Changeset 04addef in mod_gnutls


Ignore:
Timestamp:
Jun 13, 2016, 1:32:44 AM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
16ad0eb
Parents:
0831437
Message:

Test suite: Always lock authority PGP keyring

I've occasionally observed PGP authentication failing in
test-14_basic_openpgp.bash due to problems with server/cert.pgp. Debug
runs and analysis of GnuTLS source code point at problems with the
exported signatures.

The former lack of locking during exports from the authority seems
like the likeliest culprit: a parallel access might have damaged the
keyring, in particular key and signature creation times.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • test/test_ca.mk

    r0831437 r04addef  
    4343
    4444# Import and signing modify the shared keyring, which leads to race
    45 # conditions with parallel make. Locking avoids this problem.
    46 %/cert.pgp: %/minimal.pgp authority/gpg.conf
     45# conditions with parallel make. Locking avoids this problem. Building
     46# authority/minimal.pgp (instead of just authority/gpg.conf) before
     47# */cert.pgp avoids having to lock for all */minimal.pgp, too.
     48%/cert.pgp: %/minimal.pgp authority/minimal.pgp
    4749        if test -r $@; then rm $@; fi
    4850        GNUPGHOME=authority $(GPG_FLOCK) gpg --import $<
    4951        GNUPGHOME=authority $(GPG_FLOCK) gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    50         GNUPGHOME=authority gpg --output $@ --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
     52        GNUPGHOME=authority $(GPG_FLOCK) gpg --output $@ --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    5153
    5254# special cases for the authorities' root certs:
Note: See TracChangeset for help on using the changeset viewer.