From 0c12db2036f9ce7913f949c9e56459efaa3cb0d3 Mon Sep 17 00:00:00 2001 From: "rmlibre@riseup.net" Date: Sat, 14 Dec 2019 02:46:45 -0500 Subject: [PATCH] v0.3.9 update - removed --batch flag from encrypt() --- CHANGES.md | 9 +++++- setup.py | 2 +- tests/test_tiny_gnupg.py | 69 +++++++++++++++++++++------------------- tiny_gnupg/__init__.py | 2 +- tiny_gnupg/tiny_gnupg.py | 5 ++- 5 files changed, 48 insertions(+), 39 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index d688cf5..649c609 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,4 +1,4 @@ -# Changes for version 0.3.8 +# Changes for version 0.3.9 ## Known Issues - Because of Debian [bug #930665](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930665), and related GnuPG [bug #T4393](https://dev.gnupg.org/T4393), importing keys from the default keyserver [keys.openpgp.org](https://keys.openpgp.org/) doesn't work automatically on all systems. Not without email confirmation, at least. That's because the keyserver will not publish uid information attached to a key before a user confirms access to the email address assigned to the uploaded key. And, because GnuPG folks are still holding up the merging, and back-porting, of patches that would allow GnuPG to automatically handle keys without uids gracefully. This effects the `network_import()` method specifically, but also the `text_import()` and `file_import()` methods, if they happen to be passed a key or filename argument which refers to a key without uid information. The gpg2 binary in this package can be replaced manually if a user's system has access to a patched version. - This program may only be reliably compatible with keys that are also created with this program. That's because our terminal parsing is reliant on specific metadata to be similar across all encountered keys. It seems most keys have successfully been parsed with recent updates, though more testing is needed. @@ -6,6 +6,13 @@ - We're still in unstable and have to build out our test suite. Contributions welcome. ## Minor Changes - Added new tests. +## Major Changes +- Fixed new crash caused by `--batch` keyword in `encrypt()`. When a key being used to encrypt isn't ultimately trusted, gnupg raises an error, but this isn't a desired behavior. So, `--batch` is removed from the command sent from the method. + + +# Changes for version 0.3.8 +## Minor Changes +- Added new tests. - Removed `base_command()` method because it was only a layer of indirection. It was merged into `command()`. ## Major Changes - Added the `--batch`, `--quiet` and `--yes` arguments to the default commands contructed by the `command()` method. diff --git a/setup.py b/setup.py index 22e7cf7..4e1e422 100755 --- a/setup.py +++ b/setup.py @@ -20,7 +20,7 @@ setup( name="tiny_gnupg", license="GPLv3", - version="0.3.8", + version="0.3.9", description=description, long_description=long_description, url="https://github.com/rmlibre/tiny_gnupg", diff --git a/tests/test_tiny_gnupg.py b/tests/test_tiny_gnupg.py index 84481f0..5691ee7 100644 --- a/tests/test_tiny_gnupg.py +++ b/tests/test_tiny_gnupg.py @@ -8,7 +8,6 @@ # All rights reserved. # -import os import sys import pytest import asyncio @@ -85,38 +84,42 @@ def test_command(gpg): def test_cipher(gpg): message = "\n twenty\ntwo\narmed\ndogs\nrush\nthe\nkibble \n\n" - encrypted_message_0 = gpg.encrypt( - message=message, - uid=gpg.fingerprint, - local_user=gpg.fingerprint, - ) - encrypted_message_1 = gpg.encrypt( - message=message, - uid=gpg.fingerprint, - ) - encrypted_message_2 = gpg.encrypt( - message=message, - uid=gpg.fingerprint, - local_user=gpg.fingerprint, - sign=False, - ) - encrypted_message_3 = gpg.encrypt( - message=message, - uid=gpg.fingerprint, - sign=False, - ) - assert gpg.decrypt(encrypted_message_0) == message + "\n" - assert gpg.decrypt(encrypted_message_1) == message + "\n" - assert gpg.decrypt(encrypted_message_2) == message + "\n" - assert gpg.decrypt(encrypted_message_3) == message + "\n" - signed_message_0 = gpg.sign(message) - signed_message_1 = gpg.sign(signed_message_0) - signed_message_2 = gpg.sign(signed_message_1) - signed_message_3 = gpg.sign(signed_message_2) - gpg.verify(signed_message_0) - gpg.verify(signed_message_1) - gpg.verify(signed_message_2) - gpg.verify(signed_message_3) + for trust_level in range(1, 6): + for fingerprint in gpg.list_keys(): + gpg.trust(fingerprint, trust_level) + encrypted_message_0 = gpg.encrypt( + message=message, + uid=gpg.fingerprint, + local_user=gpg.fingerprint, + ) + encrypted_message_1 = gpg.encrypt( + message=message, + uid=gpg.fingerprint, + ) + encrypted_message_2 = gpg.encrypt( + message=message, + uid=gpg.fingerprint, + local_user=gpg.fingerprint, + sign=False, + ) + encrypted_message_3 = gpg.encrypt( + message=message, + uid=gpg.fingerprint, + sign=False, + ) + assert gpg.decrypt(encrypted_message_0) == message + "\n" + assert gpg.decrypt(encrypted_message_1) == message + "\n" + assert gpg.decrypt(encrypted_message_2) == message + "\n" + assert gpg.decrypt(encrypted_message_3) == message + "\n" + signed_message_0 = gpg.sign(message) + signed_message_1 = gpg.sign(signed_message_0) + signed_message_2 = gpg.sign(signed_message_1) + signed_message_3 = gpg.sign(signed_message_2) + signed_message_3 = gpg.sign(signed_message_3) + gpg.verify(signed_message_0) + gpg.verify(signed_message_1) + gpg.verify(signed_message_2) + gpg.verify(signed_message_3) def test_file_io(gpg): diff --git a/tiny_gnupg/__init__.py b/tiny_gnupg/__init__.py index 603f850..1cdf7b5 100644 --- a/tiny_gnupg/__init__.py +++ b/tiny_gnupg/__init__.py @@ -8,6 +8,6 @@ # All rights reserved. # -__version__ = "0.3.8" +__version__ = "0.3.9" from .tiny_gnupg import GnuPG, __all__ diff --git a/tiny_gnupg/tiny_gnupg.py b/tiny_gnupg/tiny_gnupg.py index c924aff..160bc49 100644 --- a/tiny_gnupg/tiny_gnupg.py +++ b/tiny_gnupg/tiny_gnupg.py @@ -251,6 +251,7 @@ def encrypt(self, message="", uid="", sign=True, local_user=""): uid, with_passphrase=True, ) + command.remove("--batch") # avoid crash with untrusted keys if self.key_trust(uid) != "ultimate": inputs = self.encode_inputs(self.passphrase, "y", message) else: @@ -305,9 +306,7 @@ def key_email(self, uid=""): for part in parts.split("\nuid"): if "@" in part and "]" in part: part = part[part.find("]") + 1 :] - if part.startswith("<"): - part = part[1:-1] - elif "<" in part: + if "<" in part and ">" in part: part = part[part.find("<") + 1 : part.find(">")] return part