Merge branch 'jk/use-compat-util-in-test-tool'
[git] / t / lib-gpg.sh
1 #!/bin/sh
2
3 gpg_version=$(gpg --version 2>&1)
4 if test $? != 127
5 then
6         # As said here: http://www.gnupg.org/documentation/faqs.html#q6.19
7         # the gpg version 1.0.6 didn't parse trust packets correctly, so for
8         # that version, creation of signed tags using the generated key fails.
9         case "$gpg_version" in
10         'gpg (GnuPG) 1.0.6'*)
11                 say "Your version of gpg (1.0.6) is too buggy for testing"
12                 ;;
13         *)
14                 # Available key info:
15                 # * Type DSA and Elgamal, size 2048 bits, no expiration date,
16                 #   name and email: C O Mitter <committer@example.com>
17                 # * Type RSA, size 2048 bits, no expiration date,
18                 #   name and email: Eris Discordia <discord@example.net>
19                 # No password given, to enable non-interactive operation.
20                 # To generate new key:
21                 #       gpg --homedir /tmp/gpghome --gen-key
22                 # To write armored exported key to keyring:
23                 #       gpg --homedir /tmp/gpghome --export-secret-keys \
24                 #               --armor 0xDEADBEEF >> lib-gpg/keyring.gpg
25                 #       gpg --homedir /tmp/gpghome --export \
26                 #               --armor 0xDEADBEEF >> lib-gpg/keyring.gpg
27                 # To export ownertrust:
28                 #       gpg --homedir /tmp/gpghome --export-ownertrust \
29                 #               > lib-gpg/ownertrust
30                 mkdir ./gpghome &&
31                 chmod 0700 ./gpghome &&
32                 GNUPGHOME="$(pwd)/gpghome" &&
33                 export GNUPGHOME &&
34                 (gpgconf --kill gpg-agent >/dev/null 2>&1 || : ) &&
35                 gpg --homedir "${GNUPGHOME}" 2>/dev/null --import \
36                         "$TEST_DIRECTORY"/lib-gpg/keyring.gpg &&
37                 gpg --homedir "${GNUPGHOME}" 2>/dev/null --import-ownertrust \
38                         "$TEST_DIRECTORY"/lib-gpg/ownertrust &&
39                 gpg --homedir "${GNUPGHOME}" </dev/null >/dev/null 2>&1 \
40                         --sign -u committer@example.com &&
41                 test_set_prereq GPG &&
42                 # Available key info:
43                 # * see t/lib-gpg/gpgsm-gen-key.in
44                 # To generate new certificate:
45                 #  * no passphrase
46                 #       gpgsm --homedir /tmp/gpghome/ \
47                 #               -o /tmp/gpgsm.crt.user \
48                 #               --generate-key \
49                 #               --batch t/lib-gpg/gpgsm-gen-key.in
50                 # To import certificate:
51                 #       gpgsm --homedir /tmp/gpghome/ \
52                 #               --import /tmp/gpgsm.crt.user
53                 # To export into a .p12 we can later import:
54                 #       gpgsm --homedir /tmp/gpghome/ \
55                 #               -o t/lib-gpg/gpgsm_cert.p12 \
56                 #               --export-secret-key-p12 "committer@example.com"
57                 echo | gpgsm --homedir "${GNUPGHOME}" 2>/dev/null \
58                         --passphrase-fd 0 --pinentry-mode loopback \
59                         --import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 &&
60                 gpgsm --homedir "${GNUPGHOME}" 2>/dev/null -K \
61                         | grep fingerprint: | cut -d" " -f4 | tr -d '\n' > \
62                         ${GNUPGHOME}/trustlist.txt &&
63                 echo " S relax" >> ${GNUPGHOME}/trustlist.txt &&
64                 (gpgconf --kill gpg-agent >/dev/null 2>&1 || : ) &&
65                 echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \
66                         -u committer@example.com -o /dev/null --sign - 2>&1 &&
67                 test_set_prereq GPGSM
68                 ;;
69         esac
70 fi
71
72 if test_have_prereq GPG &&
73     echo | gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null 2>&1
74 then
75         test_set_prereq RFC1991
76 fi
77
78 sanitize_pgp() {
79         perl -ne '
80                 /^-----END PGP/ and $in_pgp = 0;
81                 print unless $in_pgp;
82                 /^-----BEGIN PGP/ and $in_pgp = 1;
83         '
84 }