Merge branch 'js/fuzz-commit-graph-update'
[git] / t / lib-gpg.sh
1 #!/bin/sh
2
3 gpg_version=$(gpg --version 2>&1)
4 if test $? != 127
5 then
6         # As said here: http://www.gnupg.org/documentation/faqs.html#q6.19
7         # the gpg version 1.0.6 didn't parse trust packets correctly, so for
8         # that version, creation of signed tags using the generated key fails.
9         case "$gpg_version" in
10         'gpg (GnuPG) 1.0.6'*)
11                 say "Your version of gpg (1.0.6) is too buggy for testing"
12                 ;;
13         *)
14                 # Available key info:
15                 # * Type DSA and Elgamal, size 2048 bits, no expiration date,
16                 #   name and email: C O Mitter <committer@example.com>
17                 # * Type RSA, size 2048 bits, no expiration date,
18                 #   name and email: Eris Discordia <discord@example.net>
19                 # No password given, to enable non-interactive operation.
20                 # To generate new key:
21                 #       gpg --homedir /tmp/gpghome --gen-key
22                 # To write armored exported key to keyring:
23                 #       gpg --homedir /tmp/gpghome --export-secret-keys \
24                 #               --armor 0xDEADBEEF >> lib-gpg/keyring.gpg
25                 #       gpg --homedir /tmp/gpghome --export \
26                 #               --armor 0xDEADBEEF >> lib-gpg/keyring.gpg
27                 # To export ownertrust:
28                 #       gpg --homedir /tmp/gpghome --export-ownertrust \
29                 #               > lib-gpg/ownertrust
30                 mkdir ./gpghome &&
31                 chmod 0700 ./gpghome &&
32                 GNUPGHOME="$(pwd)/gpghome" &&
33                 export GNUPGHOME &&
34                 (gpgconf --kill gpg-agent >/dev/null 2>&1 || : ) &&
35                 gpg --homedir "${GNUPGHOME}" 2>/dev/null --import \
36                         "$TEST_DIRECTORY"/lib-gpg/keyring.gpg &&
37                 gpg --homedir "${GNUPGHOME}" 2>/dev/null --import-ownertrust \
38                         "$TEST_DIRECTORY"/lib-gpg/ownertrust &&
39                 gpg --homedir "${GNUPGHOME}" </dev/null >/dev/null 2>&1 \
40                         --sign -u committer@example.com &&
41                 test_set_prereq GPG &&
42                 # Available key info:
43                 # * see t/lib-gpg/gpgsm-gen-key.in
44                 # To generate new certificate:
45                 #  * no passphrase
46                 #       gpgsm --homedir /tmp/gpghome/ \
47                 #               -o /tmp/gpgsm.crt.user \
48                 #               --generate-key \
49                 #               --batch t/lib-gpg/gpgsm-gen-key.in
50                 # To import certificate:
51                 #       gpgsm --homedir /tmp/gpghome/ \
52                 #               --import /tmp/gpgsm.crt.user
53                 # To export into a .p12 we can later import:
54                 #       gpgsm --homedir /tmp/gpghome/ \
55                 #               -o t/lib-gpg/gpgsm_cert.p12 \
56                 #               --export-secret-key-p12 "committer@example.com"
57                 echo | gpgsm --homedir "${GNUPGHOME}" 2>/dev/null \
58                         --passphrase-fd 0 --pinentry-mode loopback \
59                         --import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 &&
60
61                 gpgsm --homedir "${GNUPGHOME}" 2>/dev/null -K |
62                 grep fingerprint: |
63                 cut -d" " -f4 |
64                 tr -d '\n' >"${GNUPGHOME}/trustlist.txt" &&
65
66                 echo " S relax" >>"${GNUPGHOME}/trustlist.txt" &&
67                 echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \
68                         -u committer@example.com -o /dev/null --sign - 2>&1 &&
69                 test_set_prereq GPGSM
70                 ;;
71         esac
72 fi
73
74 if test_have_prereq GPG &&
75     echo | gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null 2>&1
76 then
77         test_set_prereq RFC1991
78 fi
79
80 sanitize_pgp() {
81         perl -ne '
82                 /^-----END PGP/ and $in_pgp = 0;
83                 print unless $in_pgp;
84                 /^-----BEGIN PGP/ and $in_pgp = 1;
85         '
86 }