* T350 test failures with gnupg-2.1.16
@ 2016-11-22 19:22 Marius Bakke
2016-11-22 19:59 ` David Bremner
2016-11-22 20:49 ` Daniel Kahn Gillmor
0 siblings, 2 replies; 13+ messages in thread
From: Marius Bakke @ 2016-11-22 19:22 UTC (permalink / raw)
To: notmuch
[-- Attachment #1: Type: text/plain, Size: 3597 bytes --]
Hello!
After updating to gnupg 2.1.16, T350-crypto.sh fails in some of the
signature verification steps with wrong content-length:
T350-crypto: Testing PGP/MIME signature verification and decryption
PASS emacs delivery of signed message
FAIL signature verification
--- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000
+++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000
@@ -11,7 +11,7 @@
"id": 2
},
{
- "content-length": 280,
+ "content-length": 312,
"content-type": "application/pgp-signature",
"id": 3
}
FAIL signature verification with full owner trust
--- T350-crypto.3.expected 2016-11-22 18:59:48.393853469 +0000
+++ T350-crypto.3.output 2016-11-22 18:59:48.393853469 +0000
@@ -11,7 +11,7 @@
"id": 2
},
{
- "content-length": 280,
+ "content-length": 312,
"content-type": "application/pgp-signature",
"id": 3
}
FAIL signature verification with signer key unavailable
--- T350-crypto.4.expected 2016-11-22 18:59:48.445855285 +0000
+++ T350-crypto.4.output 2016-11-22 18:59:48.445855285 +0000
@@ -11,7 +11,7 @@
"id": 2
},
{
- "content-length": 280,
+ "content-length": 312,
"content-type": "application/pgp-signature",
"id": 3
}
PASS emacs delivery of encrypted message with attachment
PASS decryption, --format=text
PASS decryption, --format=json
PASS decryption, --format=json, --part=4
PASS decrypt attachment (--part=5 --format=raw)
PASS decryption failure with missing key
PASS emacs delivery of encrypted + signed message
PASS decryption + signature verification
PASS reply to encrypted message
PASS Reply within emacs to an encrypted message
FAIL signature verification with revoked key
--- T350-crypto.15.expected 2016-11-22 18:59:49.505892318 +0000
+++ T350-crypto.15.output 2016-11-22 18:59:49.505892318 +0000
@@ -11,7 +11,7 @@
"id": 2
},
{
- "content-length": 280,
+ "content-length": 312,
"content-type": "application/pgp-signature",
"id": 3
}
Downgrading gpg to 2.1.15 makes the tests pass as expected.
Here is the NEWS for 2.1.16:
https://lists.gnu.org/archive/html/info-gnu/2016-11/msg00006.html
Let me know if I can provide any further information. Please CC me in
replies as I'm not subscribed to this list. Thanks!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 454 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: T350 test failures with gnupg-2.1.16
2016-11-22 19:22 T350 test failures with gnupg-2.1.16 Marius Bakke
@ 2016-11-22 19:59 ` David Bremner
2016-11-22 20:12 ` Marius Bakke
2016-11-22 20:49 ` Daniel Kahn Gillmor
1 sibling, 1 reply; 13+ messages in thread
From: David Bremner @ 2016-11-22 19:59 UTC (permalink / raw)
To: Marius Bakke, notmuch
Marius Bakke <mbakke@fastmail.com> writes:
> Hello!
>
> After updating to gnupg 2.1.16, T350-crypto.sh fails in some of the
> signature verification steps with wrong content-length:
>
> T350-crypto: Testing PGP/MIME signature verification and decryption
> PASS emacs delivery of signed message
> FAIL signature verification
> --- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000
> +++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000
> @@ -11,7 +11,7 @@
> "id": 2
> },
> {
> - "content-length": 280,
> + "content-length": 312,
> "content-type": "application/pgp-signature",
These failures are not duplicated for me in debian sid, also with gpg
2.1.16. From IRC I believe Marius is running GuixSD.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: T350 test failures with gnupg-2.1.16
2016-11-22 19:59 ` David Bremner
@ 2016-11-22 20:12 ` Marius Bakke
2016-11-22 20:36 ` David Bremner
0 siblings, 1 reply; 13+ messages in thread
From: Marius Bakke @ 2016-11-22 20:12 UTC (permalink / raw)
To: David Bremner, notmuch
[-- Attachment #1: Type: text/plain, Size: 1269 bytes --]
David Bremner <david@tethera.net> writes:
> Marius Bakke <mbakke@fastmail.com> writes:
>
>> Hello!
>>
>> After updating to gnupg 2.1.16, T350-crypto.sh fails in some of the
>> signature verification steps with wrong content-length:
>>
>> T350-crypto: Testing PGP/MIME signature verification and decryption
>> PASS emacs delivery of signed message
>> FAIL signature verification
>> --- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000
>> +++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000
>> @@ -11,7 +11,7 @@
>> "id": 2
>> },
>> {
>> - "content-length": 280,
>> + "content-length": 312,
>> "content-type": "application/pgp-signature",
>
> These failures are not duplicated for me in debian sid, also with gpg
> 2.1.16. From IRC I believe Marius is running GuixSD.
This is correct. Strange that it's not reproducible on Debian. Any tips
for how to troubleshoot this further? Is the content-length based on
signature only? I'll see if I can extract the raw output somehow.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: T350 test failures with gnupg-2.1.16
2016-11-22 20:12 ` Marius Bakke
@ 2016-11-22 20:36 ` David Bremner
2016-11-22 21:20 ` Marius Bakke
0 siblings, 1 reply; 13+ messages in thread
From: David Bremner @ 2016-11-22 20:36 UTC (permalink / raw)
To: Marius Bakke, notmuch
Marius Bakke <mbakke@fastmail.com> writes:
> David Bremner <david@tethera.net> writes:
>
>> Marius Bakke <mbakke@fastmail.com> writes:
>>
>>> Hello!
>>>
>>> After updating to gnupg 2.1.16, T350-crypto.sh fails in some of the
>>> signature verification steps with wrong content-length:
>>>
>>> T350-crypto: Testing PGP/MIME signature verification and decryption
>>> PASS emacs delivery of signed message
>>> FAIL signature verification
>>> --- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000
>>> +++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000
>>> @@ -11,7 +11,7 @@
>>> "id": 2
>>> },
>>> {
>>> - "content-length": 280,
>>> + "content-length": 312,
>>> "content-type": "application/pgp-signature",
>>
>> These failures are not duplicated for me in debian sid, also with gpg
>> 2.1.16. From IRC I believe Marius is running GuixSD.
>
> This is correct. Strange that it's not reproducible on Debian. Any tips
> for how to troubleshoot this further? Is the content-length based on
> signature only? I'll see if I can extract the raw output somehow.
You could start with the following, from inside tmp.T350-crypto
% grep -R "Subject: test signed message 001" mail
% ../../devel/printmimestructure < mail/sent/cur/$the_file_matched_by_grep
That will tell us if the mismatch is in the created file or in the later
parsing.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: T350 test failures with gnupg-2.1.16
2016-11-22 19:22 T350 test failures with gnupg-2.1.16 Marius Bakke
2016-11-22 19:59 ` David Bremner
@ 2016-11-22 20:49 ` Daniel Kahn Gillmor
2016-11-22 23:07 ` Daniel Kahn Gillmor
1 sibling, 1 reply; 13+ messages in thread
From: Daniel Kahn Gillmor @ 2016-11-22 20:49 UTC (permalink / raw)
To: Marius Bakke, notmuch
[-- Attachment #1: Type: text/plain, Size: 1066 bytes --]
On Tue 2016-11-22 14:22:09 -0500, Marius Bakke wrote:
> T350-crypto: Testing PGP/MIME signature verification and decryption
> PASS emacs delivery of signed message
> FAIL signature verification
> --- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000
> +++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000
> @@ -11,7 +11,7 @@
> "id": 2
> },
> {
> - "content-length": 280,
> + "content-length": 312,
> "content-type": "application/pgp-signature",
> "id": 3
> }
If you could get me a copy of the actual application/pgp-signature part,
i'd be interested in looking at it. Unlike bremner, i'm actually able
to duplicate this problem on debian sid, so i'll see what i can figure
out.
--dkg
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: T350 test failures with gnupg-2.1.16
2016-11-22 20:36 ` David Bremner
@ 2016-11-22 21:20 ` Marius Bakke
0 siblings, 0 replies; 13+ messages in thread
From: Marius Bakke @ 2016-11-22 21:20 UTC (permalink / raw)
To: David Bremner, notmuch
[-- Attachment #1: Type: text/plain, Size: 3303 bytes --]
David Bremner <david@tethera.net> writes:
> Marius Bakke <mbakke@fastmail.com> writes:
>
>> David Bremner <david@tethera.net> writes:
>>
>>> Marius Bakke <mbakke@fastmail.com> writes:
>>>
>>>> Hello!
>>>>
>>>> After updating to gnupg 2.1.16, T350-crypto.sh fails in some of the
>>>> signature verification steps with wrong content-length:
>>>>
>>>> T350-crypto: Testing PGP/MIME signature verification and decryption
>>>> PASS emacs delivery of signed message
>>>> FAIL signature verification
>>>> --- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000
>>>> +++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000
>>>> @@ -11,7 +11,7 @@
>>>> "id": 2
>>>> },
>>>> {
>>>> - "content-length": 280,
>>>> + "content-length": 312,
>>>> "content-type": "application/pgp-signature",
>>>
>>> These failures are not duplicated for me in debian sid, also with gpg
>>> 2.1.16. From IRC I believe Marius is running GuixSD.
>>
>> This is correct. Strange that it's not reproducible on Debian. Any tips
>> for how to troubleshoot this further? Is the content-length based on
>> signature only? I'll see if I can extract the raw output somehow.
>
> You could start with the following, from inside tmp.T350-crypto
>
> % grep -R "Subject: test signed message 001" mail
> % ../../devel/printmimestructure < mail/sent/cur/$the_file_matched_by_grep
>
> That will tell us if the mismatch is in the created file or in the later
> parsing.
Thanks for this! It seems the signature is 32 bytes longer in 2.1.16.
../../devel/printmimestructure < mail/sent/cur/1479841188.2873_194073_1.localhost\:2\,S
└┬╴multipart/signed 778 bytes
├─╴text/plain 31 bytes
└─╴application/pgp-signature [signature.asc] 312 bytes
vs...
../../devel/printmimestructure < mail/sent/cur/1479848474.6836_793177_1.localhost\:2\,S
└┬╴multipart/signed 747 bytes
├─╴text/plain 31 bytes
└─╴application/pgp-signature [signature.asc] 280 bytes
The signatures of each email:
2.1.16:
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iLMEAQEIAB0WIQRa6rEfXjPc6HXdt1ttkmEtlORjgQUCWDSVpAAKCRBtkmEtlORj
gf90A/4twA6txofm53BhqVAOUwdQNmA2H/yDhP29k6ctZ+XeTw77VZgrFMERoll7
lG6MEsH4JiMasJoevOohRsNmA9F3cEy5b38+c5KuaUlz5jVAKLZ4e8jkZmw2t8L+
hDbtLt7vzd72as8i9yNfKhf1DqAU9ayCJgXOMN4ql/uZqbWIqQ==
=o1L0
-----END PGP SIGNATURE-----
--=-=-=--
2.1.15:
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iJwEAQEIAAYFAlg0shoACgkQbZJhLZTkY4H4ewQAoWTNwOtQAH/fwlgkqBuWLoWB
7CrrW3Lj1vEVaTRkaBIFP7NiYTDGZtWP6KCZ7G9HXsyprsg5HtVIp3wl4DHKmK/u
XipG0l3PNkSv9+SuUVxI4E9dj0kTJzNLqZaRYf3kmQJTs/jTyxQCuqPd1JF5kD9e
Nkd1585nFCNQAdNJgIE=
=8npB
-----END PGP SIGNATURE-----
--=-=-=--
Reading through the ChangeLog, I can't see anything obviously related.
One workaround could be setting an explicit key algorithm instead of
relying on the default. I'll have a go at this.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: T350 test failures with gnupg-2.1.16
2016-11-22 20:49 ` Daniel Kahn Gillmor
@ 2016-11-22 23:07 ` Daniel Kahn Gillmor
2016-11-22 23:20 ` Marius Bakke
` (2 more replies)
0 siblings, 3 replies; 13+ messages in thread
From: Daniel Kahn Gillmor @ 2016-11-22 23:07 UTC (permalink / raw)
To: Marius Bakke, notmuch
[-- Attachment #1: Type: text/plain, Size: 1961 bytes --]
On Tue 2016-11-22 15:49:37 -0500, Daniel Kahn Gillmor wrote:
> On Tue 2016-11-22 14:22:09 -0500, Marius Bakke wrote:
>> T350-crypto: Testing PGP/MIME signature verification and decryption
>> PASS emacs delivery of signed message
>> FAIL signature verification
>> --- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000
>> +++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000
>> @@ -11,7 +11,7 @@
>> "id": 2
>> },
>> {
>> - "content-length": 280,
>> + "content-length": 312,
>> "content-type": "application/pgp-signature",
>> "id": 3
>> }
>
> If you could get me a copy of the actual application/pgp-signature part,
> i'd be interested in looking at it. Unlike bremner, i'm actually able
> to duplicate this problem on debian sid, so i'll see what i can figure
> out.
OK, the difference here is that 2.1.16 is automatically including the
full OpenPGP v4 fingerprint in the message signature. This is part of
the ongoing discussion around revisions to the OpenPGP standard, and it
makes it easier for a mail user agent to tell whether it's missing the
key for verification or whether the signature is just bad.
so the length of the signature is extended by about 23 octets (1 octet
of subpacket length; 1 octet of subpacket type, 1 octet of fpr versio
number, and 20-octets of fingerprint), which becomes about 32 octets
after base64 encoding, hence the increase in content-length from 280 to
312 octets.
As for how to fix it -- i guess the right thing would be to make that
number variable -- as long as the signature is non-zero and it
validates, i think it'd be fine.
--dkg
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: T350 test failures with gnupg-2.1.16
2016-11-22 23:07 ` Daniel Kahn Gillmor
@ 2016-11-22 23:20 ` Marius Bakke
2016-11-23 16:41 ` [PATCH] tests: account for varying-size OpenPGP signatures Daniel Kahn Gillmor
2016-11-23 17:57 ` [PATCH v2] tests: account for varying-size cryptographic signatures Daniel Kahn Gillmor
2 siblings, 0 replies; 13+ messages in thread
From: Marius Bakke @ 2016-11-22 23:20 UTC (permalink / raw)
To: Daniel Kahn Gillmor, notmuch
[-- Attachment #1: Type: text/plain, Size: 2288 bytes --]
Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
> On Tue 2016-11-22 15:49:37 -0500, Daniel Kahn Gillmor wrote:
>> On Tue 2016-11-22 14:22:09 -0500, Marius Bakke wrote:
>>> T350-crypto: Testing PGP/MIME signature verification and decryption
>>> PASS emacs delivery of signed message
>>> FAIL signature verification
>>> --- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000
>>> +++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000
>>> @@ -11,7 +11,7 @@
>>> "id": 2
>>> },
>>> {
>>> - "content-length": 280,
>>> + "content-length": 312,
>>> "content-type": "application/pgp-signature",
>>> "id": 3
>>> }
>>
>> If you could get me a copy of the actual application/pgp-signature part,
>> i'd be interested in looking at it. Unlike bremner, i'm actually able
>> to duplicate this problem on debian sid, so i'll see what i can figure
>> out.
>
> OK, the difference here is that 2.1.16 is automatically including the
> full OpenPGP v4 fingerprint in the message signature. This is part of
> the ongoing discussion around revisions to the OpenPGP standard, and it
> makes it easier for a mail user agent to tell whether it's missing the
> key for verification or whether the signature is just bad.
>
> so the length of the signature is extended by about 23 octets (1 octet
> of subpacket length; 1 octet of subpacket type, 1 octet of fpr versio
> number, and 20-octets of fingerprint), which becomes about 32 octets
> after base64 encoding, hence the increase in content-length from 280 to
> 312 octets.
>
> As for how to fix it -- i guess the right thing would be to make that
> number variable -- as long as the signature is non-zero and it
> validates, i think it'd be fine.
Wow, good catch. I was about to bisect gnupg to figure out what changed
this behaviour..
I'm not familiar enough with the notmuch test framework to suggest a
fix, but glad to know this is not specific to Guix.
Thanks a lot for your help!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH] tests: account for varying-size OpenPGP signatures
2016-11-22 23:07 ` Daniel Kahn Gillmor
2016-11-22 23:20 ` Marius Bakke
@ 2016-11-23 16:41 ` Daniel Kahn Gillmor
2016-11-23 16:59 ` David Bremner
2016-11-23 17:57 ` [PATCH v2] tests: account for varying-size cryptographic signatures Daniel Kahn Gillmor
2 siblings, 1 reply; 13+ messages in thread
From: Daniel Kahn Gillmor @ 2016-11-23 16:41 UTC (permalink / raw)
To: Notmuch Mail
GnuPG 2.1.16 is now injecting the full issuer fingerprint in its
signatures, which makes them about 32 octets larger when
ascii-armored.
This change in size means that the size of the MIME parts will vary
depending on the version of gpg that the user has installed. at any
rate, the signature part should be non-zero, so we just test for that
instead of an exact size.
---
test/T350-crypto.sh | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh
index df2dc74..38f984f 100755
--- a/test/T350-crypto.sh
+++ b/test/T350-crypto.sh
@@ -37,7 +37,8 @@ test_expect_success 'emacs delivery of signed message' \
test_begin_subtest "signature verification"
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
- | sed -e 's|"created": [1234567890]*|"created": 946728000|')
+ | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
+ -e 's/"content-length": [1-9][0-9]*/"content-length": "NONZERO"/')
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
@@ -59,7 +60,7 @@ expected='[[[{"id": "XXXXX",
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
@@ -71,7 +72,8 @@ echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust >>"$GNUPGHOME"/trust
gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
- | sed -e 's|"created": [1234567890]*|"created": 946728000|')
+ | sed -e 's|"created": [1234567890]*|"created": 946728000|'\
+ -e 's/"content-length": [1-9][0-9]*/"content-length": "NONZERO"/')
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
@@ -94,7 +96,7 @@ expected='[[[{"id": "XXXXX",
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
@@ -105,7 +107,8 @@ test_begin_subtest "signature verification with signer key unavailable"
mv "${GNUPGHOME}"{,.bak}
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
- | sed -e 's|"created": [1234567890]*|"created": 946728000|')
+ | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
+ -e 's/"content-length": [1-9][0-9]*/"content-length": "NONZERO"/')
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
@@ -127,7 +130,7 @@ expected='[[[{"id": "XXXXX",
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
@@ -348,7 +351,8 @@ y
| gpg --no-tty --quiet --import
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
- | sed -e 's|"created": [1234567890]*|"created": 946728000|')
+ | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
+ -e 's/"content-length": [1-9][0-9]*/"content-length": "NONZERO"/')
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
@@ -370,7 +374,7 @@ expected='[[[{"id": "XXXXX",
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
--
2.10.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH] tests: account for varying-size OpenPGP signatures
2016-11-23 16:41 ` [PATCH] tests: account for varying-size OpenPGP signatures Daniel Kahn Gillmor
@ 2016-11-23 16:59 ` David Bremner
2016-11-23 17:58 ` Daniel Kahn Gillmor
0 siblings, 1 reply; 13+ messages in thread
From: David Bremner @ 2016-11-23 16:59 UTC (permalink / raw)
To: Daniel Kahn Gillmor, Notmuch Mail
Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
> @@ -37,7 +37,8 @@ test_expect_success 'emacs delivery of signed message' \
> test_begin_subtest "signature verification"
> output=$(notmuch show --format=json --verify subject:"test signed message 001" \
> | notmuch_json_show_sanitize \
> - | sed -e 's|"created": [1234567890]*|"created": 946728000|')
> + | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
> + -e 's/"content-length": [1-9][0-9]*/"content-length": "NONZERO"/')
there are a bunch of sed oneliners (or perl equivalent) collected in
test-lib.sh as functions test_*_sanitize. I wonder if that would be
worthwhile here, to have one place to update regexps etc... Something
in the style of notmuch_show_sanitize wrapping a call to
notmuch_json_show_sanitize
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH v2] tests: account for varying-size cryptographic signatures
2016-11-22 23:07 ` Daniel Kahn Gillmor
2016-11-22 23:20 ` Marius Bakke
2016-11-23 16:41 ` [PATCH] tests: account for varying-size OpenPGP signatures Daniel Kahn Gillmor
@ 2016-11-23 17:57 ` Daniel Kahn Gillmor
2016-11-25 1:27 ` David Bremner
2 siblings, 1 reply; 13+ messages in thread
From: Daniel Kahn Gillmor @ 2016-11-23 17:57 UTC (permalink / raw)
To: Notmuch Mail
GnuPG 2.1.16 is now injecting the full issuer fingerprint in its
signatures, which makes them about 32 octets larger when
ascii-armored.
This change in size means that the size of the MIME parts will vary
depending on the version of gpg that the user has installed. at any
rate, the signature part should be non-zero (this is true for
basically any MIME part), so we just test for that instead of an exact
size.
---
test/T350-crypto.sh | 22 ++++++++++------------
test/T355-smime.sh | 2 +-
test/test-lib.sh | 3 ++-
3 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh
index df2dc74..a1e5e20 100755
--- a/test/T350-crypto.sh
+++ b/test/T350-crypto.sh
@@ -59,7 +59,7 @@ expected='[[[{"id": "XXXXX",
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
@@ -94,7 +94,7 @@ expected='[[[{"id": "XXXXX",
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
@@ -127,7 +127,7 @@ expected='[[[{"id": "XXXXX",
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
@@ -197,7 +197,7 @@ expected='[[[{"id": "XXXXX",
"content-type": "multipart/encrypted",
"content": [{"id": 2,
"content-type": "application/pgp-encrypted",
- "content-length": 11},
+ "content-length": "NONZERO"},
{"id": 3,
"content-type": "multipart/mixed",
"content": [{"id": 4,
@@ -205,7 +205,7 @@ expected='[[[{"id": "XXXXX",
"content": "This is a test encrypted message.\n"},
{"id": 5,
"content-type": "application/octet-stream",
- "content-length": 28,
+ "content-length": "NONZERO",
"content-transfer-encoding": "base64",
"filename": "TESTATTACHMENT"}]}]}]},
[]]]]'
@@ -234,11 +234,9 @@ test_expect_equal_file OUTPUT TESTATTACHMENT
test_begin_subtest "decryption failure with missing key"
mv "${GNUPGHOME}"{,.bak}
-# The length of the encrypted attachment varies so must be normalized.
output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
| notmuch_json_show_sanitize \
- | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
- | sed -e 's|"content-length": 6[1234567890]*|"content-length": 652|')
+ | sed -e 's|"created": [1234567890]*|"created": 946728000|')
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
@@ -255,10 +253,10 @@ expected='[[[{"id": "XXXXX",
"content-type": "multipart/encrypted",
"content": [{"id": 2,
"content-type": "application/pgp-encrypted",
- "content-length": 11},
+ "content-length": "NONZERO"},
{"id": 3,
"content-type": "application/octet-stream",
- "content-length": 652}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
@@ -295,7 +293,7 @@ expected='[[[{"id": "XXXXX",
"content-type": "multipart/encrypted",
"content": [{"id": 2,
"content-type": "application/pgp-encrypted",
- "content-length": 11},
+ "content-length": "NONZERO"},
{"id": 3,
"content-type": "text/plain",
"content": "This is another test encrypted message.\n"}]}]},
@@ -370,7 +368,7 @@ expected='[[[{"id": "XXXXX",
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
diff --git a/test/T355-smime.sh b/test/T355-smime.sh
index d942412..a8be45e 100755
--- a/test/T355-smime.sh
+++ b/test/T355-smime.sh
@@ -69,7 +69,7 @@ expected='[[[{"id": "XXXXX",
"content-type": "text/plain",
"content": "This is a test signed message.\n"},
{"id": 3,
- "content-length": 1922,
+ "content-length": "NONZERO",
"content-transfer-encoding": "base64",
"content-type": "application/x-pkcs7-signature",
"filename": "smime.p7s"}]}]},
diff --git a/test/test-lib.sh b/test/test-lib.sh
index a12c6d0..f55d2c6 100644
--- a/test/test-lib.sh
+++ b/test/test-lib.sh
@@ -736,7 +736,8 @@ notmuch_json_show_sanitize ()
-e 's|"Date": "Fri, 05 Jan 2001 [^"]*0000"|"Date": "GENERATED_DATE"|g' \
-e 's|"filename": "signature.asc",||g' \
-e 's|"filename": "/[^"]*",|"filename": "YYYYY",|g' \
- -e 's|"timestamp": 97.......|"timestamp": 42|g'
+ -e 's|"timestamp": 97.......|"timestamp": 42|g' \
+ -e 's|"content-length": [1-9][0-9]*|"content-length": "NONZERO"|g'
}
notmuch_emacs_error_sanitize ()
--
2.10.2
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH] tests: account for varying-size OpenPGP signatures
2016-11-23 16:59 ` David Bremner
@ 2016-11-23 17:58 ` Daniel Kahn Gillmor
0 siblings, 0 replies; 13+ messages in thread
From: Daniel Kahn Gillmor @ 2016-11-23 17:58 UTC (permalink / raw)
To: David Bremner, Notmuch Mail
On Wed 2016-11-23 11:59:38 -0500, David Bremner wrote:
> there are a bunch of sed oneliners (or perl equivalent) collected in
> test-lib.sh as functions test_*_sanitize. I wonder if that would be
> worthwhile here, to have one place to update regexps etc... Something
> in the style of notmuch_show_sanitize wrapping a call to
> notmuch_json_show_sanitize
Thanks for the suggestion, please see v2 of this patch.
--dkg
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH v2] tests: account for varying-size cryptographic signatures
2016-11-23 17:57 ` [PATCH v2] tests: account for varying-size cryptographic signatures Daniel Kahn Gillmor
@ 2016-11-25 1:27 ` David Bremner
0 siblings, 0 replies; 13+ messages in thread
From: David Bremner @ 2016-11-25 1:27 UTC (permalink / raw)
To: Daniel Kahn Gillmor, Notmuch Mail
Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
> GnuPG 2.1.16 is now injecting the full issuer fingerprint in its
> signatures, which makes them about 32 octets larger when
> ascii-armored.
>
> This change in size means that the size of the MIME parts will vary
> depending on the version of gpg that the user has installed. at any
> rate, the signature part should be non-zero (this is true for
> basically any MIME part), so we just test for that instead of an exact
> size.
I've pushed Daniel's patch to release and master.
d
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2016-11-25 1:27 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-22 19:22 T350 test failures with gnupg-2.1.16 Marius Bakke
2016-11-22 19:59 ` David Bremner
2016-11-22 20:12 ` Marius Bakke
2016-11-22 20:36 ` David Bremner
2016-11-22 21:20 ` Marius Bakke
2016-11-22 20:49 ` Daniel Kahn Gillmor
2016-11-22 23:07 ` Daniel Kahn Gillmor
2016-11-22 23:20 ` Marius Bakke
2016-11-23 16:41 ` [PATCH] tests: account for varying-size OpenPGP signatures Daniel Kahn Gillmor
2016-11-23 16:59 ` David Bremner
2016-11-23 17:58 ` Daniel Kahn Gillmor
2016-11-23 17:57 ` [PATCH v2] tests: account for varying-size cryptographic signatures Daniel Kahn Gillmor
2016-11-25 1:27 ` David Bremner
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).