* src/dirinfo.c (WANT_SOCKETDIR): New.
(dirinfo): Add field socketdir.
(parse_output): Support "socketdir".
(get_gpgconf_item): Return socketdir.
* tests/t-engine-info.c (main): Add socketdir to the output.
* src/w32-util.c (_gpgme_create_process_utf8): Fix indentation.
--
GnuPG-bug-id: 5613
This is not strictly necessary because we could deduce this from one
of the other socket info items but it is more clean to have a
dedicated info item. The socketdir item is available for 5 years now
(GnuPG commit 8e3fa5a4b205c534de2142e5d071712f957cf06a)
* tests/gpg/Makefile.am (WITH_THREAD_CPPFLAGS): New.
(WITH_THREAD_LDADD): New.
(t_thread1_CPPFLAGS, t_thread_keylist_CPPFLAGS)
(t_thread_keylist_verify_CPPFLAGS)
(t_cancel_CPPFLAGS): Use WITH_THREAD_CPPFLAGS.
(t_thread1_LDADD, t_thread_keylist_LDADD)
(t_thread_keylist_verify_LDADD)
(t_cancel_LDADD): Use WITH_THREAD_LDADD.
--
For library dependency at runtime, it's not 100% right to use
GPG_ERROR_MT_LIBS here, because those test programs don't use
libgpg-error directly at runtime. But, it's OK, because these are
test programs, which don't need specifying minimum library dependency.
It would be too much for configure of gpgme, to check how threaded
application should be built, just for these test programs.
Co-authored-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/gpg/gpg.conf.in: New.
* tests/gpg/Makefile.am (gpg.conf): Copy gpg.conf.in instead of using
echo to fill gpg.conf.
--
This change ensures that gpg.conf is updated whenever new options are
added for some tests.
* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New.
(main): Factored out signing and verifying the result.
--
Factoring the two steps of the test into different functions fixes the
use-after-free issue that was caused by accidentaly using a variable
of the first step in the second step.
GnuPG-bug-id: 5509
* src/context.h (struct gpgme_context): Add 'cert_expire'.
* src/engine-gpg.c (append_args_from_cert_expire): New.
(gpg_edit): Set option according to the new flag.
* src/gpgme.c (gpgme_release): Free 'cert_expire'.
(gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add "cert-expire".
* tests/gpg/Makefile.am (c_tests): Add new test.
(gpg.conf): Write "allow-weak-key-signatures" to gpg.conf.
* tests/gpg/t-edit-sign.c: New.
--
The new context flag "cert-expire" allows setting the expiration date
for key signatures created with gpgme_op_interact.
GnuPG-bug-id: 5336, 5505
* src/data.c (_gpgme_data_release): Free buffers.
(gpgme_data_seek): Adjust from renamed fields.
(gpgme_data_set_flag): Implement new flags.
(_gpgme_data_inbound_handler): Allow the use of a malloced buffer.
(_gpgme_data_outbound_handler): Ditto.
* src/data.h (BUFFER_SIZE): Move out of the struct definition.
(struct gpgme_data): Remove pending filed and introduce inbound and
outbound fields.
* src/conversion.c (_gpgme_wipememory): New. Taken from GnuPG.
* src/cJSON.c (wipememory): Use this here too.
* tests/run-decrypt.c (main): Add options "--large-buffers" and
"--sensitive".
--
GnuPG-bug-id: 5478
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/run-keylist.c (main): Print all infos from the primary key.
--
The test tool printed only the computed infos for the key and not the
detailed one fro the primary key. The new output better reflects the
data structure.
Related to
GnuPG-bug-id: 5454
* tests/run-verify.c (main): Remove C99-only syntax.
* tests/run-threaded.c (start_keylistings): Ditto.
--
Older gcc's do not grok this and there is no real need for it.
run-verify.c:324: error: ‘for’ loop initial declarations are only
allowed in C99 mode
run-verify.c:324: note: use option -std=c99 or -std=gnu99 to compile
your code
Reported-by: Lars Hecking
* src/gpgme.h.in (struct _gpgme_key_sig): Add fields 'trust_depth',
'trust_value', and 'trust_scope'.
* src/key.c (gpgme_key_unref): Free trust_scope.
* src/keylist.c (keylist_colon_handler): Set the fields.
* tests/run-keylist.c (main): Print the fields.
--
The trust signature values are part of gpg's output since the year 2003.
This now adds support to gpgme.
GnuPG-bug-id: 5245, 5419
* tests/json/t-json.c: Remove var definitions inside a for statement.
--
This useful C99 feature seems to work only in recent gcc versions. We
can't use it; see gnupg/doc/HACKING.
GnuPG-bug-id: 5088
* src/engine-assuan.c (inquire_cb): Implement returning data.
* tests/opassuan/t-command.c (inq_cb): Send some test data.
--
The old code only allowed to send an empty response which was good
enough for scdaemon's KNOWNCARDP inquire but not to send actual data.
A quick test using a test smartcard might be
./t-command 'scd setattr --inquire PRIVATE-DO-1'
and then reading the data back using
gpg-connect-agent 'scd getattr PRIVATE-DO-1' /bye
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_op_setexpire_start, gpgme_op_setexpire): New.
* src/libgpgme.vers, src/gpgme.def: Add new functions.
* src/genkey.c (setexpire): New.
(gpgme_op_setexpire_start, gpgme_op_setexpire): New.
* src/engine.h, src/engine.c: (_gpgme_engine_op_setexpire): New.
* src/engine-backend.h (engine_ops): Add 'setexpire' and adjust all
engine initializers.
* src/engine-gpg.c (gpg_setexpire): New.
(_gpgme_engine_ops_gpg): Set setexpire to gpg_setexpire.
* doc/gpgme.texi: Document new functions.
* tests/run-genkey.c: Add option --setexpire.
--
This extends GPGME to support the --quick-set-expire command
added by GnuPG 2.1.22. This allows changing subkeys expiry
date without going through the editinteractor interface.
Co-authored-by: Andre Heinecke <aheinecke@gnupg.org>
GnuPG-bug-id: 4999
* src/gpgme.h.in: Clarify that the trustlist function should not be
used.
* src/engine.c (_gpgme_engine_op_trustlist): Always return an error.
* src/engine-backend.h (struct engine_ops): Remove trustlist member.
* src/engine-gpg.c (gpg_trustlist): Remove.
(struct engine_ops): Remove that member. Also in all other engines.
* tests/gpg/t-trustlist.c: Remove.
* lang/python/tests/t-trustlist.py: Remove.
--
This never worked in reality because the required feature has been
removed from GnuPG version 1.3.2 soon after introduction of this
feature in gpgme - 17 years ago. It was anyway marked as
experimental. We keep the API and ABI, though.
GnuPG-bug-id: 4834
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/json/t-keylist-secret.out.json: Do not check for keygrip
of bravo key.
--
Since GnuPG 2.2.19 the keygrip is not emitted for public keys
in a keylisting --with-secret.
As the GPGME test suite should pass with several versions
the json test cannot test this as the suite does not allow
version checks for different output.
What the intended behavior is might still be up for discussion,
always adding --with-keygip is not a good solution because
it slows down keylistings for large keyrings.
GnuPG-Bug-Id: T4820
* tests/json/t-keylist-secret.out.json
--
Since at least 2.2.19 GnuPG no longer emits secret = true
for keys where it does not have a secret. To avoid
failures with older versions we remove the check altogether.
GnuPG-Bug-Id: T4820
* src/gpgme.h.in (struct _gpgme_user_id): Add field 'uidhash'.
* src/key.c (gpgme_key_unref): Free it.
* src/keylist.c (keylist_colon_handler): Set it.
* tests/run-keylist.c (main): Print it.
--
The uidhash value is part of gpg's output since the year 2005. This
now adds support to gpgme. The application for uidhash is to select
a user id in an edit interactor: Instead of giving the number of the
user id, the uidhash value can be be used to avoid tracking the user
id numbers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/json/t-decrypt-verify.out.json: Remove check with key of
04071FB807287134.
--
GnuPG 2.3 changes how public key decryption works; It collects list of
PUBKEY_ENC packets and then processes an ENCRYPTED* packet. At the
stage of processing an ENCRYPTED* packet, it checks if private keys
can decrypt any of PUBKEY_ENC packets. It does not necessarily
examine all of PUBKEY_ENC packets. Only when it finds a PUBKEY_ENC
packet cannot be decrypted, it reports STATUS_NO_SECKEY with keyid of
that packet.
GnuPG 2.2 or older tries PUBKEY_ENC packets in order, and the first
successful PUBKEY_ENC packet is used. Rest of PUBKEY_ENC packets are
not examined, but STATUS_NO_SECKEY with keyid is reported even when
there is a valid private key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/run-threaded.c (random_data_close): Correct FD test.
--
An invalid DS is -1 and not 0; this fix is for correctness and does
not chnage anything in the real world.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/run-threaded.c (main): Handle allow-del.
(allow-del): New. Variable to allow deletion of keys.
(import): Delete key after import if allow-del is set.
(delete_impres): Delete keys from an import result.
(delete_fpr): Delete a key by fingerprint.
--
This is intended to test write access and locking of the
keyring by repeatedly importing and deleting pubkeys.
It is an option because it might cause keyring corruption
etc. so it should be explicitly enabled.
* tests/gpg/cipher-3.asc: add an encrypted file containing signatures
(one from a known key, and one from an unknown key)
* tests/gpg/cipher-no-sig.asc: add an encrypted file containing no
signatures at all
--
We currently aren't using these files yet, but they should be useful
for exercising the library in unusual circumstances (where the bugs
are).
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* tests/run-verify.c (print_result): Chack is_de_vs.
* tests/run-import.c (main): Fix bad parameter for format string.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/Makefile.am (run-threaded): Add.
* tests/run-threaded.c: New.
--
This test is intended to help detect race conditions
or other multithread problems. It can also be used
to put the whole GnuPG system under extreme load.
* tests/gpg/t-support.h (check_gpg_version, compare_versions),
(parse_version_string, parse_version_number): Remove version
check code.
* tests/json/t-json.c (check_gpg_version, compare_versions),
(parse_version_string, parse_version_number): Add.
--
t-support header was not a good place for this. It should
go into a library e.g. gpgrt in the future. For now we
can keep it close to where it is needed.
* t-config-opt.in.json,
t-config-opt.out.json,
t-import.in.json,
t-import.out.json,
t-sign.in.json,
t-sign.out.json: New.
--
These should actually have been in a previous commit as
they are already registered.
* tests/json/t-json.c (test_contains): Try all siblings of
the haystack child.
--
This fixes the case where we don't match against the
first child because the order might have changed or
a new element was inserted at the top. Then we
have to try out also all the siblings.
* t-json.c (tests): Register new tests.
* t-createkey.in.json,
t-createkey.out.json,
t-decrypt-verify.in.json,
t-decrypt-verify.out.json,
t-decrypt.in.json,
t-decrypt.out.json,
t-delete.in.json,
t-delete.out.json,
t-encrypt-sign.in.json,
t-encrypt-sign.out.json,
t-encrypt.in.json,
t-encrypt.out.json,
t-export-secret-info.in.json,
t-export-secret-info.out.json,
t-export.in.json,
t-export.out.json,
t-json.c,
t-keylist-secret.in.json,
t-keylist-secret.out.json,
t-keylist.in.json,
t-keylist.out.json,
t-verify.in.json,
t-verify.out.json,
t-version.in.json,
t-version.out.json: New.
--
Except for help and getmore there is now a test for each command.
* tests/json/t-json.c (test_contains): When searching for "*" accept
every string.
--
This allows it to write tests that check for the existence of
a string value but don't care about the contents. E.g. for Data.
* tests/json/t-json.c (main): Skip if version is not at least
2.2.0
--
In the past new tests often failed when a modern GPGME was
used with old GnuPG's.
This should avoid the hassle for packagers without the
requirement that we test against old versions.
* t-support.h (parse_version_number, parse_version_string)
(compare_versions): New. Copy&Paste from src/version.c
(check_gpg_version): New helper to check for a gpg version.
--
This should make it easier to write tests that e.g.
rely on modern gnupg features.
* configure.ac: Configure makefile.
* tests/Makefile.am: Run json tests if gpg tests are run.
* tests/json/t-json.c: New testrunner for json tests.
* tests/json/t-config.in, tests/json/t-config.out: First test.
--
The idea of this test runner is that it only looks for parts
in the output. This should allow it to write robust tests
that check for the basics in the output but don't fail when
the output is extended or slightly changed.
* src/context.h (gpgme_context): Extend with trust_model.
* src/engine-gpg.c (engine_gpg): Extend with trust_model.
(gpg_set_engine_flags): Take trust_model from context.
(build_argv): Handle trust_model.
(gpg_release): Free trust_model.
* src/gpgme.c (gpgme_set_ctx_flag): Handle trust-model flag.
(gpgme_release): Release trust-model.
* doc/gpgme.texi: Document new flag for gpgme_set_ctx_flag.
(Context Flags): New subsection for the context flags.
* tests/run-keylist.c (show_usage, main): Add new --trust-model
parameter.
--
This gives a GPGME user fine grained control over the
trust-model.
Changing the trust model for only a single application depends
on:
GnuPG-Bug-Id: T4134
Maniphest Tasks: T4134
Differential Revision: https://dev.gnupg.org/D466
* lang/python/tests/Makefile.am,
lang/qt/tests/Makefile.am,
tests/Makefile.am,
tests/gpg/Makefile.am,
tests/gpgsm/Makefile.am,
tests/opassuan/Makefile.am (GNUPGHOME): Make variable explict.
--
If the build directory has too long path, gpgme could fail.
This is similar to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847206
In order to fix that, this patch extracts the GNUPGHOME variable
to be presented directly in the Makefile and thus overridable by
command line option.
A build system can then create a symlink to the GNUPGHOME directory
in /tmp and use that symlink as the GNUPGHOME directory
thus making the path very short.
GnuPG-Bug-Id: T4091
Patch provided by vlmarek
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.
--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".
For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.
GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
* src/gpgme.h.in (_gpgme_op_decrypt_result): Add flag
legacy_cipher_nomdc.
* src/decrypt.c (parse_status_error): Set this flag.
* tests/run-decrypt.c (print_result): print it.
(main): Print the result even on error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpg/t-verify.c (check_result): Tweak for gnupg < 2.2.7.
--
The not yet releases 2.2.7-beta may print a full fingerprint in the
ERRSIG status. This is compliant with the dscription but the new
t-verify test case did not took in account that older GnuPG versions
print only a keyid.
Fixes-commit: b99502274a
GnUPG-bug-id: 3920
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/op-support.c (_gpgme_parse_plaintext): Add arg r_mime.
* src/decrypt.c (_gpgme_decrypt_status_handler): Ser mime flag.
* src/verify.c (_gpgme_verify_status_handler): Ditto.
* src/gpgme.h.in (gpgme_op_verify_result_t): Append fields 'is_mime'
and '_unused'.
(gpgme_op_decrypt_result_t): New field 'is_mime'. Shrink '_unused'.
* tests/run-decrypt.c (print_result): Print MIME flag.
* tests/run-verify.c (print_result): Ditto.
--
Note that this flag (Liternal Data packet's 'm' mode) is only
specified in RFC-4880bis. To use it you currently need to add
"rfc4880bis" to the the gpg.conf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_op_encrypt_ext_start) New.
(gpgme_op_encrypt_ext): New.
(gpgme_op_encrypt_sign_ext_start): New.
(gpgme_op_encrypt_sign_ext): New.
* src/libgpgme.vers, tests/run-encrypt.c: Add them.
* src/encrypt.c (encrypt_start): Add arg recpstring.
(gpgme_op_encrypt): Factor code out to ...
(gpgme_op_encrypt_ext): new function with new arg recpstring.
(gpgme_op_encrypt_start): Factor code out to ...
(gpgme_op_encrypt_ext_start): new function with new arg recpstring.
* src/encrypt-sign.c (encrypt_sign_start): Add arg recpstring.
(gpgme_op_encrypt_sign): Factor code out to ...
(gpgme_op_encrypt_sign_ext): new function with new arg recpstring.
(gpgme_op_encrypt_sign_start): Factor code out to ...
(gpgme_op_encrypt_sign_ext_start): new function with new arg
recpstring.
* src/engine-backend.h (struct engine_ops): Change fields encrypt and
encrypt_sign.
* src/engine.c (_gpgme_engine_op_encrypt): Add arg recpstring and pass
to engine.
(_gpgme_engine_op_encrypt_sign): Ditto.
* src/engine-gpg.c (append_args_from_recipients_string): New.
(gpg_encrypt): Add arg recpstring and call new function as needed.
(gpg_encrypt_sign): Ditto.
* src/engine-gpgsm.c (set_recipients_from_string): New.
(gpgsm_encrypt): Add arg recpstring and call new function as needed.
* src/engine-uiserver.c (set_recipients_from_string): New.
(uiserver_encrypt): Add arg recpstring and call new function as
needed.
* tests/run-encrypt.c (xstrdup): New.
(main): Add option --keystring.
* src/gpgme-json.c (get_keys): Simplify.
(op_encrypt): Modify to make use of the extended encrypt function.
--
This new feature can be used to avoid the need for a key lookup and
thus several extra calls to the backend.
Note that run-test uses a semicolon as delimiter because that make
testing the feature on the command line much easier.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/op-support.c (_gpgme_parse_failure): Ignore failures with
location "gpg-exit".
* tests/gpg/t-verify.c (main): Adjust for the now working checking of
the second key.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpg/t-verify.c (PGM): New. Use it instead of __FILE__.
(test_sig1_plus_unknown_key): New test signature.
(check_result): Allow checking of several signatures.
(main): Check a signature with a know and an unknown key.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_import_result_t): Extend with skipped_v3_keys.
* src/import.c (gpgme_op_import_result): Extend debug with new field.
(parse_import_res): Parse skipped_v3_keys.
* tests/gpg/t-support.h, tests/run-support.h (print_import_result):
Print skipped_v3_keys.
--
This makes it possible to handle this in a GUI in a future
version.
GnuPG-Bug-Id: T3776
* tests/gpg/Makefile.am: Don't allow target with '/'.
* tests/gpgsm/Makefile.am: Ditto.
--
BSD Make doesn't allow a target with '/'. We still have such a target
in lang/python/Makefile.am, but it's for maintainer only, so,
assumption to GNU Make is OK there.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/gpg/Makefile.am, tests/gpgsm/Makefile.am: Remove ./.
--
GNU Make is powerful enough for handling and interpreting of
pathname as target, but BSD Make is not.
GnuPG-bug-id: 3056
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* src/data.c (_gpgme_data_new): Check for failed selftest.
* tests/run-support.h (make_filename): Print a message on mallooc
failure.
(init_gpgme_basic): New.
* tests/run-identify.c (main): Call init_gpgme_basic becuase we do not
need to setup a protocol.
* tests/t-data.c: Define PGM and include run-support.h.
(make_filename): Remove.
(main): Call init_gpgme_basic.
--
Note: This patch may break applications which used gpgme_data but no
gpgme_new without having called the required gpgme_check_version.
GPGME can be used without a protocol for example to work with the data
object abstraction. Thus a call to gpgme_data_new also needs to check
the result of the core selftests - including on whether
gpgme_check_version has been called.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpgsm/Makefile.am (GPG_AGENT): Set var. It is used later.
--
Note that the var is used by the gpgsm.conf target.
Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
* lang/python/tests/Makefile.am: Distinguish target and path.
* tests/gpg/Makefile.am: Ditto.
* tests/gpgsm/Makefile.am: Ditto.
--
GNU Make is powerful enough to match path to target (and vice versa),
but BSD make is not.
GnuPG-bug-id: 3056
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag
"auto-key-retrieve".
* src/context.h (gpgme_context): New field auto_key_retrieve.
* src/engine-backend.h (struct engine_ops): Add arg auto_key_retrieve
to field 'decrypt'.
* src/engine-gpg.c (gpg_decrypt): Add arg auto_key_retrieve and pass
option --auto-key-retrieve to gpg. Adjust all callers.
(gpg_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Add dummy arg auto_key_retrieve.
* src/engine-uiserver.c (uiserver_decrypt): Ditto.
* tests/run-verify.c (main): Add option --auto-key-retrieve.
--
This makes the --auto-key-retrieve option available in the GPGME API.
Test plan:
Run
GPGME_DEBUG=9:out tests/run-verify SIGNEDFILE
with and without its new option --auto-key-retrieve and check in the
trace stored in "out" whether --auto-key-retrieve was passed to gpg.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpg/t-gpgconf.c (main): Fix warnings.
* src/engine-gpgconf.c (struct gpgconf_config_dir_s): New struct.
(gpgconf_config_dir_cb, gpgconf_conf_dir) Use it to fix warning.
Signed-off-by: Marcus Brinkmann <mb@g10code.com>
* tests/gpgsm/Makefile.am (gpgsm.conf): Add agent-program directive.
* tests/start-stop-agent: Update agent-program directive.
--
Update the 'agent-program' configuration directive to point to the
same agent that we are starting. Previously, it was possible that a
different agent was started if 'make check' was run with a different
PATH.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/gpgsm/Makefile.am (check-local): Drop rule and the dependency
on it.
--
Previously, the test environment was created during 'make check'.
Nowadays we create it using 'BUILT_SOURCES' during 'make all'. Drop
remnant of the previous method.
Signed-off-by: Justus Winter <justus@g10code.com>
