Kahn Gillmor
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
comparison.
--
This is a bug fix for Amelia Earhart who is probably in UTC-12.
When expiration date is specified, GnuPG interprets it as noon of the
date in local time.
Before this fix, the test compared the value by 2145916800 which is
2038-01-01 00:00:00 in UTC with allowance of 1 day. When the test
was ran in UTC-12 timezone, it failed because of noon in the timezone
is midnight of the next day in UTC.
GnuPG-bug-id: 3393
Reported-by: Daniel Kahn Gillmor
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/Makefile.am (XTESTS): Remove test.
(EXTRA_DIST): Add test file.
--
There are two problems with this test: First a syntax error in the
file name so that the test was not used at all. Second the test
currently returns FAIL.
Fixes-commit: c23a69970ba38edae9d3b2603825d18fbb732423
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/trust-pgp-1.scm: New file.
* tests/openpgp/trust-pgp-2.scm: New file.
* tests/openpgp/trust-pgp-3.scm: New file.
* tests/openpgp/trust-pgp-4.scm: New file.
* tests/openpgp/trust-pgp/common.scm: New file.
* tests/openpgp/trust-pgp/scenario1.asc: New file.
* tests/openpgp/trust-pgp/scenario2.asc: New file.
* tests/openpgp/trust-pgp/scenario3.asc: New file.
* tests/openpgp/trust-pgp/scenario4.asc: New file.
* tests/openpgp/trust-pgp/alice.sec.asc: New file.
* tests/openpgp/trust-pgp/bobby.sec.asc: New file.
* tests/openpgp/trust-pgp/carol.sec.asc: New file.
* tests/openpgp/trust-pgp/david.sec.asc: New file.
* tests/openpgp/trust-pgp/frank.sec.asc: New file.
* tests/openpgp/trust-pgp/grace.sec.asc: New file.
* tests/openpgp/trust-pgp/heidi.sec.asc: New file.
* tests/openpgp/Makefile.am (XTESTS): Add new tests.
(TEST_FILES): Add new files.
(EXTRA_DIST): Add new common file.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
module.
(checktrust): Likewise.
* tests/openpgp/defs.scm (gettrust): New function.
(checktrust): Likewise.
--
These functions will be re-used by the tests for the PGP trust
model.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* tests/openpgp/README: Add quickstart instructions, how to use
shell.scm, remove no longer used MKDATA.
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac: New option --enable-all-tests.
* tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*.
* tests/openpgp/all-tests.scm (all-tests): Use that var instead
of *maintainer-mode*.
* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests.
--
It is better to have a separate option to run all tests than to put
this on top of --enable-maintainer-mode. This way we can also make
sure to run all tests during "make distcheck".
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Leak the maintainer mode flag into 'config.h'.
* tests/gpgscm/ffi.c: Pass it into the scheme environment.
* tests/openpgp/all-tests.scm: Only run tests against non-default
configurations (keyring, extended-key-format) in maintainer mode.
--
Werner is concerned that the tests do take up too much time and asked
me to reduce the runtime of the tests for normal users.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/defs.scm (create-file): Unlink file first.
* tests/openpgp/shell.scm: Ask whether to import legacy test keys or
not, and whether to drop 'batch' from the configuration. Add paths to
all the programs to 'PATH'.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/gpgv.scm: New file.
* tests/openpgp/signed-messages.scm: Likewise.
* tests/openpgp/verify.scm: Move the signed messages to the new file
and load it.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/all-tests.scm: Generalize a bit, and also add a
variant that uses the new extended key format.
* tests/openpgp/defs.scm (create-gpghome): Conditionally enable the
new extended key format.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/defs.scm (start-agent,stop-agent): Use gpg-conf which
will properly use the '--build-prefix' argument to make gpgconf use
tools from the build directory.
GnuPG-bug-id: 3165
Fixes-commit: 2c9d9ac55ea455a5ec26428989dced0311ed46cc
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/gpgme/gpgme-defs.scm: Use the scdaemon from the build tree
when writing a 'gpg-agent.conf'.
* tests/gpgsm/gpgsm-defs.scm: Likewise.
* tests/openpgp/defs.scm: Likewise.
--
As of 97a2394ecafaa6f58e4a1f70ecfd04408dc15606 gpg may query the
scdaemon for a signing key to use. To make sure that the agent calls
the right scdaemon, we provide the path explicitly in the
'gpg-agent.conf' that is used in the tests, similar to what we do for
the agent itself and the pinentry.
GnuPG-bug-id: 3165
Signed-off-by: Justus Winter <justus@g10code.com>