Page MenuHome GnuPG
Create Task
Maniphest T6778

gpgme-1.23.1 tests fail with gnupg configured without tofu
Open, NormalPublic
Actions

Description

gpgme-1.23.1 fails the t-quick-key-manipulation.py test if gnupg is built without tofu support, as follows:

GNUPGHOME=/var/tmp/portage/app-crypt/gpgme-1.23.1/work/gpgme-1.23.1_build/lang/python/tests LC_ALL=C GPG_AGENT_INFO= top_srcdir=/var/tmp/portage/app-crypt/gpgme-1.23.1/work/b srcdir=/var/tmp/portage/app-crypt
/gpgme-1.23.1/work/b/lang/python/tests LD_LIBRARY_PATH="../../../src/.libs:" python3.10 /var/tmp/portage/app-crypt/gpgme-1.23.1/work/b/lang/python/tests/run-tests.py \
  --interpreters="python3.10" --srcdir=/var/tmp/portage/app-crypt/gpgme-1.23.1/work/b/lang/python/tests --python-libdir=/var/tmp/portage/app-crypt/gpgme-1.23.1/work/gpgme-1.23.1_build-python3_10/lib \
  initial.py t-wrapper.py t-callbacks.py t-data.py t-encrypt.py t-encrypt-sym.py t-encrypt-sign.py t-sign.py t-signers.py t-decrypt.py t-verify.py t-decrypt-verify.py t-sig-notation.py t-export.py t-import.py
 t-edit.py t-keylist.py t-keylist-from-data.py t-wait.py t-encrypt-large.py t-file-name.py t-idiomatic.py t-protocol-assuan.py t-quick-key-creation.py t-quick-subkey-creation.py t-quick-key-manipulation.py t-
quick-key-signing.py final.py
starting gpg-agent..
gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent|--debug-quick-random'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
OK
Using gpg module from '/var/tmp/portage/app-crypt/gpgme-1.23.1/work/gpgme-1.23.1_build-python3_10/lib/gpg'.
Traceback (most recent call last):
  File "/var/tmp/portage/app-crypt/gpgme-1.23.1/work/b/lang/python/tests/t-quick-key-manipulation.py", line 102, in <module>
    if not support.have_tofu_support(ctx, bravo):
  File "/var/tmp/portage/app-crypt/gpgme-1.23.1/work/gpgme-1.23.1/lang/python/tests/support.py", line 49, in have_tofu_support
    keys = list(
  File "/var/tmp/portage/app-crypt/gpgme-1.23.1/work/gpgme-1.23.1_build-python3_10/lib/gpg/core.py", line 768, in keylist
    key = self.op_keylist_next()
  File "/var/tmp/portage/app-crypt/gpgme-1.23.1/work/gpgme-1.23.1_build-python3_10/lib/gpg/core.py", line 1214, in op_keylist_next
    raise excp
  File "/var/tmp/portage/app-crypt/gpgme-1.23.1/work/gpgme-1.23.1_build-python3_10/lib/gpg/core.py", line 1209, in op_keylist_next
    errorcheck(gpgme.gpgme_op_keylist_next(self.wrapped, ptr))
  File "/var/tmp/portage/app-crypt/gpgme-1.23.1/work/gpgme-1.23.1_build-python3_10/lib/gpg/errors.py", line 129, in errorcheck
    raise GPGMEError(retval, extradata)
gpg.errors.GPGMEError: GPGME: Invalid crypto engine
stopping gpg-agent
Running tests using python3.10 (3.10)...
[...]

FAIL: t-quick-key-manipulation.py
PASS: t-quick-key-signing.py
PASS: final.py
28 tests run, 27 succeeded, 1 failed, 0 skipped.
make: *** [Makefile:628: xcheck] Error 1

What's interesting is:

  1. This came up before at https://lists.gnupg.org/pipermail/gnupg-devel/2017-April/032801.html
  2. The error here is actually within the have_tofu_support check which can't cope with the GPGMEError being raised

I assume some validation just got stricter between 1.22.0 and 1.23.1 and the fact that have_tofu_support requests gpg.constants.keylist.mode.WITH_TOFU triggers an exception now.

Details

Version
1.23.1

Event Timeline

thesamesam created this task.Oct 28 2023, 5:06 AM
thesamesam added a comment.Oct 28 2023, 5:19 AM

I did this locally:

--- a/lang/python/tests/support.py
+++ b/lang/python/tests/support.py
@@ -46,13 +46,15 @@ def is_gpg_version(version):


 def have_tofu_support(ctx, some_uid):
-    keys = list(
-        ctx.keylist(
-            some_uid,
-            mode=(gpg.constants.keylist.mode.LOCAL |
-                  gpg.constants.keylist.mode.WITH_TOFU)))
-    return len(keys) > 0
-
+    try:
+        keys = list(
+            ctx.keylist(
+                some_uid,
+                mode=(gpg.constants.keylist.mode.LOCAL |
+                      gpg.constants.keylist.mode.WITH_TOFU)))
+        return len(keys) > 0
+    except gpg.errors.GPGMEError:
+        return False

 # Skip the Python tests for GnuPG < 2.1.12.  Prior versions do not
 # understand the command line flags that we assume exist.  C.f. issue
aheinecke triaged this task as Normal priority.Oct 28 2023, 8:58 AM
aheinecke added a subscriber: aheinecke.

There should not be an exception "Invalid crypto engine" in that call. I expect that gnupg errors out immediately if the parameter with tofu is given while instead it should print a warning and show no information. Or of it errors then Invalid Crypto Engine is definitely the wrong error for that.