about summary refs log tree commit diff
path: root/t/lib-gpg.sh
blob: 8d28652b729b46cb08de8ddd4347dddda9e246a7 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/sh

gpg_version=$(gpg --version 2>&1)
if test $? != 127
then
	# As said here: http://www.gnupg.org/documentation/faqs.html#q6.19
	# the gpg version 1.0.6 didn't parse trust packets correctly, so for
	# that version, creation of signed tags using the generated key fails.
	case "$gpg_version" in
	'gpg (GnuPG) 1.0.6'*)
		say "Your version of gpg (1.0.6) is too buggy for testing"
		;;
	*)
		# Available key info:
		# * Type DSA and Elgamal, size 2048 bits, no expiration date,
		#   name and email: C O Mitter <committer@example.com>
		# * Type RSA, size 2048 bits, no expiration date,
		#   name and email: Eris Discordia <discord@example.net>
		# No password given, to enable non-interactive operation.
		# To generate new key:
		#	gpg --homedir /tmp/gpghome --gen-key
		# To write armored exported key to keyring:
		#	gpg --homedir /tmp/gpghome --export-secret-keys \
		#		--armor 0xDEADBEEF >> lib-gpg/keyring.gpg
		#	gpg --homedir /tmp/gpghome --export \
		#		--armor 0xDEADBEEF >> lib-gpg/keyring.gpg
		# To export ownertrust:
		#	gpg --homedir /tmp/gpghome --export-ownertrust \
		#		> lib-gpg/ownertrust
		mkdir ./gpghome &&
		chmod 0700 ./gpghome &&
		GNUPGHOME="$(pwd)/gpghome" &&
		export GNUPGHOME &&
		(gpgconf --kill gpg-agent >/dev/null 2>&1 || : ) &&
		gpg --homedir "${GNUPGHOME}" 2>/dev/null --import \
			"$TEST_DIRECTORY"/lib-gpg/keyring.gpg &&
		gpg --homedir "${GNUPGHOME}" 2>/dev/null --import-ownertrust \
			"$TEST_DIRECTORY"/lib-gpg/ownertrust &&
		gpg --homedir "${GNUPGHOME}" </dev/null >/dev/null 2>&1 \
			--sign -u committer@example.com &&
		test_set_prereq GPG &&
		# Available key info:
		# * see t/lib-gpg/gpgsm-gen-key.in
		# To generate new certificate:
		#  * no passphrase
		#	gpgsm --homedir /tmp/gpghome/ \
		#		-o /tmp/gpgsm.crt.user \
		#		--generate-key \
		#		--batch t/lib-gpg/gpgsm-gen-key.in
		# To import certificate:
		#	gpgsm --homedir /tmp/gpghome/ \
		#		--import /tmp/gpgsm.crt.user
		# To export into a .p12 we can later import:
		#	gpgsm --homedir /tmp/gpghome/ \
		#		-o t/lib-gpg/gpgsm_cert.p12 \
		#		--export-secret-key-p12 "committer@example.com"
		echo | gpgsm --homedir "${GNUPGHOME}" 2>/dev/null \
			--passphrase-fd 0 --pinentry-mode loopback \
			--import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 &&

		gpgsm --homedir "${GNUPGHOME}" 2>/dev/null -K |
		grep fingerprint: |
		cut -d" " -f4 |
		tr -d '\n' >"${GNUPGHOME}/trustlist.txt" &&

		echo " S relax" >>"${GNUPGHOME}/trustlist.txt" &&
		echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \
			-u committer@example.com -o /dev/null --sign - 2>&1 &&
		test_set_prereq GPGSM
		;;
	esac
fi

if test_have_prereq GPG &&
    echo | gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null 2>&1
then
	test_set_prereq RFC1991
fi

sanitize_pgp() {
	perl -ne '
		/^-----END PGP/ and $in_pgp = 0;
		print unless $in_pgp;
		/^-----BEGIN PGP/ and $in_pgp = 1;
	'
}