New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSR fails with crypto tutorial with ini as default storage #1981
Comments
@ingwinlu pointed out:
|
Yes, but we could generally apply the trick with HOME to all shell tests, I proposed in #1982 But even if HOME is a safe place, we nevertheless should not have commands like |
I agree. Nevertheless we need to instruct the build server to accept an untrusted GPG key somehow. Another way of doing so would be to enable "test mode" for the plugins. In order to enable "test mode", |
except that this should not be done in the build server but in the test and reverted after the test is finished. //EDIT: since I don't want to sound like I am just passing work around because I do not want to do it: Imagine developer A at home wants to run the test. He does not care about the test server setting. A will get pissed because the test broke his setting. |
It's possibly easiert to generate a new GPG key for every test run instead of using the generic test key. Maybe we can get rid of the test key after all. |
Isn't it possible to make the key "trustworthy" after import? (Without changing users's policies.)
Yes, that is maybe the best idea. Is it possible to make a very small GPG key so that it is done fast? |
Sure, that's possible. |
Any progress here? |
Not yet, I was just trying out
to have some key for testing. MSR still fails but the key generation seems to work. I can't promise to have progress during the week. |
Is the shell recorder able to handle shell variables? If I run the snippet export KEY_ID=`gpg2 --batch --with-colons --fixed-list-mode --list-secret-keys | grep sec | awk '{split($0,a,":"); print a[5]}'`
echo "$KEY_ID"
kdb set /sw/elektra/kdb/#0/current/plugins ""
sudo kdb mount test.ini user/test fcrypt "encrypt/key=$KEY_ID" ini
kdb set user/test/password 1234
#> Create a new key user/test/password with string "1234"
kdb file user/test/password | xargs cat I get the result:
|
This is a good question! Afaik it does not but you can simply use KDB to store anything. So you would write something like (untested): kdb set /tests/gpg/key/id `gpg2 --batch --with-colons --fixed-list-mode --list-secret-keys | grep sec | awk '{split($0,a,":"); print a[5]}'`
kdb get /tests/gpg/key/id
kdb set /sw/elektra/kdb/#0/current/plugins ""
sudo kdb mount test.ini user/test fcrypt "encrypt/key=`kdb get /tests/gpg/key/id`" ini
kdb set user/test/password 1234
#> Create a new key user/test/password with string "1234"
kdb file user/test/password | xargs cat We should definitely add this information to tests/shell/shell_recorder/tutorial_wrapper/README.md Btw. the |
This work-around is documented in the |
Yes, I know that sometimes writing outside of /tests is needed. (also for mounting) But we should make sure in tests to not change the config of the user running the test. Maybe the backup-restore feature would fix the problem? |
Before we fix that I have another problem: PGP keys that are created via
are not usable by GPG. What the hug?
Does anyone have any idea about how to get a proper PGP key in the test scenario? |
You are our gpg expert, I am afraid nobody can help you here! Maybe you ask on a gpg mailing list? |
UPDATE: I found a way to generate a "scripted" key that is usable, however a passphrase has to be set, otherwise the cat >.elektra-test-key <<EOF
Key-Type: RSA
Key-Length: 512
Subkey-Type: RSA
Subkey-Length: 512
Name-Real: libelektra test key
Name-Comment: crypto plugin
Name-Email: testkey@libelektra.org
Expire-Date: 0
Passphrase: 1234
%commit
EOF
gpg2 --verbose --batch --gen-key .elektra-test-key GnuPG is not meant to be "test-automated". 😆 EDIT: add missing "be" in the last sentence. |
Thank you for digging deeper here! You mean that no passphrase should be set? I think we can live with that 👍 |
Having no passphrase on the test-key would make life easier on the server-side. I don't know if MSR can handle pinentry requests during the tests? |
Yes, makes sense. Can you fix this issue now? |
Not quite, I thought about providing a small setup tool, that generates a new GPG test-key using libgpgme. I have to investigate further. |
Ok, thank you! |
I discovered this bug during my work on ElektraInitiative#1981 . If an empty recipient/signature key ID is defined, GnuPG reports an error because it receives invalid command line arguments.
I discovered this bug during my work on ElektraInitiative#1981 . If an empty recipient is defined, GnuPG reports an error because it receives invalid command line arguments.
Status update: I have some progress to report.
This is the solution I'm currently following. It doesn't look too bad:
|
#2591 is blocking the progress atm. |
I'm almost there... BUT MSR fails because in order to be able to mount fcrypt, I have to manipulate the configuration outside of kdb set dir/sw/elektra/kdb/#0/current/plugins ""
kdb mount test.ini user/tests fcrypt "encrypt/key=$(elektra-gpg-testkey)" ini
kdb set user/tests/password 1234
kdb file user/tests/password | xargs cat
kdb rm user/tests/password
kdb rm dir/sw/elektra/kdb/#0/current/plugins
kdb umount user/tests If we leave out the first line, fcrypt can not be mounted due to the know issues with sync (see fcrypt's README): STDERR: The command kdb mount terminated unsuccessfully with the info:
Too many plugins!
The plugin sync can't be positioned at position precommit anymore.
Try to reduce the number of plugins!
Failed because precommit with 7 is larger than 6 I see the following possibilities to solve the problem:
But maybe someone else has an idea. Your help is much appreciated! |
Actually there is a bug besides the limitation of how many plugins can exist (we are already working on this one). The bug is that |
This tool can be utilized in unit tests whenever a valid GPG key without a passphrase is being required. See ElektraInitiative#1981 for full discussion.
Let MSR test the crypto.md tutorial. See ElektraInitiative#1981 for full discussion.
Steps to Reproduce the Problem
Apply the patch:
Build Elektra with
Run the test:
Expected Result
Test should succeed.
Actual Result
Every execution step in the test fails, including the import of the GPG key.
System Information
Further Log Files and Output
n/a
The text was updated successfully, but these errors were encountered: