gpgme: move flaky patch URLs to local files.

2021-08-18 13:57:18 -07:00 · 2021-08-18 13:57:18 -07:00 · 457c8a7f5b
parent 17070fb8a8
commit 457c8a7f5b
3 changed files with 141 additions and 16 deletions
--- a/pkgs/development/libraries/gpgme/default.nix
+++ b/pkgs/development/libraries/gpgme/default.nix
@ -21,22 +21,10 @@ stdenv.mkDerivation rec {
  };

  patches = [
-    (fetchpatch { # probably included in > 1.16.0
-      name = "test_t-edit-sign.diff"; # we experienced segmentation fault in this test
-      urls = [
-        "https://files.gnupg.net/file/data/w43xz2zf73pnyqk5mm5l/PHID-FILE-hm2x5mjntsdyxrxve5tb/file"
-        "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=patch;h=81a33ea5e1b86d586b956e893a5b25c4cd41c969"
-      ];
-      sha256 = "1xxvv0kc9wdj5hzpddzs3cn8dhmm2cb29224a7h9vairraq5272h";
-    })
-    (fetchpatch { # gpg: Send --with-keygrip when listing keys
-      name = "c4cf527ea227edb468a84bf9b8ce996807bd6992.patch";
-      urls = [
-        "https://files.gnupg.net/file/data/2ufcg7ny5jdnv7hmewb4/PHID-FILE-7iwvryn2btti6txr3bsz/file"
-        "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=patch;h=c4cf527ea227edb468a84bf9b8ce996807bd6992"
-      ];
-      sha256 = "0y0b0lb2nq5p9kx13b59b2jaz157mvflliw1qdvg1v1hynvgb8m4";
-    })
+    # probably included in > 1.16.0
+    ./test_t-edit-sign.diff
+    # https://dev.gnupg.org/rMc4cf527ea227edb468a84bf9b8ce996807bd6992
+    ./fix_gpg_list_keys.diff
    # https://lists.gnupg.org/pipermail/gnupg-devel/2020-April/034591.html
    (fetchpatch {
      name = "0001-Fix-python-tests-on-non-Linux.patch";
--- a/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff
+++ b/pkgs/development/libraries/gpgme/fix_gpg_list_keys.diff
@ -0,0 +1,12 @@
+diff --git a/src/engine-gpg.c b/src/engine-gpg.c
+index b51ea173..4e74665e 100644
+--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
+@@ -3005,6 +3005,7 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only,
+   gpg_error_t err;
+ 
+   err = add_arg (gpg, "--with-colons");
+  err = add_arg (gpg, "--with-keygrip");
+ 
+   /* Since gpg 2.1.15 fingerprints are always printed, thus there is
+    * no more need to explicitly request them.  */
--- a/pkgs/development/libraries/gpgme/test_t-edit-sign.diff
+++ b/pkgs/development/libraries/gpgme/test_t-edit-sign.diff
@ -0,0 +1,125 @@
+From 81a33ea5e1b86d586b956e893a5b25c4cd41c969 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
+Date: Sat, 26 Jun 2021 18:02:47 +0200
+Subject: [PATCH] core: Fix use-after-free issue in test
+
+* tests/gpg/t-edit-sign.c (sign_key, verify_key_signature): New.
+(main): Factored out signing and verifying the result.
+--
+
+Factoring the two steps of the test into different functions fixes the
+use-after-free issue that was caused by accidentaly using a variable
+of the first step in the second step.
+
+GnuPG-bug-id: 5509
+---
+ tests/gpg/t-edit-sign.c | 54 ++++++++++++++++++++++++++++-------------
+ 1 file changed, 37 insertions(+), 17 deletions(-)
+
+diff --git a/tests/gpg/t-edit-sign.c b/tests/gpg/t-edit-sign.c
+index 2f983622..e0494c54 100644
+--- a/tests/gpg/t-edit-sign.c
+++ b/tests/gpg/t-edit-sign.c
+@@ -107,31 +107,19 @@ interact_fnc (void *opaque, const char *status, const char *args, int fd)
+ }
+ 
+ 
+-int
+-main (int argc, char **argv)
+void
+sign_key (const char *key_fpr, const char *signer_fpr)
+ {
+   gpgme_ctx_t ctx;
+   gpgme_error_t err;
+   gpgme_data_t out = NULL;
+-  const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
+   gpgme_key_t signing_key = NULL;
+-  const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
+   gpgme_key_t key = NULL;
+-  gpgme_key_t signed_key = NULL;
+-  gpgme_user_id_t signed_uid = NULL;
+-  gpgme_key_sig_t key_sig = NULL;
+   char *agent_info;
+-  int mode;
+-
+-  (void)argc;
+-  (void)argv;
+-
+-  init_gpgme (GPGME_PROTOCOL_OpenPGP);
+ 
+   err = gpgme_new (&ctx);
+   fail_if_err (err);
+ 
+-  /* Sign the key */
+   agent_info = getenv("GPG_AGENT_INFO");
+   if (!(agent_info && strchr (agent_info, ':')))
+     gpgme_set_passphrase_cb (ctx, passphrase_cb, 0);
+@@ -159,8 +147,23 @@ main (int argc, char **argv)
+   gpgme_data_release (out);
+   gpgme_key_unref (key);
+   gpgme_key_unref (signing_key);
+  gpgme_release (ctx);
+}
+
+
+void
+verify_key_signature (const char *key_fpr, const char *signer_keyid)
+{
+  gpgme_ctx_t ctx;
+  gpgme_error_t err;
+  gpgme_key_t signed_key = NULL;
+  gpgme_user_id_t signed_uid = NULL;
+  gpgme_key_sig_t key_sig = NULL;
+  int mode;
+
+  err = gpgme_new (&ctx);
+  fail_if_err (err);
+ 
+-  /* Verify the key signature */
+   mode  = gpgme_get_keylist_mode (ctx);
+   mode |= GPGME_KEYLIST_MODE_SIGS;
+   err = gpgme_set_keylist_mode (ctx, mode);
+@@ -168,7 +171,7 @@ main (int argc, char **argv)
+   err = gpgme_get_key (ctx, key_fpr, &signed_key, 0);
+   fail_if_err (err);
+ 
+-  signed_uid = key->uids;
+  signed_uid = signed_key->uids;
+   if (!signed_uid)
+     {
+       fprintf (stderr, "Signed key has no user IDs\n");
+@@ -180,7 +183,7 @@ main (int argc, char **argv)
+       exit (1);
+     }
+   key_sig = signed_uid->signatures->next;
+-  if (strcmp ("2D727CC768697734", key_sig->keyid))
+  if (strcmp (signer_keyid, key_sig->keyid))
+     {
+       fprintf (stderr, "Unexpected key ID in second user ID sig: %s\n",
+                 key_sig->keyid);
+@@ -196,6 +199,23 @@ main (int argc, char **argv)
+ 
+   gpgme_key_unref (signed_key);
+   gpgme_release (ctx);
+}
+
+
+int
+main (int argc, char **argv)
+{
+  const char *signer_fpr = "A0FF4590BB6122EDEF6E3C542D727CC768697734"; /* Alpha Test */
+  const char *signer_keyid = signer_fpr + strlen(signer_fpr) - 16;
+  const char *key_fpr = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2"; /* Bravo Test */
+
+  (void)argc;
+  (void)argv;
+
+  init_gpgme (GPGME_PROTOCOL_OpenPGP);
+
+  sign_key (key_fpr, signer_fpr);
+  verify_key_signature (key_fpr, signer_keyid);
+ 
+   return 0;
+ }
+-- 
+2.32.0