diff options
author | Max Harmathy | 2022-01-31 23:44:00 +0200 |
---|---|---|
committer | Max Harmathy | 2022-01-31 23:44:00 +0200 |
commit | e30bf12e0466fb07481059737671bf937377f84f (patch) | |
tree | 9821de14416777fe07d9ea57d619fcb3bb0af854 | |
download | aur-e30bf12e0466fb07481059737671bf937377f84f.tar.gz |
Initial packaging of GnuPG with no-iud patches
Add no-uid patches
The patches are taken directly from debian packaging:
https://salsa.debian.org/debian/gnupg2/-/commit/f292beac1171c6c77faf41d1f88c2e0942ed4437
-rw-r--r-- | .SRCINFO | 51 | ||||
-rw-r--r-- | PKGBUILD | 89 | ||||
-rw-r--r-- | avoid-beta-warning.patch | 56 | ||||
-rw-r--r-- | drop-import-clean.patch | 54 | ||||
-rw-r--r-- | gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch | 32 | ||||
-rw-r--r-- | gpg-allow-import-of-previously-known-keys-even-without-UI.patch | 106 | ||||
-rw-r--r-- | install | 31 | ||||
-rw-r--r-- | tests-add-test-cases-for-import-without-uid.patch | 201 |
8 files changed, 620 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..1c1a18220a0e --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,51 @@ +pkgbase = gnupg-nouid-patch + pkgdesc = GnuPG (OpenPGP) with patches to allow using keys.openpgp.org + pkgver = 2.2.32 + pkgrel = 1 + url = https://keys.openpgp.org/about/faq#older-gnupg + install = install + arch = x86_64 + license = GPL + checkdepends = openssh + makedepends = libldap + makedepends = libusb-compat + makedepends = pcsclite + depends = npth + depends = libgpg-error + depends = libgcrypt + depends = libksba + depends = libassuan + depends = pinentry + depends = bzip2 + depends = libbz2.so + depends = readline + depends = libreadline.so + depends = gnutls + depends = sqlite + depends = zlib + depends = glibc + optdepends = libldap: gpg2keys_ldap + optdepends = libusb-compat: scdaemon + optdepends = pcsclite: scdaemon + provides = gnupg=2.2.32 + conflicts = gnupg + source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.32.tar.bz2 + source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.32.tar.bz2.sig + source = drop-import-clean.patch + source = avoid-beta-warning.patch + source = tests-add-test-cases-for-import-without-uid.patch + source = gpg-allow-import-of-previously-known-keys-even-without-UI.patch + source = gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch + validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 + validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06 + validpgpkeys = 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 + validpgpkeys = 6DAA6E64A76D2840571B4902528897B826403ADA + sha256sums = b2571b35f82c63e7d278aa6a1add0d73453dc14d3f0854be490c844fca7e0614 + sha256sums = SKIP + sha256sums = 02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc + sha256sums = 22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d + sha256sums = 9f54178400bbc78629e67d4949909187c4840e41b030920f3152cb9f1e37eecf + sha256sums = 9aede2de37d3d8d4f0dd44e1bf449afcc2d86c47d368891c7d73ab757aad5332 + sha256sums = 006b10931086b0c067cbb5e488990a934a3aed883ec7aae7a486bec6770d5e77 + +pkgname = gnupg-nouid-patch diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..3ef104f99458 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,89 @@ +# Maintainer: Max Harmathy <harmathy@secure.mailbox.org> +# Contributor: Levente Polyak <anthraxx[at]archlinux[dot]org> +# Contributor: Lukas Fleischer <lfleischer@archlinux.org> +# Contributor: Gaetan Bisson <bisson@archlinux.org> +# Contributor: Tobias Powalowski <tpowa@archlinux.org> +# Contributor: Andreas Radke <andyrtr@archlinux.org> +# Contributor: Judd Vinet <jvinet@zeroflux.org> + +pkgname=gnupg-nouid-patch +_pkgname=gnupg +pkgver=2.2.32 +pkgrel=1 +pkgdesc='GnuPG (OpenPGP) with patches to allow using keys.openpgp.org' +url='https://keys.openpgp.org/about/faq#older-gnupg' +license=('GPL') +arch=('x86_64') +provides=("$_pkgname=${pkgver}") +conflicts=("$_pkgname") +checkdepends=('openssh') +makedepends=('libldap' 'libusb-compat' 'pcsclite') +depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' 'pinentry' + 'bzip2' 'libbz2.so' 'readline' 'libreadline.so' 'gnutls' 'sqlite' + 'zlib' 'glibc') +optdepends=('libldap: gpg2keys_ldap' + 'libusb-compat: scdaemon' + 'pcsclite: scdaemon') +validpgpkeys=( + 'D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' # Werner Koch (dist sig) + '031EC2536E580D8EA286A9F22071B08A33BD3F06' # NIIBE Yutaka (GnuPG Release Key) <gniibe@fsij.org> + '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28' # Andre Heinecke (Release Signing Key) + '6DAA6E64A76D2840571B4902528897B826403ADA' # Werner Koch (dist signing 2020) +) +source=("https://gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig} + 'drop-import-clean.patch' + 'avoid-beta-warning.patch' + 'tests-add-test-cases-for-import-without-uid.patch' + 'gpg-allow-import-of-previously-known-keys-even-without-UI.patch' + 'gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch') +sha256sums=('b2571b35f82c63e7d278aa6a1add0d73453dc14d3f0854be490c844fca7e0614' + 'SKIP' + '02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc' + '22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d' + '9f54178400bbc78629e67d4949909187c4840e41b030920f3152cb9f1e37eecf' + '9aede2de37d3d8d4f0dd44e1bf449afcc2d86c47d368891c7d73ab757aad5332' + '006b10931086b0c067cbb5e488990a934a3aed883ec7aae7a486bec6770d5e77') + +install=install + +prepare() { + cd "${srcdir}/${_pkgname}-${pkgver}" + patch -p1 -i ../avoid-beta-warning.patch + patch -p1 -i ../drop-import-clean.patch + patch -p1 -i ../tests-add-test-cases-for-import-without-uid.patch + patch -p1 -i ../gpg-allow-import-of-previously-known-keys-even-without-UI.patch + patch -p1 -i ../gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch + + # improve reproducibility + rm doc/gnupg.info* + + ./autogen.sh +} + +build() { + cd "${srcdir}/${_pkgname}-${pkgver}" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/usr/bin \ + --libexecdir=/usr/lib/gnupg \ + --enable-maintainer-mode \ + + make +} + +check() { + cd "${srcdir}/${_pkgname}-${pkgver}" + make check +} + +package() { + cd "${srcdir}/${_pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + ln -s gpg "${pkgdir}"/usr/bin/gpg2 + ln -s gpgv "${pkgdir}"/usr/bin/gpgv2 + + install -Dm 644 doc/examples/systemd-user/*.* -t "${pkgdir}/usr/lib/systemd/user" +} + +# vim: ts=2 sw=2 noet: diff --git a/avoid-beta-warning.patch b/avoid-beta-warning.patch new file mode 100644 index 000000000000..569fc0911c2e --- /dev/null +++ b/avoid-beta-warning.patch @@ -0,0 +1,56 @@ +From 114ab3037de3b0f9b35cf023b64c8a9b76070065 Mon Sep 17 00:00:00 2001 +From: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org> +Date: Tue, 14 Apr 2015 10:02:31 -0400 +Subject: [PATCH 6/7] avoid beta warning + +avoid self-describing as a beta + +Using autoreconf against the source as distributed in tarball form +invariably results in a package that thinks it's a "beta" package, +which produces the "THIS IS A DEVELOPMENT VERSION" warning string. + +since we use dh_autoreconf, i need this patch to avoid producing +builds that announce themselves as DEVELOPMENT VERSIONs. + +See discussion at: + + http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html +--- + autogen.sh | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/autogen.sh b/autogen.sh +index b23855061..9b86d3ff9 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -229,24 +229,24 @@ if [ "$myhost" = "find-version" ]; then + esac + + beta=no +- if [ -e .git ]; then ++ if false; then + ingit=yes + tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null) + tmp=$(echo "$tmp" | sed s/^"$package"//) + if [ -n "$tmp" ]; then + tmp=$(echo "$tmp" | sed s/^"$package"// \ + | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}') + else + tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \ + | awk -F- '$4!=0{print"-beta"$4}') + fi + [ -n "$tmp" ] && beta=yes + rev=$(git rev-parse --short HEAD | tr -d '\n\r') + rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null))) + else + ingit=no +- beta=yes +- tmp="-unknown" ++ beta=no ++ tmp="" + rev="0000000" + rvd="0" + fi +-- +2.27.0 + diff --git a/drop-import-clean.patch b/drop-import-clean.patch new file mode 100644 index 000000000000..526a3ff27900 --- /dev/null +++ b/drop-import-clean.patch @@ -0,0 +1,54 @@ +From 1690a464b28fa24ce82189a9bf5d7ce9b44804b8 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Date: Mon, 15 Jul 2019 16:24:35 -0400 +Subject: [PATCH 3/7] gpg: drop import-clean from default keyserver import + options + +* g10/gpg.c (main): drop IMPORT_CLEAN from the +default opt.keyserver_options.import_options +* doc/gpg.texi: reflect this change in the documentation + +Given that SELF_SIGS_ONLY is already set, it's not clear what +additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN +means that receiving an OpenPGP certificate from a keyserver will +potentially delete data that is otherwise held in the local keyring, +which is surprising to users who expect retrieval from the keyservers +to be purely additive. + +GnuPG-Bug-Id: 4628 +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + doc/gpg.texi | 2 +- + g10/gpg.c | 3 +-- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 4870441d4..551459a74 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1963,7 +1963,7 @@ are available for all keyserver types, some common options are: + + @end table + +-The default list of options is: "self-sigs-only, import-clean, ++The default list of options is: "self-sigs-only, + repair-keys, repair-pks-subkey-bug, export-attributes, + honor-pka-record". + +diff --git a/g10/gpg.c b/g10/gpg.c +index 68cc22041..fa2bcfa5e 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2397,8 +2397,7 @@ main (int argc, char **argv) + opt.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS + | IMPORT_REPAIR_PKS_SUBKEY_BUG +- | IMPORT_SELF_SIGS_ONLY +- | IMPORT_CLEAN); ++ | IMPORT_SELF_SIGS_ONLY); + opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.verify_options = (LIST_SHOW_UID_VALIDITY +-- +2.27.0 + diff --git a/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch b/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch new file mode 100644 index 000000000000..e448a0a44289 --- /dev/null +++ b/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch @@ -0,0 +1,32 @@ +From: Vincent Breitmoser <look@my.amazin.horse> +Date: Thu, 13 Jun 2019 21:27:43 +0200 +Subject: gpg: accept subkeys with a good revocation but no self-sig during + import + +* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we +encounter a valid revocation signature. This allows import of subkey +revocation signatures, even in the absence of a corresponding subkey +binding signature. + +-- + +This fixes the remaining test in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + g10/import.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/g10/import.c b/g10/import.c +index 79104dc..20f4af5 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -3665,6 +3665,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self) + /* It's valid, so is it newer? */ + if (sig->timestamp >= rsdate) + { ++ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ + if (rsnode) + { + /* Delete the last revocation sig since diff --git a/gpg-allow-import-of-previously-known-keys-even-without-UI.patch b/gpg-allow-import-of-previously-known-keys-even-without-UI.patch new file mode 100644 index 000000000000..fb93748537cf --- /dev/null +++ b/gpg-allow-import-of-previously-known-keys-even-without-UI.patch @@ -0,0 +1,106 @@ +From: Vincent Breitmoser <look@my.amazin.horse> +Date: Thu, 13 Jun 2019 21:27:42 +0200 +Subject: gpg: allow import of previously known keys, even without UIDs + +* g10/import.c (import_one): Accept an incoming OpenPGP certificate that +has no user id, as long as we already have a local variant of the cert +that matches the primary key. + +-- + +This fixes two of the three broken tests in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + g10/import.c | 44 +++++++++++--------------------------------- + 1 file changed, 11 insertions(+), 33 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index c8692e2..79104dc 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1843,7 +1843,6 @@ import_one_real (ctrl_t ctrl, + size_t an; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; +- int any_filter = 0; + KEYDB_HANDLE hd = NULL; + + if (r_valid) +@@ -1880,14 +1879,6 @@ import_one_real (ctrl_t ctrl, + log_printf ("\n"); + } + +- +- if (!uidnode ) +- { +- if (!silent) +- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); +- return 0; +- } +- + if (screener && screener (keyblock, screener_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk (pk), +@@ -1962,17 +1953,10 @@ import_one_real (ctrl_t ctrl, + } + } + +- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- { +- if (!silent) +- { +- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet ) +- log_info(_("this may be caused by a missing self-signature\n")); +- } +- stats->no_user_id++; +- return 0; +- } ++ /* Delete invalid parts, and note if we have any valid ones left. ++ * We will later abort import if this key is new but contains ++ * no valid uids. */ ++ delete_inv_parts (ctrl, keyblock, keyid, options); + + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); +@@ -1982,24 +1966,11 @@ import_one_real (ctrl_t ctrl, + { + apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); + commit_kbnode (&keyblock); +- any_filter = 1; + } + if (import_filter.drop_sig) + { + apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); + commit_kbnode (&keyblock); +- any_filter = 1; +- } +- +- /* If we ran any filter we need to check that at least one user id +- * is left in the keyring. Note that we do not use log_error in +- * this case. */ +- if (any_filter && !any_uid_left (keyblock)) +- { +- if (!opt.quiet ) +- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); +- stats->no_user_id++; +- return 0; + } + + /* The keyblock is valid and ready for real import. */ +@@ -2057,6 +2028,13 @@ import_one_real (ctrl_t ctrl, + err = 0; + stats->skipped_new_keys++; + } ++ else if (err && !any_uid_left (keyblock)) ++ { ++ if (!silent) ++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); ++ err = 0; ++ stats->no_user_id++; ++ } + else if (err) /* Insert this key. */ + { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/install b/install new file mode 100644 index 000000000000..1f19b99feb2d --- /dev/null +++ b/install @@ -0,0 +1,31 @@ +_global_units() { + _units=(dirmngr.socket gpg-agent.socket gpg-agent-{browser,extra,ssh}.socket) + _dir=/etc/systemd/user/sockets.target.wants + + case $1 in + enable) + mkdir -p $_dir + for _u in "${_units[@]}"; do + ln -sf /usr/lib/systemd/user/$_u $_dir/$_u + done + ;; + disable) + for _u in "${_units[@]}"; do + rm -f $_dir/$_u + done + rmdir -p --ignore-fail-on-non-empty $_dir + ;; + esac +} + +post_install() { + # See FS#42798 and FS#47371 + dirmngr </dev/null &>/dev/null + + # Let systemd supervise daemons by default + _global_units enable +} + +pre_remove() { + _global_units disable +} diff --git a/tests-add-test-cases-for-import-without-uid.patch b/tests-add-test-cases-for-import-without-uid.patch new file mode 100644 index 000000000000..52ca688b7cae --- /dev/null +++ b/tests-add-test-cases-for-import-without-uid.patch @@ -0,0 +1,201 @@ +From: Vincent Breitmoser <look@my.amazin.horse> +Date: Thu, 13 Jun 2019 21:27:41 +0200 +Subject: tests: add test cases for import without uid + +This commit adds a test case that does the following, in order: +- Import of a primary key plus user id +- Check that import of a subkey works, without a user id present in the +imported key +- Check that import of a subkey revocation works, without a user id or +subkey binding signature present in the imported key +- Check that import of a primary key revocation works, without a user id +present in the imported key + +-- + +Note that this test currently fails. The following changesets will +fix gpg so that the tests pass. + +GnuPG-Bug-id: 4393 +Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + tests/openpgp/Makefile.am | 1 + + tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++ + .../import-incomplete/primary+revocation.asc | 9 +++ + .../primary+subkey+sub-revocation.asc | 10 ++++ + .../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++ + .../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++ + tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++ + 7 files changed, 118 insertions(+) + create mode 100755 tests/openpgp/import-incomplete.scm + create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc + +diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am +index 59f39e2..3b8b699 100644 +--- a/tests/openpgp/Makefile.am ++++ b/tests/openpgp/Makefile.am +@@ -78,6 +78,7 @@ XTESTS = \ + gpgv-forged-keyring.scm \ + armor.scm \ + import.scm \ ++ import-incomplete.scm \ + import-revocation-certificate.scm \ + ecc.scm \ + 4gb-packet.scm \ +diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm +new file mode 100755 +index 0000000..727a027 +--- /dev/null ++++ b/tests/openpgp/import-incomplete.scm +@@ -0,0 +1,68 @@ ++#!/usr/bin/env gpgscm ++ ++;; Copyright (C) 2016 g10 Code GmbH ++;; ++;; This file is part of GnuPG. ++;; ++;; GnuPG is free software; you can redistribute it and/or modify ++;; it under the terms of the GNU General Public License as published by ++;; the Free Software Foundation; either version 3 of the License, or ++;; (at your option) any later version. ++;; ++;; GnuPG is distributed in the hope that it will be useful, ++;; but WITHOUT ANY WARRANTY; without even the implied warranty of ++;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++;; GNU General Public License for more details. ++;; ++;; You should have received a copy of the GNU General Public License ++;; along with this program; if not, see <http://www.gnu.org/licenses/>. ++ ++(load (in-srcdir "tests" "openpgp" "defs.scm")) ++(setup-environment) ++ ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc"))) ++ ++(info "Test import of new subkey, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of a subkey revocation, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:r:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of revocation, from a certificate without uid") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "pub:r:") ++ (string-contains? line "0843DA969AA8DAFB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ +diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc +new file mode 100644 +index 0000000..6b7b608 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+revocation.asc +@@ -0,0 +1,9 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [E] primary key, revocation signature over primary (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ ++EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3 ++XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ== ++=tM90 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +new file mode 100644 +index 0000000..83a51a5 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [D] primary key, subkey, subkey revocation (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ ++3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ= ++=dwx2 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +new file mode 100644 +index 0000000..dc47a02 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [B] primary key, subkey, subkey binding sig (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR ++Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg= ++=xuDu ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc +new file mode 100644 +index 0000000..134607d +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [C] primary key and self-sig expiring in 2024 (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8 ++2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu ++3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN ++9ohXOEBWvdJgVv2YAg== ++=KWIK ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc +new file mode 100644 +index 0000000..055f300 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [A] primary key, user ID, and self-sig expiring in 2021 ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja +++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI ++kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs= ++=1eII ++-----END PGP PUBLIC KEY BLOCK----- |