Control: tags -1 + patch On Mon, 2012-09-10 at 15:33 +0200, Elena ``of Valhalla'' wrote: > Yes, I've been working to add the switch via the above feature, > but it is breaking other tests, and I didn't have time to > fix those further failures yet.
I've had a look at this and made a patch for using the --quick-random option during the tests. The patch itself is perhaps not nice enough for upstream but it works. It modifies the doctests in the module which might also be useful as documentation for people using the API. They should obviously not always pass --quick-random. This significantly brings down the build time. > BTW, where is the --quick-random switch documented? I couldn't > find anything in the manpage, info nor by googling. It is only vaguely documented in the GnuPG FAQ. The insecure key thing is not documented at all (as far as I could find). I looked in the GnuPG source for that. > I'm not sure if version 0.3.1 would be fit for wheezy or if too much > has changed for bugs that are not RC, or if I should just backport > the command-line arguments feature to 0.3.0 to fix this bug (which > is quite trivial), and consider 0.3.1 and further releases for > backports.d.o. I've based this patch on 0.3.1 because IMO it is better to ship 0.3.1 than a 0.3.0 version patched with 80% of the changes from 0.3.1. Using 0.3.1 allows dropping of two of the three existing patches. Also, 0.3.1 seems to be well tested by upstream and has only two other changes: one bugfix and one added feature to check the trust level of the key used when verifying signatures. Attached is a debdiff with the relevant changes (upstream changes and removal of patches stripped out). Unless anyone objects I'm going to commit this to the python-modules SVN repository. Any objections to an upload with this fix? I can also contact the release team to request an unblock. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
diff -Nru python-gnupg-0.3.0/debian/changelog python-gnupg-0.3.1/debian/changelog --- python-gnupg-0.3.0/debian/changelog 2012-05-18 12:05:01.000000000 +0200 +++ python-gnupg-0.3.1/debian/changelog 2012-10-20 22:14:39.000000000 +0200 @@ -1,3 +1,23 @@ +python-gnupg (0.3.1-1) UNRELEASED; urgency=low + + * New upstream release: + - Issue #45: Allow additional arguments to gpg executable. + - Issue #50: Use latin-1 encoding in tests when it's known to be required. + - Issue #51: Test now returns non-zero exit status on test failure. + - Issue #53: Now handles INV_SGNR and KEY_NOT_CREATED statuses. + - Issue #55: Verification and decryption now return trust level of + signer in integer and text form. + * Drop allow_test_to_run_under_c_locale.patch because upstream change for + issue #50 fixes this. + * Drop return_nonzero_on_test_failure.patch because this is fixed in + upstream issue #41. + * Refresh skip_network_needing_test.patch. + * Add use_quick_random_in_tests.patch to patch the testsuite to pass the + --quick-random option to the gpg command to make it buildable in + environments with limited entropy (Closes: #682648). + + -- Arthur de Jong <adej...@debian.org> Sat, 20 Oct 2012 19:09:44 +0200 + python-gnupg (0.3.0-1) unstable; urgency=low * New upstream release diff -Nru python-gnupg-0.3.0/debian/patches/series python-gnupg-0.3.1/debian/patches/series --- python-gnupg-0.3.0/debian/patches/series 2012-05-18 07:18:18.000000000 +0200 +++ python-gnupg-0.3.1/debian/patches/series 2012-10-20 22:02:33.000000000 +0200 @@ -1,3 +1,2 @@ skip_network_needing_test.patch -return_nonzero_on_test_failure.patch -allow_test_to_run_under_c_locale.patch +use_quick_random_in_tests.patch diff -Nru python-gnupg-0.3.0/debian/patches/skip_network_needing_test.patch python-gnupg-0.3.1/debian/patches/skip_network_needing_test.patch --- python-gnupg-0.3.0/debian/patches/skip_network_needing_test.patch 2012-03-27 15:45:15.000000000 +0200 +++ python-gnupg-0.3.1/debian/patches/skip_network_needing_test.patch 2012-10-20 22:16:32.000000000 +0200 @@ -1,9 +1,10 @@ Description: Skip a doctest snippet that requires internet access Forwarded: not-needed Author: Elena Grandi <elena.valha...@gmail.com> + --- a/gnupg.py +++ b/gnupg.py -@@ -744,11 +744,11 @@ +@@ -791,11 +791,11 @@ class GPG(object): def recv_keys(self, keyserver, *keyids): """Import a key from a keyserver diff -Nru python-gnupg-0.3.0/debian/patches/use_quick_random_in_tests.patch python-gnupg-0.3.1/debian/patches/use_quick_random_in_tests.patch --- python-gnupg-0.3.0/debian/patches/use_quick_random_in_tests.patch 1970-01-01 01:00:00.000000000 +0100 +++ python-gnupg-0.3.1/debian/patches/use_quick_random_in_tests.patch 2012-10-20 22:15:28.000000000 +0200 @@ -0,0 +1,96 @@ +Description: Pass --quick-random to all gpg commands in tests + This ensures that the test suite passes --quick-random option to the gpg + command to make it buildable in environments with limited entropy. + . + The --quick-random gpg option is undocumented and gpg uses some checks to + ensure that keys are marked as insecure when used together with an + insecure random number generator. For this purpose the also undocumented + "do not use" magic marker is used. +Author: Arthur de Jong <adej...@debian.org> +Bug-Debian: http://bugs.debian.org/682648 + +--- a/test_gnupg.py ++++ b/test_gnupg.py +@@ -96,7 +96,7 @@ class GPGTestCase(unittest.TestCase): + "Not a directory: %s" % hd) + shutil.rmtree(hd) + self.homedir = hd +- self.gpg = gnupg.GPG(gnupghome=hd, gpgbinary='gpg') ++ self.gpg = gnupg.GPG(gnupghome=hd, gpgbinary='gpg', options=['--quick-random']) + + def test_environment(self): + "Test the environment by ensuring that setup worked" +@@ -122,7 +122,7 @@ class GPGTestCase(unittest.TestCase): + 'Key-Length': 1024, + 'Subkey-Type': 'ELG-E', + 'Subkey-Length': 2048, +- 'Name-Comment': 'A test user', ++ 'Name-Comment': 'A test user, do not use', + 'Expire-Date': 0, + } + params['Name-Real'] = '%s %s' % (first_name, last_name) +@@ -146,7 +146,7 @@ class GPGTestCase(unittest.TestCase): + 'Key-Length': 1024, + 'Subkey-Type': 'ELG-E', + 'Subkey-Length': 2048, +- 'Name-Comment': 'A test user', ++ 'Name-Comment': 'A test user, do not use', + 'Expire-Date': 0, + 'Name-Real': 'Test Name', + 'Name-Email': 'test.n...@example.com', +--- a/gnupg.py ++++ b/gnupg.py +@@ -689,7 +689,7 @@ class GPG(object): + def verify(self, data): + """Verify the signature on the contents of the string 'data' + +- >>> gpg = GPG(gnupghome="keys") ++ >>> gpg = GPG(gnupghome="keys", options=['--quick-random']) + >>> input = gpg.gen_key_input(Passphrase='foo') + >>> key = gpg.gen_key(input) + >>> assert key +@@ -740,7 +740,7 @@ class GPG(object): + + >>> import shutil + >>> shutil.rmtree("keys") +- >>> gpg = GPG(gnupghome="keys") ++ >>> gpg = GPG(gnupghome="keys", options=['--quick-random']) + >>> input = gpg.gen_key_input() + >>> result = gpg.gen_key(input) + >>> print1 = result.fingerprint +@@ -843,7 +843,7 @@ class GPG(object): + + >>> import shutil + >>> shutil.rmtree("keys") +- >>> gpg = GPG(gnupghome="keys") ++ >>> gpg = GPG(gnupghome="keys", options=['--quick-random']) + >>> input = gpg.gen_key_input() + >>> result = gpg.gen_key(input) + >>> print1 = result.fingerprint +@@ -889,7 +889,7 @@ class GPG(object): + """Generate a key; you might use gen_key_input() to create the + control input. + +- >>> gpg = GPG(gnupghome="keys") ++ >>> gpg = GPG(gnupghome="keys", options=['--quick-random']) + >>> input = gpg.gen_key_input() + >>> result = gpg.gen_key(input) + >>> assert result +@@ -914,7 +914,7 @@ class GPG(object): + parms[key] = val + parms.setdefault('Key-Type','RSA') + parms.setdefault('Key-Length',1024) +- parms.setdefault('Name-Real', "Autogenerated Key") ++ parms.setdefault('Name-Real', "Autogenerated Key, do not use") + parms.setdefault('Name-Comment', "Generated by gnupg.py") + try: + logname = os.environ['LOGNAME'] +@@ -988,7 +988,7 @@ class GPG(object): + >>> import shutil + >>> if os.path.exists("keys"): + ... shutil.rmtree("keys") +- >>> gpg = GPG(gnupghome="keys") ++ >>> gpg = GPG(gnupghome="keys", options=['--quick-random']) + >>> input = gpg.gen_key_input(passphrase='foo') + >>> result = gpg.gen_key(input) + >>> print1 = result.fingerprint
signature.asc
Description: This is a digitally signed message part