Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tests/test_CLI.py: create $GNUPGHOME on the fly #31

Open
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

josch
Copy link

@josch josch commented Jul 16, 2024

  • avoid expiration of keys by re-creating them
  • prevent gnupg version on developer's system being incompatible with $GNUPGHOME in git

Storing binary data is bad because:

  • git is not good at handling binary data
  • binary data is harder to inspect (remember the xz incident)

With this commit, test_clearsign fails with "TypeError: 'NamedFile' object is not iterable" but I read that this issue is addressed by #1 so I'm not adding this here.

 - avoid expiration of keys by re-creating them
 - prevent gnupg version being incompatible with $GNUPGHOME in git

Storing binary data is bad because:

 - git is not good at handling binary data
 - binary data is harder to inspect (remember the xz incident)
Passing 0xFFFFFFFFFFFFFFFF to read causes python to complain about:

    OverflowError: cannot fit 'int' into an index-sized integer

Signed-off-by: Jörg Sommer <[email protected]>
The current tests do not take into account whether the `gpg` package has
been installed or not. If it is missing, the tests should be skipped.

Furthermore, the output of the tests must be checked in order to decide
whether tests fail due to an exception or whether the desired error message
is displayed.

Signed-off-by: Jörg Sommer <[email protected]>
The verification of PGP signatures had some flaws and didn't work, because
the Python API and the GPG interface have changed. Inline signatures were
not detected, because of a comparison of string and byte array. And even
after this the code failed, because `sig.status` is no longer available.

Signed-off-by: Jörg Sommer <[email protected]>
@josch
Copy link
Author

josch commented Jul 16, 2024

@jo-so-nx I rebased your commits from #1 on top of mine, except for 385f4d6 as the expiration extension by 50 years is not necessary if the key is generated on-the-fly.

What do you think?

@jo-so-nx
Copy link

jo-so-nx commented Aug 8, 2024

@jo-so-nx I rebased your commits from #1 on top of mine, except for 385f4d6 as the expiration extension by 50 years is not necessary if the key is generated on-the-fly.

What do you think?

I'm fine with this. You can pick and modify them as you like.

I must admit we have abandoned bmaptool in our project and have no longer the infrastructure to test anything.

@josch
Copy link
Author

josch commented Aug 10, 2024

I'm fine with this. You can pick and modify them as you like.

Thank you!

I must admit we have abandoned bmaptool in our project and have no longer the infrastructure to test anything.

I'm a bit worried about the same having happened to Yocto as there was very little activity in this project since March 2024. What is the status @JPEWdev @twoerner?

@zeha
Copy link

zeha commented Nov 9, 2024

ping @JPEWdev @twoerner please, could you check/apply this? thanks :)

@JPEWdev JPEWdev self-requested a review November 19, 2024 16:55
@JPEWdev
Copy link
Collaborator

JPEWdev commented Nov 19, 2024

I'm looking at it, but I've lost the ability to trigger workflows, so until that's done I can't run the CI to test this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants