Unverified Commit 2d5df2b4 by anarcat

parse gpg.conf for the default-key setting

we would previously copy the gpg.conf to the temporary keyring, which
works, but then when we actually sign the key, we iterate over the
secrets to figure out which key to use, and then the default-key
setting is ignored.

instead, we simply parse the gpg.conf by hand to detect the
setting. we could have used gpgconf, but this doesn't seem easier to
parse and adds yet another dependency. i would argue it is easier and
simpler to parse the config file than to shell out to yet another
obscure gpg command.

this is a finalization of #721599
parent 8064ccb4
......@@ -370,6 +370,22 @@ this duplicates tests from the gpg code, but is necessary to test later function
if 'rev:' in uid:
self.assertNotIn('sig:::1:A31E75E4323F39BD', uid)
def test_multiple_secrets(self):
"""test if we pick the right key define in gpg.conf"""
# configure gpg to use the *first* test key as a default key
with open(os.path.join(self.ui.keyring.homedir, 'gpg.conf'), 'w') as f:
f.write('default-key 96F47C6A')
self.ui.prepare()
self.test_copy_secrets()
self.ui.keyring.import_data(open(find_test_file('323F39BD.asc')).read())
self.ui.keyring.import_data(open(find_test_file('323F39BD-secret.asc')).read())
self.test_copy_secrets()
self.ui.sign_key()
self.ui.tmpkeyring.context.call_command(['list-sigs', '7B75921E'])
# this is the secondary test key, it shouldn't have signed this
self.assertNotIn('sig:::1:A31E75E4323F39BD:',
self.ui.tmpkeyring.context.stdout)
def test_create_mail_multiple(self):
"""test if exported keys contain the right uid"""
self.test_sign_key()
......
......@@ -574,9 +574,23 @@ chose. it could vary based on default-key, for example, or some weird
ordering.
"""
logger.info(_('copying your public key to temporary keyring in %s') % self.tmpkeyring.homedir)
# detect the proper uid
keys = self.keyring.get_keys(self.options.user, True, False)
# detect default key setting
default_key = self.options.user
try:
with open(os.path.join(self.tmpkeyring.homedir,
'gpg.conf'), 'r') as conf:
result = re.search(r'^default-key\s+(.*)$', conf.read(), re.M)
if result:
default_key = result.group(1)
logging.info(_('found default-key setting: %s'), default_key)
except IOError as e:
if e.errno != errno.ENOENT:
raise
logging.info(_('looking for key %s'), default_key)
# detect the proper uid
keys = self.keyring.get_keys(default_key, True, False)
for fpr, key in keys.iteritems():
logger.info(_('found secret key: %s'), key)
if not key.invalid and not key.disabled and not key.expired and not key.revoked:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment