mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-12-22 09:24:54 +01:00
test/crypto: add_gnupg_home should have ultimate trust on "its own" key
The typical use case for gpg is that if you control a secret key, you mark it with "ultimate" ownertrust. The opaque --import-ownertrust mechanism is GnuPG's standard mechanism to set up ultimate ownertrust (the ":6:" means "ultimate", for whatever reason). We adjust the test suite to match this change, inverting the sense of one test: since the default is now that the user ID of the suite's own key is valid, we change the test to make sure that the user ID is not emitted when it is *not* valid. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
93e699e5c8
commit
7d48604157
2 changed files with 10 additions and 8 deletions
|
@ -40,7 +40,8 @@ expected='[[[{"id": "XXXXX",
|
|||
"body": [{"id": 1,
|
||||
"sigstatus": [{"status": "good",
|
||||
"fingerprint": "'$FINGERPRINT'",
|
||||
"created": 946728000}],
|
||||
"created": 946728000,
|
||||
"userid": "'"$SELF_USERID"'"}],
|
||||
"content-type": "multipart/signed",
|
||||
"content": [{"id": 2,
|
||||
"content-type": "text/plain",
|
||||
|
@ -135,11 +136,11 @@ test_expect_equal_json \
|
|||
"$output" \
|
||||
"$expected"
|
||||
|
||||
test_begin_subtest "signature verification with full user ID validity"
|
||||
# give the key ultimate owner trust, which confers full validity on
|
||||
# all user IDs in the certificate:
|
||||
echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust >>"$GNUPGHOME"/trust.log 2>&1
|
||||
gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1
|
||||
test_begin_subtest "signature verification without full user ID validity"
|
||||
# give the key no owner trust, removes validity on all user IDs of the
|
||||
# certificate in the absence of other trusted certifiers:
|
||||
gpg --quiet --batch --no-tty --export-ownertrust > "$GNUPGHOME/ownertrust.bak"
|
||||
echo "${FINGERPRINT}:3:" | gpg --quiet --batch --no-tty --import-ownertrust
|
||||
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
|
||||
| notmuch_json_show_sanitize \
|
||||
| sed -e 's|"created": [1234567890]*|"created": 946728000|')
|
||||
|
@ -157,8 +158,7 @@ expected='[[[{"id": "XXXXX",
|
|||
"body": [{"id": 1,
|
||||
"sigstatus": [{"status": "good",
|
||||
"fingerprint": "'$FINGERPRINT'",
|
||||
"created": 946728000,
|
||||
"userid": "'"$SELF_USERID"'"}],
|
||||
"created": 946728000}],
|
||||
"content-type": "multipart/signed",
|
||||
"content": [{"id": 2,
|
||||
"content-type": "text/plain",
|
||||
|
@ -170,6 +170,7 @@ expected='[[[{"id": "XXXXX",
|
|||
test_expect_equal_json \
|
||||
"$output" \
|
||||
"$expected"
|
||||
gpg --quiet --batch --no-tty --import-ownertrust < "$GNUPGHOME/ownertrust.bak"
|
||||
|
||||
test_begin_subtest "signature verification with signer key unavailable"
|
||||
# move the gnupghome temporarily out of the way
|
||||
|
|
|
@ -121,6 +121,7 @@ add_gnupg_home ()
|
|||
# Change this if we ship a new test key
|
||||
FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
|
||||
SELF_USERID="Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"
|
||||
printf '%s:6:\n' "$FINGERPRINT" | gpg --quiet --batch --no-tty --import-ownertrust
|
||||
}
|
||||
|
||||
# Each test should start with something like this, after copyright notices:
|
||||
|
|
Loading…
Reference in a new issue