[thirdparty/git.git] / t / lib-gpg.sh

#!/bin/sh

gpg_version=$(gpg --version 2>&1)
if test $? != 127
then
	# As said here: http://www.gnupg.org/documentation/faqs.html#q6.19
	# the gpg version 1.0.6 didn't parse trust packets correctly, so for
	# that version, creation of signed tags using the generated key fails.
	case "$gpg_version" in
	'gpg (GnuPG) 1.0.6'*)
		say "Your version of gpg (1.0.6) is too buggy for testing"
		;;
	*)
		# Available key info:
		# * Type DSA and Elgamal, size 2048 bits, no expiration date,
		#   name and email: C O Mitter <committer@example.com>
		# * Type RSA, size 2048 bits, no expiration date,
		#   name and email: Eris Discordia <discord@example.net>
		# No password given, to enable non-interactive operation.
		# To generate new key:
		#	gpg --homedir /tmp/gpghome --gen-key
		# To write armored exported key to keyring:
		#	gpg --homedir /tmp/gpghome --export-secret-keys \
		#		--armor 0xDEADBEEF >> lib-gpg/keyring.gpg
		#	gpg --homedir /tmp/gpghome --export \
		#		--armor 0xDEADBEEF >> lib-gpg/keyring.gpg
		# To export ownertrust:
		#	gpg --homedir /tmp/gpghome --export-ownertrust \
		#		> lib-gpg/ownertrust
		mkdir ./gpghome &&
		chmod 0700 ./gpghome &&
		GNUPGHOME="$(pwd)/gpghome" &&
		export GNUPGHOME &&
		(gpgconf --kill gpg-agent >/dev/null 2>&1 || : ) &&
		gpg --homedir "${GNUPGHOME}" 2>/dev/null --import \
			"$TEST_DIRECTORY"/lib-gpg/keyring.gpg &&
		gpg --homedir "${GNUPGHOME}" 2>/dev/null --import-ownertrust \
			"$TEST_DIRECTORY"/lib-gpg/ownertrust &&
		gpg --homedir "${GNUPGHOME}" </dev/null >/dev/null 2>&1 \
			--sign -u committer@example.com &&
		test_set_prereq GPG &&
		# Available key info:
		# * see t/lib-gpg/gpgsm-gen-key.in
		# To generate new certificate:
		#  * no passphrase
		#	gpgsm --homedir /tmp/gpghome/ \
		#		-o /tmp/gpgsm.crt.user \
		#		--generate-key \
		#		--batch t/lib-gpg/gpgsm-gen-key.in
		# To import certificate:
		#	gpgsm --homedir /tmp/gpghome/ \
		#		--import /tmp/gpgsm.crt.user
		# To export into a .p12 we can later import:
		#	gpgsm --homedir /tmp/gpghome/ \
		#		-o t/lib-gpg/gpgsm_cert.p12 \
		#		--export-secret-key-p12 "committer@example.com"
		echo | gpgsm --homedir "${GNUPGHOME}" 2>/dev/null \
			--passphrase-fd 0 --pinentry-mode loopback \
			--import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 &&

		gpgsm --homedir "${GNUPGHOME}" 2>/dev/null -K |
		grep fingerprint: |
		cut -d" " -f4 |
		tr -d '\n' >"${GNUPGHOME}/trustlist.txt" &&

		echo " S relax" >>"${GNUPGHOME}/trustlist.txt" &&
		echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \
			-u committer@example.com -o /dev/null --sign - 2>&1 &&
		test_set_prereq GPGSM
		;;
	esac
fi

if test_have_prereq GPG &&
    echo | gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null 2>&1
then
	test_set_prereq RFC1991
fi

sanitize_pgp() {
	perl -ne '
		/^-----END PGP/ and $in_pgp = 0;
		print unless $in_pgp;
		/^-----BEGIN PGP/ and $in_pgp = 1;
	'
}
Commit	Line	Data
37d3e859 JK	1	#!/bin/sh
37d3e859 JK	2
be194d53	3	gpg_version=$(gpg --version 2>&1)
f9e9c0d1 ES	4	if test $? != 127
f9e9c0d1 ES	5	then
37d3e859 JK	6	# As said here: http://www.gnupg.org/documentation/faqs.html#q6.19
	7	# the gpg version 1.0.6 didn't parse trust packets correctly, so for
	8	# that version, creation of signed tags using the generated key fails.
	9	case "$gpg_version" in
	10	'gpg (GnuPG) 1.0.6'*)
	11	say "Your version of gpg (1.0.6) is too buggy for testing"
	12	;;
	13	*)
6fb5df6c CH	14	# Available key info:
	15	# * Type DSA and Elgamal, size 2048 bits, no expiration date,
	16	# name and email: C O Mitter <committer@example.com>
	17	# * Type RSA, size 2048 bits, no expiration date,
	18	# name and email: Eris Discordia <discord@example.net>
37d3e859	19	# No password given, to enable non-interactive operation.
6fb5df6c CH	20	# To generate new key:
	21	# gpg --homedir /tmp/gpghome --gen-key
	22	# To write armored exported key to keyring:
	23	# gpg --homedir /tmp/gpghome --export-secret-keys \
	24	# --armor 0xDEADBEEF >> lib-gpg/keyring.gpg
830ff021 JK	25	# gpg --homedir /tmp/gpghome --export \
830ff021 JK	26	# --armor 0xDEADBEEF >> lib-gpg/keyring.gpg
6fb5df6c CH	27	# To export ownertrust:
	28	# gpg --homedir /tmp/gpghome --export-ownertrust \
	29	# > lib-gpg/ownertrust
4b0bf39d JH	30	mkdir ./gpghome &&
	31	chmod 0700 ./gpghome &&
	32	GNUPGHOME="$(pwd)/gpghome" &&
	33	export GNUPGHOME &&
4c180f60	34	(gpgconf --kill gpg-agent >/dev/null 2>&1 \|\| : ) &&
4b0bf39d JH	35	gpg --homedir "${GNUPGHOME}" 2>/dev/null --import \
	36	"$TEST_DIRECTORY"/lib-gpg/keyring.gpg &&
	37	gpg --homedir "${GNUPGHOME}" 2>/dev/null --import-ownertrust \
	38	"$TEST_DIRECTORY"/lib-gpg/ownertrust &&
1f985d60 JK	39	gpg --homedir "${GNUPGHOME}" </dev/null >/dev/null 2>&1 \
1f985d60 JK	40	--sign -u committer@example.com &&
53fc9993 HS	41	test_set_prereq GPG &&
	42	# Available key info:
	43	# * see t/lib-gpg/gpgsm-gen-key.in
	44	# To generate new certificate:
	45	# * no passphrase
	46	# gpgsm --homedir /tmp/gpghome/ \
	47	# -o /tmp/gpgsm.crt.user \
	48	# --generate-key \
	49	# --batch t/lib-gpg/gpgsm-gen-key.in
	50	# To import certificate:
	51	# gpgsm --homedir /tmp/gpghome/ \
	52	# --import /tmp/gpgsm.crt.user
	53	# To export into a .p12 we can later import:
	54	# gpgsm --homedir /tmp/gpghome/ \
	55	# -o t/lib-gpg/gpgsm_cert.p12 \
	56	# --export-secret-key-p12 "committer@example.com"
	57	echo \| gpgsm --homedir "${GNUPGHOME}" 2>/dev/null \
	58	--passphrase-fd 0 --pinentry-mode loopback \
	59	--import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 &&
bdbc17e8 MD	60
	61	gpgsm --homedir "${GNUPGHOME}" 2>/dev/null -K \|
	62	grep fingerprint: \|
	63	cut -d" " -f4 \|
	64	tr -d '\n' >"${GNUPGHOME}/trustlist.txt" &&
	65
ddf3a115	66	echo " S relax" >>"${GNUPGHOME}/trustlist.txt" &&
53fc9993 HS	67	echo hello \| gpgsm --homedir "${GNUPGHOME}" >/dev/null \
	68	-u committer@example.com -o /dev/null --sign - 2>&1 &&
	69	test_set_prereq GPGSM
37d3e859 JK	70	;;
	71	esac
	72	fi
e2b23972	73
4b0bf39d JH	74	if test_have_prereq GPG &&
	75	echo \| gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null 2>&1
	76	then
	77	test_set_prereq RFC1991
	78	fi
	79
e2b23972 MG	80	sanitize_pgp() {
	81	perl -ne '
	82	/^-----END PGP/ and $in_pgp = 0;
	83	print unless $in_pgp;
	84	/^-----BEGIN PGP/ and $in_pgp = 1;
	85	'
	86	}