-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Discussion: Testing with PharIO\GnuPG #26
Comments
We really just need to rework (to not say rewrite ;-) the gnupg library. I have no idea why I/we considered a good idea to implement it the way we did... |
IMO the GnuPH lib should donthe heavy lifting of figuring out whether the lib is available or not. So in essence that already should be the proxy. How that is then handled internally is not an issue of this package 🙈 |
We are already using a factory to fetch the GnuPG class. I'd propose to use a GnuPG interface and the factory then returns one of three implementations: one based on the GnuPG extension, one based on the |
The question would be if we hand out the implementations to users of the lib, or if we hide that stuff in the background. I have to admit I'm still far from being an expert with all the gpg stuff. Maybe we define multiple interfaces depending on the use case.
I think I'm in favor of hiding the "complexity" for lib users and internally take care of everything that is needed to make the key handling and verification work. So internally do exactly what you described only difference not handing over different implementations to the user instead handling them internally. I would love to work on this (need to finally become at least decent with this gpg stuff). Happy to video call in the upcoming days to plan the course of action. |
I very much like the idea of growing phar-io/gnupg to become a more complete solution. |
I wouldn't leave anything to the user! We are currently using phario/gpg. And I'd only refactor that lib to handle the stuff differently and especially to handle cases where neither the gpg extension nor the gpg binary are present |
Do you plan to plan to have a full userland implementation? 😮 |
NO! More like not verifying at all but telling the user that they are on a system without either and that that is insecure and they are on their own from here! |
Okay, given the meeting in Munich didn't work, let's try to schedule a video call :-) I'll send a link later today to find time slots. |
I'm a bit stuck. I'm trying to fix the current tests but I keep running into problems.
Was playing around with it a bit but always running into expected
GnuPg
gotPharIO\GnuPg
issues when testing without the extension.I was thinking about hiding the two
GnuPG
implementations behind aGnuPGProxy
and only type hint and Mock the proxy. So I don't have to deal with the type jougling.But I'm not sure if if makes sense to implement it in this repo.
Maybe implementing it in
phar-io/gnupg
makes more sense. Then evenphive
could implement against the proxy api und would not care about the\GnuPg
orPharIO\GnuPg
magic.It would always be
GnuPgProxy
(name still up for discussion).Or am I just too blind to figure this little type mess out another way.
@theseer @heiglandreas what do you think.
The text was updated successfully, but these errors were encountered: