* doc/gpg.texi: Clarify usage and expiration arguments for key
generation.
* tests/openpgp/quick-key-manipulation.scm: Test all variants.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/gpgscm/ffi.c (do_get_time): New function.
(ffi_init): Expose new function.
* tests/gpgscm/ffi.scm (get-time): Document new function.
* tests/gpgscm/time.scm: New file.
* tests/openpgp/quick-key-manipulation.scm: Use the new facilities to
check the expiration times of created keys.
* tests/openpgp/tofu.scm: Use the new module.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/export.c (export_ssh_key): Also check the primary key.
--
If no suitable subkey was found for export, we now check whether the
primary key is suitable for export and export this one. Without this
change it was only possible to export the primary key by using the '!'
suffix in the key specification.
Also added a sample key for testing this.
GnuPG-bug-id: 2957
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (gnupg_fd_valid): New function.
* common/sysutils.h (gnupg_fd_valid): New declaration.
* common/logging.c (log_set_file): Use the new function.
* g10/cpr.c (set_status_fd): Likewise.
* g10/gpg.c (main): Likewise.
* g10/keylist.c (read_sessionkey_from_fd): Likewise.
* g10/passphrase.c (set_attrib_fd): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/issue2941.scm: New file.
--
Consider a situation where the user passes "--status-fd 3" but file
descriptor 3 is not open.
During the course of executing the rest of the commands, it's possible
that gpg itself will open some files, and file descriptor 3 will get
allocated.
In this situation, the status information will be appended directly to
whatever file happens to have landed on fd 3 (the trustdb? the
keyring?).
This is a potential data destruction issue for all writable file
descriptor options:
--status-fd
--attribute-fd
--logger-fd
It's also a potential issue for readable file descriptor options, but
the risk is merely weird behavior, and not data corruption:
--override-session-key-fd
--passphrase-fd
--command-fd
Fixes this by checking whether the fd is valid early on before using
it.
GnuPG-bug-id: 2941
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/ssh-import.scm (path): New variable.
(ssh,ssh-keygen,ssh-version,ssh-supports?): Likewise.
--
Skip algorithms not supported by the OpenSSH in the ssh import test.
This notably fixes the test on macOS when the stock ssh version is
used.
GnuPG-bug-id: 2847
GnuPG-bug-id: 2947
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/issue2929.scm: New file.
--
This test demonstrates a problem with the TOFU trust model when a new
key is created.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/Makefile.am (XTESTS): Re-add gpgconf.scm.
--
This partially reverts 25e0298238.
That change was not sufficiently motivated, and our continuous
integration server shows no recent distcheck failures.
Signed-off-by: Justus Winter <justus@g10code.com>
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Also test gpgtar and
wks-tools. Disable ntbtls.
* tests/openpgp/Makefile.am (XTESTS): Temporary remove gpgconf.scm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/defs.scm (percent-encode): New function.
(gpg-conf): Generalize so that we can feed stdin.
(gpg-config): New function.
* tests/openpgp/gpgconf.scm: New file.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/defs.scm (with-ephemeral-home-directory): Make
hygienic, use define-macro, do not change to the ephemeral home
directory.
* tests/gpgsm/setup.scm: Change to the ephemeral home directory.
* tests/openpgp/setup.scm: Likewise.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/defs.scm (percent-decode): New function.
(bin-prefix): New variable.
(installed?): Likewise.
(tool-hardcoded): Use the new variables.
(gpg-conf): Use the new function to decode the values.
(gpg-components): Do not use '--build-prefix' when 'installed?'.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/Makefile.am (TEST_FILES): Add new file.
* tests/openpgp/defs.scm (plain-files): Add 'plain-large'.
(all-files): New variable.
(create-sample-files): New function.
(create-legacy-gpghome): Use new function.
* tests/openpgp/plain-large.asc: New file.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/run-tests.scm: Use sequential test runner if only one
test is given.
--
This allows one to set the environment variable TESTFLAGS to
'--parallel' and enjoy faster test execution times without interfering
with stdio when one works on a single test.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/tofu.scm (GPGTIME): Define the "standard" base time.
(faketime): New function.
(days->seconds): Likewise.
(GPG): Use faketime.
(check-counts): Also check the number of expected days with signatures
and encryptions. Update callers. Extend tests.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (opts): Rename options.
(main): Update errors.
* doc/gpg.texi: Update accordingly.
--
I decided not to keep the old versions as aliases in the documentation
because the interface is a fairly recent addition.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* common/homedir.c (gnupg_build_directory): New variable.
(gnupg_module_name_called): Likewise.
(gnupg_set_builddir): New function.
(gnupg_set_builddir_from_env): Likewise.
(gnupg_module_name): Support locating components in the build tree.
* common/util.h (gnupg_set_builddir): New prototype.
* tests/openpgp/defs.scm (tools): Drop 'gpg and 'gpg-agent.
(tool): Rename to 'tool-hardcoded.
(gpg-conf): New function, with accessors for the results.
(gpg-components): New variable.
(tool): New function.
* tools/gpgconf.c (enum cmd_and_opt_values): New key.
(opts): New option '--build-prefix'.
(main): Handle new option.
--
This change makes sure that the components from the build tree are
used, and not some older installed version in PATH. It also lets us
make GPGME use components from the build tree, making it possible to
execute GPGME's test suite with them.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/defs.scm (gpg-has-option?): New function.
(have-opt-always-trust): Use a simpler test for that option. This way
that is less distracting when we run the tests with verbose=3.
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpg.texi: Document that fact.
* g10/keygen.c (quick_generate_keypair): Use a default value.
* tests/openpgp/quick-key-manipulation.scm: Test that fact.
GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/run-tests.scm (locate-test): New function.
(test): Factor-out the code starting the child process.
(test::binary): New function.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/quick-key-manipulation.scm: Do not update the trust
database, rather be more specific when filtering the user ids.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/tofu-2183839A-1.txt: Remove file.
* tests/openpgp/tofu-BC15C85A-1.txt: Remove file.
* tests/openpgp/tofu-EE37CF96-1.txt: Remove file.
* tests/openpgp/tofu-keys-secret.asc: Remove file.
* tests/openpgp/tofu-keys.asc: Remove file.
* tests/openpgp/tofu/conflicting/1C005AF3.gpg: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-1.txt: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-2.txt: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-3.txt: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-4.txt: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-5.txt: New file.
* tests/openpgp/tofu/conflicting/B662E42F.gpg: New file.
* tests/openpgp/tofu/conflicting/B662E42F-secret.gpg: New file.
* tests/openpgp/tofu/conflicting/B662E42F-1.txt: New file.
* tests/openpgp/tofu/conflicting/B662E42F-2.txt: New file.
* tests/openpgp/tofu/conflicting/B662E42F-3.txt: New file.
* tests/openpgp/tofu/conflicting/B662E42F-4.txt: New file.
* tests/openpgp/tofu/conflicting/B662E42F-5.txt: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B.gpg: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-1.txt: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-2.txt: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-3.txt: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-4.txt: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-5.txt: New file.
* tests/openpgp/tofu/conflicting/README: New file.
* tests/openpgp/tofu.scm: Update accordingly.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
There are two motivations for this change. First, we decided that
test data should live in a subdirectory rather than in tests/openpgp.
Second, secret key material is password protected, and I don't
remember the password that I used. (The new data is not password
protected.) I have also added some new examples of signed messages.
* tests/openpgp/Makefile.am (sample_msgs): Add messages required for
the new test 'verify-multifile.scm'.
Fixes-commit: 12af8e84a3
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/trustdb.c (tdb_utks): New function.
* g10/tofu.c (check_utks): New function.
(initdb): Call it.
* tests/openpgp/tofu.scm: Modify test to check the effective policy of
keys whose effective policy changes when we change the set of UTKs.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
If the set of ultimately trusted keys changes, then it is possible
that a binding's effective policy changes. To deal with this, we
detect when the set of ultimately trusted keys changes and invalidate
all cached policies.
