On Fri, May 25, 2018 at 11:05:58AM +0200, intrig...@debian.org wrote: > Package: libgnupg-interface-perl > Version: 0.52-9 > Severity: important > X-Debbugs-Cc: d...@debian.org > ci.d.n alerted us about a regression in libgnupg-interface-perl test > suite since the upload of gnupg2/2.2.7-1:
> gpg: Check that a key may do certifications. > + commit 1a5d95e7319e7e6f0dd11064a26cbbc371b05214 > * g10/sig-check.c (check_signature_end_simple): Check key usage for > certifications. > (check_signature_over_key_or_uid): Request usage certification. I've bisected it to that one. The code checking the sigs now sets signer->req_usage = PUBKEY_USAGE_CERT which makes finish_lookup() in g10/getkey.c also check that the signing key has not expired, which fails here. Log excerpts from GNUPGHOME=~/tmp/libgnupg-interface-perl-0.52/test/gnupghome gpg --debug-level guru --check-sigs 93AFC4B1B0288A104996B44253AE596EF950DA9C before the regression: gpg: DBG: finish_lookup: checking key 260C4FA3 (one)(req_usage=0) gpg: DBG: using key 260C4FA3 [...] gpg: 9 good signatures but after the regression: gpg: DBG: finish_lookup: checking key 260C4FA3 (one)(req_usage=4) gpg: DBG: primary key has expired gpg: DBG: no suitable key found - giving up [...] gpg: 7 good signatures gpg: 2 signatures not checked due to missing keys The new behaviour of rejecting signatures from an expired key seems sensible, so the attached patch adapts the test suite to that. There's still the 2.2.8 / --ignore-mdc-error regression to fix. Happy if someone else can look at that, won't be able to do that for a few days myself. -- Niko
>From 46ccc0a68d9f8d9c62d3fe3343dfd624065fc6b9 Mon Sep 17 00:00:00 2001 From: Niko Tyni <nt...@debian.org> Date: Wed, 20 Jun 2018 21:57:50 +0300 Subject: [PATCH] Fix test suite for GnuPG >= 2.2.6 compatibility GnuPG 2.2.6 (commit 1a5d95e7319e7e6f) started marking signatures with an expired key with '?', as seen with for instance GNUPGHOME=./test/gnupghome/ gpg --list-sigs 0xF950DA9C Adapt the test suite accordingly. See https://dev.gnupg.org/rG1a5d95e7319e7e6f0dd11064a26cbbc371b05214 Bug-Debian: https://bugs.debian.org/900051 --- t/get_public_keys.t | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/t/get_public_keys.t b/t/get_public_keys.t index 9e96f7d6b..f81fd1fab 100644 --- a/t/get_public_keys.t +++ b/t/get_public_keys.t @@ -13,8 +13,12 @@ use MyTestSpecific; use GnuPG::PrimaryKey; use GnuPG::SubKey; +use version; + my ( $given_key, $handmade_key ); +my $gnupg_version = version->parse($gnupg->version); + TEST { reset_handles(); @@ -74,7 +78,7 @@ TEST date_string => '2000-03-16', hex_id => '56FFD10A260C4FA3', sig_class => 0x10, - validity => '!'), + validity => $gnupg_version < version->parse('2.2.6') ? '!' : '?'), GnuPG::Signature->new( date => 949813093, algo_num => 17, @@ -115,7 +119,7 @@ TEST date_string => '2000-03-16', hex_id => '56FFD10A260C4FA3', sig_class => 0x10, - validity => '!'), + validity => $gnupg_version < version->parse('2.2.6') ? '!' : '?'), GnuPG::Signature->new( date => 953179891, algo_num => 17, -- 2.17.1