gpg4libre: check if we can really verify OpenPGP signatures
And disable unit tests otherwise
Change-Id: I32e1d8d2f8b0013d9cb43b78a55d23a1a29a8e8d
Reviewed-on: https://gerrit.libreoffice.org/46057
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
diff --git a/config_host/config_gpgme.h.in b/config_host/config_gpgme.h.in
index a8435bd0..7e46f37 100644
--- a/config_host/config_gpgme.h.in
+++ b/config_host/config_gpgme.h.in
@@ -16,6 +16,9 @@
// Defined if gpgme support is available
#define HAVE_FEATURE_GPGME 0
// Defined if gpg and gpgme signature verification is available
#define HAVE_FEATURE_GPGVERIFY 0
#if HAVE_FEATURE_GPGME
# include "config_lgpl.h"
#endif
diff --git a/configure.ac b/configure.ac
index e216e5f..449dfc1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -133,9 +133,16 @@ dnl path location is git, so make sure we have it
if test -n "$mac_git_path" -a -x "$mac_git_path" -a "$mac_git_path" != "/usr/bin/git" ; then
mac_path="$mac_path:`dirname $mac_git_path`"
fi
dnl a not so common but nevertheless quite helpful thing that may be in a fancy
dnl path location is gpg, so make sure we find it
mac_gpg_path=`which gpg 2>/dev/null`
if test -n "$mac_gpg_path" -a -x "$mac_gpg_path" -a "$mac_gpg_path" != "/usr/bin/gpg" ; then
mac_path="$mac_path:`dirname $mac_gpg_path`"
fi
PATH="$mac_path"
unset mac_path
unset git_mac_path
unset mac_git_path
unset mac_gpg_path
}
echo "********************************************************************"
@@ -10225,6 +10232,14 @@ if test "$_os" = "Linux" -o "$_os" = "Darwin" -o "$_os" = "WINNT" ; then
fi
ENABLE_GPGMEPP=TRUE
AC_DEFINE([HAVE_FEATURE_GPGME])
AC_PATH_PROG(GPG, gpg)
# TODO: Windows's cygwin gpg does not seem to work with our gpgme,
# so let's exclude that manually for the moment
if test -n "$GPG" -a "$_os" != "WINNT"; then
# make sure we not only have a working gpgme, but a full working
# gpg installation to run OpenPGP signature verification
AC_DEFINE([HAVE_FEATURE_GPGVERIFY])
fi
fi
AC_SUBST(ENABLE_GPGMEPP)
AC_SUBST(SYSTEM_GPGMEPP)
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 9ea2669..7e737f8 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -42,6 +42,7 @@
#include <sfx2/sfxbasemodel.hxx>
#include <sfx2/objsh.hxx>
#include <osl/file.hxx>
#include <osl/process.h>
#include <comphelper/ofopxmlhelper.hxx>
#include <documentsignaturehelper.hxx>
@@ -103,8 +104,7 @@ public:
void testXAdESGood();
/// Test importing of signature line images
void testSignatureLineImages();
#ifdef LINUX
# if HAVE_FEATURE_GPGME
#if HAVE_FEATURE_GPGVERIFY
/// Test a typical ODF where all streams are GPG-signed.
void testODFGoodGPG();
/// Test a typical ODF where all streams are GPG-signed, but we don't trust the signature.
@@ -113,7 +113,6 @@ public:
void testODFBrokenStreamGPG();
/// Test a typical broken ODF signature where the XML dsig hash is corrupted.
void testODFBrokenDsigGPG();
# endif
#endif
CPPUNIT_TEST_SUITE(SigningTest);
CPPUNIT_TEST(testDescription);
@@ -137,13 +136,11 @@ public:
CPPUNIT_TEST(testXAdES);
CPPUNIT_TEST(testXAdESGood);
CPPUNIT_TEST(testSignatureLineImages);
#ifdef LINUX
# if HAVE_FEATURE_GPGME
#if HAVE_FEATURE_GPGVERIFY
CPPUNIT_TEST(testODFGoodGPG);
CPPUNIT_TEST(testODFUntrustedGoodGPG);
CPPUNIT_TEST(testODFBrokenStreamGPG);
CPPUNIT_TEST(testODFBrokenDsigGPG);
# endif
#endif
CPPUNIT_TEST_SUITE_END();
@@ -177,15 +174,14 @@ void SigningTest::setUp()
osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
setenv("MOZILLA_CERTIFICATE_FOLDER", aTargetPath.toUtf8().getStr(), 1);
#endif
#ifdef LINUX
# if HAVE_FEATURE_GPGME
#if HAVE_FEATURE_GPGVERIFY
// Make gpg use our own defined setup below data dir
OUString aHomePath;
osl::FileBase::getSystemPathFromFileURL(
m_directories.getURLFromSrc(DATA_DIRECTORY),
aHomePath);
setenv("GNUPGHOME", aHomePath.toUtf8().getStr(), 1);
# endif
OUString envVar("GNUPGHOME");
osl_setEnvironment(envVar.pData, aHomePath.pData);
#endif
}
@@ -687,8 +683,7 @@ void SigningTest::testSignatureLineImages()
CPPUNIT_ASSERT(xSignatureInfo[0].InvalidSignatureLineImage.is());
}
#ifdef LINUX
# if HAVE_FEATURE_GPGME
#if HAVE_FEATURE_GPGVERIFY
void SigningTest::testODFGoodGPG()
{
createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "goodGPG.odt");
@@ -743,7 +738,6 @@ void SigningTest::testODFBrokenDsigGPG()
CPPUNIT_ASSERT(pObjectShell);
CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN), static_cast<int>(pObjectShell->GetDocumentSignatureState()));
}
# endif
#endif
void SigningTest::registerNamespaces(xmlXPathContextPtr& pXmlXpathCtx)
