Control: tags 797776 + patch pending pygpgme was FTBFS because of two changes in gpg 2.1:
* the way gpg 2.1.x counts key imports has shifted slightly: https://lists.gnupg.org/pipermail/gnupg-devel/2016-January/030718.html * any interaction for passphrases now rely on the gpg-agent, and passphrase callbacks only work in loopback pinentry mode: https://bugs.gnupg.org/gnupg/issue767 I've modified the pygpgme test suite to address those changes, which results in the attached debdiff. (the debdiff also removes some older unused patches in debian/patches) The result no longer FTBFS for me in unstable. I've uploaded this as an NMU to DELAYED/3 to help with debian's move to gpg 2.1.x. Please let me know if there's anything else i can do to help out with it. --dkg
diff -Nru pygpgme-0.3/debian/changelog pygpgme-0.3/debian/changelog --- pygpgme-0.3/debian/changelog 2014-03-22 19:56:19.000000000 -0400 +++ pygpgme-0.3/debian/changelog 2016-02-01 19:46:39.000000000 -0500 @@ -1,3 +1,15 @@ +pygpgme (0.3-1.1) unstable; urgency=medium + + * Non-maintainer upload + * ensure that test suite works with gpg 2.1.x + - drop patch that forces 1.4.x during passphrase_cb + - drop all unused debian/patches + - rely on gpg-agent + - imported keys are counted differently + - require the use of loopback pinentry for (deprecated) passphrase_cb + + -- Daniel Kahn Gillmor <d...@fifthhorseman.net> Mon, 01 Feb 2016 19:30:28 -0500 + pygpgme (0.3-1) unstable; urgency=medium * New upstream release (Closes: #665731, #696636) diff -Nru pygpgme-0.3/debian/control pygpgme-0.3/debian/control --- pygpgme-0.3/debian/control 2014-03-22 19:46:33.000000000 -0400 +++ pygpgme-0.3/debian/control 2016-02-01 19:44:47.000000000 -0500 @@ -2,7 +2,7 @@ Section: python Priority: optional Maintainer: Miguel Di Ciurcio Filho <mig...@ic.unicamp.br> -Build-Depends: debhelper (>= 8.1.0~), python-all-dev (>= 2.6.6-3~), python3-all-dev, libgpgme11-dev, python-all-dbg (>= 2.6.6-3~), python3-all-dbg, gnupg +Build-Depends: debhelper (>= 8.1.0~), python-all-dev (>= 2.6.6-3~), python3-all-dev, libgpgme11-dev, python-all-dbg (>= 2.6.6-3~), python3-all-dbg, gnupg2, gnupg-agent Standards-Version: 3.9.5 Homepage: https://launchpad.net/products/pygpgme X-Python-Version: >= 2.4 diff -Nru pygpgme-0.3/debian/patches/0001-reflect-2.1-reporting-for-key-imports.patch pygpgme-0.3/debian/patches/0001-reflect-2.1-reporting-for-key-imports.patch --- pygpgme-0.3/debian/patches/0001-reflect-2.1-reporting-for-key-imports.patch 1969-12-31 19:00:00.000000000 -0500 +++ pygpgme-0.3/debian/patches/0001-reflect-2.1-reporting-for-key-imports.patch 2016-02-01 19:53:38.000000000 -0500 @@ -0,0 +1,88 @@ +From 1c1812def711803382cc28caea1f35fb7ef774b0 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <d...@fifthhorseman.net> +Date: Tue, 26 Jan 2016 14:24:26 -0500 +Subject: [PATCH 1/5] reflect 2.1 reporting for key imports + +GnuPG 2.1 changes how it reports key imports. These changes should +make the pygpgme test suite compatible with GnuPG 2.1. + +See also: +https://lists.gnupg.org/pipermail/gnupg-devel/2016-January/030718.html +--- + tests/test_import.py | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/tests/test_import.py b/tests/test_import.py +index 10eb816..597eb47 100644 +--- a/tests/test_import.py ++++ b/tests/test_import.py +@@ -55,7 +55,7 @@ class ImportTestCase(GpgHomeTestCase): + ctx = gpgme.Context() + with self.keyfile('key1.sec') as fp: + result = ctx.import_(fp) +- self.assertEqual(result.considered, 1) ++ self.assertEqual(result.considered, 3) + self.assertEqual(result.no_user_id, 0) + self.assertEqual(result.imported, 1) + self.assertEqual(result.imported_rsa, 0) +@@ -64,18 +64,18 @@ class ImportTestCase(GpgHomeTestCase): + self.assertEqual(result.new_sub_keys, 0) + self.assertEqual(result.new_signatures, 0) + self.assertEqual(result.new_revocations, 0) +- self.assertEqual(result.secret_read, 1) +- self.assertEqual(result.secret_imported, 1) ++ self.assertEqual(result.secret_read, 3) ++ self.assertEqual(result.secret_imported, 2) + self.assertEqual(result.secret_unchanged, 0) + self.assertEqual(result.skipped_new_keys, 0) + self.assertEqual(result.not_imported, 0) + self.assertEqual(len(result.imports), 2) + self.assertEqual(result.imports[0], + ('E79A842DA34A1CA383F64A1546BB55F0885C65A4', +- None, gpgme.IMPORT_NEW | gpgme.IMPORT_SECRET)) ++ None, gpgme.IMPORT_NEW)) + self.assertEqual(result.imports[1], + ('E79A842DA34A1CA383F64A1546BB55F0885C65A4', +- None, gpgme.IMPORT_NEW)) ++ None, gpgme.IMPORT_NEW | gpgme.IMPORT_SECRET)) + # can we get the public key? + key = ctx.get_key('E79A842DA34A1CA383F64A1546BB55F0885C65A4') + # can we get the secret key? +@@ -102,17 +102,17 @@ class ImportTestCase(GpgHomeTestCase): + fp = BytesIO(b'\n'.join(keys)) + ctx = gpgme.Context() + result = ctx.import_(fp) +- self.assertEqual(result.considered, 3) ++ self.assertEqual(result.considered, 5) + self.assertEqual(result.no_user_id, 0) + self.assertEqual(result.imported, 2) +- self.assertEqual(result.imported_rsa, 1) ++ self.assertEqual(result.imported_rsa, 0) + self.assertEqual(result.unchanged, 0) + self.assertEqual(result.new_user_ids, 0) + self.assertEqual(result.new_sub_keys, 0) + self.assertEqual(result.new_signatures, 1) + self.assertEqual(result.new_revocations, 0) +- self.assertEqual(result.secret_read, 1) +- self.assertEqual(result.secret_imported, 1) ++ self.assertEqual(result.secret_read, 3) ++ self.assertEqual(result.secret_imported, 2) + self.assertEqual(result.secret_unchanged, 0) + self.assertEqual(result.skipped_new_keys, 0) + self.assertEqual(result.not_imported, 0) +@@ -122,10 +122,10 @@ class ImportTestCase(GpgHomeTestCase): + None, gpgme.IMPORT_NEW)) + self.assertEqual(result.imports[1], + ('E79A842DA34A1CA383F64A1546BB55F0885C65A4', +- None, gpgme.IMPORT_NEW | gpgme.IMPORT_SECRET)) ++ None, gpgme.IMPORT_SIG)) + self.assertEqual(result.imports[2], + ('E79A842DA34A1CA383F64A1546BB55F0885C65A4', +- None, gpgme.IMPORT_SIG)) ++ None, gpgme.IMPORT_NEW | gpgme.IMPORT_SECRET)) + self.assertEqual(result.imports[3], + ('93C2240D6B8AA10AB28F701D2CF46B7FC97E6B0F', + None, gpgme.IMPORT_NEW)) +-- +2.7.0 + diff -Nru pygpgme-0.3/debian/patches/0002-passphrase_cb-is-deprecated.patch pygpgme-0.3/debian/patches/0002-passphrase_cb-is-deprecated.patch --- pygpgme-0.3/debian/patches/0002-passphrase_cb-is-deprecated.patch 1969-12-31 19:00:00.000000000 -0500 +++ pygpgme-0.3/debian/patches/0002-passphrase_cb-is-deprecated.patch 2016-02-01 19:39:36.000000000 -0500 @@ -0,0 +1,50 @@ +From dc75482af095d667a4a92655c4e7eb312e80c42d Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <d...@fifthhorseman.net> +Date: Mon, 1 Feb 2016 19:25:12 -0500 +Subject: [PATCH 2/5] passphrase_cb is deprecated + +https://bugs.gnupg.org/gnupg/issue767 indicates that +gpgme_set_passphrase_cb is a deprecated corner of the API and that +developers using gpgme should really rely on the gpg-agent to handle +this stuff. This should actually simplify things for most +installations -- just strip out all passphrase handling from your +application entirely, relying on gpg to figure out how to find the +agent, and relying on the agent figuring out how to prompt the user +(if necessary). + +However, if a developer really wants to use the passphrase callback +approach, they'll have to use loopback pinentry. This sets up the +test suite to be able to make those tests. +--- + tests/util.py | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/tests/util.py b/tests/util.py +index cd803c2..86892ca 100644 +--- a/tests/util.py ++++ b/tests/util.py +@@ -28,7 +28,9 @@ keydir = os.path.join(os.path.dirname(__file__), 'keys') + + class GpgHomeTestCase(unittest.TestCase): + +- gpg_conf_contents = '' ++ gpg_conf_contents = 'pinentry-mode loopback' ++ gpg_agent_conf_contents = 'allow-loopback-pinentry' ++ + import_keys = [] + + def keyfile(self, key): +@@ -41,6 +43,10 @@ class GpgHomeTestCase(unittest.TestCase): + fp.write(self.gpg_conf_contents.encode('UTF-8')) + fp.close() + ++ fp = open(os.path.join(self._gpghome, 'gpg-agent.conf'), 'wb') ++ fp.write(self.gpg_agent_conf_contents.encode('UTF-8')) ++ fp.close() ++ + # import requested keys into the keyring + ctx = gpgme.Context() + for key in self.import_keys: +-- +2.7.0 + diff -Nru pygpgme-0.3/debian/patches/0003-handle-generic-error-when-no-passphrase-callback-pre.patch pygpgme-0.3/debian/patches/0003-handle-generic-error-when-no-passphrase-callback-pre.patch --- pygpgme-0.3/debian/patches/0003-handle-generic-error-when-no-passphrase-callback-pre.patch 1969-12-31 19:00:00.000000000 -0500 +++ pygpgme-0.3/debian/patches/0003-handle-generic-error-when-no-passphrase-callback-pre.patch 2016-02-01 19:39:36.000000000 -0500 @@ -0,0 +1,28 @@ +From 024fe219582143017b2f02bc924c0ed107b63619 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <d...@fifthhorseman.net> +Date: Mon, 1 Feb 2016 19:27:59 -0500 +Subject: [PATCH 3/5] handle generic error when no passphrase callback present + +apparently gpg 2.1 returns ERR_GENERAL right now if the pinentry was +in loopback mode and no passphrase callback was supplied. Earlier +versions supplied ERR_BAD_PASSPHRASE. +--- + tests/test_passphrase.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/test_passphrase.py b/tests/test_passphrase.py +index 0a235e9..35b3c59 100644 +--- a/tests/test_passphrase.py ++++ b/tests/test_passphrase.py +@@ -41,7 +41,7 @@ class PassphraseTestCase(GpgHomeTestCase): + new_sigs = ctx.sign(plaintext, signature, gpgme.SIG_MODE_CLEAR) + except gpgme.GpgmeError as exc: + self.assertEqual(exc.args[0], gpgme.ERR_SOURCE_GPGME) +- self.assertEqual(exc.args[1], gpgme.ERR_BAD_PASSPHRASE) ++ self.assertEqual(exc.args[1], gpgme.ERR_GENERAL) + else: + self.fail('gpgme.GpgmeError not raised') + +-- +2.7.0 + diff -Nru pygpgme-0.3/debian/patches/fix_context_initialization pygpgme-0.3/debian/patches/fix_context_initialization --- pygpgme-0.3/debian/patches/fix_context_initialization 2012-01-07 17:13:43.000000000 -0500 +++ pygpgme-0.3/debian/patches/fix_context_initialization 1969-12-31 19:00:00.000000000 -0500 @@ -1,13 +0,0 @@ -Index: pygpgme-0.1+bzr20090820/src/pygpgme-context.c -=================================================================== ---- pygpgme-0.1+bzr20090820.orig/src/pygpgme-context.c 2009-10-14 19:57:00.000000000 +0000 -+++ pygpgme-0.1+bzr20090820/src/pygpgme-context.c 2009-10-14 19:57:21.000000000 +0000 -@@ -92,6 +92,8 @@ - return -1; - } - -+ gpgme_check_version(NULL); -+ - if (pygpgme_check_error(gpgme_new(&self->ctx))) - return -1; - diff -Nru pygpgme-0.3/debian/patches/lfs-support pygpgme-0.3/debian/patches/lfs-support --- pygpgme-0.3/debian/patches/lfs-support 2012-01-07 17:13:43.000000000 -0500 +++ pygpgme-0.3/debian/patches/lfs-support 1969-12-31 19:00:00.000000000 -0500 @@ -1,10 +0,0 @@ ---- pygpgme-0.2.orig/setup.py -+++ pygpgme-0.2/setup.py -@@ -22,6 +22,7 @@ - 'src/pygpgme-constants.c', - 'src/pygpgme-genkey.c', - ], -+ extra_compile_args=['-D_FILE_OFFSET_BITS=64'], - libraries=['gpgme']) - - description, long_description = __doc__.split("\n\n", 1) diff -Nru pygpgme-0.3/debian/patches/series pygpgme-0.3/debian/patches/series --- pygpgme-0.3/debian/patches/series 2013-06-12 18:14:36.000000000 -0400 +++ pygpgme-0.3/debian/patches/series 2016-02-01 19:39:52.000000000 -0500 @@ -1,2 +1,3 @@ - -test_case_gnupg2 +0001-reflect-2.1-reporting-for-key-imports.patch +0002-passphrase_cb-is-deprecated.patch +0003-handle-generic-error-when-no-passphrase-callback-pre.patch diff -Nru pygpgme-0.3/debian/patches/test_case_gnupg2 pygpgme-0.3/debian/patches/test_case_gnupg2 --- pygpgme-0.3/debian/patches/test_case_gnupg2 2013-06-12 18:23:33.000000000 -0400 +++ pygpgme-0.3/debian/patches/test_case_gnupg2 1969-12-31 19:00:00.000000000 -0500 @@ -1,31 +0,0 @@ ---- pygpgme-0.3.orig/tests/test_encrypt_decrypt.py -+++ pygpgme-0.3/tests/test_encrypt_decrypt.py -@@ -131,6 +131,8 @@ - def passphrase(uid_hint, passphrase_info, prev_was_bad, fd): - os.write(fd, b'Symmetric passphrase\n') - ctx = gpgme.Context() -+ ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP, '/usr/bin/gpg', -+ os.environ['GNUPGHOME']) - ctx.armor = True - ctx.passphrase_cb = passphrase - ctx.encrypt(None, 0, plaintext, ciphertext) ---- pygpgme-0.3.orig/tests/test_passphrase.py -+++ pygpgme-0.3/tests/test_passphrase.py -@@ -32,6 +32,8 @@ - - def test_sign_without_passphrase_cb(self): - ctx = gpgme.Context() -+ ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP, '/usr/bin/gpg', -+ os.environ['GNUPGHOME']) - key = ctx.get_key('EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3') - ctx.signers = [key] - plaintext = BytesIO(b'Hello World\n') -@@ -53,6 +55,8 @@ - - def test_sign_with_passphrase_cb(self): - ctx = gpgme.Context() -+ ctx.set_engine_info(gpgme.PROTOCOL_OpenPGP, '/usr/bin/gpg', -+ os.environ['GNUPGHOME']) - key = ctx.get_key('EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3') - ctx.signers = [key] - ctx.passphrase_cb = self.passphrase_cb diff -Nru pygpgme-0.3/debian/patches/testsuite-all-versions pygpgme-0.3/debian/patches/testsuite-all-versions --- pygpgme-0.3/debian/patches/testsuite-all-versions 2012-01-07 17:13:43.000000000 -0500 +++ pygpgme-0.3/debian/patches/testsuite-all-versions 1969-12-31 19:00:00.000000000 -0500 @@ -1,8 +0,0 @@ ---- pygpgme-0.1+bzr20090820.orig/Makefile -+++ pygpgme-0.1+bzr20090820/Makefile -@@ -1,4 +1,4 @@ --PYTHON = python -+#PYTHON = python - - build: - $(PYTHON) setup.py build_ext -i
signature.asc
Description: PGP signature
