Changeset d70dd6e in mod_gnutls


Ignore:
Timestamp:
May 27, 2016, 8:12:04 PM (2 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
298dc66
Parents:
0bda20f
git-author:
Daniel Kahn Gillmor <dkg@…> (04/17/16 16:22:45)
git-committer:
Thomas Klute <thomas2.klute@…> (05/27/16 20:12:04)
Message:

ensure cleanup of gpg v2.1 keyrings as well

depending on the version of gpg, the choices of secret keyrings, and
the behavior when exporting secret key material is different.

for example, see https://bugs.gnupg.org/gnupg/issue2324, and the fact
that secret keys are stored in different locations.

This change allows the test suite to work with all known major
versions of GnuPG.

Location:
test
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • test/Makefile.am

    r0bda20f rd70dd6e  
    4242# Append strings after ":=" to each identity to generate a list of
    4343# necessary files
    44 pgp_tokens = $(pgp_identities:=/secring.gpg) $(pgp_identities:=/cert.pgp) \
     44pgp_tokens = $(pgp_identities:=/cert.pgp) \
    4545        $(pgp_identities:=/secret.pgp)
    4646x509_keys = $(x509_identities:=/secret.key)
     
    9393# one day, so regenerating them is both fast and frequently
    9494# necessary.
    95 MOSTLYCLEANFILES += */*.pgp */*.gpg */*.gpg~ */gpg.conf authority/lock
     95MOSTLYCLEANFILES += */*.pgp */*.gpg */*.gpg~ */gpg.conf authority/lock */*.kbx */*.kbx~ */S.gpg-agent */private-keys-v1.d/*
    9696# GnuPG random pool, no need to regenerate on every build
    9797CLEANFILES += authority/random_seed
     
    149149        -rmdir $(msva_home) || true
    150150endif
     151        rm -f pgpcrc
    151152
    152153# Apache configuration and data files
  • test/test_ca.mk

    r0bda20f rd70dd6e  
    33# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    44# Thomas Klute <thomas2.klute@uni-dortmund.de>
     5
     6pgpcrc: pgpcrc.c
     7        gcc -o $@ $<
    58
    69# General rules to set up a miniature CA & server & client environment
     
    1821        certtool --generate-privkey > $@
    1922
    20 %/secring.gpg: %.uid %/secret.key
    21         rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
    22         PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
     23%/secret.pgp.raw: %.uid %/secret.key
     24        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key > $@
     25
     26%/secret.pgp: %/secret.pgp.raw pgpcrc
     27        (printf -- '-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: test\n\n' && \
     28        base64 < $< && \
     29        printf -- '=' && \
     30        ./pgpcrc < $< | base64 && \
     31        printf -- '-----END PGP PRIVATE KEY BLOCK-----\n' ) > $@
     32
     33%/gpg.conf: %/secret.pgp
     34        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg $(dir $@)pubring.kbx $(dir $@)private-keys-v1.d/*.key
     35        GNUPGHOME=$(dir $@) gpg --import $<
    2336        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
    24 
    25 %/gpg.conf: %/secring.gpg
    2637        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
    2738
    28 %/secret.pgp: %/secring.gpg
    29         GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
    30 
    31 %/minimal.pgp: %/secring.gpg
    32         GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
     39%/minimal.pgp: %/gpg.conf
     40        GNUPGHOME=$(dir $@) gpg --output $@ --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    3341
    3442# Import and signing modify the shared keyring, which leads to race
Note: See TracChangeset for help on using the changeset viewer.