[#14548] php-horde-crypto: needs updating for gpg2 cli changes
Summary php-horde-crypto: needs updating for gpg2 cli changes
Queue Horde Framework Packages
Type Bug
State Duplicate
Priority 2. Medium
Requester nish.aravamudan@canonical.com
Created 2016-12-22 (1300 days ago)
Updated 2017-01-13 (1278 days ago)
Assigned 2017-01-13 (1278 days ago)
Resolved 2017-01-13 (1278 days ago)
Patch No

nish.aravamudan@canonical.com 2016-12-22 23:42:59
gpg2 (now the default e.g. on Ubuntu), has a different CLI output 
format. But the Horde Crypto library relies on parsing that output for 
self-verification (and I assume, therefore, for behavior).

The changes in the attached patch include setting a GPG environment 
variable (without which you get a cryptic error message from gpg2) and 
then setting some global flags for gpg (--keyid-format short and (if 
not v1) --pinentry-mode loopback).

I also split testVerifyPassphrase into two tests. This is because gpg2 
always spawns a gpg-agent which caches passphrases. So within one gpg2 
session (which each test counts as), the first successful message 
decryption (using the correct passphrase) ends up staying cached and 
falsely passing the bad passphrase case. Alternatively, the function 
could be left as one and the order of the calls could be changed.

math.parent@gmail.com 2016-12-27 05:42:51

Debian maintainer here.

I'm concerned by this patch, "--keyid-format short", should not be 
used. See http://gwolf.org/node/4070/ for more info.

Jan Schneider <jan@horde.org> 2017-01-13 12:11:12
I agree with Mathieu. Nishanth, can you please explain why you used 
this and eventually update your patch to leave this out?

nish.aravamudan@canonical.com 2017-01-13 17:34:35

I believe it would be appropriate to update the testsuite to use full 
keys everywhere. But the way the tests are written now, that is not 
the case (and without the specified flag, the tests fail, afaict). I 
agree it's not ideal, but I am not a Horde developer (or even a gnupg 
developer). I am just trying to pass along an issue and a suggested 
(base for a full) fix.

Jan Schneider <jan@horde.org> 2017-01-13 20:50:12
Besides the questionable parameter, this breaks GnuPG 1 support 
completely, and doesn't even fix the failing unit tests with GnuPG 2. 
In the end it's just a duplicate of ticket #14014.