Bug#900051: libgnupg-interface-perl: t/get_public_keys.t fails with gnupg2/2.2.7-1

Niko Tyni ntyni at debian.org
Wed Jun 20 21:39:27 BST 2018 

On Fri, May 25, 2018 at 11:05:58AM +0200, intrigeri at debian.org wrote:
> Package: libgnupg-interface-perl
> Version: 0.52-9
> Severity: important
> X-Debbugs-Cc: dkg at debian.org
 
> ci.d.n alerted us about a regression in libgnupg-interface-perl test
> suite since the upload of gnupg2/2.2.7-1:

>         gpg: Check that a key may do certifications.
>         + commit 1a5d95e7319e7e6f0dd11064a26cbbc371b05214
>         * g10/sig-check.c (check_signature_end_simple): Check key usage for
>         certifications.
>         (check_signature_over_key_or_uid): Request usage certification.

I've bisected it to that one. The code checking the sigs now sets
  signer->req_usage = PUBKEY_USAGE_CERT
which makes finish_lookup() in g10/getkey.c also check that the
signing key has not expired, which fails here.

Log excerpts from

  GNUPGHOME=~/tmp/libgnupg-interface-perl-0.52/test/gnupghome gpg --debug-level guru --check-sigs 93AFC4B1B0288A104996B44253AE596EF950DA9C

before the regression:

  gpg: DBG: finish_lookup: checking key 260C4FA3 (one)(req_usage=0)
  gpg: DBG: 	using key 260C4FA3
  [...]
  gpg: 9 good signatures

but after the regression:

  gpg: DBG: finish_lookup: checking key 260C4FA3 (one)(req_usage=4)
  gpg: DBG:       primary key has expired
  gpg: DBG:       no suitable key found -  giving up
  [...]
  gpg: 7 good signatures
  gpg: 2 signatures not checked due to missing keys

The new behaviour of rejecting signatures from an expired key seems
sensible, so the attached patch adapts the test suite to that.

There's still the 2.2.8 / --ignore-mdc-error regression to fix.
Happy if someone else can look at that, won't be able to do that
for a few days myself.
-- 
Niko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-test-suite-for-GnuPG-2.2.6-compatibility.patch
Type: text/x-diff
Size: 1914 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20180620/f095b6ad/attachment.patch>

More information about the pkg-perl-maintainers mailing list