Merge lp:~jelmer/brz/gpg-detached-sign into lp:brz
- gpg-detached-sign
- Merge into trunk
Proposed by
Jelmer Vernooij
| Status: | Merged | ||||
|---|---|---|---|---|---|
| Approved by: | Jelmer Vernooij | ||||
| Approved revision: | no longer in the source branch. | ||||
| Merge reported by: | The Breezy Bot | ||||
| Merged at revision: | not available | ||||
| Proposed branch: | lp:~jelmer/brz/gpg-detached-sign | ||||
| Merge into: | lp:brz | ||||
| Diff against target: |
448 lines (+73/-111) 8 files modified
breezy/bzr/remote.py (+5/-3) breezy/gpg.py (+39/-31) breezy/merge_directive.py (+1/-1) breezy/repository.py (+6/-5) breezy/tests/per_repository/test_signatures.py (+1/-1) breezy/tests/test_commit.py (+2/-1) breezy/tests/test_gpg.py (+13/-54) breezy/tests/test_log.py (+6/-15) |
||||
| To merge this branch: | bzr merge lp:~jelmer/brz/gpg-detached-sign | ||||
| Related bugs: |
|
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Martin Packman | Approve | ||
|
Review via email:
|
|||
Commit message
Add support for passing mode argument to GPGSignature.sign.
Description of the change
Add support for passing mode argument to GPGSignature.sign.
This is necessary for brz-git, which needs to create detached signatures.
To post a comment you must log in.
Revision history for this message
| The Breezy Bot (the-breezy-bot) wrote : | # |
Running landing tests failed
https:/
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | === modified file 'breezy/bzr/remote.py' | |||
| 2 | --- breezy/bzr/remote.py 2017-11-23 20:02:55 +0000 | |||
| 3 | +++ breezy/bzr/remote.py 2018-03-24 01:56:28 +0000 | |||
| 4 | @@ -2692,7 +2692,7 @@ | |||
| 5 | 2692 | 2692 | ||
| 6 | 2693 | def store_revision_signature(self, gpg_strategy, plaintext, revision_id): | 2693 | def store_revision_signature(self, gpg_strategy, plaintext, revision_id): |
| 7 | 2694 | with self.lock_write(): | 2694 | with self.lock_write(): |
| 9 | 2695 | signature = gpg_strategy.sign(plaintext) | 2695 | signature = gpg_strategy.sign(plaintext, gpg.MODE_CLEAR) |
| 10 | 2696 | self.add_signature_text(revision_id, signature) | 2696 | self.add_signature_text(revision_id, signature) |
| 11 | 2697 | 2697 | ||
| 12 | 2698 | def add_signature_text(self, revision_id, signature): | 2698 | def add_signature_text(self, revision_id, signature): |
| 13 | @@ -2737,9 +2737,11 @@ | |||
| 14 | 2737 | signature = self.get_signature_text(revision_id) | 2737 | signature = self.get_signature_text(revision_id) |
| 15 | 2738 | 2738 | ||
| 16 | 2739 | testament = _mod_testament.Testament.from_revision(self, revision_id) | 2739 | testament = _mod_testament.Testament.from_revision(self, revision_id) |
| 17 | 2740 | plaintext = testament.as_short_text() | ||
| 18 | 2741 | 2740 | ||
| 20 | 2742 | return gpg_strategy.verify(signature, plaintext) | 2741 | (status, key, signed_plaintext) = gpg_strategy.verify(signature) |
| 21 | 2742 | if testament.as_short_text() != signed_plaintext: | ||
| 22 | 2743 | return gpg.SIGNATURE_NOT_VALID, None | ||
| 23 | 2744 | return (status, key) | ||
| 24 | 2743 | 2745 | ||
| 25 | 2744 | def item_keys_introduced_by(self, revision_ids, _files_pb=None): | 2746 | def item_keys_introduced_by(self, revision_ids, _files_pb=None): |
| 26 | 2745 | self._ensure_real() | 2747 | self._ensure_real() |
| 27 | 2746 | 2748 | ||
| 28 | === modified file 'breezy/gpg.py' | |||
| 29 | --- breezy/gpg.py 2018-02-24 15:50:23 +0000 | |||
| 30 | +++ breezy/gpg.py 2018-03-24 01:56:28 +0000 | |||
| 31 | @@ -52,6 +52,10 @@ | |||
| 32 | 52 | SIGNATURE_NOT_SIGNED = 3 | 52 | SIGNATURE_NOT_SIGNED = 3 |
| 33 | 53 | SIGNATURE_EXPIRED = 4 | 53 | SIGNATURE_EXPIRED = 4 |
| 34 | 54 | 54 | ||
| 35 | 55 | MODE_NORMAL = 0 | ||
| 36 | 56 | MODE_DETACH = 1 | ||
| 37 | 57 | MODE_CLEAR = 2 | ||
| 38 | 58 | |||
| 39 | 55 | 59 | ||
| 40 | 56 | class GpgNotInstalled(errors.DependencyNotPresent): | 60 | class GpgNotInstalled(errors.DependencyNotPresent): |
| 41 | 57 | 61 | ||
| 42 | @@ -123,10 +127,10 @@ | |||
| 43 | 123 | def __init__(self, ignored): | 127 | def __init__(self, ignored): |
| 44 | 124 | """Real strategies take a configuration.""" | 128 | """Real strategies take a configuration.""" |
| 45 | 125 | 129 | ||
| 47 | 126 | def sign(self, content): | 130 | def sign(self, content, mode): |
| 48 | 127 | raise SigningFailed('Signing is disabled.') | 131 | raise SigningFailed('Signing is disabled.') |
| 49 | 128 | 132 | ||
| 51 | 129 | def verify(self, content, testament): | 133 | def verify(self, signed_data, signature=None): |
| 52 | 130 | raise SignatureVerificationFailed('Signature verification is \ | 134 | raise SignatureVerificationFailed('Signature verification is \ |
| 53 | 131 | disabled.') | 135 | disabled.') |
| 54 | 132 | 136 | ||
| 55 | @@ -146,12 +150,14 @@ | |||
| 56 | 146 | def __init__(self, ignored): | 150 | def __init__(self, ignored): |
| 57 | 147 | """Real strategies take a configuration.""" | 151 | """Real strategies take a configuration.""" |
| 58 | 148 | 152 | ||
| 60 | 149 | def sign(self, content): | 153 | def sign(self, content, mode): |
| 61 | 150 | return ("-----BEGIN PSEUDO-SIGNED CONTENT-----\n" + content + | 154 | return ("-----BEGIN PSEUDO-SIGNED CONTENT-----\n" + content + |
| 62 | 151 | "-----END PSEUDO-SIGNED CONTENT-----\n") | 155 | "-----END PSEUDO-SIGNED CONTENT-----\n") |
| 63 | 152 | 156 | ||
| 66 | 153 | def verify(self, content, testament): | 157 | def verify(self, signed_data, signature=None): |
| 67 | 154 | return SIGNATURE_VALID, None | 158 | plain_text = signed_data.replace("-----BEGIN PSEUDO-SIGNED CONTENT-----\n", "") |
| 68 | 159 | plain_text = plain_text.replace("-----END PSEUDO-SIGNED CONTENT-----\n", "") | ||
| 69 | 160 | return SIGNATURE_VALID, None, plain_text | ||
| 70 | 155 | 161 | ||
| 71 | 156 | def set_acceptable_keys(self, command_line_input): | 162 | def set_acceptable_keys(self, command_line_input): |
| 72 | 157 | if command_line_input is not None: | 163 | if command_line_input is not None: |
| 73 | @@ -187,11 +193,11 @@ | |||
| 74 | 187 | try: | 193 | try: |
| 75 | 188 | import gpg | 194 | import gpg |
| 76 | 189 | self.context = gpg.Context() | 195 | self.context = gpg.Context() |
| 77 | 196 | self.context.armor = True | ||
| 78 | 197 | self.context.signers = self._get_signing_keys() | ||
| 79 | 190 | except ImportError as error: | 198 | except ImportError as error: |
| 80 | 191 | pass # can't use verify() | 199 | pass # can't use verify() |
| 81 | 192 | 200 | ||
| 82 | 193 | self.context.signers = self._get_signing_keys() | ||
| 83 | 194 | |||
| 84 | 195 | def _get_signing_keys(self): | 201 | def _get_signing_keys(self): |
| 85 | 196 | import gpg | 202 | import gpg |
| 86 | 197 | keyname = self._config_stack.get('gpg_signing_key') | 203 | keyname = self._config_stack.get('gpg_signing_key') |
| 87 | @@ -224,7 +230,7 @@ | |||
| 88 | 224 | except ImportError as error: | 230 | except ImportError as error: |
| 89 | 225 | return False | 231 | return False |
| 90 | 226 | 232 | ||
| 92 | 227 | def sign(self, content): | 233 | def sign(self, content, mode): |
| 93 | 228 | import gpg | 234 | import gpg |
| 94 | 229 | if isinstance(content, unicode): | 235 | if isinstance(content, unicode): |
| 95 | 230 | raise errors.BzrBadParameterUnicode('content') | 236 | raise errors.BzrBadParameterUnicode('content') |
| 96 | @@ -232,29 +238,34 @@ | |||
| 97 | 232 | plain_text = gpg.Data(content) | 238 | plain_text = gpg.Data(content) |
| 98 | 233 | try: | 239 | try: |
| 99 | 234 | output, result = self.context.sign( | 240 | output, result = self.context.sign( |
| 101 | 235 | plain_text, mode=gpg.constants.sig.mode.CLEAR) | 241 | plain_text, mode={ |
| 102 | 242 | MODE_DETACH: gpg.constants.sig.mode.DETACH, | ||
| 103 | 243 | MODE_CLEAR: gpg.constants.sig.mode.CLEAR, | ||
| 104 | 244 | MODE_NORMAL: gpg.constants.sig.mode.NORMAL, | ||
| 105 | 245 | }[mode]) | ||
| 106 | 236 | except gpg.errors.GPGMEError as error: | 246 | except gpg.errors.GPGMEError as error: |
| 107 | 237 | raise SigningFailed(str(error)) | 247 | raise SigningFailed(str(error)) |
| 108 | 238 | 248 | ||
| 109 | 239 | return output | 249 | return output |
| 110 | 240 | 250 | ||
| 112 | 241 | def verify(self, content, testament): | 251 | def verify(self, signed_data, signature=None): |
| 113 | 242 | """Check content has a valid signature. | 252 | """Check content has a valid signature. |
| 114 | 243 | 253 | ||
| 117 | 244 | :param content: the commit signature | 254 | :param signed_data; Signed data |
| 118 | 245 | :param testament: the valid testament string for the commit | 255 | :param signature: optional signature (if detached) |
| 119 | 246 | 256 | ||
| 121 | 247 | :return: SIGNATURE_VALID or a failed SIGNATURE_ value, key uid if valid | 257 | :return: SIGNATURE_VALID or a failed SIGNATURE_ value, key uid if valid, plain text |
| 122 | 248 | """ | 258 | """ |
| 123 | 249 | try: | 259 | try: |
| 124 | 250 | import gpg | 260 | import gpg |
| 125 | 251 | except ImportError as error: | 261 | except ImportError as error: |
| 126 | 252 | raise errors.GpgNotInstalled(error) | 262 | raise errors.GpgNotInstalled(error) |
| 127 | 253 | 263 | ||
| 130 | 254 | signature = gpg.Data(content) | 264 | signed_data = gpg.Data(signed_data) |
| 131 | 255 | sink = gpg.Data() | 265 | if signature: |
| 132 | 266 | signature = gpg.Data(signature) | ||
| 133 | 256 | try: | 267 | try: |
| 135 | 257 | plain_output, result = self.context.verify(signature) | 268 | plain_output, result = self.context.verify(signed_data, signature) |
| 136 | 258 | except gpg.errors.BadSignatures as error: | 269 | except gpg.errors.BadSignatures as error: |
| 137 | 259 | fingerprint = error.result.signatures[0].fpr | 270 | fingerprint = error.result.signatures[0].fpr |
| 138 | 260 | if error.result.signatures[0].summary & gpg.constants.SIGSUM_KEY_EXPIRED: | 271 | if error.result.signatures[0].summary & gpg.constants.SIGSUM_KEY_EXPIRED: |
| 139 | @@ -262,35 +273,32 @@ | |||
| 140 | 262 | if expires > error.result.signatures[0].timestamp: | 273 | if expires > error.result.signatures[0].timestamp: |
| 141 | 263 | # The expired key was not expired at time of signing. | 274 | # The expired key was not expired at time of signing. |
| 142 | 264 | # test_verify_expired_but_valid() | 275 | # test_verify_expired_but_valid() |
| 144 | 265 | return SIGNATURE_EXPIRED, fingerprint[-8:] | 276 | return SIGNATURE_EXPIRED, fingerprint[-8:], None |
| 145 | 266 | else: | 277 | else: |
| 146 | 267 | # I can't work out how to create a test where the signature | 278 | # I can't work out how to create a test where the signature |
| 147 | 268 | # was expired at the time of signing. | 279 | # was expired at the time of signing. |
| 149 | 269 | return SIGNATURE_NOT_VALID, None | 280 | return SIGNATURE_NOT_VALID, None, None |
| 150 | 270 | 281 | ||
| 151 | 271 | # GPG does not know this key. | 282 | # GPG does not know this key. |
| 152 | 272 | # test_verify_unknown_key() | 283 | # test_verify_unknown_key() |
| 153 | 273 | if error.result.signatures[0].summary & gpg.constants.SIGSUM_KEY_MISSING: | 284 | if error.result.signatures[0].summary & gpg.constants.SIGSUM_KEY_MISSING: |
| 155 | 274 | return SIGNATURE_KEY_MISSING, fingerprint[-8:] | 285 | return SIGNATURE_KEY_MISSING, fingerprint[-8:], None |
| 156 | 275 | 286 | ||
| 158 | 276 | return SIGNATURE_NOT_VALID, None | 287 | return SIGNATURE_NOT_VALID, None, None |
| 159 | 277 | except gpg.errors.GPGMEError as error: | 288 | except gpg.errors.GPGMEError as error: |
| 161 | 278 | raise SignatureVerificationFailed(error[2]) | 289 | raise SignatureVerificationFailed(error) |
| 162 | 279 | 290 | ||
| 163 | 280 | # No result if input is invalid. | 291 | # No result if input is invalid. |
| 164 | 281 | # test_verify_invalid() | 292 | # test_verify_invalid() |
| 165 | 282 | if len(result.signatures) == 0: | 293 | if len(result.signatures) == 0: |
| 167 | 283 | return SIGNATURE_NOT_VALID, None | 294 | return SIGNATURE_NOT_VALID, None, plain_output |
| 168 | 295 | |||
| 169 | 284 | # User has specified a list of acceptable keys, check our result is in | 296 | # User has specified a list of acceptable keys, check our result is in |
| 170 | 285 | # it. test_verify_unacceptable_key() | 297 | # it. test_verify_unacceptable_key() |
| 171 | 286 | fingerprint = result.signatures[0].fpr | 298 | fingerprint = result.signatures[0].fpr |
| 172 | 287 | if self.acceptable_keys is not None: | 299 | if self.acceptable_keys is not None: |
| 173 | 288 | if not fingerprint in self.acceptable_keys: | 300 | if not fingerprint in self.acceptable_keys: |
| 179 | 289 | return SIGNATURE_KEY_MISSING, fingerprint[-8:] | 301 | return SIGNATURE_KEY_MISSING, fingerprint[-8:], plain_output |
| 175 | 290 | # Check the signature actually matches the testament. | ||
| 176 | 291 | # test_verify_bad_testament() | ||
| 177 | 292 | if testament != plain_output: | ||
| 178 | 293 | return SIGNATURE_NOT_VALID, None | ||
| 180 | 294 | # Yay gpg set the valid bit. | 302 | # Yay gpg set the valid bit. |
| 181 | 295 | # Can't write a test for this one as you can't set a key to be | 303 | # Can't write a test for this one as you can't set a key to be |
| 182 | 296 | # trusted using gpg. | 304 | # trusted using gpg. |
| 183 | @@ -298,20 +306,20 @@ | |||
| 184 | 298 | key = self.context.get_key(fingerprint) | 306 | key = self.context.get_key(fingerprint) |
| 185 | 299 | name = key.uids[0].name | 307 | name = key.uids[0].name |
| 186 | 300 | email = key.uids[0].email | 308 | email = key.uids[0].email |
| 188 | 301 | return SIGNATURE_VALID, name + " <" + email + ">" | 309 | return SIGNATURE_VALID, name.decode('utf-8') + u" <" + email.decode('utf-8') + u">", plain_output |
| 189 | 302 | # Sigsum_red indicates a problem, unfortunatly I have not been able | 310 | # Sigsum_red indicates a problem, unfortunatly I have not been able |
| 190 | 303 | # to write any tests which actually set this. | 311 | # to write any tests which actually set this. |
| 191 | 304 | if result.signatures[0].summary & gpg.constants.SIGSUM_RED: | 312 | if result.signatures[0].summary & gpg.constants.SIGSUM_RED: |
| 193 | 305 | return SIGNATURE_NOT_VALID, None | 313 | return SIGNATURE_NOT_VALID, None, plain_output |
| 194 | 306 | # Summary isn't set if sig is valid but key is untrusted but if user | 314 | # Summary isn't set if sig is valid but key is untrusted but if user |
| 195 | 307 | # has explicity set the key as acceptable we can validate it. | 315 | # has explicity set the key as acceptable we can validate it. |
| 196 | 308 | if result.signatures[0].summary == 0 and self.acceptable_keys is not None: | 316 | if result.signatures[0].summary == 0 and self.acceptable_keys is not None: |
| 197 | 309 | if fingerprint in self.acceptable_keys: | 317 | if fingerprint in self.acceptable_keys: |
| 198 | 310 | # test_verify_untrusted_but_accepted() | 318 | # test_verify_untrusted_but_accepted() |
| 200 | 311 | return SIGNATURE_VALID, None | 319 | return SIGNATURE_VALID, None, plain_output |
| 201 | 312 | # test_verify_valid_but_untrusted() | 320 | # test_verify_valid_but_untrusted() |
| 202 | 313 | if result.signatures[0].summary == 0 and self.acceptable_keys is None: | 321 | if result.signatures[0].summary == 0 and self.acceptable_keys is None: |
| 204 | 314 | return SIGNATURE_NOT_VALID, None | 322 | return SIGNATURE_NOT_VALID, None, plain_output |
| 205 | 315 | # Other error types such as revoked keys should (I think) be caught by | 323 | # Other error types such as revoked keys should (I think) be caught by |
| 206 | 316 | # SIGSUM_RED so anything else means something is buggy. | 324 | # SIGSUM_RED so anything else means something is buggy. |
| 207 | 317 | raise SignatureVerificationFailed( | 325 | raise SignatureVerificationFailed( |
| 208 | 318 | 326 | ||
| 209 | === modified file 'breezy/merge_directive.py' | |||
| 210 | --- breezy/merge_directive.py 2017-10-27 00:18:42 +0000 | |||
| 211 | +++ breezy/merge_directive.py 2018-03-24 01:56:28 +0000 | |||
| 212 | @@ -251,7 +251,7 @@ | |||
| 213 | 251 | :return: a string | 251 | :return: a string |
| 214 | 252 | """ | 252 | """ |
| 215 | 253 | my_gpg = gpg.GPGStrategy(branch.get_config_stack()) | 253 | my_gpg = gpg.GPGStrategy(branch.get_config_stack()) |
| 217 | 254 | return my_gpg.sign(''.join(self.to_lines())) | 254 | return my_gpg.sign(''.join(self.to_lines()), gpg.MODE_CLEAR) |
| 218 | 255 | 255 | ||
| 219 | 256 | def to_email(self, mail_to, branch, sign=False): | 256 | def to_email(self, mail_to, branch, sign=False): |
| 220 | 257 | """Serialize as an email message. | 257 | """Serialize as an email message. |
| 221 | 258 | 258 | ||
| 222 | === modified file 'breezy/repository.py' | |||
| 223 | --- breezy/repository.py 2018-02-24 15:50:23 +0000 | |||
| 224 | +++ breezy/repository.py 2018-03-24 01:56:28 +0000 | |||
| 225 | @@ -887,7 +887,7 @@ | |||
| 226 | 887 | 887 | ||
| 227 | 888 | def store_revision_signature(self, gpg_strategy, plaintext, revision_id): | 888 | def store_revision_signature(self, gpg_strategy, plaintext, revision_id): |
| 228 | 889 | with self.lock_write(): | 889 | with self.lock_write(): |
| 230 | 890 | signature = gpg_strategy.sign(plaintext) | 890 | signature = gpg_strategy.sign(plaintext, gpg.MODE_CLEAR) |
| 231 | 891 | self.add_signature_text(revision_id, signature) | 891 | self.add_signature_text(revision_id, signature) |
| 232 | 892 | 892 | ||
| 233 | 893 | def add_signature_text(self, revision_id, signature): | 893 | def add_signature_text(self, revision_id, signature): |
| 234 | @@ -1104,11 +1104,12 @@ | |||
| 235 | 1104 | return gpg.SIGNATURE_NOT_SIGNED, None | 1104 | return gpg.SIGNATURE_NOT_SIGNED, None |
| 236 | 1105 | signature = self.get_signature_text(revision_id) | 1105 | signature = self.get_signature_text(revision_id) |
| 237 | 1106 | 1106 | ||
| 241 | 1107 | testament = _mod_testament.Testament.from_revision( | 1107 | testament = _mod_testament.Testament.from_revision(self, revision_id) |
| 239 | 1108 | self, revision_id) | ||
| 240 | 1109 | plaintext = testament.as_short_text() | ||
| 242 | 1110 | 1108 | ||
| 244 | 1111 | return gpg_strategy.verify(signature, plaintext) | 1109 | (status, key, signed_plaintext) = gpg_strategy.verify(signature) |
| 245 | 1110 | if testament.as_short_text() != signed_plaintext: | ||
| 246 | 1111 | return gpg.SIGNATURE_NOT_VALID, None | ||
| 247 | 1112 | return (status, key) | ||
| 248 | 1112 | 1113 | ||
| 249 | 1113 | def verify_revision_signatures(self, revision_ids, gpg_strategy): | 1114 | def verify_revision_signatures(self, revision_ids, gpg_strategy): |
| 250 | 1114 | """Verify revision signatures for a number of revisions. | 1115 | """Verify revision signatures for a number of revisions. |
| 251 | 1115 | 1116 | ||
| 252 | === modified file 'breezy/tests/per_repository/test_signatures.py' | |||
| 253 | --- breezy/tests/per_repository/test_signatures.py 2017-08-07 19:09:47 +0000 | |||
| 254 | +++ breezy/tests/per_repository/test_signatures.py 2018-03-24 01:56:28 +0000 | |||
| 255 | @@ -123,7 +123,7 @@ | |||
| 256 | 123 | '-----END PSEUDO-SIGNED CONTENT-----\n', | 123 | '-----END PSEUDO-SIGNED CONTENT-----\n', |
| 257 | 124 | repo.get_signature_text(a)) | 124 | repo.get_signature_text(a)) |
| 258 | 125 | self.assertEqual( | 125 | self.assertEqual( |
| 260 | 126 | (gpg.SIGNATURE_VALID, None, ), | 126 | (gpg.SIGNATURE_VALID, None), |
| 261 | 127 | repo.verify_revision_signature(a, strategy)) | 127 | repo.verify_revision_signature(a, strategy)) |
| 262 | 128 | 128 | ||
| 263 | 129 | def test_verify_revision_signatures(self): | 129 | def test_verify_revision_signatures(self): |
| 264 | 130 | 130 | ||
| 265 | === modified file 'breezy/tests/test_commit.py' | |||
| 266 | --- breezy/tests/test_commit.py 2018-02-15 19:38:33 +0000 | |||
| 267 | +++ breezy/tests/test_commit.py 2018-03-24 01:56:28 +0000 | |||
| 268 | @@ -435,7 +435,8 @@ | |||
| 269 | 435 | message="base", allow_pointless=True, rev_id='B', | 435 | message="base", allow_pointless=True, rev_id='B', |
| 270 | 436 | working_tree=wt) | 436 | working_tree=wt) |
| 271 | 437 | def sign(text): | 437 | def sign(text): |
| 273 | 438 | return breezy.gpg.LoopbackGPGStrategy(None).sign(text) | 438 | return breezy.gpg.LoopbackGPGStrategy(None).sign( |
| 274 | 439 | text, breezy.gpg.MODE_CLEAR) | ||
| 275 | 439 | self.assertEqual(sign(Testament.from_revision(branch.repository, | 440 | self.assertEqual(sign(Testament.from_revision(branch.repository, |
| 276 | 440 | 'B').as_short_text()), | 441 | 'B').as_short_text()), |
| 277 | 441 | branch.repository.get_signature_text('B')) | 442 | branch.repository.get_signature_text('B')) |
| 278 | 442 | 443 | ||
| 279 | === modified file 'breezy/tests/test_gpg.py' | |||
| 280 | --- breezy/tests/test_gpg.py 2017-07-04 20:03:11 +0000 | |||
| 281 | +++ breezy/tests/test_gpg.py 2018-03-24 01:56:28 +0000 | |||
| 282 | @@ -224,8 +224,7 @@ | |||
| 283 | 224 | """ | 224 | """ |
| 284 | 225 | my_gpg = gpg.GPGStrategy(FakeConfig()) | 225 | my_gpg = gpg.GPGStrategy(FakeConfig()) |
| 285 | 226 | my_gpg.set_acceptable_keys("bazaar@example.com") | 226 | my_gpg.set_acceptable_keys("bazaar@example.com") |
| 288 | 227 | self.assertEqual((gpg.SIGNATURE_VALID, None), my_gpg.verify(content, | 227 | self.assertEqual((gpg.SIGNATURE_VALID, None, plain), my_gpg.verify(content)) |
| 287 | 228 | plain)) | ||
| 289 | 229 | 228 | ||
| 290 | 230 | def test_verify_unacceptable_key(self): | 229 | def test_verify_unacceptable_key(self): |
| 291 | 231 | self.requireFeature(features.gpg) | 230 | self.requireFeature(features.gpg) |
| 292 | @@ -255,8 +254,8 @@ | |||
| 293 | 255 | """ | 254 | """ |
| 294 | 256 | my_gpg = gpg.GPGStrategy(FakeConfig()) | 255 | my_gpg = gpg.GPGStrategy(FakeConfig()) |
| 295 | 257 | my_gpg.set_acceptable_keys("foo@example.com") | 256 | my_gpg.set_acceptable_keys("foo@example.com") |
| 298 | 258 | self.assertEqual((gpg.SIGNATURE_KEY_MISSING, u'E3080E45'), | 257 | self.assertEqual((gpg.SIGNATURE_KEY_MISSING, u'E3080E45', plain), |
| 299 | 259 | my_gpg.verify(content, plain)) | 258 | my_gpg.verify(content)) |
| 300 | 260 | 259 | ||
| 301 | 261 | def test_verify_valid_but_untrusted(self): | 260 | def test_verify_valid_but_untrusted(self): |
| 302 | 262 | self.requireFeature(features.gpg) | 261 | self.requireFeature(features.gpg) |
| 303 | @@ -285,40 +284,7 @@ | |||
| 304 | 285 | sha1: 6411f9bdf6571200357140c9ce7c0f50106ac9a4 | 284 | sha1: 6411f9bdf6571200357140c9ce7c0f50106ac9a4 |
| 305 | 286 | """ | 285 | """ |
| 306 | 287 | my_gpg = gpg.GPGStrategy(FakeConfig()) | 286 | my_gpg = gpg.GPGStrategy(FakeConfig()) |
| 341 | 288 | self.assertEqual((gpg.SIGNATURE_NOT_VALID, None), my_gpg.verify(content, | 287 | self.assertEqual((gpg.SIGNATURE_NOT_VALID, None, plain), my_gpg.verify(content)) |
| 308 | 289 | plain)) | ||
| 309 | 290 | |||
| 310 | 291 | def test_verify_bad_testament(self): | ||
| 311 | 292 | self.requireFeature(features.gpg) | ||
| 312 | 293 | self.import_keys() | ||
| 313 | 294 | |||
| 314 | 295 | content = """-----BEGIN PGP SIGNED MESSAGE----- | ||
| 315 | 296 | Hash: SHA1 | ||
| 316 | 297 | |||
| 317 | 298 | bazaar-ng testament short form 1 | ||
| 318 | 299 | revision-id: amy@example.com-20110527185938-hluafawphszb8dl1 | ||
| 319 | 300 | sha1: 6411f9bdf6571200357140c9ce7c0f50106ac9a4 | ||
| 320 | 301 | -----BEGIN PGP SIGNATURE----- | ||
| 321 | 302 | Version: GnuPG v1.4.11 (GNU/Linux) | ||
| 322 | 303 | |||
| 323 | 304 | iQEcBAEBAgAGBQJN+ekFAAoJEIdoGx7jCA5FGtEH/i+XxJRvqU6wdBtLVrGBMAGk | ||
| 324 | 305 | FZ5VP+KyXYtymSbgSstj/vM12NeMIeFs3xGnNnYuX1MIcY6We5TKtCH0epY6ym5+ | ||
| 325 | 306 | 6g2Q2QpQ5/sT2d0mWzR0K4uVngmxVQaXTdk5PdZ40O7ULeDLW6CxzxMHyUL1rsIx | ||
| 326 | 307 | 7UBUTBh1O/1n3ZfD99hUkm3hVcnsN90uTKH59zV9NWwArU0cug60+5eDKJhSJDbG | ||
| 327 | 308 | rIwlqbFAjDZ7L/48e+IaYIJwBZFzMBpJKdCxzALLtauMf+KK8hGiL2hrRbWm7ty6 | ||
| 328 | 309 | NgxfkMYOB4rDPdSstT35N+5uBG3n/UzjxHssi0svMfVETYYX40y57dm2eZQXFp8= | ||
| 329 | 310 | =iwsn | ||
| 330 | 311 | -----END PGP SIGNATURE----- | ||
| 331 | 312 | """ | ||
| 332 | 313 | plain = """bazaar-ng testament short form 1 | ||
| 333 | 314 | revision-id: doctor@example.com-20110527185938-hluafawphszb8dl1 | ||
| 334 | 315 | sha1: 6411f9bdf6571200357140c9ce7c0f50106ac9a4 | ||
| 335 | 316 | """ | ||
| 336 | 317 | my_gpg = gpg.GPGStrategy(FakeConfig()) | ||
| 337 | 318 | my_gpg.set_acceptable_keys("bazaar@example.com") | ||
| 338 | 319 | self.assertEqual((gpg.SIGNATURE_NOT_VALID, None), my_gpg.verify(content, | ||
| 339 | 320 | plain)) | ||
| 340 | 321 | |||
| 342 | 322 | 288 | ||
| 343 | 323 | def test_verify_revoked_signature(self): | 289 | def test_verify_revoked_signature(self): |
| 344 | 324 | self.requireFeature(features.gpg) | 290 | self.requireFeature(features.gpg) |
| 345 | @@ -341,8 +307,7 @@ | |||
| 346 | 341 | plain = """asdf\n""" | 307 | plain = """asdf\n""" |
| 347 | 342 | my_gpg = gpg.GPGStrategy(FakeConfig()) | 308 | my_gpg = gpg.GPGStrategy(FakeConfig()) |
| 348 | 343 | my_gpg.set_acceptable_keys("test@example.com") | 309 | my_gpg.set_acceptable_keys("test@example.com") |
| 351 | 344 | self.assertEqual((gpg.SIGNATURE_NOT_VALID, None), my_gpg.verify(content, | 310 | self.assertEqual((gpg.SIGNATURE_NOT_VALID, None, None), my_gpg.verify(content)) |
| 350 | 345 | plain)) | ||
| 352 | 346 | 311 | ||
| 353 | 347 | def test_verify_invalid(self): | 312 | def test_verify_invalid(self): |
| 354 | 348 | self.requireFeature(features.gpg) | 313 | self.requireFeature(features.gpg) |
| 355 | @@ -366,8 +331,8 @@ | |||
| 356 | 366 | sha1: 6411f9bdf6571200357140c9ce7c0f50106ac9a4 | 331 | sha1: 6411f9bdf6571200357140c9ce7c0f50106ac9a4 |
| 357 | 367 | """ | 332 | """ |
| 358 | 368 | my_gpg = gpg.GPGStrategy(FakeConfig()) | 333 | my_gpg = gpg.GPGStrategy(FakeConfig()) |
| 361 | 369 | self.assertEqual((gpg.SIGNATURE_NOT_VALID, None), | 334 | self.assertEqual((gpg.SIGNATURE_NOT_VALID, None, plain), |
| 362 | 370 | my_gpg.verify(content, plain)) | 335 | my_gpg.verify(content)) |
| 363 | 371 | 336 | ||
| 364 | 372 | def test_verify_expired_but_valid(self): | 337 | def test_verify_expired_but_valid(self): |
| 365 | 373 | self.requireFeature(features.gpg) | 338 | self.requireFeature(features.gpg) |
| 366 | @@ -388,13 +353,9 @@ | |||
| 367 | 388 | =uHen | 353 | =uHen |
| 368 | 389 | -----END PGP SIGNATURE----- | 354 | -----END PGP SIGNATURE----- |
| 369 | 390 | """ | 355 | """ |
| 370 | 391 | plain = """bazaar-ng testament short form 1 | ||
| 371 | 392 | revision-id: test@example.com-20110801100657-f1dr1nompeex723z | ||
| 372 | 393 | sha1: 59ab434be4c2d5d646dee84f514aa09e1b72feeb | ||
| 373 | 394 | """ | ||
| 374 | 395 | my_gpg = gpg.GPGStrategy(FakeConfig()) | 356 | my_gpg = gpg.GPGStrategy(FakeConfig()) |
| 377 | 396 | self.assertEqual((gpg.SIGNATURE_EXPIRED, u'4F8D1513'), | 357 | self.assertEqual((gpg.SIGNATURE_EXPIRED, u'4F8D1513', None), |
| 378 | 397 | my_gpg.verify(content, plain)) | 358 | my_gpg.verify(content)) |
| 379 | 398 | 359 | ||
| 380 | 399 | def test_verify_unknown_key(self): | 360 | def test_verify_unknown_key(self): |
| 381 | 400 | self.requireFeature(features.gpg) | 361 | self.requireFeature(features.gpg) |
| 382 | @@ -415,10 +376,9 @@ | |||
| 383 | 415 | =RNR5 | 376 | =RNR5 |
| 384 | 416 | -----END PGP SIGNATURE----- | 377 | -----END PGP SIGNATURE----- |
| 385 | 417 | """ | 378 | """ |
| 386 | 418 | plain = "asdf\n" | ||
| 387 | 419 | my_gpg = gpg.GPGStrategy(FakeConfig()) | 379 | my_gpg = gpg.GPGStrategy(FakeConfig()) |
| 390 | 420 | self.assertEqual((gpg.SIGNATURE_KEY_MISSING, u'5D51E56F'), | 380 | self.assertEqual((gpg.SIGNATURE_KEY_MISSING, u'5D51E56F', None), |
| 391 | 421 | my_gpg.verify(content, plain)) | 381 | my_gpg.verify(content)) |
| 392 | 422 | 382 | ||
| 393 | 423 | def test_set_acceptable_keys(self): | 383 | def test_set_acceptable_keys(self): |
| 394 | 424 | self.requireFeature(features.gpg) | 384 | self.requireFeature(features.gpg) |
| 395 | @@ -454,9 +414,8 @@ | |||
| 396 | 454 | 414 | ||
| 397 | 455 | def test_sign(self): | 415 | def test_sign(self): |
| 398 | 456 | self.assertRaises(gpg.SigningFailed, | 416 | self.assertRaises(gpg.SigningFailed, |
| 400 | 457 | gpg.DisabledGPGStrategy(None).sign, 'content') | 417 | gpg.DisabledGPGStrategy(None).sign, 'content', gpg.MODE_CLEAR) |
| 401 | 458 | 418 | ||
| 402 | 459 | def test_verify(self): | 419 | def test_verify(self): |
| 403 | 460 | self.assertRaises(gpg.SignatureVerificationFailed, | 420 | self.assertRaises(gpg.SignatureVerificationFailed, |
| 406 | 461 | gpg.DisabledGPGStrategy(None).verify, 'content', | 421 | gpg.DisabledGPGStrategy(None).verify, 'content') |
| 405 | 462 | 'testament') | ||
| 407 | 463 | 422 | ||
| 408 | === modified file 'breezy/tests/test_log.py' | |||
| 409 | --- breezy/tests/test_log.py 2017-12-04 00:25:02 +0000 | |||
| 410 | +++ breezy/tests/test_log.py 2018-03-24 01:56:28 +0000 | |||
| 411 | @@ -317,31 +317,22 @@ | |||
| 412 | 317 | 317 | ||
| 413 | 318 | 318 | ||
| 414 | 319 | class TestFormatSignatureValidity(tests.TestCaseWithTransport): | 319 | class TestFormatSignatureValidity(tests.TestCaseWithTransport): |
| 425 | 320 | class UTFLoopbackGPGStrategy(gpg.LoopbackGPGStrategy): | 320 | |
| 426 | 321 | def verify(self, content, testament): | 321 | def verify_revision_signature(self, revid, gpg_strategy): |
| 427 | 322 | return (gpg.SIGNATURE_VALID, | 322 | return (gpg.SIGNATURE_VALID, |
| 428 | 323 | u'UTF8 Test \xa1\xb1\xc1\xd1\xe1\xf1 <jrandom@example.com>') | 323 | u'UTF8 Test \xa1\xb1\xc1\xd1\xe1\xf1 <jrandom@example.com>') |
| 419 | 324 | |||
| 420 | 325 | def has_signature_for_revision_id(self, revision_id): | ||
| 421 | 326 | return True | ||
| 422 | 327 | |||
| 423 | 328 | def get_signature_text(self, revision_id): | ||
| 424 | 329 | return '' | ||
| 429 | 330 | 324 | ||
| 430 | 331 | def test_format_signature_validity_utf(self): | 325 | def test_format_signature_validity_utf(self): |
| 431 | 332 | """Check that GPG signatures containing UTF-8 names are formatted | 326 | """Check that GPG signatures containing UTF-8 names are formatted |
| 432 | 333 | correctly.""" | 327 | correctly.""" |
| 433 | 334 | # Monkey patch to use our UTF-8 generating GPGStrategy | ||
| 434 | 335 | self.overrideAttr(gpg, 'GPGStrategy', self.UTFLoopbackGPGStrategy) | ||
| 435 | 336 | wt = self.make_branch_and_tree('.') | 328 | wt = self.make_branch_and_tree('.') |
| 436 | 337 | revid = wt.commit('empty commit') | 329 | revid = wt.commit('empty commit') |
| 437 | 338 | repo = wt.branch.repository | 330 | repo = wt.branch.repository |
| 438 | 339 | # Monkey patch out checking if this rev is actually signed, since we | 331 | # Monkey patch out checking if this rev is actually signed, since we |
| 439 | 340 | # can't sign it without a heavier TestCase and LoopbackGPGStrategy | 332 | # can't sign it without a heavier TestCase and LoopbackGPGStrategy |
| 440 | 341 | # doesn't care anyways. | 333 | # doesn't care anyways. |
| 444 | 342 | self.overrideAttr(repo, 'has_signature_for_revision_id', | 334 | self.overrideAttr(repo, 'verify_revision_signature', |
| 445 | 343 | self.has_signature_for_revision_id) | 335 | self.verify_revision_signature) |
| 443 | 344 | self.overrideAttr(repo, 'get_signature_text', self.get_signature_text) | ||
| 446 | 345 | out = log.format_signature_validity(revid, wt.branch) | 336 | out = log.format_signature_validity(revid, wt.branch) |
| 447 | 346 | self.assertEqual( | 337 | self.assertEqual( |
| 448 | 347 | u'valid signature from UTF8 Test \xa1\xb1\xc1\xd1\xe1\xf1 <jrandom@example.com>', | 338 | u'valid signature from UTF8 Test \xa1\xb1\xc1\xd1\xe1\xf1 <jrandom@example.com>', |
Thanks, so questions answered, constants are the same as the mapping, but the breezy interface doesn't depend on gpg module being installed. Also, argument not defaulted as bzr wants clear but git needs detached, so better to just pass.