* Cleaning up GnuPG User ID validity in the test suite
@ 2019-05-04 21:33 Daniel Kahn Gillmor
2019-05-04 21:33 ` [PATCH 1/3] test/crypto: clarify the difference between ownertrust and validity Daniel Kahn Gillmor
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Daniel Kahn Gillmor @ 2019-05-04 21:33 UTC (permalink / raw)
To: Notmuch Mail
In looking at the cryptographic features of the test suite, i noticed
that we're confusing user ID validity and key ownertrust (not an
uncommon confusion). We're also not testing with a "normal" GnuPG
installation, which has the secret key we control typically set to
"ultimate" ownertrust.
This is a very nit-picky series without much of a functional
difference, but it makes the test suite more conceptually coherent
cryptographically, and should make future changes cleaner and more
sensible.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/3] test/crypto: clarify the difference between ownertrust and validity
2019-05-04 21:33 Cleaning up GnuPG User ID validity in the test suite Daniel Kahn Gillmor
@ 2019-05-04 21:33 ` Daniel Kahn Gillmor
2019-05-04 21:33 ` [PATCH 2/3] test: simplify user ID handling Daniel Kahn Gillmor
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Daniel Kahn Gillmor @ 2019-05-04 21:33 UTC (permalink / raw)
To: Notmuch Mail
This is a subtle difference, but the output of notmuch shouldn't ever
change based on ownertrust itself -- notmuch is intended to show valid
User IDs, and to avoid showing invalid User IDs.
It so happens that setting ownertrust of a key to ultimate sets all
associated user IDs to "full" validity, so the test is correct, but
just misnamed.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
test/T350-crypto.sh | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh
index 6045a7dc..bd369f8f 100755
--- a/test/T350-crypto.sh
+++ b/test/T350-crypto.sh
@@ -135,8 +135,9 @@ test_expect_equal_json \
"$output" \
"$expected"
-test_begin_subtest "signature verification with full owner trust"
-# give the key full owner trust
+test_begin_subtest "signature verification with full user ID validity"
+# give the key ultimate owner trust, which confers full validity on
+# all user IDs in the certificate:
echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust >>"$GNUPGHOME"/trust.log 2>&1
gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/3] test: simplify user ID handling
2019-05-04 21:33 Cleaning up GnuPG User ID validity in the test suite Daniel Kahn Gillmor
2019-05-04 21:33 ` [PATCH 1/3] test/crypto: clarify the difference between ownertrust and validity Daniel Kahn Gillmor
@ 2019-05-04 21:33 ` Daniel Kahn Gillmor
2019-05-04 21:33 ` [PATCH 3/3] test/crypto: add_gnupg_home should have ultimate trust on "its own" key Daniel Kahn Gillmor
2019-05-05 10:11 ` Cleaning up GnuPG User ID validity in the test suite Tomi Ollila
3 siblings, 0 replies; 7+ messages in thread
From: Daniel Kahn Gillmor @ 2019-05-04 21:33 UTC (permalink / raw)
To: Notmuch Mail
The user ID on the self-test is a little bit clunky-looking. It also
may end up showing up elsewhere in the test suite. Centralizing the
user ID in one place should make it easier to handle if it ever
changes, and should make tests easier to read.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
test/T350-crypto.sh | 4 ++--
test/test-lib.sh | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh
index bd369f8f..f31cd3d7 100755
--- a/test/T350-crypto.sh
+++ b/test/T350-crypto.sh
@@ -158,7 +158,7 @@ expected='[[[{"id": "XXXXX",
"sigstatus": [{"status": "good",
"fingerprint": "'$FINGERPRINT'",
"created": 946728000,
- "userid": "Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
+ "userid": "'"$SELF_USERID"'"}],
"content-type": "multipart/signed",
"content": [{"id": 2,
"content-type": "text/plain",
@@ -366,7 +366,7 @@ expected='[[[{"id": "XXXXX",
"sigstatus": [{"status": "good",
"fingerprint": "'$FINGERPRINT'",
"created": 946728000,
- "userid": "Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
+ "userid": "'"$SELF_USERID"'"}],
"content-type": "multipart/encrypted",
"content": [{"id": 2,
"content-type": "application/pgp-encrypted",
diff --git a/test/test-lib.sh b/test/test-lib.sh
index 04d93f7d..b89da572 100644
--- a/test/test-lib.sh
+++ b/test/test-lib.sh
@@ -120,6 +120,7 @@ add_gnupg_home ()
# Change this if we ship a new test key
FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
+ SELF_USERID="Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"
}
# Each test should start with something like this, after copyright notices:
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 3/3] test/crypto: add_gnupg_home should have ultimate trust on "its own" key
2019-05-04 21:33 Cleaning up GnuPG User ID validity in the test suite Daniel Kahn Gillmor
2019-05-04 21:33 ` [PATCH 1/3] test/crypto: clarify the difference between ownertrust and validity Daniel Kahn Gillmor
2019-05-04 21:33 ` [PATCH 2/3] test: simplify user ID handling Daniel Kahn Gillmor
@ 2019-05-04 21:33 ` Daniel Kahn Gillmor
2019-05-07 9:50 ` David Bremner
2019-05-05 10:11 ` Cleaning up GnuPG User ID validity in the test suite Tomi Ollila
3 siblings, 1 reply; 7+ messages in thread
From: Daniel Kahn Gillmor @ 2019-05-04 21:33 UTC (permalink / raw)
To: Notmuch Mail
The typical use case for gpg is that if you control a secret key, you
mark it with "ultimate" ownertrust.
The opaque --import-ownertrust mechanism is GnuPG's standard mechanism
to set up ultimate ownertrust (the ":6:" means "ultimate", for
whatever reason).
We adjust the test suite to match this change, inverting the sense of
one test: since the default is now that the user ID of the suite's own
key is valid, we change the test to make sure that the user ID is not
emitted when it is *not* valid.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
test/T350-crypto.sh | 17 +++++++++--------
test/test-lib.sh | 1 +
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh
index f31cd3d7..3539bafe 100755
--- a/test/T350-crypto.sh
+++ b/test/T350-crypto.sh
@@ -40,7 +40,8 @@ expected='[[[{"id": "XXXXX",
"body": [{"id": 1,
"sigstatus": [{"status": "good",
"fingerprint": "'$FINGERPRINT'",
- "created": 946728000}],
+ "created": 946728000,
+ "userid": "'"$SELF_USERID"'"}],
"content-type": "multipart/signed",
"content": [{"id": 2,
"content-type": "text/plain",
@@ -135,11 +136,11 @@ test_expect_equal_json \
"$output" \
"$expected"
-test_begin_subtest "signature verification with full user ID validity"
-# give the key ultimate owner trust, which confers full validity on
-# all user IDs in the certificate:
-echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust >>"$GNUPGHOME"/trust.log 2>&1
-gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1
+test_begin_subtest "signature verification without full user ID validity"
+# give the key no owner trust, removes validity on all user IDs of the
+# certificate in the absence of other trusted certifiers:
+gpg --quiet --batch --no-tty --export-ownertrust > "$GNUPGHOME/ownertrust.bak"
+echo "${FINGERPRINT}:3:" | gpg --quiet --batch --no-tty --import-ownertrust
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
| sed -e 's|"created": [1234567890]*|"created": 946728000|')
@@ -157,8 +158,7 @@ expected='[[[{"id": "XXXXX",
"body": [{"id": 1,
"sigstatus": [{"status": "good",
"fingerprint": "'$FINGERPRINT'",
- "created": 946728000,
- "userid": "'"$SELF_USERID"'"}],
+ "created": 946728000}],
"content-type": "multipart/signed",
"content": [{"id": 2,
"content-type": "text/plain",
@@ -170,6 +170,7 @@ expected='[[[{"id": "XXXXX",
test_expect_equal_json \
"$output" \
"$expected"
+gpg --quiet --batch --no-tty --import-ownertrust < "$GNUPGHOME/ownertrust.bak"
test_begin_subtest "signature verification with signer key unavailable"
# move the gnupghome temporarily out of the way
diff --git a/test/test-lib.sh b/test/test-lib.sh
index b89da572..54247a57 100644
--- a/test/test-lib.sh
+++ b/test/test-lib.sh
@@ -121,6 +121,7 @@ add_gnupg_home ()
# Change this if we ship a new test key
FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
SELF_USERID="Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"
+ printf '%s:6:\n' "$FINGERPRINT" | gpg --quiet --batch --no-tty --import-ownertrust
}
# Each test should start with something like this, after copyright notices:
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: Cleaning up GnuPG User ID validity in the test suite
2019-05-04 21:33 Cleaning up GnuPG User ID validity in the test suite Daniel Kahn Gillmor
` (2 preceding siblings ...)
2019-05-04 21:33 ` [PATCH 3/3] test/crypto: add_gnupg_home should have ultimate trust on "its own" key Daniel Kahn Gillmor
@ 2019-05-05 10:11 ` Tomi Ollila
3 siblings, 0 replies; 7+ messages in thread
From: Tomi Ollila @ 2019-05-05 10:11 UTC (permalink / raw)
To: Daniel Kahn Gillmor, Notmuch Mail
On Sat, May 04 2019, Daniel Kahn Gillmor wrote:
> In looking at the cryptographic features of the test suite, i noticed
> that we're confusing user ID validity and key ownertrust (not an
> uncommon confusion). We're also not testing with a "normal" GnuPG
> installation, which has the secret key we control typically set to
> "ultimate" ownertrust.
>
> This is a very nit-picky series without much of a functional
> difference, but it makes the test suite more conceptually coherent
> cryptographically, and should make future changes cleaner and more
> sensible.
>
> Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
>
Aa far as I understand the code changes look good to me!
Tomi
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 3/3] test/crypto: add_gnupg_home should have ultimate trust on "its own" key
2019-05-04 21:33 ` [PATCH 3/3] test/crypto: add_gnupg_home should have ultimate trust on "its own" key Daniel Kahn Gillmor
@ 2019-05-07 9:50 ` David Bremner
2019-05-07 13:20 ` Daniel Kahn Gillmor
0 siblings, 1 reply; 7+ messages in thread
From: David Bremner @ 2019-05-07 9:50 UTC (permalink / raw)
To: Daniel Kahn Gillmor, Notmuch Mail
Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
> The typical use case for gpg is that if you control a secret key, you
> mark it with "ultimate" ownertrust.
>
> The opaque --import-ownertrust mechanism is GnuPG's standard mechanism
> to set up ultimate ownertrust (the ":6:" means "ultimate", for
> whatever reason).
I've pushed this series. Note that there is some extra burbling from gpg
for me
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 3/3] test/crypto: add_gnupg_home should have ultimate trust on "its own" key
2019-05-07 9:50 ` David Bremner
@ 2019-05-07 13:20 ` Daniel Kahn Gillmor
0 siblings, 0 replies; 7+ messages in thread
From: Daniel Kahn Gillmor @ 2019-05-07 13:20 UTC (permalink / raw)
To: David Bremner, Notmuch Mail
[-- Attachment #1: Type: text/plain, Size: 834 bytes --]
On Tue 2019-05-07 06:50:29 -0300, David Bremner wrote:
> Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
>
>> The typical use case for gpg is that if you control a secret key, you
>> mark it with "ultimate" ownertrust.
>>
>> The opaque --import-ownertrust mechanism is GnuPG's standard mechanism
>> to set up ultimate ownertrust (the ":6:" means "ultimate", for
>> whatever reason).
>
> I've pushed this series. Note that there is some extra burbling from gpg
> for me
>
> gpg: checking the trustdb
> gpg: marginals needed: 3 completes needed: 1 trust model: pgp
> gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
i think that id:20190507130135.14898-1-dkg@fifthhorseman.net should
address this burbling. thanks for calling it out. keeping the spew
to more managable levels is a laudatory goal.
--dkg
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-05-07 14:47 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-04 21:33 Cleaning up GnuPG User ID validity in the test suite Daniel Kahn Gillmor
2019-05-04 21:33 ` [PATCH 1/3] test/crypto: clarify the difference between ownertrust and validity Daniel Kahn Gillmor
2019-05-04 21:33 ` [PATCH 2/3] test: simplify user ID handling Daniel Kahn Gillmor
2019-05-04 21:33 ` [PATCH 3/3] test/crypto: add_gnupg_home should have ultimate trust on "its own" key Daniel Kahn Gillmor
2019-05-07 9:50 ` David Bremner
2019-05-07 13:20 ` Daniel Kahn Gillmor
2019-05-05 10:11 ` Cleaning up GnuPG User ID validity in the test suite Tomi Ollila
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).