tags 861457 + patch
thanks
Hi Santiago,
> I tried to build this package in stretch with "dpkg-buildpackage -A"
> but it failed:
I believe this is due to the misc gnupg point or security updates in
stretch.
Patch attached.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`---- tests/keytrans.orig 1970-01-01 01:00:00.000000000 +0100
+++ tests/keytrans 2019-08-10 16:52:38.586758941 +0100
@@ -0,0 +1,230 @@
+#!/usr/bin/env bash
+
+# Tests to ensure that the monkeysphere is working
+
+# Authors:
+# Daniel Kahn Gillmor <d...@fifthhorseman.net>
+# Jameson Rollins <jroll...@fifthhorseman.net>
+# Micah Anderson <mi...@riseup.net>
+#
+# Copyright: 2008-2009
+# License: GPL v3 or later
+
+# these tests should all be able to run as a non-privileged user.
+
+# all subcommands in this script should complete without failure:
+set -e
+# piped commands should return the code of the first non-zero return
+set -o pipefail
+
+# make sure the TESTDIR is an absolute path, not a relative one.
+export TESTDIR=$(cd $(dirname "$0") && pwd)
+
+source "$TESTDIR"/common
+
+perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl
module Crypt::OpenSSL::RSA installed to run this test.
+On debian-derived systems, you can set this up with:
+ apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
+
+perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module
Digest::SHA installed to run this test.
+On debian-derived systems, you can set this up with:
+ apt-get install libdigest-sha1-perl" ; exit 1; }
+
+
+######################################################################
+### SETUP VARIABLES
+
+## set up some variables to ensure that we're operating strictly in
+## the tests, not system-wide:
+
+mkdir -p "$TESTDIR"/tmp
+TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/ms.XXX")
+
+mkdir "$TEMPDIR"/bin
+ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/openpgp2ssh
+ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp
+ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/keytrans
+
+# Use the local copy of executables first, instead of system ones.
+# This should help us test without installing.
+export PATH="$TEMPDIR"/bin:"$PATH"
+
+## setup trap
+trap failed_cleanup EXIT
+
+######################################################################
+### TEST KEYTRANS
+
+echo "##################################################"
+echo "### generating openpgp key..."
+export GNUPGHOME="$TEMPDIR"
+chmod 700 "$TEMPDIR"
+
+
+# create the key with the same preferences that monkeysphere uses.
+cat > "$TEMPDIR"/gpg.conf <<EOF
+default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 ZLIB BZIP2
ZIP AES256 AES192 AES CAST5 3DES
+cert-digest-algo SHA256
+list-options show-uid-validity,show-unusable-uids
+fixed-list-mode
+EOF
+
+cat > "$TEMPDIR"/gpg-agent.conf <<EOF
+pinentry-program $TESTDIR/phony-pinentry-nopass
+EOF
+
+# generate a key
+gpg --batch --$(get_gpg_prng_arg) --gen-key <<EOF
+Key-Type: RSA
+Key-Length: 1024
+Key-Usage: sign
+Name-Real: testtest
+Expire-Date: 0
+
+%no-ask-passphrase
+%no-protection
+%commit
+%echo done
+EOF
+
+echo "##################################################"
+echo "### retrieving key timestamp..."
+timestamp=$(gpg --list-key --with-colons | \
+ grep ^pub: | cut -d: -f6)
+
+echo "##################################################"
+echo "### exporting key to ssh file..."
+gpg --export-secret-keys | openpgp2ssh > \
+ "$TEMPDIR"/test.pem
+
+gpg --export-secret-keys > "$TEMPDIR"/secret.key
+
+PEM2OPENPGP_USAGE_FLAGS=sign,certify \
+PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest \
+ < "$TEMPDIR"/test.pem > "$TEMPDIR"/converted.secret.key
+
+echo "##################################################"
+echo "### reconvert key, and compare to key in gpg keyring..."
+diff -u \
+ <(gpg --list-packets < "$TEMPDIR"/secret.key) \
+ <(gpg --list-packets < "$TEMPDIR"/converted.secret.key)
+
+diff -u \
+ <(hd "$TEMPDIR"/secret.key) \
+ <(hd "$TEMPDIR"/converted.secret.key)
+
+KEYFPR=$(gpg --fingerprint --with-colons --list-keys | awk -F: '/^fpr:/{ if
(ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }')
+KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40)
+
+echo "conversions look good!"
+
+echo "Now working with key $KEYID at time $timestamp"
+
+gpg --check-trustdb
+gpg --list-keys
+
+
+echo "##################################################"
+echo "### test User ID addition..."
+gpg --export-secret-keys | \
+PEM2OPENPGP_TIMESTAMP="$timestamp" \
+ PEM2OPENPGP_USAGE_FLAGS=sign,certify \
+ keytrans adduserid "$KEYID" "monkeymonkey" | gpg --import
+
+gpg --check-trustdb
+gpg --list-keys
+
+cat >"$TEMPDIR"/expectedout <<EOF
+pub:u:1024:1:$KEYID:$timestamp:::u:::scSC
+uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey
+sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8
+uid:u::::$timestamp::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest
+sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8
+EOF
+
+diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE
'^(tru|fpr):' | sed 's/:*$//')
+
+echo "##################################################"
+echo "### sleeping to avoid test suite breakage on fast"
+echo "### processors (see http://bugs.debian.org/591118)"
+
+sleep 2
+
+echo "##################################################"
+echo "### test User ID revocation ... "
+
+revtime=$(($timestamp + 1))
+
+gpg --export-secret-keys | \
+PEM2OPENPGP_TIMESTAMP="$revtime" \
+ keytrans revokeuserid "$KEYID" "testtest" | gpg --import
+
+gpg --check-trustdb
+gpg --list-keys
+
+cat >"$TEMPDIR"/expectedout <<EOF
+pub:u:1024:1:$KEYID:$timestamp:::u:::scSC
+uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey
+sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8
+uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest
+sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8
+rev:!::1:$KEYID:$revtime::::monkeymonkey:30x::$KEYFPR:::8
+EOF
+
+
+diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE
'^(tru|fpr):' | sed 's/:*$//')
+
+
+echo "##################################################"
+echo "### test working with two primary keys ... "
+
+ssh-keygen -t rsa -b 1024 -N '' -f "$TEMPDIR"/newkey
+
+PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \
+PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \
+ < "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg
+
+NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg keytrans listfprs)
+NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40)
+
+< "$TEMPDIR"/newkey.gpg gpg --import
+
+gpg --export-secret-keys | \
+PEM2OPENPGP_TIMESTAMP="$timestamp" \
+ keytrans adduserid "$KEYID" "baz" | gpg --import
+
+cat >"$TEMPDIR"/expectedout <<EOF
+pub:u:1024:1:$KEYID:$timestamp:::u:::scSC
+uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey
+sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8
+uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest
+sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8
+rev:!::1:$KEYID:$revtime::::monkeymonkey:30x::$KEYFPR:::8
+uid:u::::$timestamp::EDDC32D783E7F4C7B6982D9AE5DC4A61000648BA::baz
+sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x::$KEYFPR:::8
+pub:-:1024:1:$NEWKEYID:$(($timestamp + 1)):::-:::caCA
+uid:-::::$(($timestamp + 1))::A0D708F51CC257DEFC01AEDE1E0A5F329DFD8F16::fubar
+sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x::$NEWKEYFPR:::8
+EOF
+
+echo "test: diff expected gpg list output"
+diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE
'^(tru|fpr):' | sed 's/:*$//')
+
+sort >"$TEMPDIR"/expectedout <<EOF
+$KEYFPR
+$NEWKEYFPR
+EOF
+
+echo "test: diff expected keytrans listfpr output"
+diff -u "$TEMPDIR"/expectedout <( gpg --export-secret-keys | keytrans listfprs
| sort )
+
+## FIXME: addtest: not testing subkeys at the moment.
+
+
+trap - EXIT
+
+echo "##################################################"
+echo " Monkeysphere keytrans test completed successfully!"
+echo "##################################################"
+
+cleanup
