From a028c9e36ccc584b5afcfa992d85d9d11a0c3005 Mon Sep 17 00:00:00 2001 From: Fabrizio Tarizzo Date: Sat, 21 Dec 2024 15:41:14 +0100 Subject: [PATCH] initial support for sequoia-sq --- .gitignore | 1 + README.sequoia.md | 63 ++++++++ pgpverify | 88 ++++++++-- signcontrol | 48 +++++- tests/keyring/.cvsignore | 2 + tests/keyring/.gitignore | 4 + tests/keyring/pubring.gpg | Bin 1497 -> 2867 bytes tests/keyring/sq/big8-cert.asc | 66 ++++++++ .../sq/home/data/keystore/keystore.cookie | 0 ...5EC64E1D6FAD6CE2CE417B11183ACF87D87F73.pgp | Bin 0 -> 1616 bytes .../4c/5ec64e1d6fad6ce2ce417b11183acf87d87f73 | Bin 0 -> 1566 bytes .../66/671371bfe381948952bfa5347293acbec1ee3c | Bin 0 -> 701 bytes .../8e/181bef0be638962c1a5c98fafe7b550c18c8b7 | Bin 0 -> 3162 bytes .../9f/7d81a66c202e74b9f3bf9e4dccd390d8a1cedd | Bin 0 -> 492 bytes ..._sequoia_ca_generated_on_debiantesting.pgp | Bin 0 -> 539 bytes ...ert_store_index_v1_on_debiantesting.sqlite | Bin 0 -> 61440 bytes ...ification_cache_v1_on_debiantesting.sqlite | Bin 0 -> 12288 bytes .../sq/home/data/pgp.cert.d/trust-root | Bin 0 -> 529 bytes .../keyring/sq/home/data/pgp.cert.d/writelock | 0 ...D6CE2CE417B11183ACF87D87F73-revocation.pgp | 13 ++ tests/keyring/sq/passphrase | 1 + tests/keyring/sq/testing-sq-cert.asc | 29 ++++ .../messages/comp.lang.go-corrupted.newgroup | 40 +++++ tests/messages/comp.lang.go.newgroup | 39 +++++ tests/sequoia-tests.pl | 153 ++++++++++++++++++ tests/sequoia-tests.sh | 8 + 26 files changed, 533 insertions(+), 22 deletions(-) create mode 100644 README.sequoia.md create mode 100644 tests/keyring/.gitignore create mode 100644 tests/keyring/sq/big8-cert.asc create mode 100644 tests/keyring/sq/home/data/keystore/keystore.cookie create mode 100644 tests/keyring/sq/home/data/keystore/softkeys/4C5EC64E1D6FAD6CE2CE417B11183ACF87D87F73.pgp create mode 100644 tests/keyring/sq/home/data/pgp.cert.d/4c/5ec64e1d6fad6ce2ce417b11183acf87d87f73 create mode 100644 tests/keyring/sq/home/data/pgp.cert.d/66/671371bfe381948952bfa5347293acbec1ee3c create mode 100644 tests/keyring/sq/home/data/pgp.cert.d/8e/181bef0be638962c1a5c98fafe7b550c18c8b7 create mode 100644 tests/keyring/sq/home/data/pgp.cert.d/9f/7d81a66c202e74b9f3bf9e4dccd390d8a1cedd create mode 100644 tests/keyring/sq/home/data/pgp.cert.d/_sequoia_ca_generated_on_debiantesting.pgp create mode 100644 tests/keyring/sq/home/data/pgp.cert.d/_sequoia_cert_store_index_v1_on_debiantesting.sqlite create mode 100644 tests/keyring/sq/home/data/pgp.cert.d/_sequoia_signature_verification_cache_v1_on_debiantesting.sqlite create mode 100644 tests/keyring/sq/home/data/pgp.cert.d/trust-root create mode 100644 tests/keyring/sq/home/data/pgp.cert.d/writelock create mode 100644 tests/keyring/sq/home/data/revocation-certificates/4C5EC64E1D6FAD6CE2CE417B11183ACF87D87F73-revocation.pgp create mode 100644 tests/keyring/sq/passphrase create mode 100644 tests/keyring/sq/testing-sq-cert.asc create mode 100644 tests/messages/comp.lang.go-corrupted.newgroup create mode 100644 tests/messages/comp.lang.go.newgroup create mode 100755 tests/sequoia-tests.pl create mode 100755 tests/sequoia-tests.sh diff --git a/.gitignore b/.gitignore index 806fe1e..4a773d9 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /pgpcontrol-*.tar.xz* /pgpverify.8 /staging/ +/tests/tmp/ diff --git a/README.sequoia.md b/README.sequoia.md new file mode 100644 index 0000000..eab1b08 --- /dev/null +++ b/README.sequoia.md @@ -0,0 +1,63 @@ +**Experimental** support for [Sequoia PGP](https://sequoia-pgp.org/) in authentication of Usenet control messages. + +Usage in production is not recommended, especially for verification. +Code reviews, comments and feedback from hierarchy admins and news server admins +are welcome. + +Developed with `sequoia-sq` 1.0.0 installed with `cargo` on Debian "trixie". + +If you are new to Sequoia PGP command line, please see [user guide](https://sequoia-pgp.gitlab.io/user-documentation/about_sequoia.html) +and [manpages](https://sequoia-pgp.gitlab.io/sequoia-sq/man/sq.1.html). + +# Using sequoia for signing + +Import (`sq key import`) your secret signing key in the sequoia keystore. +Old PGP 2.x keys are not supported, if you still use such a key please upgrade to +a modern key. + +Then, edit `signcontrol` as follows + +``` +my $pgpsigner = 'INSERT_YOUR_FINGERPRINT_OR_USERID'; + +# Path to sequoia-sq executable. +# A version that supports CLI 1.0.0 is required +# The program name needs to end in sq +my $pgp = "/usr/local/bin/sq"; + +# set other configuration variables as usual +``` + +# Using sequoia for verification + +Import (`sq cert import`), verify and trust (`sq pki link add`) hierarchy admins +public signing keys in the sequoia certificate store (see [PGPKEYS](https://ftp.isc.org/pub/pgpcontrol/PGPKEYS) +in the ISC ftp site). +Please note that many hierarchy admins still use old PGP 2.x keys. These keys +have been deprecated since 2007 (RFC 4880) and are not supported by Sequoia or +other modern OpenPGP implementations. We urge hierarchy administrators to update +their signing keys. + +Then, edit `pgpverify` as follows + +``` +# Path to sequoia binary. +# A version that supports CLI 1.0.0 is required +$sq = '/usr/local/bin/sq'; + +# Set this if you want to support old signatures with +# MD5 or SHA-1 digest algorithms and/or RSA < 2048 bits +# See the `sq config inspect policy' command and the +# `--policy-as-of' flag in the sq manpage +# Please note that sequoia DOES NOT support old PGP 2.x +# keys. +# $sq_policy_as_of = '19970101'; + +# comment $gpg, $gpgv and $pgp lines + +# Set the absolute path to your sequoia home directory +# (see the --home flag in sq manpage) +$keyring = '/path/to/your/sq/home'; + +# set other configuration variables as usual +``` \ No newline at end of file diff --git a/pgpverify b/pgpverify index 464ee64..64e0bf0 100755 --- a/pgpverify +++ b/pgpverify @@ -6,6 +6,9 @@ # Currently maintained by Russ Allbery # Version 1.30, 2018-01-21 # +# sequoia-sq support written in December 2024 by +# Fabrizio Tarizzo +# # NOTICE TO INN MAINTAINERS: The version that is shipped with INN is the # same as the version that I make available to the rest of the world # (including non-INN sites), so please make all changes through me. @@ -138,6 +141,16 @@ # -- Checks to ensure that the temporary file is really a file, and # not a link or some other weirdness. +# Path to sequoia binary. Requires a version that supports CLI 1.0.0 +# $sq = '/usr/local/bin/sq'; + +# Set this if you want to support old signatures with MD5 and SHA-1 +# digest algorithms and/or RSA < 2048 bits. +# See the `sq config inspect policy' command and the `--policy-as-of' +# flag in the sq manpage +# Please note that sequoia DOES NOT support PGP 2.x keys. +# $sq_policy_as_of = '19970101'; + # Path to the GnuPG gpg binary, if you have GnuPG and don't want to use # gpgv. This will be used in preference to gpgv and PGP. If you have INN # and the script is able to successfully include your INN::Config module, @@ -156,7 +169,7 @@ # Path to pgp binary; for PGP 5.0, set the path to the pgpv binary. If # you have INN and the script is able to successfully include your # INN::Config module, the value of $INN::Config::pgp will override this. -$pgp = '/usr/local/bin/pgp'; +# $pgp = '/usr/local/bin/pgp'; # If you keep your keyring somewhere that is not the default used by pgp, # uncomment the next line and set appropriately. If you have INN and the @@ -164,6 +177,9 @@ $pgp = '/usr/local/bin/pgp'; # will be set to $INN::Config::newsetc/pgp if that directory exists unless # you set it explicitly. GnuPG will use a file named pubring.gpg in this # directory. +# With sequoia, you can use a single keyring file or the absolute path +# to the sequoia home directory. See `--home' and `--signer-file' flags +# in sequoia man pages. # $keyring = '/path/to/your/pgp/config'; # If you have INN and the script is able to successfully include your @@ -220,7 +236,7 @@ $log_date = -t STDOUT; # Do it if STDOUT is to a terminal. require 5; use strict; -use vars qw($gpg $gpgv $pgp $keyring $tmp $tmpdir $lockdir $syslog_method +use vars qw($sq $sq_policy_as_of $gpg $gpgv $pgp $keyring $tmp $tmpdir $lockdir $syslog_method $syslog_facility $syslog_level $log_date $findid $test $messageid); use Fcntl qw(O_WRONLY O_CREAT O_EXCL); @@ -239,6 +255,7 @@ GetOptions( ) or die "Usage: $0 [--findid='string'] [--test] < message\n"; # Grab various defaults from INN::Config if running inside INN. +$sq = $INN::Config::sq if $INN::Config::sq; $pgp = $INN::Config::pgp if $INN::Config::pgp && $INN::Config::pgp ne "no-pgp-found-during-configure"; $gpgv = $INN::Config::gpgv if $INN::Config::gpgv; @@ -254,7 +271,11 @@ if (! $keyring && $INN::Config::newsetc) { $0 =~ s%^.*/%%; # Make sure that the signature verification program can be executed. -if ($gpg) { +if ($sq) { + if (! -x $sq) { + &fail("$0: $sq: " . (-e _ ? "cannot execute" : "no such file") . "\n"); + } +} elsif ($gpg) { if (! -x $gpg) { &fail("$0: $gpg: " . (-e _ ? "cannot execute" : "no such file") . "\n"); } @@ -281,7 +302,7 @@ if ($test) { # should, and the consequences of a multiprocess conflict is failure to # verify. my $lock; -unless ($gpg or $gpgv) { +unless ($sq or $gpg or $gpgv) { $lock = "$lockdir/LOCK.$0"; until (&shlock($lock) > 0) { sleep(2); @@ -290,7 +311,7 @@ unless ($gpg or $gpgv) { # Verify the message. my ($ok, $signer) = pgp_verify($signature, $version, $message); -unless ($gpg or $gpgv) { +unless ($sq or $gpg or $gpgv) { unlink ($lock) or &errmsg("$0: unlink $lock: $!\n"); } print "$signer\n" if $signer; @@ -411,7 +432,7 @@ sub pgp_verify { local $SIG{PIPE} = 'IGNORE'; # Set the PGP style based on whether $gpg or $gpgv is set. - my $pgpstyle = ($gpg || $gpgv ? 'GPG' : 'PGP2'); + my $pgpstyle = ($sq || $gpg || $gpgv ? 'GPG' : 'PGP2'); # Because this is a detached signature, we actually need to save both # the signature and the data to files and then run PGP on the signature @@ -460,7 +481,9 @@ sub pgp_verify { # Figure out what command line we'll be using. my @command; - if ($pgpstyle eq 'GPG') { + if ($sq) { + @command = ($sq, qw/verify --quiet/); + } elsif ($pgpstyle eq 'GPG') { if ($gpg) { @command = ($gpg, qw/--verify --allow-weak-digest-algos/); push (@command, qw/--quiet --status-fd=1 --logger-fd=1/); @@ -482,19 +505,36 @@ sub pgp_verify { # definitely not the logic that I would use if writing this from # scratch, but it has the most backward compatibility. local $ENV{PGPPATH} = $keyring if ($keyring && $pgpstyle ne 'GPG'); - if ($pgpstyle eq 'GPG') { + + if ($sq) { if ($keyring) { - push (@command, "--keyring=$keyring/pubring.gpg"); - } else { - my $home = $ENV{GNUPGHOME} || $ENV{HOME}; - $home .= '/.gnupg' if $home; - if ($home && ! -s "$home/trustedkeys.gpg" && -f "$home/pubring.gpg") { - push (@command, "--keyring=pubring.gpg"); + if (-f $keyring) { + push (@command, "--signer-file=$keyring"); + } elsif (-d $keyring) { + push (@command, "--home=$keyring"); } } + if ($sq_policy_as_of) { + push (@command, "--policy-as-of=$sq_policy_as_of"); + } + + push (@command, "--signature-file=$filename.asc"); + push (@command, $filename); + } else { + if ($pgpstyle eq 'GPG') { + if ($keyring) { + push (@command, "--keyring=$keyring/pubring.gpg"); + } else { + my $home = $ENV{GNUPGHOME} || $ENV{HOME}; + $home .= '/.gnupg' if $home; + if ($home && ! -s "$home/trustedkeys.gpg" && -f "$home/pubring.gpg") { + push (@command, "--keyring=pubring.gpg"); + } + } + } + push (@command, "$filename.asc"); + push (@command, $filename); } - push (@command, "$filename.asc"); - push (@command, $filename); my $input = new FileHandle; my $output = new FileHandle; my $pid = eval { open3 ($input, $output, $output, @command) }; @@ -519,6 +559,8 @@ sub pgp_verify { # Good signature made 1999-02-10 03:29 GMT by key: # 1024 bits, Key ID 0AFC7476, Created 1999-02-10 # "Russ Allbery " + # sequoia 1.0.0: + # Authenticated signature made by KEY_FINGERPRINT (USER_ID (authenticated)) # # Also, PGP v2 prints out "Bad signature" while PGP v5 uses "BAD # signature", and PGP v6 reverts back to "Bad signature". @@ -528,7 +570,19 @@ sub pgp_verify { my $ok = 255; while (<$output>) { print if $test; - if ($pgpstyle eq 'GPG') { + if ($sq) { + if (/Authenticated signature made by (\S+) \((.+)\s+.+\)/) { + $ok = 0; + $signer = $2; + } elsif (/missing certificate/) { + $ok = 2; + last; + } elsif (/Error/) { + # TODO check various error and edge cases + $ok = 3; + last; + } + } elsif ($pgpstyle eq 'GPG') { if (/\[GNUPG:\]\s+GOODSIG\s+\S+\s+(\S+)/) { $ok = 0; $signer = $1; diff --git a/signcontrol b/signcontrol index 9e5ff55..3d8cd61 100755 --- a/signcontrol +++ b/signcontrol @@ -3,6 +3,9 @@ # Currently maintained by Russ Allbery # Version 1.9, 2016-10-17 # +# sequoia-sq support written in December 2024 by +# Fabrizio Tarizzo +# # Changes from 1.8 -> 1.9 # -- Add use strict and explicitly import LOCK_EX. # -- Fix error reporting around lock files with PGP. @@ -51,6 +54,8 @@ use strict; # # $pgp can be set to the path to GnuPG to use GnuPG instead. The program # name needs to end in gpg so that signcontrol knows GnuPG is being used. +# $pgp can be set to the path to sq to use sequoia. The program name needs +# to end in sq so that signcontrol knows sequoia is being used. # # STORING YOUR PASSPHRASE IN A FILE IS A POTENTIAL SECURITY HOLE. # Make sure you know what you're doing if you do it. @@ -58,6 +63,7 @@ use strict; # If you DO use $pgppassfile, it is possible that someone could steal # your passphrase either by gaining access to the file or by seeing # the environment of a running pgpverify program. +# $pgppassfile IS NOT currently supported by sequoia # # $pgplock is used because pgp does not guard itself against concurrent # read/write access to its randseed.bin file. A writable file is needed; @@ -68,7 +74,7 @@ use strict; # this. my $pgpsigner = 'INSERT_YOUR_PGP_USERID'; my $pgppassfile = ''; # file with pass phrase for $pgpsigner -my $pgp = "/usr/local/bin/pgp"; +my $pgp = "/usr/local/bin/sq"; my $pgpheader = "X-PGP-Sig"; my $pgplock = (getpwuid($<))[7] . '/.pgp/config.txt'; @@ -182,7 +188,7 @@ die "Usage: $0 < message\n" if @ARGV > 0; my $LOCK; umask(0022); # flock needs a writable file, if we create it -if ($pgp !~ /gpg$/) { +if ($pgp !~ /gpg$/ && $pgp !~ /sq$/) { open ($LOCK, '>>', $pgplock) || die "$0: open $pgplock: $!, exiting\n"; flock ($LOCK, LOCK_EX); # block until locked } @@ -212,7 +218,7 @@ if ($die) { signit(); -if ($pgp !~ /gpg$/) { +if ($pgp !~ /gpg$/ && $pgp !~ /sq$/) { close ($LOCK) || warn "$0: close $pgplock: $!\n"; } exit 0; @@ -411,15 +417,35 @@ sub pgp_sign { # Determine the PGP style. my $pgpstyle = 'PGP2'; - if ($pgp =~ /pgps$/) { $pgpstyle = 'PGP5' } - elsif ($pgp =~ /gpg$/) { $pgpstyle = 'GPG' } + if ($pgp =~ /pgps$/) { $pgpstyle = 'PGP5' } + elsif ($pgp =~ /gpg$/) { $pgpstyle = 'GPG' } + elsif ($pgp =~ /sq$/) { $pgpstyle = 'SEQUOIA' } # Figure out what command line we'll be using. PGP v6 and PGP v2 use # compatible syntaxes for what we're trying to do. PGP v5 would have, # except that the -s option isn't valid when you call pgps. *sigh* my @command; + my $versioncommand; + if ($pgpstyle eq 'PGP5') { @command = ($pgp, qw/-baft -u/, $keyid); + } elsif ($pgpstyle eq 'SEQUOIA') { + @command = ($pgp, "sign"); + + # Check if $keyid looks like a long Key ID (16 hex digits) + # or a key fingerprint (40 hex digits for RFC 4880 keys and + # 64 hex digits for RFC 9580 keys) + # Short (8 hex digits) Key IDs are deprecated and not supported + my $len = length($keyid); + if ($keyid =~ /^[0-9A-F]+$/ and grep /^$len$/, qw(16 40 64)) { + push (@command, "--signer=$keyid"); + } else { + # otherwise treat it as a User ID + push (@command, "--signer-userid=$keyid"); + } + + push (@command, "--signature-file=-"); + $versioncommand = "$pgp version"; } elsif ($pgpstyle eq 'GPG') { @command = ($pgp, qw/--detach-sign --armor --textmode -u/, $keyid, qw/--force-v3-sigs --pgp2/); @@ -449,6 +475,8 @@ sub pgp_sign { close $writefh; if ($pgpstyle eq 'GPG') { push (@command, '--batch', '--passphrase-fd', $passfh->fileno); + } elsif ($pgpstyle eq 'SEQUOIA') { + # Currently unsupported } else { push (@command, '+batchmode'); $ENV{PGPPASSFD} = $passfh->fileno; @@ -501,6 +529,16 @@ sub pgp_sign { while ($signature[0] ne "\n" && @signature) { $version = $1 if ((shift @signature) =~ /^Version:\s+(.*?)\s*$/); } + + # sequoia does not add the Version header in armored output, + # as per RFC 9580 section 6.2.2.1 + if ($pgpstyle eq 'SEQUOIA') { + my @version = qx/$versioncommand 2>&1/; + $version = shift @version; + chomp $version; + $version =~ s/\s+/_/; + } + shift @signature; pop @signature; $signature = join '', @signature; diff --git a/tests/keyring/.cvsignore b/tests/keyring/.cvsignore index ad06c77..6ef77f1 100644 --- a/tests/keyring/.cvsignore +++ b/tests/keyring/.cvsignore @@ -1,2 +1,4 @@ trustdb.gpg random_seed +tofu.db +*.gpg~ \ No newline at end of file diff --git a/tests/keyring/.gitignore b/tests/keyring/.gitignore new file mode 100644 index 0000000..6ef77f1 --- /dev/null +++ b/tests/keyring/.gitignore @@ -0,0 +1,4 @@ +trustdb.gpg +random_seed +tofu.db +*.gpg~ \ No newline at end of file diff --git a/tests/keyring/pubring.gpg b/tests/keyring/pubring.gpg index 75bf809a39cfd6f607e55777ef8ddd0f2e465530..25edeae39c7269a460bd3dc1aab8ac7d579af014 100644 GIT binary patch delta 1371 zcmcb~y;*F-QbyGcJPZu!1?h|oV6cU~B(=CCGcO$~%mfjhypA!FV*?vlB?FM7Z&WIE z_WsewJiWa?GTd}n50trgom|JTp!s!!+u@Gl@0z{lx1X@y+{E(!4KGj|GtdHt&FoAO zjBrCX$1_(k)z2_yNl!htM~qXOjgf`%mODQqBfA637iZ?fjGunqIm_>Nbz=qpv1@S! zffG_CLbN><--tbRM|E+>X%=}gE{0mxCXh+Y+??#30)i4&=i6`87rTpqoiE3rP@I@k z;*ghLl30?NpI59`oLX3#pP5*%TaaF$mtU0LdR>NRUCj0N>g5Ug56`~4WwK@2f+pjy z8vgw2MX%{eonaQ`;$WK1$Rx)orpV$Gcg#;Ve{IgAbB@(8n-~}@WEdGr&ax3{tLQYuRlLO7b=@3Hc(uOZKj4J|n|4*?=iG7=7FvTWjn@%Ifp1TDCmwtbDuH z;QGcpr8gh9vBN@Z3l}sZ^ok2n3ou`)?ooSsHrT^68438gtCHcr=Zk>g*QF6p>ZHy-btw54VB2(aVr%WD zg92Mxejd{?;$mc2Klvkj;R{8s%X_YD{S>|_YT{Mh<9plk95Nc}|K1DP-~&$~JFuk& z*Pe$<(nV_jTyfE~iTy0QZPowf-;eP-yXRcXNO2Y{ZRljIXOR%&Vl;$=2l0^)42ybj zXP{9JC|lp@MaAV|8U0s!l&a*vzhiSV37odc|Obzu0}>B z3un$YLJ15O-ij&H)-*2_xUJrIVC{w}Yn=S1$}M(#JEMNhhx8STe0XG50h5(w8t?np zjW_CA<5^{4<})z7@n-m6wZY<*p!$*203~IM<*YLKOD5OmaJw9Ts~U7PbIJXUz#v{V zar-AF!Fax}A6TP&=NyxeI3T~gE!SsCNAR>t#lq8EI8tpr1H-(7j0|0O&sFJ_T)w_{ z<>NoXvhSXr-tKe$DA%OurxD*}|28yRFfzRIWXM&XZIpQXvrcr!+y{BTlBO)q^n4qf z5+%dqu~D4?mTGrcfb+8u7dSsp4`pO!1ZL>x@~q8V!gqOgPGU$|(S7*>XYVzo#m}0V zYw8(Zm&`0UUCqqM!QOEI6pai;upoxzEMkNB>D6O5SkK;I=h-sdguOE6*TtC;z3ZN4 z`+1k<^Xi6_&SaX+gAod0kYa*?;VvV?|9}oHuf*%WPs_yV_ROBK!|Iiu&oS4MXRGbM vDi^t5PcR3n(DUfka9>|tb~$)udF+JWu}{~`*Dp3%ZCJCbz^Ge|3l<6hA*~E; delta 35 rcmdlic9VO?NtiC7F5YleL-jC;w#B+T6nw!MOPia}^T+^>z&; diff --git a/tests/keyring/sq/big8-cert.asc b/tests/keyring/sq/big8-cert.asc new file mode 100644 index 0000000..2c04e76 --- /dev/null +++ b/tests/keyring/sq/big8-cert.asc @@ -0,0 +1,66 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGBOQfEBEAC+5dKbl6Vh+JeBx34xyRlmqJzIPIYJdcXbna6Pk6stnfa5J8UH +4ChMYdgCtM9/h33DH7dWX8/zKcABfRAC1784+ZlPFc+W8anEJoMZHeBdNfoY1qxP +D1ojC7jqaRiKt+Oc4vSl4fSRjPHAaZEIvhybduXWCTV5exbOnsDOnLLJ7d2sd08R +sIeQpNyCSKNcwDyHLH/UHdpHvYwuIlkjTSt0N9ghXArVWAgcFFaaihTpzGlp1+II +wn4n/zETzvVlFeXrzV+s/IqZ0oB2GzZaFOYlNa11vnIaCcrfEsHBig/PUDdwoIqB +YTVlE2KUIggf97bFUpLmat5kZpgbd7/n/tGWLD7HLcMwU/mjfsSG0w8BLjYZqIpV +JwbwEpioIbKKsH4qZBAMBq1c7p52wXJ2fZf+v7GRDMlIl5Lmt7A8HZgbVuMYxM/d +uAa6eGCMD2RKmHhInanTyYUgXYw8VRcW7NKOtSckHlBlIgsCa3R53lR+xQ/Ld8av +fA1zQD+82YehxSlmSqNteHDqxkN9pqqIGVaY0ajrHrjnVkGVxo7j9eT8u2ju0icy +Nf0te0OM8g/DfcpSqlDZPRgr5GZ0iN/yS1QACFudwLrmhpSrtZ8CWiK8UUmIpSBn +23w59WC4ZjkdRX2fR17shIjPl4UL02D1qe9OsbVn6aE0fUmVbfSi/6a9cwARAQAB +tBduZXdzLmFubm91bmNlLm5ld2dyb3Vwc4kCTgQTAQoAOBYhBI4YG+8L5jiWLBpc +mPr+e1UMGMi3BQJgTkHxAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEPr+ +e1UMGMi38YUP/RPrPfxiCAbzVzoPiMWA/aUzZVrAMCEH38r6N/QWyXgXye+6iUr5 +DEELI0vQuZiayFKyooQIdXZfubqCZSuNx/OG2w4nK23K6hiLBFebmDoIX/oB/g1T +xp1nxwDW9jM3X2sxD6b8cf0zTzLvO3L8WThR2Hf94zIFiQtbrF3E+6eJNFb25JG0 +NPzXhytqLrOCpmBQh2JbO5KYi/NVX34NmZPdd7YNlrhrUVG5pvv7AqrWY9v2J9ry +onugYYwEVnmwephjOaxFfb52R+qa7dDWpWzbV8fDMUu6N/e0nVRK8WgK+okE6st8 +r9CdxDDX29iztP+kXh7xS/sVPgTzUyju8Zs9/cKBjdxtMvvXB3HAps6pNVb0sGJJ +h8grIAx1wJnejaR18tU6te8qFjgo5We4WNT6jBV2CMN2vxuTFrp+KNLSONlfHw2D +3CcX1azNAaYu5MHDylXZ8+KEiwZyKlHPVIfXOg9t3e1e+X7oOAcqX3O+DRDO9sGY +g4WYShOEJVVlKVC7bVgmAesDUN0WmmBWqQVjg6X0QVcyUwl8S/dgpDM7vQnaomPT +yARxUmJUQ7DvRmJpzZ+oXZ2pR7l+G/kR5WNVSLa9hjRfsRxhz+k4nHTWBzZrdXB8 +7IMJ+b7Mi+JIB4KxQwTXZ8SBm8vUPYLWhv8az3MW3CRdIG8fRewmfZ/biJwEEAEI +AAYFAmBOSsQACgkQwl0607iNqcFN9wP/SMRzCWNe2o1MtNrqhBrC/c0XOhvn40Vm +ZnVMbHyzRuxxvbLpyGGn0qovOa47tSDwo8/KK/pCPyaN2YYYAHt+41+u0CK8fnu8 +5R0VToARvlHefTTEo7yPv37+2t3ZOSCurR7eIHaLxBXFkSrUxsaMnqK095c11MlW +CIrXS50tJQ6JAjMEEAEKAB0WIQTnhDZOjd57s3D72erRXTE4ggBBcwUCYE5KmAAK +CRDRXTE4ggBBc330D/9PyuPL2JfEWuGCtmuyhrEpXVsU/Rr6ZZCcuIa6UnfmAoi+ +9HOt0ae5dcTNNBybYq1c8nmMmzO+SP0zMprYTvP8O0VxnAZfoOi1TXScyO4GY18/ +RknS1/5jxG5D+OJ5gIZ000d87Lil/ucJic2MbYZ+a6Zh/R+uC5fK0taPx0XdlgY5 +7BEfdKMPa53I4QS32fVoznkoFAAeH0x2n22x1Kai7Lf4DOFoMg8d/pG8juoXex5H +Vs+LI52dsUAuNfNHLzMedccxlxSG2PVHDuL79ctxCSazC+VzMAUhBrhhal8H9YBP +pnse4LGA5eHB3j6ZpS+lGHwFt6fAyYXFcTnEXIjuBhveoVBHWC5g/YN3Amm9pwUE +yGxV13StEjoocsxnlrdpi6vAebRqJZGZTl0S1dlT/zBTo6oX0sLqSyzUzbi/YaoX +Xy2FV6onbVlTCrZW8wdirH5erveB5/cUatOxFfQFJx9Q3DnibZ06fOWfR5VImo8B +8kGgmsoRzZLswAyHysgTh65yTsGReLodwEH2I+SmH23TSgVinGQTD4kowJ1DWqtG +Oy09ycQgqp0aqe70DCmuAPBhP8+cTY5csYNhfvClD9q5lSClGq4tf2pTcFxXj6lr +vYQp+W5WDMo9m8XqhDEuW7lJsc7SZPAGzdomO+fSk66tWgh0uITGsu91fnNmNrkC +DQRgTkHxARAAuhdAV5qq2COAwxHLnVfwppToGvkIgYneHSrkUdXlKYj2hYAoS6YM +EIs3fr6LAAo94oiLFkxP530UuD5N02DOtzsK1XmoNCiEn2sSIk1+tSdh60EnUhGZ +GV65b4Gv4Zk2ReVoMyn6BtZR50vWeUy0wBvLWVg2hbpHLsHi02cD7/kZUov+pFk0 +g5R++yR5Iabshcb+dboB0NCNZ/STg06K7lL5gragW37/bKif/1mBv3oqCzX31VLj +C4esx54AneIwVAflpE2p5o2zPlixxA9yDkJm2sFISbK5z8u8bFpZJWYaN0cX4E+2 +S+eyhjQ+3/p1645jTD1E9ZDPtGHXwF4jeeZmCfN497g/qFezd1aAoKrR17Id4Hzd +2Mtlml4S8utYq54Sh0z74Sq+YGKWZ0eA4jsuULW0p7mK4Y5oqPeEebbWL/5rPDME +4JfWJzz8xhew9fw69sSTLsg9lc8srB6T3W5mGqDzxXlWhxIqinE/IH8o3WkMCQP1 +KfHg1pEubfSn0KCwpwuj2pRmxBJcQCJG+ptuaxYHzPrDmUj7gNTnuvUm8fgmLw/o +yo7RzmF368HKszCvRsqccxvaZti1W5g2YikVUoIYLKOqsU6qz1m8U1Nn3OoRfmFU +ZqjTDJ/qoPhqy0zabQRjxHJDqEtzK9MU6WVHDHM/bZ8CPs8PczI9TgUAEQEAAYkC +NgQYAQoAIBYhBI4YG+8L5jiWLBpcmPr+e1UMGMi3BQJgTkHxAhsMAAoJEPr+e1UM +GMi3V2QQAKmqhyRWDuVdurOBX6CFy588RxJX0oH5v0Vcdb9TBWxtU9dScG86DB1u +7yqObli0yyIKko4HlaDCjcrJJRXAJsA/IddSyPT3zwPAQcn1guBiB+zsE/BM0u4A +1f2rgHEKR2RkXlHpFh/xtDTbgCY2h+DTvapD6975OzHQi9Jl/mLJeJyOOxHx52c1 +SjCvsVPx0D9cagCN4hRmU7ka3LxFa4OrEhVY5qxWYfVTaQyTsZhAiXVGV93Jw/mm +HQRfUtdINGpYc6O+6ZwHbGENZ9YhHs2mciosbULnI/416220DnJA3FkcPDCcQc2d +IdwF5afWLnl0eDpj/f5vmDV0LZL05wltoSQ5KuBYKYG/LtHn5Uvqb3wwPJ1XHC1D +j6r0eDZZzhiWzR0u3nye24hAQaotoPlrSQ573Ytz+VB6Si2CD0iT8NvuwAD9fJGC +xn15AsOkdBbD8PY+BBZdt7UwPKT3ebOC2e8vbqOJGlDGEiZmYSkSm2Vl5Nhp+Le7 +FzM9FfmqhjXV7ZrY/yk+a+ebQqaDCfd+sV+U3waEde6ysoMHQHfZlLS29sKSuapV +apT2NWMkcwFRpPE39lj8ESEVd039Tuvk87Er+fSzd3NAH01d7CaFoUgvvBR9MRAG +IFfp1dQnPMA8W5K/smDEmfGKnSoMZSH9pIR4360pReB5Jf1sCJJu +=oDzt +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/tests/keyring/sq/home/data/keystore/keystore.cookie b/tests/keyring/sq/home/data/keystore/keystore.cookie new file mode 100644 index 0000000..e69de29 diff --git a/tests/keyring/sq/home/data/keystore/softkeys/4C5EC64E1D6FAD6CE2CE417B11183ACF87D87F73.pgp b/tests/keyring/sq/home/data/keystore/softkeys/4C5EC64E1D6FAD6CE2CE417B11183ACF87D87F73.pgp new file mode 100644 index 0000000000000000000000000000000000000000..2894a70a2079aeb819519372f3a11c940e125a8d GIT binary patch literal 1616 zcmX@w#*&_TY>ybHHX9=g<1Kf7Mn-lAmM_lChZ#TpymOY{@9M@1{$tnT3IZpjN`z>8 zD!vhW>i&BS>(mI7;0IY zK<;7Y=49s-5R|Yw-+rUM*j|^0wk%uFWc*dbpMSmRH9e^_%%WTzOtTr8j}1hnNBdzECN6e6+t}2)WX0iU{W-B&Ax;0Y>17ieFm~Gd9(A= z&a3IJIQdbpkwd1E_l3l!S>?e6b0w1}N&w?0EnT>9|Kr9fok9DT!i;BN=sC~G(BgT1 zwSsKW{TY@%XBRWgTiqS=O*oBR#ZZ1#>vG1_ssM)nz8{aab?-R(&_dRo#tE=d=u{d2`d(U*bN+*Ns{$oGHdotK5W{rhA;=N!|T(vf?pHg1lM^uzyk_j=ThJ%4}X&l;KkKQ^V< z1tk43Y@L(1vCqE6`i)4w)47!Cai4fjORm2sxo+|O{zC`$vq*?>F&aXGlJpc`!>!-_ zDWZ)}XWIj{o)4=_;-BwanmxgrH9-8s8T$*Ljx)_>+P8p35*S%YIopVh zD#es(Ynqn|+*a>9uy(_gHBNq0ocVzcv_`m;b|_MId$GaMux7t=c@EdE??if^6?*G*>_J*Z}&NW zlxtG-(}?e~e;b-D7#Uu9GUO`HHcGtxStq(F*t#ybHHX9=g<1Kf7Mn-lAmM_lChZ#TpymOY{@9M@1{$tnT3IZpjN`z>8 zD!vhW>VD_|H;cR&7eg&;6G$^NHzzx%fS`oc`Su(2#qJ^uARxz}P@I@k;*ghLl30?N zpI59`oLX3#pP8szkY1pdUzFZ@U4~~}%=Px_L;kj%7PIJ3!0p=^! zJ!((S2K#I#BLUBKRWkhdd=U`*x-{ZRoz&T<4kiBrY@2RQY^~jNP+&{T&tp19T#O9s zCx2uwe4)s7dC!%tpTajqO}wgmd~aKxLq@~jdm$Tqcn=+5U=aX%s0iXArWOWH0h6N1 zYxW&{XG3gE?K6;l$(x;@c3w?)#mSF)jT|zSye}j+%_ z=?vPx6lOdFL(h3eh8EBBs}*E}?$5CFIlGu?-se&6;Q`_TNlZy_qS;mEq6<7O)q};9g*E{a?W;;Ctrsgc}Rb z-6hr=Yn5h3$8E3J-*^00^k&x&ks{4)O6)p*Z=P^|+?4Y1`97dG=GQhZ%TdrP+4*_@ zJecte3~Q1Z8E*ghyoB?H(9N5EV$)Opt>Rl0bEEuGRLh~Rmc)LIQ(8KV3|*22%}TFL z>%MBq*!gV#fArI#P>aH)`e`4wRptgbGO?Y*meX8&9xh22sr_@sMbjqsv+TB2|CfJ1 z#_#N&b1fsqS+KO>(1HCd5@KA8h7iA#p37>u^}9bswDIX|d!W|yVRcFT^PNkxCwQ|4 zh<`X^f8o<{rrAvU7O+SHQ%F9{3a&;*B@1WHHe$n7F=g7C=A{C+)%y;t-7sa1liyUi z#cpqBtoe|>Vv!Gz%qn2GTBh;7f8BVat~H)j7G^vH!y9jg|5Y0-UJ0rnNexg^wph+8 zlfPtgZ4S4~@wci$M>Ch)-v~_Mt0r#$q$C*6_w@s7l<%Bl5)udGm$&8mOz8-oR;gHc znhR&?Fz+BRQtqCs(kr=qeecT0e}rYvS)A$lHaI0phR0*0I>R{&Z~-aA1uh_`hcdD<0!zr}@~q8V!gqOg zPGU$|(S7*>XYVzo#m}0VYZzXa%q%!v&CJNb4$6AKxPxUq(&O&w)nhkU&)#6?*)rXP zy)x$4#hDSk>z-!&d6(w%>V}lgWSY%`)AM&38U6=!Xn7@G|9x5}PPb?Fj2%|5^n8xF ymONW+|5drj{d$5qP=%gHuZH{j>axqhE6Zai{EmIPX1;#0$!f!zT?IznYFq$lIdx?K literal 0 HcmV?d00001 diff --git a/tests/keyring/sq/home/data/pgp.cert.d/66/671371bfe381948952bfa5347293acbec1ee3c b/tests/keyring/sq/home/data/pgp.cert.d/66/671371bfe381948952bfa5347293acbec1ee3c new file mode 100644 index 0000000000000000000000000000000000000000..0a4c13daab6be30dc8220305d41e67454b7ba277 GIT binary patch literal 701 zcmX?R%wki*utSVfn~jl$@s>M3BO|-R0*&10eAm@X9!i_;S_cI<_ldUcmOm@-=Fo-{ z0jFyXryM%K$09Gr#n8ao1k%jZ!obYU$<8TYQZ#wZzJu><+(j5bK#oD7I5DThAuqoq zu_QA;uUM}*wXiflGf}r7y+AL&DBXNp;!T6a+1J=o`Ic;8ct3SVK}fsdM*h;t{p@9z z#Vm}OMY%YbW-~I$F^Va&q@@cN?tk1kr88*%QkX>y49650{ui3$dH3Cq&tAl2IN`t* zrIp+M)cDA)_50Q?U3RBjtc$Hd#a5!#WeqdJv)<;fPW`-F*2Ole96D&aoFvRdi^XjYRmbs6!WGxE!UgBNB1n&W_CKE*JwCVO6S;4cLOPw zHGNxLsy=mIyOMt@vCMjC(EEY{7qC~gFw0@hLfj0@`$YP5n;_9RGjVQj$3 zb|q@|LoUk8-Ey*M)D?k62ZdwaiHe61yX!1X>+ZaXjbHPY_DjC(rzP)_+|!uauI2_V zPk2dxq@lc;zVGuDK@ZvA#XT#Yi_|Z&C#l8V`g2TRM(=$x^qTE;W2u0hU%WiJmMAh?z{24NMaiPNM6q{mk^0#&>E0S^QRC zdC8RdCWe+^r(}q$K~}InzI?PVM%W=)&60@G+YoG8wbFjkllt}G+v#6VwnoJ6DA1%s zbdrBSy2AR+iKf%)yi(tg0r8)I7(N0pJ;sw-R$`yOsV@N9U28Ra5MLtfHXEvZ;M9av z7SIhV&~x03j;CbCu#7q#ly93<*SoE~k`H_E0=578obVnEV5bAn4f1#+g3wU7x3>?* z+XVsrmAU!*V0_V?9jTzpbj$!HZV^x_FaI{niqgwleD+z#XCaoXyuFR|z~2}F`7hA3 zfSDM93|!1$CKe!w8+d^ZC`bq72?sEP+5TzXje*cEZ>XO-GcoL0t3cwr!)YaQ2s@ID z2;=AexRS4SvkGtHLs(YFoCenC|SNMGxNX17PA%?k>zz7D71nqscwIv#siXYO7>66-4`bhdzPjafJi< zq%=X^>hN1yo&4!!oRkN&Hj?0E8t432H9ae7&k}~an4K{n)Nt`-lc$+kGvVX}NStt) zJrtYy@j9dso(!_WzWXD~MY%#ZtSwM)J?H!IM2Xj|^@lE5!K!rWSPm?soJ{pVn@MU!xJtI(4K|()^4skturEJ4t3{blF^Su7%Eq=+JEQ#Ag)(R zm=#0HUPvj%{1{iM-sF*B+%h5M25fY|< zp=?CyHZGXXbLTi&mD9UKmF#O<-?0FP8Xh?n%c;Hx&%AaS?FIRnJ3rESw|(E)eXyX+ z0bj1yjN_-WFS}UkH@uIPhgDyNQ`VI70wx$0Ju$wan^9nD+sC9Oea6UY9nhp3IU;vp zOg(ZU_MDG`=AOIZAnYTgyD1u0FxyE2fY`X10si!nZit>4U^D>CX8dvV+0?6{c|A_R z?+^qCqv2iwTHZbZ@BnuoZ!{E*@Wc4H!=-)Qe4#%6ZpgGbaAm%vuJ=U5#kD7q2^(d$ z&x-fVM0ajE>=?mzJAScR5Eeo35{3pe@3rUuGadjaO``+MyJ#&|IOb{|m{WEE3ZE10 zq+^*Sq?9hih)h~P3t9OIpk0l8hIOA~U>C{1q*9gabI(G|91^p5*-3bw`;BV|`XkiIawS>6@22JJ7%6 zF#`mCZDBQ9(IjOdq}KOjdi|4wtWqRE8~q>ES-(~PQwiILoImXUIxv+C@!y0DovP~k zuM3?`#uah?P?O{j_` zvwvjb=?C5Umki3A>_P!W5KnyX7f|E$!IL4ZI43|*$SAM?RXs*{z1jGa^~;kx5P`F_ z*3@;L5J5dFO44;azFG^au%~xhP7w1!Hj^`U>Ok+((#gSqA6T@OWf?6)FT&6S_kb}T zgg+#N2rgEKFMsJ+(8w;iUBVkm-&jiOi|O`LCfmnvG4L0=|R0- zmXiUM94g}eAKhLyx+lFMVe33@re&KraEwn|oXc1g5qU;B*9~ut4K}sIi99gr7;B;! z%GQFp!D^4uxdP`{bri9B#OX0w&9zT2CS*FNyoAE5gf188z0l8jO7}y%FsGk=FnyE6 z8rR=@Ij+jzq$4f3MS!Gzc>Nne2sLUz@0{m)8ImAQ!t2<*xvwg%-bWTD;`z$A_E{yW z06TC^N}h45eRUKZw^IU{X?`JG!dE5zr-y~Fz4g;_&-c+1RBtQRe)Zh$^=Mh>=W_!OSYo!@)J3UV}=Q{Rl^CaQ5}hYz}7}FrbQ3hu{7#- zVViozJn5|1RzB)E?&Jnmgs>UYbB1Z58y-$^+s}wHN!&80Mm7{a#+`eW6`b2fwErQ= zqHr{B{*@)J;zK?Fza;aBak<#Id?lq;!={=H@xOErIn$y4pr)BJ(CTGpdlSibSC41$ zVT0jnO{~1e=VQ!9s*92OzYd;J>fnkkmW5ec6K1ZC<$rs5sC+C-Ldf`i|P}BOl(&of3sZYv|qOlDVx6eG)1`e_Irw9(ODEA#e# ze;%5D202y#I7`u4g3COT_f`?H+Js24ZMCp)n_Fkc!5<;ZMp+Bi3x9eH7|ozSE@Xe5 zGDEb~DCZhNj}@(nDgbIwAm}^lCiMS#2s%3gLA<}Ni17dMeb)c=cWYNRKshn)hSjBI zhnCt1SYgaSftntN^+*J@UDqDdZb9#bvY0gY^-*CJ@ZOe8^|q-SxW=5G%J`zNGo`=p zCKpMRq$x6K-n)N9xj@qHJBVC#X58Goykj)71sJEj3HM{xb9HqzTjLhmt&^V(7gdZ~ z9DPsJ*;t^e$_^)uAkLiog7Z>U*>_jn6bxkER$J^2YubANQkFQ87R`Kft-793Z#cMY zRw}IE2Nv$E8P!=@37GrV^L<@Zf&d6+KB+J7VS_GeTgzkgf?sr-5D^?C_)FeG-CMnW zrm%skyX3DmXM0smCQo}1FEU5JTsi^81_Z0P(9V3a6au8v_gBHFS2vU;7i}aW+M%CT zmkrl_LS@wO)>oxW!jUk(aD7ee!Av=wLxetA!CP4(U@2Iw_7>GWZ4*mt=GoK m#MDS?kJH<0oXFX`iFip?gb1xTI{0&?gzh5tCe4c}-TU9MMgE2W literal 0 HcmV?d00001 diff --git a/tests/keyring/sq/home/data/pgp.cert.d/9f/7d81a66c202e74b9f3bf9e4dccd390d8a1cedd b/tests/keyring/sq/home/data/pgp.cert.d/9f/7d81a66c202e74b9f3bf9e4dccd390d8a1cedd new file mode 100644 index 0000000000000000000000000000000000000000..cca8fa2002b56196aca8963881338a8438578d4c GIT binary patch literal 492 zcmX?R%wki*utSVfn~jl$@s>M3BO|-R#0zKl`F(f(;lg>a<(lJT6VB2&>(Ff*uf2}q znX9t-&67h1_*mq{xELB(n?RbGS{RtQIoUY{e9v5-aAV=QyY3EDQl{$p}lCw>-197mie`f%W@R-N_KwUKM!UR1495iBg2$?*%uYq7r%JDiZAi{ zuFvkob0GF*+a!D3UwutSVfn~jl$@s>M3BO|-R0*&10eAm@X9!i_;S_cI<_ldUcmOm@-=Fo-{ z0jFyXr!X)wT(&O!zki>@>MN_`%7u1Tbf$OkH1=7#>*nQNjx2KZljM7R=l~y!ycicl z18Wn=2BsDUW^PV)P63mm$!qo!TwwXfD+BnZ+2>79Au{cGB$!u@+6t18Cdy{um z=zrc*ZLBG#`4{ZjnT!PdJE@D2;mqbs{xy%oZg1o}=&&)bvSNX0sQ>O?;qCt|3{0my qY0hT&@AjQ-FVCM>UoE%HeViq0QMmU?=K+KGeE%4e)xr)FbGZO4LedKW literal 0 HcmV?d00001 diff --git a/tests/keyring/sq/home/data/pgp.cert.d/_sequoia_cert_store_index_v1_on_debiantesting.sqlite b/tests/keyring/sq/home/data/pgp.cert.d/_sequoia_cert_store_index_v1_on_debiantesting.sqlite new file mode 100644 index 0000000000000000000000000000000000000000..b1e265e41a9083147fb34f4e09427e6d8786c15b GIT binary patch literal 61440 zcmeI*UuYx89S87T?P_(Ft(`z(L~+~fQA(`lY_$5b+T|Kr)!H+rK3~r#)8s*j{WI%` z+)1${U$40*=kgW`eGH+rke8#BgOz{}fB*y_009VmJ_2=B$>x^CUaRfXYx_OgZTY>X-?`$n+QUa=ZQHKaZEa(#W zCP`~-yRbDnsx1$mnY)-#vQI3Dor$QF1-(3czB)B%l;TLt=xDCKFr}b_Xv3J9sWAs9 zj|3eY&b^pUr?N{+;*IC}j(eF7BMtB7hXL!=?`_)m>lnrIXt&=CTJ2rheZJdj_qDqH zbY0uJ!2WkOH_t?A24SY1iK-Nx7^EDqjU705VcXtV-_pKsKeHUqDyMDR=j?5JYt6o- zg(rKDf`{zc@5FXK%qvW|Co>HP2HdRYzHGul-q+Fh`+59eWq?lmB3Q<9v1dnea{XNsM$Z zCo9>fvc~~LWoYWrU6Osoo(ex^+lf^6@yEr3CqF5^-(&?06Gc1Hk!nPThp!{{0vXk0 ztVDx1;k0U|a|bCg`V=~#QHED(x7X^lhj)pI%!UU!vKplvm1Xj?$?IIXLgOD>>0E}@ zULbuC`kp|3 zPx@q)?O=ld1Rwwb2tWV=5P$##AOHafoM3^PA}cG6>#w}@^4^`pe*{iID{i@*_jJ=U z-HJ(dQ+H{Qcd1b{Eu-M+PT8}}c)FS#M)}>(fAY0=?;PINb=@pFUSL*yvl3K_C9h09 zqeOMz2pr$=Xu+c;z2e5x)e>Qp-~Rn?*WUc*;q79nQm|MUmwGy-Mb9vdie9YfZa|Bs zZk0@{TyO)Y98Xsh!zjP`@TaA((!<*&-}C&UmG@1Dt!?mqD`17v9mDVn`2ww!Tq`KL zfkor#(yUEoa$X=WkelQ@dFKQ-F^UcW2tWV=5P$##AOHafKmY;|crXHIq=v{ll%Rx( zc}EQ7Ffs4IK;lWMF*jTP|CT^*lfRPp$*l(igAwBJ(r$5E}#_009U< z00Izz00bZa0SH6_eoAhvG4c0$2C^e3=G*z-E5C`G8FV zkEipMS#pVY40%iEC&OHLuS7c*waP)!uu4YBqLj@!FBe!n9M>^j%X0KW;8iTwFpi{? zXUQe+n0j6>6pCi4n72%$XcY>2a{A79BJ&9wesR{tZA*U2^V9kzoF z0uX=z1Rwwb2tWV=5P$##An;`psL9F3SwY}k)zGFt>a9BMc4xos(N*?nx7*o&zE_cw zjnjg_dmX<|d;L~>ceS^-o=7&Tg1~!Cf1S2z*XdJV>$EkWx-F+YjP;b5Y^(?Z?|lEw zj^|v~>fQZbU)%0<`qA(IsrLl3My{*($Qxg#CPrN#009U<00Izz00bZa0SG_<0t11X z+&Ihqi+#ro0mv1(ahiK3|NRjFXKLC*UHv67H?(YSd+W#l73FIyI>wmA2 zKj4)C0SG_<0uX=z1Rwwb2tWV=5P-nL5LlAVipLE-sM2Y1Y((MfQdRtvfr9Y&|EBl< zKM=_O$iKKL(fWZ(RTY literal 0 HcmV?d00001 diff --git a/tests/keyring/sq/home/data/pgp.cert.d/_sequoia_signature_verification_cache_v1_on_debiantesting.sqlite b/tests/keyring/sq/home/data/pgp.cert.d/_sequoia_signature_verification_cache_v1_on_debiantesting.sqlite new file mode 100644 index 0000000000000000000000000000000000000000..22f04ef84e3cec6738ff6ce1886f8f585c73ecdd GIT binary patch literal 12288 zcmeI%dpJ~S90%~Z*vQ<_qKkAQp@dR$jTy$RF~lJE#yHGq%*YIhRCcA%MHfO;tgLk} zQn~C?l6#5PrIgjps-_9KbzygOw9oFd&;Gm5_B`+VoO9lD-uL^Q-+Mm)opW5b(KtdF z3gU-{GKG)g+gH@J65uPX>-?7UoIp)`Y-4Ic8WpiM(-j>W--JW6e&`2 z01XHL0U!VbfB+Bx0zd!=00AHX1c1PQEwCFSt-Nd*I*ux225@1RCk*Gng82?>|*aocJYL^QayD(&vBUop+A$wf&~IN5VEH; zsJ2uWS#8L}o?++Y#(-R$JnXIGq|r!a_;ck*I9$Nt^X5Cu-zv`!&R6FAdCPxR{*s)p z3DKPx5Z#SNL)OLOhlWa?0%B0NONQsCWVPqs&C#U$D9HvI5C8%|00;m9AOHk_01yBI zKmZ5;0U+@82&|R-rC;bRfOkdkIZQ~v3Fa|{5#cZ-`98o2;;@)P$)^U0#bmK1L+fQF z&!vhxg2JyNJtS3^u1^E!7u+Kc0yy(o?659MN+b54(({lx|sJsuOiIk{ZU8csbrv zGcn}>_4}jI*Dy%|N^+VzkQDlCrFq(gQOHlIP7Gxm}`(Js|7R6&ScP z@j`U@8|4*QRnBcke@0Skl0y>uih63c_SmJ7%BS}P#Yd*7u8t3ru5&Ot|LV3FNrklU zkKKI^Ypxd~exAyDTC^i{!gqod=3&9kY)doSxsV<@=cOkuZCH2Aq5q1sFGq=}l_K4` zd@6!?|IyL@K8~%Gbr+HmQFBvp1u zN8j{tTb0+t#gDe1x?6Xr%rtpN+Y25ov19D!lIAB!%0D2L>;T^|`!GHjEEC%;=r?4O zElK|CbB{&w-4>`2k<`bMEtVT=XERWhnP^5sGh`-4i=3q{>OKkL`d3IPK0s25TPo~E z$C8r@o8aVxIGd#F!g_;n^Wn`!AwNY}ysv3NBp$ctH5cgCW~zKRKVg)0;F7eM))Om# zu=r$)>1kd{*#jii$);GmJiNku@SBd`l0qMUk{?&5{#v+ivbt6sJDl3-f~1P8ZrI5T zkWC)?q*X!g-SnX|={Y#5T=x;z2ouJxYogs&4 zNgMMU)O7S&i_5af z$v<6J&DTOw6Vo=muh)qT3o5DlPnCsurv8;e^P8<*g~y}X)bFjmjZ}PY=uU4E4TPey zS51jI7Ji(_h^c4aMt68sP(NGt-SSK8^~v z)@Z)DhNO0GIjQBT?oscZNbuElytrUozA;AyR+x}hUHLYw>I@Z0sV%i#6>svvr>)M% zAjGuOW+<<`sTGw{{$kS&qT72b9+Hyhw!9svp|q!McG6iy@)MpDhv&DJ#|byRH%;?4 z%Iif^cx_+(`zqqo?N@6|Sk})v3w|Hfee_OEr}VBO^xbk}UnGT#ndD(}9KX*la!D3UwutSVfn~jl$@s>M3BO|-R#0zKl`F(f(;lg>a<(lJT6VB2&>(Ff*uf2}q znX9t-%@YQOe`W#cY^lx*{7Sh^_v)zpl#u)3JM~lf_x4SnOW$z+ncXCieCPlli@X>Y zLj!9Q$Ofhs24-$fc1{7`GnXgaSa|NPy9fga$T27sC+3tmSe?Q4A%EiGnn~_P5 zQB09#er@Bj90k3SouBv5gIUDD5WvpJFy&tMMFsZ7FJ7+m$7x&mNuQbu)g-=Z`1y+F8#E_~a)i<|u>| zl@^yM1m)+K96BJ#A`J9mGlgEXZOZs9(R^)!irc~oyfchSe+tI-9w}F0irRZEV@;OT zGO!nCG7|9RhZ~FxX9TV1SL3zT i{@W_cbFgZK_qj9!m&3>2t~S;1%{G@4+i==&0XqO-*wiZk literal 0 HcmV?d00001 diff --git a/tests/keyring/sq/home/data/pgp.cert.d/writelock b/tests/keyring/sq/home/data/pgp.cert.d/writelock new file mode 100644 index 0000000..e69de29 diff --git a/tests/keyring/sq/home/data/revocation-certificates/4C5EC64E1D6FAD6CE2CE417B11183ACF87D87F73-revocation.pgp b/tests/keyring/sq/home/data/revocation-certificates/4C5EC64E1D6FAD6CE2CE417B11183ACF87D87F73-revocation.pgp new file mode 100644 index 0000000..6ab198a --- /dev/null +++ b/tests/keyring/sq/home/data/revocation-certificates/4C5EC64E1D6FAD6CE2CE417B11183ACF87D87F73-revocation.pgp @@ -0,0 +1,13 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: Revocation certificate for +Comment: 4C5E C64E 1D6F AD6C E2CE 417B 1118 3ACF 87D8 7F73 +Comment: testing.sq + +xjMEZ2XGvBYJKwYBBAHaRw8BAQdABPRDA8MB8vnczQ9O1bF4D8bWXnBRkGUYVCtJ +IewW5UfCwAsEIBYKAH0FgmdlxrwJEBEYOs+H2H9zRxQAAAAAAB4AIHNhbHRAbm90 +YXRpb25zLnNlcXVvaWEtcGdwLm9yZxtwDQ7X27b4KkX75l/HvAesAAG9BsVnloc6 +aIsvZy1PDR0AVW5zcGVjaWZpZWQWIQRMXsZOHW+tbOLOQXsRGDrPh9h/cwAAIcwB +AN1vmQTw5KzVGfnNi/ZnuU6F9YkVDvDvbUOCNaJG59VbAQDF1Yy6i87tnSrfP41S +wOh2uhVNDSiZEiYeHQSYZHlcBg== +=Nx89 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/keyring/sq/passphrase b/tests/keyring/sq/passphrase new file mode 100644 index 0000000..9a2c773 --- /dev/null +++ b/tests/keyring/sq/passphrase @@ -0,0 +1 @@ +testing \ No newline at end of file diff --git a/tests/keyring/sq/testing-sq-cert.asc b/tests/keyring/sq/testing-sq-cert.asc new file mode 100644 index 0000000..6c4fb89 --- /dev/null +++ b/tests/keyring/sq/testing-sq-cert.asc @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xjMEZ2XGvBYJKwYBBAHaRw8BAQdABPRDA8MB8vnczQ9O1bF4D8bWXnBRkGUYVCtJ +IewW5UfCwAsEHxYKAH0FgmdlxrwDCwkHCRARGDrPh9h/c0cUAAAAAAAeACBzYWx0 +QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmeF1xwMrlzXh3unYC/hze7aNLSmoIIz +9ShPD68V1i4azAMVCggCmwECHgEWIQRMXsZOHW+tbOLOQXsRGDrPh9h/cwAAOBwB +AOgHwyBu28L963UdswAaRRatBz0wdG6zpFT0G7od3RVvAQCWHVCU2AFMRkGFfD4U +dm46hLThiXntrTDXsdx12eOGB80KdGVzdGluZy5zccLADgQTFgoAgAWCZ2XGvAML +CQcJEBEYOs+H2H9zRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdw +Lm9yZ6zdefq40SPGB8RvYhZ0+7wA50WPuTc+1lA3qSdIfcubAxUKCAKZAQKbAQIe +ARYhBExexk4db61s4s5BexEYOs+H2H9zAACKeQD/SehQU+t1WOR+Gs3lQHT+UD2C +2ZGFfbLBELSE+cYsMgoBAK+T8Qdx6CEK07zUtfJXslqR1S3HvYZuQGiA/d5UsEwN +zjMEZ2XGvBYJKwYBBAHaRw8BAQdARYzhpGcUffzURCk8XfMdtqr/p/fGD0NHbNZo +ZEMRdYDCwL8EGBYKATEFgmdlxrwJEBEYOs+H2H9zRxQAAAAAAB4AIHNhbHRAbm90 +YXRpb25zLnNlcXVvaWEtcGdwLm9yZ3wLL4vyWIYOLLbgJozwq3Rf57mla5BLBVAX +8Mw/0PLHApsCvqAEGRYKAG8FgmdlxrwJEAqBASI4QwmGRxQAAAAAAB4AIHNhbHRA +bm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZyFklqyDpRDbJ47ArbCUrEJOlR6jRu2Y +rPBnqKJMDByqFiEEOWYN7+uB2H6FXwUdCoEBIjhDCYYAAOxLAP96sDjqESfEZVAi +IzinBRxvpJN9bAtEx+0lUsVppN+xCgEAqpG38iIRXw718AVaTZzGGBjAH6eGbUyU +iFOWeSFxywoWIQRMXsZOHW+tbOLOQXsRGDrPh9h/cwAAnsEBAIrdznoudNPXvanj +/BMd7uXLt0zPxQqSW+VY9x39gIM4AQDqSQBtI5syYdvzLFuIneBu+mKUo2lJ7VNk +WhwMSLEnAM44BGdlxrwSCisGAQQBl1UBBQEBB0DnHwWDChPdDLmSAGSoi9PQCY3W +IqPmgwN8AOt0mXDLewMBCAfCwAAEGBYKAHIFgmdlxrwJEBEYOs+H2H9zRxQAAAAA +AB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ+XVxtgFzdgHDLSXNAd5 +XPrRmViNruVrTkt1bw0tVHWZApsMFiEETF7GTh1vrWzizkF7ERg6z4fYf3MAAN0B +AP9QiCpKYdf7yxxeLYybmLg66i5MxkV05qs/9SNyR9dgNwD/UC5IjShHr3t201Op +d12Q+13lrJ8vczSrMXy6cDKLJgo= +=aHt9 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/messages/comp.lang.go-corrupted.newgroup b/tests/messages/comp.lang.go-corrupted.newgroup new file mode 100644 index 0000000..5e1743a --- /dev/null +++ b/tests/messages/comp.lang.go-corrupted.newgroup @@ -0,0 +1,40 @@ +Path: news.eyrie.org!bounce-back +From: group-admin@isc.org +Newsgroups: comp.lang.go +Subject: cmsg newgroup comp.lang.go +Control: newgroup comp.lang.go +Approved: group-admin@isc.org +Date: Thu, 09 Nov 2023 13:00:02 -0800 +Message-ID: +X-Info: https://www.big-8.org/ + https://www.eyrie.org/~eagle/big-8/ +X-PGP-Sig: GnuPG Subject,Control,Message-ID,Date,From,Sender + iQIzBAEBCgAdFiEEjhgb7wvmOJYsGlyY+v57VQwYyLcFAmVNSFMACgkQ+v57VQwY + yLdG4g//bjHd8neeT+TV/wnJSaKRYHybfkrtzMtEOY9FrlXcMt/AjQLC2oJ0aS9u + l6TM04hfVuVCNYKyflOEYCpW0/9ei0yxr0JEATBsFdLN8fppEYzn5ziCxkLgDokN + JFt1oiAok4YbJ7H/4YXM4R8RcHThPVtpWhMI4pMzBwF4pOsgb6hYmiPwJBux0Bgd + pi74e5pFlrDB8tMoZetGvSSlH2qQTTUbZjd7qJJr6HqMFfIlSGWmw61rWMSehcQp + YCNW3ibbkJ4zPlfs+Q/5KbGobbyZ9fWl/sgHvZ3p8qJZHzqCtjeHyXNP3Q2BIiaj + kgdmJ6ZggQNNEEU/pupRIR4WpEjGZTRFDBGBa+5J1yQsV0FWSDyMpmvCkjlCoOhh + RMVs+YroSiEQxAYsYE7zFZok763MSiKQw00uvKR0gwd/Ov4QbC53AGZHKmW2Q8O+ + m80AmKWa6YOaVFPgaou4TI+1qrTe0Hb/+72wT+Ep730JSuiJYQ+XZ/nZqsjegvV7 + qPr2SpnWH43cSNi2MNBCPcWNGqVRUYxXfD2bouoS+9VACx9jkIgK8I8MleryXCwa + A6hs0T/+i/FqcNlwC/ZBxiKwjSzg8Vj90cteSjY+5ovTZOb5xCNtEbp4Pm3hbgeT + Qjtl738/hxyZUmgTEVzBv2CBahJ1ICkiYgzFa19WaIhAsDm4Mns= + =qThC +Xref: news.eyrie.org control.newgroup:100 + +*CORRUPTED* +The Last Call for Comments (LCC) on 2023-09-25 initiated a five-day +period for final comments. Following this comment period, the Big-8 +Management Board voted to create the unmoderated newsgroup comp.lang.go. +The vote was 2 in favour and 0 opposed. One member did not vote. + +For your newsgroups file: +comp.lang.go The Go programming language (Golang). + +CHARTER: + +comp.lang.go will be a unmoderated group where people interested in the +Go programming language can share ideas and topics, help each other, and +keep up with interesting projects. diff --git a/tests/messages/comp.lang.go.newgroup b/tests/messages/comp.lang.go.newgroup new file mode 100644 index 0000000..b58ff71 --- /dev/null +++ b/tests/messages/comp.lang.go.newgroup @@ -0,0 +1,39 @@ +Path: news.eyrie.org!bounce-back +From: group-admin@isc.org +Newsgroups: comp.lang.go +Subject: cmsg newgroup comp.lang.go +Control: newgroup comp.lang.go +Approved: group-admin@isc.org +Date: Thu, 09 Nov 2023 13:00:02 -0800 +Message-ID: +X-Info: https://www.big-8.org/ + https://www.eyrie.org/~eagle/big-8/ +X-PGP-Sig: GnuPG Subject,Control,Message-ID,Date,From,Sender + iQIzBAEBCgAdFiEEjhgb7wvmOJYsGlyY+v57VQwYyLcFAmVNSFMACgkQ+v57VQwY + yLdG4g//bjHd8neeT+TV/wnJSaKRYHybfkrtzMtEOY9FrlXcMt/AjQLC2oJ0aS9u + l6TM04hfVuVCNYKyflOEYCpW0/9ei0yxr0JEATBsFdLN8fppEYzn5ziCxkLgDokN + JFt1oiAok4YbJ7H/4YXM4R8RcHThPVtpWhMI4pMzBwF4pOsgb6hYmiPwJBux0Bgd + pi74e5pFlrDB8tMoZetGvSSlH2qQTTUbZjd7qJJr6HqMFfIlSGWmw61rWMSehcQp + YCNW3ibbkJ4zPlfs+Q/5KbGobbyZ9fWl/sgHvZ3p8qJZHzqCtjeHyXNP3Q2BIiaj + kgdmJ6ZggQNNEEU/pupRIR4WpEjGZTRFDBGBa+5J1yQsV0FWSDyMpmvCkjlCoOhh + RMVs+YroSiEQxAYsYE7zFZok763MSiKQw00uvKR0gwd/Ov4QbC53AGZHKmW2Q8O+ + m80AmKWa6YOaVFPgaou4TI+1qrTe0Hb/+72wT+Ep730JSuiJYQ+XZ/nZqsjegvV7 + qPr2SpnWH43cSNi2MNBCPcWNGqVRUYxXfD2bouoS+9VACx9jkIgK8I8MleryXCwa + A6hs0T/+i/FqcNlwC/ZBxiKwjSzg8Vj90cteSjY+5ovTZOb5xCNtEbp4Pm3hbgeT + Qjtl738/hxyZUmgTEVzBv2CBahJ1ICkiYgzFa19WaIhAsDm4Mns= + =qThC +Xref: news.eyrie.org control.newgroup:100 + +The Last Call for Comments (LCC) on 2023-09-25 initiated a five-day +period for final comments. Following this comment period, the Big-8 +Management Board voted to create the unmoderated newsgroup comp.lang.go. +The vote was 2 in favour and 0 opposed. One member did not vote. + +For your newsgroups file: +comp.lang.go The Go programming language (Golang). + +CHARTER: + +comp.lang.go will be a unmoderated group where people interested in the +Go programming language can share ideas and topics, help each other, and +keep up with interesting projects. diff --git a/tests/sequoia-tests.pl b/tests/sequoia-tests.pl new file mode 100755 index 0000000..21ff773 --- /dev/null +++ b/tests/sequoia-tests.pl @@ -0,0 +1,153 @@ +#! /usr/bin/perl -w + +use constant VERIFY_OK => 0; +use constant VERIFY_BADDATA => 1; +use constant VERIFY_NOCERT => 2; +use constant VERIFY_BADSIG => 3; + +my $sq = '/usr/local/bin/sq'; +my $gpg = '/usr/bin/gpg'; +my $sq_home = "$ENV{'PWD'}/keyring/sq/home/"; +$ENV{SEQUOIA_HOME} = $sq_home; + +my $failed = 0; +my $tests = 0; + +sub pgpverify { + my ($file, $expected) = @_; + my $signer = `./tmp/pgpverify < $file`; + chomp $signer; + if ($? == VERIFY_OK && $signer eq $expected) { + return VERIFY_OK; + } else { + print "pgpverify exited with status ", ($? >> 8), "\n" if $? != VERIFY_OK; + print "pgpverify said the signer was $signer\n" if $signer; + return $? >> 8; + } +} + +sub fix_pgpverify { + my ($path, $keyring) = @_; + open (BASIC, "../pgpverify") or die "Can't open ../pgpverify: $!\n"; + open (FIXED, "> tmp/pgpverify") or die "Can't create pgpverify: $!\n"; + while () { + s%^\# \$sq = \'.*%\$sq = '$path';% if $path =~ /sq$/; + s%^\# \$sq_policy_as_of = \'.*%\$sq_policy_as_of = '19970101';% if $path =~ /sq$/; + s%^\# \$gpg = \'.*%\$gpg = '$path';% if $path =~ /gpg$/; + s%^\# \$keyring = \'.*%\$keyring = '$keyring';% if $keyring; + s%^\$syslog_method = \'.*%\$syslog_method = '';%; + print FIXED; + } + close BASIC; + close FIXED; + chmod (0755, 'tmp/pgpverify'); +} + +sub fix_signcontrol { + my ($path, $signer) = @_; + open (BASIC, "../signcontrol") or die "Can't open ../signcontrol: $!\n"; + open (FIXED, "> tmp/signcontrol") or die "Can't create signcontrol: $!\n"; + while () { + s/INSERT_YOUR_PGP_USERID/$signer/; + s/^my \$pgp = \".*/my \$pgp = '$path';/; + s/YOUR_ADDRESS_AND_NAME/Test Signer /; + s/ADDRESS_FOR_Approved_HEADER/test\@example.com/; + s/FULL_HOST_NAME/example.com/; + s/HIERARCHIES/example/; + print FIXED; + } + close BASIC; + close FIXED; + chmod (0755, 'tmp/signcontrol'); +} + +sub sign_verify_roundtrip_test { + my ($testname, $sign_exec, $verify_exec, $signer) = @_; + + my $signedfile = "./tmp/signed_$testname"; + fix_signcontrol ($sign_exec, $signer); + my $status = system ("./tmp/signcontrol < ./messages/newgroup > $signedfile"); + + if ($? == 0) { + print "PASS: $testname (sign)\n"; + } else { + print "signcontrol exited with status ", ($? >> 8), "\n"; + print "FAIL: $testname (sign)\n"; + $failed++; + } + $tests++; + + fix_pgpverify ($verify_exec); + if (pgpverify ($signedfile, 'testing.sq') == VERIFY_OK) { + print "PASS: $testname (verify)\n"; + } else { + print "FAIL: $testname (verify)\n"; + $failed++; + } + $tests++; +} + +fix_pgpverify ($sq); +if (pgpverify ('./messages/comp.lang.go.newgroup', 'news.announce.newgroups') == VERIFY_OK) { + print "PASS: big8 newgroup (verify from default cert store)\n"; +} else { + print "FAIL: big8 newgroup (verify from default cert store)\n"; + $failed++; +} +$tests++; + +fix_pgpverify ($sq, './keyring/sq/big8-cert.asc'); +if (pgpverify ('./messages/comp.lang.go.newgroup', 'news.announce.newgroups') == VERIFY_OK) { + print "PASS: big8 newgroup (verify from cert file)\n"; +} else { + print "FAIL: big8 newgroup (verify from cert file)\n"; + $failed++; +} +$tests++; + +fix_pgpverify ($sq, $sq_home); +if (pgpverify ('./messages/comp.lang.go.newgroup', 'news.announce.newgroups') == VERIFY_OK) { + print "PASS: big8 newgroup (verify from custom cert store)\n"; +} else { + print "FAIL: big8 newgroup (verify from custom cert store)\n"; + $failed++; +} +$tests++; + +# Corrupted message, should fail with status VERIFY_BADSIG +fix_pgpverify ($sq); +if (pgpverify ('./messages/comp.lang.go-corrupted.newgroup', 'news.announce.newgroups') == VERIFY_BADSIG) { + print "PASS: BAD big8 newgroup (verify)\n"; +} else { + print "FAIL: BAD big8 newgroup (verify)\n"; + $failed++; +} +$tests++; + +# Unknown signer, should fail with status VERIFY_NOCERT +fix_pgpverify ($sq); +if (pgpverify ('./messages/gnu', 'usenet@gnu.org') == VERIFY_NOCERT) { + print "PASS: Unknown signer (verify)\n"; +} else { + print "FAIL: Unknown signer (verify)\n"; + $failed++; +} +$tests++; + +sign_verify_roundtrip_test ('signcontrol-sq-fingerprint', $sq, $sq, '4C5EC64E1D6FAD6CE2CE417B11183ACF87D87F73'); +sign_verify_roundtrip_test ('signcontrol-sq-userid', $sq, $sq, 'testing.sq'); + +# Interoperability test - verify with GnuPG the message signed +# with sq +fix_pgpverify ($gpg, './keyring/'); +if (pgpverify ('./tmp/signed_signcontrol-sq-userid', 'testing.sq') == VERIFY_OK) { + print "PASS: Sign with sq, verify with gpg\n"; +} else { + print "FAIL: Sign with sq, verify with gpg\n"; + $failed++; +} +$tests++; + +print "\nTOTAL: Tests $tests Failed $failed\n"; + + diff --git a/tests/sequoia-tests.sh b/tests/sequoia-tests.sh new file mode 100755 index 0000000..67bddfb --- /dev/null +++ b/tests/sequoia-tests.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +if [ -d tests/tmp ]; then + rm -fR tests/tmp +fi + +echo -e "Please insert $(cat tests/keyring/sq/passphrase) as passphrase when required\n" +cd tests && mkdir tmp && ./sequoia-tests.pl \ No newline at end of file