[Pkg-gnupg-maint] Bug#778877: Bug#778877: Bug#778877: making the gnupg package reproducible

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Mar 19 22:22:31 UTC 2015


(adding Ian, Iustin, and Stefano to Cc here, since this involves
autopkgtest and they're drivers of DEP8; adding wine at packages.debian.org
since it involves wine; see https://bugs.debian.org/778877 for
background)

On Tue 2015-02-24 03:36:28 -0500, Didier 'OdyX' Raboud wrote:
> Le lundi, 23 février 2015 15.14:28, vous avez écrit :
>> On Mon 2015-02-23 03:01:04 -0500, Didier 'OdyX' Raboud  <odyx at debian.org> wrote:
>> > gpgv.exe runs fine under Wine with this patch.
>> 
>> sweet, thanks for testing, OdyX.
>> 
>> > That said, it'd be cool to have either build-time tests (but Build-
>> > Depending on wine, err, no…) or autopkgtests that would test
>> > gpgv.exe, at least under wine (as I suspect that we don't have
>> > Windows autopkgtests runners :-P).
>> 
>> I agree, that would be cool.  I'm actually not totally averse to
>> build-depending on wine either; we're already build-depending on
>> mingw.
>
> Wine nowadays only runs on i386 (on amd64 it needs multiarch enabled), 
> having that in the build test-suite would impose to either build gnupg 
> on i386, or go through hops to make sure multiarch is enabled.

right, this is what i see on a minimal amd64 system with wine and
gpgv-win32 installed:

dkg at test:~$ wine /usr/share/win32/gpgv.exe --keyring Z:\\/tmp/tmp.7hMKKepWqq/pubring.gpg Z:\\/home/dkg/gpgv-win32.gpg Z:\\/home/dkg/gpgv-win32
it looks like multiarch needs to be enabled.  as root, please
execute "dpkg --add-architecture i386 && apt-get update &&
apt-get install wine32"
wine: created the configuration directory '/home/dkg/.wine64'
Application tried to create a window, but no driver could be loaded.
Make sure that your X server is running and that $DISPLAY is set correctly.
Application tried to create a window, but no driver could be loaded.
Make sure that your X server is running and that $DISPLAY is set correctly.
Application tried to create a window, but no driver could be loaded.
Make sure that your X server is running and that $DISPLAY is set correctly.
Application tried to create a window, but no driver could be loaded.
Make sure that your X server is running and that $DISPLAY is set correctly.
Application tried to create a window, but no driver could be loaded.
Make sure that your X server is running and that $DISPLAY is set correctly.
Application tried to create a window, but no driver could be loaded.
Make sure that your X server is running and that $DISPLAY is set correctly.
Application tried to create a window, but no driver could be loaded.
Make sure that your X server is running and that $DISPLAY is set correctly.
wine: configuration in '/home/dkg/.wine64' has been updated.
wine: Bad EXE format for Z:\usr\share\win32\gpgv.exe.
dkg at test:~$

I don't think the window stuff is relevant, but the multiarch business
and the "Bad EXE format" definitely are.

> An autopkgtest would need to generate a key and then issue a signature 
> (both using gnupg), then verify it with gpgv.exe through wine. Initial 
> (rough) patch attached.

Hm, looking into this further, i don't see how we can effectively limit
the autopkgtest to run only on i386 platforms.  As a result, it looks to
me like the test proposed would fail on amd64.

Is there a way to limit the test to i386?

or should we make the test run as root, and have it set up multi-arch if
it notices that it's on amd64?

Any guidance from autopkgtest or wine people would be welcome.

   --dkg


> diff --git a/debian/control b/debian/control
> index c230c42..c5f53fa 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -17,6 +17,7 @@ Build-Depends: debhelper (>> 7),
>                 libusb-dev [!hurd-i386],
>                 libz-dev
>  Build-Depends-Indep: mingw-w64
> +XS-Testsuite: autopkgtest
>  Homepage: http://www.gnupg.org
>  Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-gnupg/gnupg.git
>  Vcs-Git: git://anonscm.debian.org/pkg-gnupg/gnupg.git
> diff --git a/debian/tests/control b/debian/tests/control
> new file mode 100644
> index 0000000..95180d0
> --- /dev/null
> +++ b/debian/tests/control
> @@ -0,0 +1,2 @@
> +Tests: gpgv-win32
> +Depends: gpgv-win32, wine, gpg
> diff --git a/debian/tests/gpgv-win32 b/debian/tests/gpgv-win32
> new file mode 100755
> index 0000000..ea2371b
> --- /dev/null
> +++ b/debian/tests/gpgv-win32
> @@ -0,0 +1,31 @@
> +#!/bin/sh
> +
> +set -e
> +
> +GNUPGHOME=`mktemp -d`
> +export GNUPGHOME=$GNUPGHOME
> +
> +# Generate a key, example taken out of the GnuPG manual:
> +cat > key-control-file <<EOF
> +     %echo Generating a basic OpenPGP key
> +     Key-Type: RSA
> +     Key-Length: 1024
> +     Subkey-Type: ELG-E
> +     Subkey-Length: 1024
> +     Name-Real: Test key for gpgv-win32
> +     Name-Email: test-key at example.com
> +     Expire-Date: 1d
> +     %commit
> +     %echo done
> +EOF
> +gpg --batch --gen-key key-control-file
> +
> +# Sign this very script
> +rm -f ${0}.gpg
> +gpg --output ${0}.gpg --detach-sign $0
> +
> +# Verify using gpgv
> +gpgv --keyring $GNUPGHOME/pubring.gpg ${0}.gpg ${0}
> +
> +# Verify using gpgv.exe
> +wine /usr/share/win32/gpgv.exe --keyring Z:\\\\$GNUPGHOME/pubring.gpg Z:\\\\`pwd`/${0}.gpg Z:\\\\`pwd`/${0}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20150319/bab7d474/attachment.sig>


More information about the Pkg-gnupg-maint mailing list