source: mod_gnutls/debian/patches/0001-ensure-cleanup-of-gpg-v2.1-keyrings-as-well.patch @ 06056cb

debian/masterdebian/stretch-backportsjessie-backports
Last change on this file since 06056cb was 06056cb, checked in by Daniel Kahn Gillmor <dkg@…>, 4 years ago

adjust test suite to work with gpg "modern" as well as "classic"

  • Property mode set to 100644
File size: 5.6 KB
  • test/Makefile.am

    From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    Date: Sun, 17 Apr 2016 16:22:45 -0400
    Subject: ensure cleanup of gpg v2.1 keyrings as well
    
    depending on the version of gpg, the choices of secret keyrings, and
    the behavior when exporting secret key material is different.
    
    for example, see https://bugs.gnupg.org/gnupg/issue2324, and the fact
    that secret keys are stored in different locations.
    
    This change allows the test suite to work with all known major
    versions of GnuPG.
    ---
     test/Makefile.am |  5 +++--
     test/pgpcrc.c    | 40 ++++++++++++++++++++++++++++++++++++++++
     test/test_ca.mk  | 28 ++++++++++++++++++----------
     3 files changed, 61 insertions(+), 12 deletions(-)
     create mode 100644 test/pgpcrc.c
    
    diff --git a/test/Makefile.am b/test/Makefile.am
    index a93d153..c17ab0f 100644
    a b x509_identities = $(shared_identities) $(x509_only_identities) 
    4141identities = $(shared_identities) $(x509_only_identities)
    4242# Append strings after ":=" to each identity to generate a list of
    4343# necessary files
    44 pgp_tokens = $(pgp_identities:=/secring.gpg) $(pgp_identities:=/cert.pgp) \
     44pgp_tokens = $(pgp_identities:=/cert.pgp) \
    4545        $(pgp_identities:=/secret.pgp)
    4646x509_keys = $(x509_identities:=/secret.key)
    4747x509_certs = $(x509_identities:=/x509.pem)
    MOSTLYCLEANFILES += */x509.pem $(generated_templates) *.uid 
    9292# the X.509 private keys and certificates with an expiration time of
    9393# one day, so regenerating them is both fast and frequently
    9494# necessary.
    95 MOSTLYCLEANFILES += */*.pgp */*.gpg */*.gpg~ */gpg.conf authority/lock
     95MOSTLYCLEANFILES += */*.pgp */*.gpg */*.gpg~ */gpg.conf authority/lock */*.kbx */*.kbx~ */S.gpg-agent */private-keys-v1.d/*
    9696# GnuPG random pool, no need to regenerate on every build
    9797CLEANFILES += authority/random_seed
    9898
    clean-local: 
    148148if USE_MSVA
    149149        -rmdir $(msva_home) || true
    150150endif
     151        rm -f pgpcrc
    151152
    152153# Apache configuration and data files
    153154apache_data = base_apache.conf cgi_module.conf data/* mime.types proxy_mods.conf
  • new file test/pgpcrc.c

    diff --git a/test/pgpcrc.c b/test/pgpcrc.c
    new file mode 100644
    index 0000000..a5bd437
    - +  
     1#include <unistd.h>
     2#include <arpa/inet.h>
     3
     4/* from RFC 4880 section 6.1 */
     5#define CRC24_INIT 0xB704CEL
     6#define CRC24_POLY 0x1864CFBL
     7
     8typedef long crc24;
     9crc24 crc_octets(unsigned char *octets, size_t len)
     10{
     11    crc24 crc = CRC24_INIT;
     12    int i;
     13    while (len--) {
     14        crc ^= (*octets++) << 16;
     15        for (i = 0; i < 8; i++) {
     16            crc <<= 1;
     17            if (crc & 0x1000000)
     18                crc ^= CRC24_POLY;
     19        }
     20    }
     21    return crc & 0xFFFFFFL;
     22}
     23
     24
     25int main()
     26{
     27    crc24 output;
     28    int i = 0;
     29    unsigned char o;
     30    unsigned char indata[100000];
     31    ssize_t rr = read(0, indata, sizeof(indata));
     32    if (rr <= 0)
     33        return 1;
     34    output = crc_octets(indata, rr);
     35    for (i = 2; i >= 0; i--) {
     36        o = ((output >> (8 * i)) & 0xff);
     37        write(1, &o, sizeof(o));
     38    }
     39    return 0;
     40}
  • test/test_ca.mk

    diff --git a/test/test_ca.mk b/test/test_ca.mk
    index d4c0a72..b896110 100644
    a b  
    33# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    44# Thomas Klute <thomas2.klute@uni-dortmund.de>
    55
     6pgpcrc: pgpcrc.c
     7        gcc -o $@ $<
     8
    69# General rules to set up a miniature CA & server & client environment
    710# for the test suite
    811
     
    1720        chmod 0700 $(dir $@)
    1821        certtool --generate-privkey > $@
    1922
    20 %/secring.gpg: %.uid %/secret.key
    21         rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
    22         PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
    23         printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
     23%/secret.pgp.raw: %.uid %/secret.key
     24        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key > $@
    2425
    25 %/gpg.conf: %/secring.gpg
    26         printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
     26%/secret.pgp: %/secret.pgp.raw pgpcrc
     27        (printf -- '-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: test\n\n' && \
     28        base64 < $< && \
     29        printf -- '=' && \
     30        ./pgpcrc < $< | base64 && \
     31        printf -- '-----END PGP PRIVATE KEY BLOCK-----\n' ) > $@
    2732
    28 %/secret.pgp: %/secring.gpg
    29         GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
     33%/gpg.conf: %/secret.pgp
     34        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg $(dir $@)pubring.kbx $(dir $@)private-keys-v1.d/*.key
     35        GNUPGHOME=$(dir $@) gpg --import $<
     36        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
     37        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
    3038
    31 %/minimal.pgp: %/secring.gpg
    32         GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
     39%/minimal.pgp: %/gpg.conf
     40        GNUPGHOME=$(dir $@) gpg --output $@ --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    3341
    3442# Import and signing modify the shared keyring, which leads to race
    3543# conditions with parallel make. Locking avoids this problem.
Note: See TracBrowser for help on using the repository browser.