Bug #102651 for GnuPG-Interface: GnuPG-interface together with gnupg 2.1+

Attached is a series of 7 patches that let the GnuPG::Interface test suite work with GnuPG 2.1. These patches can also be found on the improve-test-suite branch at git://lair.fifthhorseman.net/~dkg/gnupg-interface (commit ID f5ca0742dd1f724de1765679b493d4cfb7ea216b). If you want to try them out: git remote add dkg git://lair.fifthhorseman.net/~dkg/gnupg-interface git remote update dkg git checkout -b improve-test-suite dkg/improve-test-suite perl Makefile.PL make test Feel free to merge them directly if you like 'em :) GnuPG 2.1 hasn't actually changed the interface to GnuPG very much: there's a little bit of a change around expectations of where the passphrase comes from and who needs to have access to it, but that's a positive change that helps users to isolate which processes have access to their secret key material What has changed more significantly is the structure of the files in GnuPG's homedir, which has never been part of GnuPG's publicly-declared stable interface, and GnuPG::Interface's test/ directory sort of implicitly assumed that it was. The revised test suite now uses a temporary/throwaway GnuPG homedir, which it seeds with the data from test/ , rather than assuming that test/ can act as a pre-formed homedir in the first place. You'll note that there's very little changed in the non-test-suite part of GnuPG::Interface with this series. --dkg

From d49813d8b82245b1d7b6c7541aa80ed92b249557 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Date: Tue, 13 Sep 2016 10:38:12 -0400 Subject: [PATCH 1/7] Generalize the test suite The test suite currently assumes it knows something about the internal state of GnuPG's homedir. It's safer and less brittle to rely explicitly on the public interface that GnuPG has committed to, such as --import-keys and --list-keys, rather than assuming that certain files are in certain places in the GnuPG homedir. It's also better to create a fresh homedir and allow GnuPG to populate it during the test suite, cleaning it up at the end, rather than hope that GnuPG will leave a pre-existing homedir untouched. With this change, many more of the tests pass when /usr/bin/gpg is provided by GnuPG 2.1. --- .gitignore | 2 -- t/000_setup.t | 28 ++++++++++++++++++++++++++++ t/MyTestSpecific.pm | 2 +- t/zzz_cleanup.t | 17 +++++++++++++++++ test/fake-pinentry.pl | 28 ++++++++++++++++++++++++++++ test/{options => gpg.conf} | 0 test/secret-keys/1.0.test | 4 ++-- 7 files changed, 76 insertions(+), 5 deletions(-) create mode 100644 t/000_setup.t create mode 100644 t/zzz_cleanup.t create mode 100755 test/fake-pinentry.pl rename test/{options => gpg.conf} (100%) diff --git a/.gitignore b/.gitignore index 3100061..44e438a 100644 --- a/.gitignore +++ b/.gitignore @@ -6,8 +6,6 @@ /pm_to_blib *.tar.gz /test/*/*.out -/test/random_seed /test/temp -/test/trustdb.gpg /MYMETA.* /MANIFEST.SKIP.bak diff --git a/t/000_setup.t b/t/000_setup.t new file mode 100644 index 0000000..7f7f7b0 --- /dev/null +++ b/t/000_setup.t @@ -0,0 +1,28 @@ +#!/usr/bin/perl -w + +use strict; +use English qw( -no_match_vars ); + +use lib './t'; +use MyTest; +use MyTestSpecific; +use Cwd; +use File::Path qw (make_path); +use File::Copy; + +TEST +{ + make_path('test/gnupghome', { mode => 0700 }); + my $agentconf = IO::File->new( "> test/gnupghome/gpg-agent.conf" ); + $agentconf->write("pinentry-program " . getcwd() . "/test/fake-pinentry.pl\n"); + $agentconf->close(); + copy('test/gpg.conf', 'test/gnupghome/gpg.conf'); + reset_handles(); + + my $pid = $gnupg->import_keys(command_args => [ 'test/pubring.gpg', 'test/secring.gpg' ], + options => [ 'batch'], + handles => $handles); + waitpid $pid, 0; + + return $CHILD_ERROR == 0; +}; diff --git a/t/MyTestSpecific.pm b/t/MyTestSpecific.pm index 053b749..1af98ae 100644 --- a/t/MyTestSpecific.pm +++ b/t/MyTestSpecific.pm @@ -40,7 +40,7 @@ use vars qw( @ISA @EXPORT $gnupg = GnuPG::Interface->new( passphrase => 'test' ); -$gnupg->options->hash_init( homedir => 'test', +$gnupg->options->hash_init( homedir => 'test/gnupghome', armor => 1, meta_interactive => 0, meta_signing_key_id => '0xF950DA9C', diff --git a/t/zzz_cleanup.t b/t/zzz_cleanup.t new file mode 100644 index 0000000..5c03a72 --- /dev/null +++ b/t/zzz_cleanup.t @@ -0,0 +1,17 @@ +#!/usr/bin/perl -w + +use strict; +use English qw( -no_match_vars ); + +use lib './t'; +use MyTest; +use MyTestSpecific; +use File::Path qw (remove_tree); + +# this is actually no test, just cleanup. +TEST +{ + my $err = []; + remove_tree('test/gnupghome', {error => \$err}); + return ! @$err; +}; diff --git a/test/fake-pinentry.pl b/test/fake-pinentry.pl new file mode 100755 index 0000000..12d3611 --- /dev/null +++ b/test/fake-pinentry.pl @@ -0,0 +1,28 @@ +#!/usr/bin/perl -w +# Use this for your test suites when a perl interpreter is available. +# +# The encrypted keys in your test suite that you expect to work must +# be locked with a passphrase of "test" +# +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# License: This trivial work is hereby explicitly placed into the +# public domain. Anyone may reuse it, modify it, redistribute it for +# any purpose. + +use strict; +use warnings; + +# turn off buffering +$| = 1; + +print "OK This is only for test suites, and should never be used in production\n"; +while (<STDIN>) { + chomp; + next if (/^$/); + next if (/^#/); + print ("D test\n") if (/^getpin/i); + print "OK\n"; + exit if (/^bye/i); +} +1; diff --git a/test/options b/test/gpg.conf similarity index 100% rename from test/options rename to test/gpg.conf diff --git a/test/secret-keys/1.0.test b/test/secret-keys/1.0.test index 5999484..129d472 100644 --- a/test/secret-keys/1.0.test +++ b/test/secret-keys/1.0.test @@ -1,5 +1,5 @@ -test/secring.gpg ----------------- +test/gnupghome/secring.gpg +-------------------------- sec 1024D/F950DA9C 2000-02-06 uid GnuPG test key (for testing purposes only) uid Foo Bar (1) -- 2.9.3

From aaf67ea6dec9a648153cae981c5f245c0ba3d1d4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Date: Tue, 13 Sep 2016 11:35:31 -0400 Subject: [PATCH 2/7] subkey validity of an key when we have established no trust anchors This apparently isn't tested by deep comparisons, though, so it was never caught. --- t/get_public_keys.t | 2 +- t/get_secret_keys.t | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/t/get_public_keys.t b/t/get_public_keys.t index 53db021..73e320b 100644 --- a/t/get_public_keys.t +++ b/t/get_public_keys.t @@ -175,7 +175,7 @@ TEST ]; my $subkey = GnuPG::SubKey->new - ( validity => 'u', + ( validity => '-', length => 768, algo_num => 16, hex_id => 'ADB99D9C2E854A6B', diff --git a/t/get_secret_keys.t b/t/get_secret_keys.t index 3a1d99f..7bba083 100644 --- a/t/get_secret_keys.t +++ b/t/get_secret_keys.t @@ -48,7 +48,7 @@ TEST my $subkey = GnuPG::SubKey->new - ( validity => 'u', + ( validity => '-', length => 768, algo_num => 16, hex_id => 'ADB99D9C2E854A6B', -- 2.9.3

From f055042f0aacd0037043e03305b9dca37316a078 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Date: Tue, 13 Sep 2016 11:39:04 -0400 Subject: [PATCH 3/7] ensure that test covers all signatures The earlier test wasn't reporting on one of the known self-sigs for the test key for some reason. This change ensures that all known signatures are present. --- t/get_public_keys.t | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/t/get_public_keys.t b/t/get_public_keys.t index 73e320b..9e96f7d 100644 --- a/t/get_public_keys.t +++ b/t/get_public_keys.t @@ -83,7 +83,17 @@ TEST date_string => '2000-02-06', hex_id => '53AE596EF950DA9C', sig_class => 0x13, - validity => '!')); + validity => '!'), + GnuPG::Signature->new( + date => 1177086329, + algo_num => 17, + is_exportable => 1, + user_id_string => 'GnuPG test key (for testing purposes only)', + date_string => '2007-04-20', + hex_id => '53AE596EF950DA9C', + sig_class => 0x13, + validity => '!'), + ); my $uid1 = GnuPG::UserId->new( as_string => 'Foo Bar (1)', validity => '-'); -- 2.9.3

From decf5614281405d837675e74fdb0b2e00d8cf8a7 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Date: Tue, 13 Sep 2016 14:31:38 -0400 Subject: [PATCH 4/7] add $gpg_is_modern to test suite MyTestSpecific.pm now produces a new variable indicating whether it the version of GnuPG we run against is from the "Modern" line of GnuPG development (2.1 or later). This will be useful when comparing output that we can't expect from earlier versions. --- t/MyTestSpecific.pm | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/t/MyTestSpecific.pm b/t/MyTestSpecific.pm index 1af98ae..a309698 100644 --- a/t/MyTestSpecific.pm +++ b/t/MyTestSpecific.pm @@ -29,17 +29,20 @@ use GnuPG::Handles; use vars qw( @ISA @EXPORT $stdin $stdout $stderr $gpg_program $handles $gnupg - %texts + %texts $gpg_is_modern ); @ISA = qw( Exporter ); @EXPORT = qw( stdin stdout stderr gnupg_program handles reset_handles - texts file_match + texts file_match gpg_is_modern ); $gnupg = GnuPG::Interface->new( passphrase => 'test' ); +my @version = split('\.', $gnupg->version()); +$gpg_is_modern = ($version[0] > 2 || ($version[0] == 2 && $version[1] >= 1)); + $gnupg->options->hash_init( homedir => 'test/gnupghome', armor => 1, meta_interactive => 0, -- 2.9.3

From 4485328c396ad82f0df7833e766913d40d6a5d10 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Date: Tue, 13 Sep 2016 14:12:40 -0400 Subject: [PATCH 5/7] Modern GnuPG (2.1) reports more detail about secret keys the GnuPG "modern" suite (version 2.1 or later) reports more detail about secret keys than previous versions did. In particular, it reports stored ownertrust, public key data, and designated revokers for secret keys. Older versions only reported those attributes for public keys. This patch adjusts the test suite to ensure that our handmade key matches the produced key when /usr/bin/gpg is supplied by the modern suite. --- t/get_secret_keys.t | 66 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 54 insertions(+), 12 deletions(-) diff --git a/t/get_secret_keys.t b/t/get_secret_keys.t index 7bba083..c798cce 100644 --- a/t/get_secret_keys.t +++ b/t/get_secret_keys.t @@ -23,16 +23,34 @@ TEST return 0 unless @returned_keys == 1; $given_key = shift @returned_keys; - - $handmade_key = GnuPG::PrimaryKey->new - ( length => 1024, + my $pubkey_data = [ + Math::BigInt->from_hex('0x'. + '88FCAAA5BCDCD52084D46143F44ED1715A339794641158DE03AA2092AFD3174E3DCA2CB7DF2DDC6FEDF7C3620F5A8BDAD06713E6153F8748DD76CB97305F30CBA8F8801DB47FAC11EED725F55672CB9BDAD629178A677CBB089B3E8AE0D9A9AD7741697A35F2868C62D25670994A92D810480173DC24263EEA0F103A43C0B64B'), + Math::BigInt->from_hex('0x'. + '8F2A3842C70FF17660CBB78C78FC93F534AB9A17'), + Math::BigInt->from_hex('0x'. + '83E348C2AA65F56DE84E8FDCE6DA7B0991B1C75EC8CA446FA85869A43350907BFF36BE512385E8E7E095578BB2138C04E318495873218286DE2B8C86F36EA670135434967AC798EBA28581F709F0C6B696EB512D3E561E381A06E4B5239BCC655015F9A926C74E4B859B26EAD604F208A556511A76A40EDCD9C38E6BD82CCCB4'), + Math::BigInt->from_hex('0x'. + '80DE04C85E30C9D62C13F90CFF927A84A5A59D0900B3533D4D6193FEF8C5DAEF9FF8A7D5F76B244FBC17644F50D524E0B19CD3A4B5FC2D78DAECA3FE58FA1C1A64E6C7B96C4EE618173543163A72EF954DFD593E84342699096E9CA76578AC1DE3D893BCCD0BF470CEF625FAF816A0F503EF75C18C6173E35C8675AF919E5704') + ]; + + + my $args = { + length => 1024, algo_num => 17, hex_id => '53AE596EF950DA9C', creation_date => 949813093, creation_date_string => '2000-02-06', - owner_trust => '', # secret keys do not report ownertrust? + owner_trust => '-', usage_flags => 'scaESCA', - ); + pubkey_data => $pubkey_data, + }; + if (!$gpg_is_modern) { + # older versions don't report ownertrust or pubkey_data for secret keys: + delete $args->{pubkey_data}; + $args->{owner_trust} = ''; + } + $handmade_key = GnuPG::PrimaryKey->new($args); $handmade_key->fingerprint ( GnuPG::Fingerprint->new( as_hex_string => @@ -42,20 +60,42 @@ TEST $handmade_key->push_user_ids( GnuPG::UserId->new( as_string => 'GnuPG test key (for testing purposes only)', - validity => ''), # secret keys do not report uid validity? + validity => $args->{owner_trust}), GnuPG::UserId->new( as_string => 'Foo Bar (1)', - validity => '')); # secret keys do not report uid validity? - - - my $subkey = GnuPG::SubKey->new - ( validity => '-', + validity => $args->{owner_trust})); + + my $revoker = GnuPG::Revoker->new + ( algo_num => 17, + class => 0x80, + fingerprint => GnuPG::Fingerprint->new( as_hex_string => + '4F863BBBA8166F0A340F600356FFD10A260C4FA3'), + ); + + my $subkey_pub_data = [ + Math::BigInt->from_hex('0x'. + '8831982DADC4C5D05CBB01D9EAF612131DDC9C24CEA7246557679423FB0BA42F74D10D8E7F5564F6A4FB8837F8DC4A46571C19B122E6DF4B443D15197A6A22688863D0685FADB6E402316DAA9B560D1F915475364580A67E6DF0A727778A5CF3'), + Math::BigInt->from_hex('0x'. + '6'), + Math::BigInt->from_hex('0x'. + '2F3850FF130C6AC9AA0962720E86539626FAA9B67B33A74DFC0DE843FF3E90E43E2F379EE0182D914FA539CCCF5C83A20DB3A7C45E365B8A2A092E799A3DFF4AD8274EB977BAAF5B1AFB2ACB8D6F92454F01682F555565E73E56793C46EF7C3E') + ]; + + my $sub_args = { + validity => '-', length => 768, algo_num => 16, hex_id => 'ADB99D9C2E854A6B', creation_date => 949813119, creation_date_string => '2000-02-06', usage_flags => 'e', - ); + pubkey_data => $subkey_pub_data, + }; + + if (!$gpg_is_modern) { + # older versions do not report pubkey data for secret keys + delete $sub_args->{pubkey_data}; + } + my $subkey = GnuPG::SubKey->new($sub_args); $subkey->fingerprint ( GnuPG::Fingerprint->new( as_hex_string => @@ -64,6 +104,8 @@ TEST ); $handmade_key->push_subkeys( $subkey ); + # older versions do not report designated revokers for secret keys + $handmade_key->push_revokers( $revoker ) if ($gpg_is_modern); $handmade_key->compare( $given_key ); }; -- 2.9.3

From 7a4a380fdec841d87627acdfaff6aae104b23d95 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Date: Tue, 13 Sep 2016 14:46:13 -0400 Subject: [PATCH 6/7] test suite: match plaintext output across versions of GnuPG The human-readable version of --list-keys is *not* expected to be static over time or as the user's environment changes (e.g. LANG or LC_MESSAGES), so expecting it to be machine-parseable is probably a mistake. That said, some users might want to pull textual information about specific keys to display directly to the user, so it's not a terrible idea to have it in the test suite. Modern GnuPG (2.1 or later) changes the default structure of the human-readable output in a few significant ways: * it writes the path to the keyring as an absolute path, even if $GNUPGHOME is set to a non-absolute path. * it shows the calculated user id validity by default (see show-uid-validity in gpg's --list-options). (note that this is a translated string, so that "unknown" (in the default C locale) becomes "inconnue" when LANG or LC_MESSAGES is set to fr_CH.UTF-8, for example. * it writes the key algorithm names differently (e.g. rsa2048 instead of 2048R) * it does not display the key ID at all by default * it displays the full fingerprint in compact form by default This changeset fixes the test suite so that it can do a rough verification of the human-readable text output by list_secret_keys in the C locale in modern versions of GnuPG, while leaving it working for older GnuPG suites. --- t/list_secret_keys.t | 13 +++++++++++-- test/secret-keys/1.modern.test | 8 ++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 test/secret-keys/1.modern.test diff --git a/t/list_secret_keys.t b/t/list_secret_keys.t index 1fe9b7e..e64161c 100644 --- a/t/list_secret_keys.t +++ b/t/list_secret_keys.t @@ -16,13 +16,20 @@ TEST { reset_handles(); + $ENV{LC_MESSAGES} = 'C'; my $pid = $gnupg->list_secret_keys( handles => $handles ); close $stdin; $outfile = 'test/secret-keys/1.out'; my $out = IO::File->new( "> $outfile" ) or die "cannot open $outfile for writing: $ERRNO"; - $out->print( <$stdout> ); + while (<$stdout>) { + if ($gpg_is_modern && /\/.*\/test\/gnupghome\/pubring.kbx$/) { + $out->print("test/gnupghome/pubring.kbx\n"); + } else { + $out->print( $_ ); + } + } close $stdout; $out->close(); waitpid $pid, 0; @@ -33,7 +40,9 @@ TEST TEST { - my @files_to_test = ( 'test/secret-keys/1.0.test' ); + my $suffix = '0'; + $suffix = 'modern' if ($gpg_is_modern); + my @files_to_test = ( 'test/secret-keys/1.'.$suffix.'.test' ); return file_match( $outfile, @files_to_test ); }; diff --git a/test/secret-keys/1.modern.test b/test/secret-keys/1.modern.test new file mode 100644 index 0000000..7ee9ba9 --- /dev/null +++ b/test/secret-keys/1.modern.test @@ -0,0 +1,8 @@ +test/gnupghome/pubring.kbx +------------------------------------------------------------- +sec dsa1024 2000-02-06 [SCA] + 93AFC4B1B0288A104996B44253AE596EF950DA9C +uid [ unknown] GnuPG test key (for testing purposes only) +uid [ unknown] Foo Bar (1) +ssb elg768 2000-02-06 [E] + -- 2.9.3

From f5ca0742dd1f724de1765679b493d4cfb7ea216b Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Date: Tue, 13 Sep 2016 15:22:27 -0400 Subject: [PATCH 7/7] fix test_default_key_passphrase when passphrase comes from agent In the modern GnuPG suite, where the passphrase is always managed by the agent, gpg itself doesn't emit the GOOD_PASSPHRASE status. Instead, if signing is successful it emits plain old SIG_CREATED. There are probably even better ways to test whether a given key is unlocked in this case, but this is a straightforward baseline fix that should get this part of the test suite to pass with all available versions of GnuPG. --- lib/GnuPG/Interface.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/GnuPG/Interface.pm b/lib/GnuPG/Interface.pm index 83a4b1a..1f1e6d5 100644 --- a/lib/GnuPG/Interface.pm +++ b/lib/GnuPG/Interface.pm @@ -808,7 +808,7 @@ sub test_default_key_passphrase() { # all we realy want to check is the status fh while (<$status>) { - if (/^\[GNUPG:\]\s*GOOD_PASSPHRASE/) { + if (/^\[GNUPG:\]\s*(GOOD_PASSPHRASE|SIG_CREATED)/) { waitpid $pid, 0; return 1; } -- 2.9.3