Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

pull please! #1

Closed
wants to merge 3 commits into from

4 participants

@rspier

These are three changes I've applied from patches that were submitted by others. They look sane to me.

bremner and others added some commits
@bremner bremner Add support for gpg agent.
This is is controlled by a flag use_agent to the new() method.

This has been mainly tested with the decrypt operation.
582df2c
@bremner bremner Add test for gpg-agent handling.
The only real fragile bit is that gpg-preset-passphrase is installed
in different places on different OSes, and often not in the user path.
For the moment, hard-code a FHS compliant path, and allow the location
to be set by an environment variable.

This is just a copy of the "roundtrip.t" test that already exists,
with agent handling attached to the front. It could probably be made
shorter since some of the tests here do not rely on passphrases.

Also, it might be desirable to re-order the tests.
5887789
Andrew Ruthven Add always-trust support to Mail::GnuPG.
Tue Dec 06 04:09:31 2011: Request 73036 was acted upon.
Transaction: Ticket created by PUCK
       Queue: Mail-GnuPG
     Subject: Add always-trust support to Mail::GnuPG.
   Broken in: 0.16
    Severity: Wishlist
       Owner: Nobody
  Requestors: PUCK@cpan.org
      Status: new
 Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=73036 >

Hi,

I need to be able to send out some encrypted emails using peoples GPG
public keys that have been provided in a manual method.  And I don't
want to have to setup specific key for automatically creating trust
signatures which might leak out into the wild.

Fortunately gpg has a solution to this called always-trust.  And
GnuPG::Interface exposes this.

The attached patch makes Mail::GnuPG expose it as well.  It would be
very handy to have this rolled into Mail::GnuPG.

Cheers!
fe51acc
@alexmv

I see from https://rt.cpan.org/Public/Bug/Display.html?id=73036 that we're not actually upstream anymore. I've pulled from DDB and pushed into our repo, to make it less out of date, at very least.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Sep 27, 2010
  1. @bremner @rspier

    Add support for gpg agent.

    bremner authored rspier committed
    This is is controlled by a flag use_agent to the new() method.
    
    This has been mainly tested with the decrypt operation.
  2. @bremner @rspier

    Add test for gpg-agent handling.

    bremner authored rspier committed
    The only real fragile bit is that gpg-preset-passphrase is installed
    in different places on different OSes, and often not in the user path.
    For the moment, hard-code a FHS compliant path, and allow the location
    to be set by an environment variable.
    
    This is just a copy of the "roundtrip.t" test that already exists,
    with agent handling attached to the front. It could probably be made
    shorter since some of the tests here do not rely on passphrases.
    
    Also, it might be desirable to re-order the tests.
Commits on Dec 8, 2011
  1. @rspier

    Add always-trust support to Mail::GnuPG.

    Andrew Ruthven authored rspier committed
    Tue Dec 06 04:09:31 2011: Request 73036 was acted upon.
    Transaction: Ticket created by PUCK
           Queue: Mail-GnuPG
         Subject: Add always-trust support to Mail::GnuPG.
       Broken in: 0.16
        Severity: Wishlist
           Owner: Nobody
      Requestors: PUCK@cpan.org
          Status: new
     Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=73036 >
    
    Hi,
    
    I need to be able to send out some encrypted emails using peoples GPG
    public keys that have been provided in a manual method.  And I don't
    want to have to setup specific key for automatically creating trust
    signatures which might leak out into the wild.
    
    Fortunately gpg has a solution to this called always-trust.  And
    GnuPG::Interface exposes this.
    
    The attached patch makes Mail::GnuPG expose it as well.  It would be
    very handy to have this rolled into Mail::GnuPG.
    
    Cheers!
This page is out of date. Refresh to see the latest.
Showing with 138 additions and 6 deletions.
  1. +17 −6 GnuPG.pm
  2. +121 −0 t/agent.t
View
23 GnuPG.pm
@@ -44,7 +44,8 @@ use Errno qw(EPIPE);
key => gpg key id
keydir => gpg configuration/key directory
passphrase => primary key password
-
+ use_agent => use gpg-agent if non-zero
+ always_trust => always trust a public key
# FIXME: we need more things here, maybe primary key id.
@@ -58,6 +59,7 @@ sub new {
keydir => undef,
passphrase => "",
gpg_path => "gpg",
+ use_agent => 0,
@_
};
$self->{last_message} = [];
@@ -77,6 +79,10 @@ sub _set_options {
# ( defined $self->{passphrase} ?
# ( passphrase => $self->{passphrase} ) : () ),
);
+
+ if (defined $self->{always_trust}) {
+ $gnupg->options->always_trust($self->{always_trust})
+ }
$gnupg->call( $self->{gpg_path} ) if defined $self->{gpg_path};
}
@@ -114,6 +120,11 @@ sub _set_options {
=cut
+sub _agent_args{
+ my $self=shift;
+ return $self->{use_agent} ? ('command_args' => ['--use-agent']) : ();
+}
+
sub decrypt {
my ($self, $message) = @_;
my $ciphertext = "";
@@ -161,7 +172,7 @@ sub decrypt {
);
# this sets up the communication
- my $pid = $gnupg->decrypt( handles => $handles );
+ my $pid = $gnupg->decrypt( handles => $handles , $self->_agent_args );
die "NO PASSPHRASE" unless defined $passphrase_fh;
my $read = _communicate([$output, $error, $status_fh],
@@ -542,7 +553,7 @@ sub mime_sign {
passphrase => $passphrase_fh,
status => $status_fh,
);
- my $pid = $gnupg->detach_sign( handles => $handles );
+ my $pid = $gnupg->detach_sign( handles => $handles, $self->_agent_args );
die "NO PASSPHRASE" unless defined $passphrase_fh;
# this passes in the plaintext
@@ -641,7 +652,7 @@ sub clear_sign {
stderr => $error,
);
- my $pid = $gnupg->clearsign ( handles => $handles );
+ my $pid = $gnupg->clearsign ( handles => $handles, $self->_agent_args );
my $plaintext = $body->as_string;
@@ -744,7 +755,7 @@ sub _ascii_encrypt {
my $pid = do {
if ( $sign ) {
- $gnupg->sign_and_encrypt ( handles => $handles );
+ $gnupg->sign_and_encrypt ( handles => $handles, $self->_agent_args );
} else {
$gnupg->encrypt ( handles => $handles );
}
@@ -844,7 +855,7 @@ sub _mime_encrypt {
my $pid = do {
if ($sign) {
- $gnupg->sign_and_encrypt( handles => $handles );
+ $gnupg->sign_and_encrypt( handles => $handles, $self->_agent_args );
} else {
$gnupg->encrypt( handles => $handles );
}
View
121 t/agent.t
@@ -0,0 +1,121 @@
+# -*- perl -*-
+
+use Test::More;
+use File::Temp qw(tempdir);
+use Mail::GnuPG;
+use MIME::Entity;
+use strict;
+no warnings 'redefine'; # fix this later
+
+my $KEY = "EFEA4EAD"; # 49539D60EFEA4EAD
+my $WHO = "Mail::GnuPG Test Key <mail\@gnupg.dom>";
+
+unless ( 0 == system("gpg --version 2>&1 >/dev/null") &&
+ 0 == system("gpg-agent --version 2>&1 >/dev/null")) {
+ plan skip_all => "gpg, gpg-agent in path required for testing agent";
+ goto end;
+}
+
+my $preset=$ENV{GPG_PRESET_PASSPHRASE} || "/usr/lib/gnupg2/gpg-preset-passphrase";
+
+unless (0 == system("$preset --version 2>&1 >/dev/null")) {
+ plan skip_all => "gpg-preset-passphrase not found; set GPG_PRESET_PASSPHRASE in environment to location of binary";
+ goto end;
+}
+
+my $tmpdir = tempdir( "mgtXXXXX", CLEANUP => 1);
+
+unless ( 0 == system("gpg --homedir $tmpdir --trusted-key 0x49539D60EFEA4EAD --import t/test-key.pgp 2>&1 >/dev/null")) {
+ plan skip_all => "unable to import testing keys";
+ goto end;
+}
+
+unless (open AGENT, "gpg-agent --disable-scdaemon --allow-preset --daemon|") {
+ plan skip_all =>"unable to start gpg-agent";
+ goto end;
+}
+
+my ($agent_pid,$agent_info);
+while (<AGENT>){
+ if (m/GPG_AGENT_INFO=([^;]*);/){
+ $agent_info=$1;
+ $ENV{'GPG_AGENT_INFO'}=$agent_info;
+ my @parts=split(':',$agent_info);
+ $agent_pid=$parts[1];
+ }
+}
+
+# gpg-preset-passphrase uses the fingerprint of the subkey, rather than the id.
+unless ( 0 == system ("$preset --preset -P passphrase " .
+ "576AE2D0BC6974C083705EE033A736779FE08E94")
+ && 0 == system ("$preset --preset -P passphrase " .
+ "8E136E6F34C0D4CD941A9DB749539D60EFEA4EAD") ){
+ plan skip_all =>"unable to cache passphrase";
+ goto end;
+}
+
+plan tests => 20;
+
+
+my $mg = new Mail::GnuPG( key => '49539D60EFEA4EAD',
+ keydir => $tmpdir,
+ use_agent => 1);
+
+isa_ok($mg,"Mail::GnuPG");
+
+my $line = "x\n";
+my $string = $line x 100000;
+
+my $copy;
+my $me = MIME::Entity->build(From => 'me@myhost.com',
+ To => 'you@yourhost.com',
+ Subject => "Hello, nurse!",
+ Data => [$string]);
+# Test MIME Signing Round Trip
+
+$copy = $me->dup;
+
+is( 0, $mg->mime_sign( $copy ) );
+
+my ($verify,$key,$who) = $mg->verify($copy);
+is( 0, $verify );
+is( $KEY, $key );
+is( $WHO, $who );
+
+is( 1, $mg->is_signed($copy) );
+is( 0, $mg->is_encrypted($copy) );
+
+# Test Clear Signing Round Trip
+
+$copy = $me->dup;
+
+is( 0, $mg->clear_sign( $copy ) );
+
+{ my ($verify,$key,$who) = $mg->verify($copy);
+is( 0, $verify );
+is( $KEY, $key );
+is( $WHO, $who );
+
+is( 1, $mg->is_signed($copy) );
+is( 0, $mg->is_encrypted($copy) );
+}
+# Test MIME Encryption Round Trip
+
+$copy = $me->dup;
+
+is( 0, $mg->ascii_encrypt( $copy, $KEY ));
+is( 0, $mg->is_signed($copy) );
+is( 1, $mg->is_encrypted($copy) );
+
+($verify,$key,$who) = $mg->decrypt($copy);
+
+is( 0, $verify );
+is( undef, $key );
+is( undef, $who );
+
+is_deeply($mg->{decrypted}->body,$me->body);
+
+end:
+kill 15,$agent_pid if (defined($agent_pid));
+
+
Something went wrong with that request. Please try again.