Changeset 310
- Timestamp:
- 08/31/08 19:09:16 (3 months ago)
- Files:
-
- gpgdir/trunk/ChangeLog (modified) (1 diff)
- gpgdir/trunk/gpgdir (modified) (40 diffs)
- gpgdir/trunk/test/gpgdir_test.pl (modified) (21 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
gpgdir/trunk/ChangeLog
r303 r310 1 1 gpgdir-1.9.2 (08//2008): 2 - Added new modes '--sign <dir>' and '--verify <dir>' to allow all files 3 in the specified directory to be signed or verified instead of encrypted 4 or decrypted. All GnuPG signatures are created as "<file>.asc", and the 5 original file is not removed in --sign mode. In --verify mode, if any 6 file does not match the expected .asc signature, then a warning like the 7 following will be generated: 8 9 [+] Verifying: /home/mbr/src/gpgdir/test/data-dir/multi-line-ascii.asc 10 [GNUPG:] BADSIG 9EDEEEEBA742EEEF Some User <someuser@domain.org> 11 12 - Bugfix to not die() when files that are encrypted with a different GnuPG 13 key are encountered in a directory that is being decrypted. A warning 14 message (see below) is now generated and the file is skipped: 15 16 [+] Decrypting: /home/mbr/tmp/gpgdir/a.gpg 17 [GNUPG:] BAD_PASSPHRASE CF16F0FCFFF3FF4F 18 [-] Skipping file encrypted with different GnuPG key: a.gpg 19 20 - Updated to use the status output from GnuPG::Interface to detect a bad 21 passphrase and whether a file is encrypted with the expected GnuPG key. 2 22 - Moved the GnuPG::Interface, Class::MethodMaker, and Term::ReadKey 3 23 modules to the deps/ directory, and updated the installer and RPM spec 4 24 file to account for the path change. This change was suggested by 5 25 Franck Joncourt for the other cipherdyne.org projects. 26 - Updated the test suite to generate files in the output/ directory 27 according to test number and append the result of each test within each 28 file. This makes it easy to tell which tests have failed with a simple 29 'grep fail output/*test'. 6 30 - Added the gpgdir-nodeps.spec file to allow an RPM to be built that does 7 31 not contain any perl modules dependencies. 8 32 - Updated gpgdir to import perl modules via 'require' statements instead 9 33 of 'use' statements so that the path to the modules directory can be 10 changed via the --Lib-dir command line argument. 34 changed via the --Lib-dir command line argument. Also updated to use 35 the 'auto' heuristic (first implemented in the fwknop project) to detect 36 perl module directories that should be used in the --Lib-dir directory 37 to import perl modules from. 11 38 12 39 gpgdir-1.9.1 (06/07/2008): gpgdir/trunk/gpgdir
r304 r310 15 15 # Copyright (C) 2002-2008 Michael Rash (mbr@cipherdyne.org) 16 16 # 17 # License (GNU General Public License):17 # License: GNU General Public License version 2 (GPLv2) 18 18 # 19 19 # This program is distributed in the hope that it will be useful, … … 53 53 my $encrypt_dir = ''; 54 54 my $decrypt_dir = ''; 55 my $sign_dir = ''; 56 my $verify_dir = ''; 55 57 my $homedir = ''; 56 58 my $exclude_pat = ''; … … 77 79 my $wipe_mode = 0; 78 80 my $encrypt_mode = 0; 81 my $signing_mode = 0; 82 my $verify_mode = 0; 79 83 my $use_default_key = 0; 80 84 my $pw_file = ''; … … 97 101 my $overwrite_encrypted = 0; 98 102 my $overwrite_decrypted = 0; 99 my $symmetric_mode = 0;100 my $DEL_SOURCE_FILE = 1;103 my $symmetric_mode = 0; 104 my $DEL_SOURCE_FILE = 1; 101 105 my $NO_DEL_SOURCE_FILE = 0; 102 106 … … 107 111 my $ACCEPT_YES_DEFAULT = 1; 108 112 my $ACCEPT_NO_DEFAULT = 2; 113 114 ### turn off buffering 115 $| = 1; 109 116 110 117 unless ($< == $>) { … … 120 127 121 128 die "[*] Use --help for usage information.\n" unless(GetOptions ( 122 'encrypt=s' => \$encrypt_dir, # Encrypt files in this directory. 123 'decrypt=s' => \$decrypt_dir, # Decrypt files in this directory. 129 'encrypt-dir=s' => \$encrypt_dir, # Encrypt files in this directory. 130 'decrypt-dir=s' => \$decrypt_dir, # Decrypt files in this directory. 131 'sign-dir=s' => \$sign_dir, # Sign files in this directory. 132 'verify-dir=s' => \$verify_dir, # Verify files in this directory. 124 133 'gnupg-dir=s' => \$gpg_homedir, # Path to /path/to/.gnupg directory. 125 134 'pw-file=s' => \$pw_file, # Read password out of this file. … … 159 168 'Default-key' => \$use_default_key, # Assume that default-key is set within 160 169 # ~/.gnupg/options. 161 'Symmetric' => \$symmetric_mode, # encrypt using symmetric cipher.162 #(this option is not required to163 #also decrypt, GnuPG handles164 #that automatically).170 'Symmetric' => \$symmetric_mode, # encrypt using symmetric cipher. 171 # (this option is not required to 172 # also decrypt, GnuPG handles 173 # that automatically). 165 174 'Plain-ascii' => \$ascii_armor_mode, # Ascii armor mode (creates non-binary 166 175 # encrypted files). … … 197 206 } 198 207 208 die "[*] Cannot --sign-dir and --verify-dir" 209 if $sign_dir and $verify_dir; 210 211 if ($sign_dir) { 212 $encrypt_dir = $sign_dir; 213 $signing_mode = 1; 214 } elsif ($verify_dir) { 215 $decrypt_dir = $verify_dir; 216 $verify_mode = 1; 217 } 218 199 219 if ($encrypt_dir and $overwrite_decrypted) { 200 220 die "[*] The -e and --overwrite-decrypted options are incompatible."; … … 236 256 } 237 257 238 $options{'armor'} = 1 if $ascii_armor_mode ;258 $options{'armor'} = 1 if $ascii_armor_mode or $signing_mode; 239 259 240 260 ### get the path to the user's home directory … … 256 276 257 277 if ($decrypt_dir and $encrypt_dir) { 258 die "[*] You cannot encrypt and decrypt the same directory, see --help\n";278 die "[*] Cannot encrypt and decrypt the same directory, see --help\n"; 259 279 } 260 280 261 281 unless ($decrypt_dir or $encrypt_dir or $test_and_exit) { 262 print "[*] Please specify -e <dir>, -d <dir>, or --test-mode, see --help\n"; 282 die "[*] Please specify -e <dir>, -d <dir>, or --test-mode, see --help\n"; 283 } 284 285 if ($obfuscate_mode) { 286 if ($sign_dir) { 287 die "[*] -O mode incompatible with --sign-dir"; 288 } elsif ($verify_dir) { 289 die "[*] -O mode incompatible with --verify-dir"; 290 } 263 291 } 264 292 … … 306 334 ### don't need to test encrypt/decrypt ability if we are running 307 335 ### in --Trial-run mode. 308 $skip_test_mode = 1 if $trial_run ;336 $skip_test_mode = 1 if $trial_run or $signing_mode or $verify_mode; 309 337 310 338 if ($dir eq '.') { … … 321 349 &write_pid(); 322 350 323 if ($symmetric_mode ) {351 if ($symmetric_mode or $signing_mode) { 324 352 &get_password(); 325 353 } else { 326 &get_password() unless $encrypt_mode and $skip_test_mode; 354 &get_password() unless (($encrypt_mode and $skip_test_mode) 355 or $verify_mode); 327 356 } 328 357 … … 333 362 } 334 363 335 if ($encrypt_mode) { 336 print "[+] Encrypting directory: $dir\n" unless $quiet; 364 if ($signing_mode) { 365 print "[+] Signing files in directory: $dir\n" unless $quiet; 366 } elsif ($encrypt_mode) { 367 print "[+] Encrypting files in directory: $dir\n" unless $quiet; 368 } elsif ($verify_mode) { 369 print "[+] Verifying signatures in directory: $dir\n" unless $quiet; 337 370 } else { 338 print "[+] Decrypting directory: $dir\n" unless $quiet;371 print "[+] Decrypting files in directory: $dir\n" unless $quiet; 339 372 } 340 373 … … 369 402 #==================== end main ===================== 370 403 371 sub encrypt_ file() {404 sub encrypt_or_sign_file() { 372 405 my ($in_file, $out_file, $del_flag) = @_; 373 406 … … 415 448 if ($symmetric_mode) { 416 449 $pid = $gpg->encrypt_symmetrically('handles' => $handles); 450 } elsif ($signing_mode) { 451 $pid = $gpg->detach_sign('handles' => $handles); 417 452 } else { 418 453 $pid = $gpg->encrypt('handles' => $handles); … … 446 481 die "[*] Created zero-size file: $out_file\n", 447 482 " Maybe gpg-agent does not yet have the password for that key?\n", 448 " Try re-running with -v.";483 " Try with --verbose"; 449 484 } else { 450 485 die "[*] Created zero-size file: $out_file\n", 451 " Bad password? Try re-running with -v.";486 " Bad password? Try with --verbose"; 452 487 } 453 488 } … … 456 491 } 457 492 458 sub decrypt_ file() {493 sub decrypt_or_verify_file() { 459 494 my ($in_file, $out_file, $del_flag) = @_; 495 496 my $pid; 497 my $bad_passphrase = 0; 498 my $bad_signature = 0; 499 my $file_encrypted_with_expected_key = 0; 500 my $input_fh = ''; 501 my $output_fh = ''; 502 my $error_fh = ''; 503 my $pw_fh = ''; 504 my $status_fh = ''; 505 my $handles = ''; 460 506 461 507 my $gpg = GnuPG::Interface->new(); … … 465 511 "homedir: $gpg_homedir" unless $gpg; 466 512 467 unless ($ symmetric_mode or $use_default_key) {513 unless ($verify_mode or $symmetric_mode or $use_default_key) { 468 514 $gpg->options->default_key($encrypt_user); 469 515 $gpg->options->push_recipients($encrypt_user); 470 516 } 471 517 472 my ($input_fh, $output_fh, $error_fh, $pw_fh, $status_fh) = 473 (IO::File->new($in_file), 474 IO::File->new("> $out_file"), 475 IO::Handle->new(), 476 IO::Handle->new(), 477 IO::Handle->new()); 478 479 my $handles = GnuPG::Handles->new( 480 stdin => $input_fh, 481 stdout => $output_fh, 482 stderr => $error_fh, 483 passphrase => $pw_fh, 484 status => $status_fh 485 ); 486 $handles->options('stdin')->{'direct'} = 1; 487 $handles->options('stdout')->{'direct'} = 1; 488 489 my $pid; 518 if ($verify_mode) { 519 ($input_fh, $output_fh, $error_fh, $status_fh) = 520 (IO::Handle->new(), 521 IO::Handle->new(), 522 IO::Handle->new(), 523 IO::Handle->new()); 524 $handles = GnuPG::Handles->new( 525 stdin => $input_fh, 526 stdout => $output_fh, 527 stderr => $error_fh, 528 status => $status_fh 529 ); 530 } else { 531 ($input_fh, $output_fh, $error_fh, $pw_fh, $status_fh) = 532 (IO::File->new($in_file), 533 IO::File->new("> $out_file"), 534 IO::Handle->new(), 535 IO::Handle->new(), 536 IO::Handle->new()); 537 $handles = GnuPG::Handles->new( 538 stdin => $input_fh, 539 stdout => $output_fh, 540 stderr => $error_fh, 541 passphrase => $pw_fh, 542 status => $status_fh 543 ); 544 $handles->options('stdin')->{'direct'} = 1; 545 $handles->options('stdout')->{'direct'} = 1; 546 } 490 547 491 548 if ($use_gpg_agent) { … … 493 550 'command_args' => [ qw( --use-agent ) ]); 494 551 } else { 495 $pid = $gpg->decrypt('handles' => $handles); 496 } 497 498 print $pw_fh $pw; 499 close $pw_fh; 552 if ($verify_mode) { 553 $pid = $gpg->wrap_call( 554 'commands' => [ qw( --verify ) ], 555 'command_args' => [ ( $in_file ) ], 556 'handles' => $handles 557 ); 558 } else { 559 $pid = $gpg->decrypt('handles' => $handles); 560 } 561 } 562 563 unless ($verify_mode) { 564 print $pw_fh $pw; 565 close $pw_fh; 566 } 500 567 501 568 my @errors = <$error_fh>; 502 503 if ($verbose) { 504 print for @errors; 505 } else { 506 for (@errors) { 507 print if /bad\s+pass/; 508 } 509 } 569 my @status = <$status_fh>; 510 570 511 571 close $input_fh; … … 516 576 waitpid $pid, 0; 517 577 518 if (-s $out_file == 0) { 578 for (@status) { 579 if ($verify_mode) { 580 ### [GNUPG:] BADSIG 9EEEEE6BEE428EEE Some User <someone@domain.com> 581 $bad_signature = 1 if /BADSIG/; 582 } else { 583 ### [GNUPG:] BAD_PASSPHRASE C326F95CE133EA4E 584 $bad_passphrase = 1 if /BAD_?PASS/; 585 if (/NEED_PASSPHRASE\s\S+\s+\S+$encrypt_user\s/) { 586 ### [GNUPG:] NEED_PASSPHRASE CDE4D7DDFD66DCB9 95D85DDDDD42D39D 16 0 587 $file_encrypted_with_expected_key = 1; 588 } elsif ((length($encrypt_user) == 8) 589 and /USERID_HINT\s+.*$encrypt_user/) { 590 $file_encrypted_with_expected_key = 1; 591 } 592 } 593 } 594 595 if ($verbose) { 596 print " GnuPG errors:\n"; 597 print for @errors; 598 print " GnuPG status:\n"; 599 print for @status; 600 } else { 601 for (@status) { 602 if (/BAD_?PASS/) { 603 print unless $quiet; 604 } elsif (/BADSIG/) { 605 print unless $quiet; 606 } 607 } 608 } 609 610 if ($bad_passphrase) { 611 if (-s $out_file == 0) { 612 &delete_file($out_file); 613 &delete_file($in_file) if $del_flag == $DEL_SOURCE_FILE; 614 if ($file_encrypted_with_expected_key) { 615 die "[*] Bad passphrase, try gpgdir with -v"; 616 } else { 617 print "[-] Skipping file encrypted with different ", 618 "GnuPG key: $in_file\n" unless $quiet; 619 } 620 } else { 621 die 622 "[*] Bad passphrase, but created non-zero sized output file, should not\n", 623 " happen. Try with --verbose"; 624 } 625 } elsif (-s $out_file == 0) { 519 626 &delete_file($out_file); 520 627 &delete_file($in_file) if $del_flag == $DEL_SOURCE_FILE; … … 522 629 die "[*] Created zero-size file: $out_file\n", 523 630 " Maybe gpg-agent does not yet have the password for that key?\n", 524 " Try re-running with -v.";631 " Try with --verbose"; 525 632 } else { 526 633 die "[*] Created zero-size file: $out_file\n", 527 " Bad password? Try re-running with -v.";634 " Bad password? Try with --verbose"; 528 635 } 529 636 } … … 625 732 } 626 733 627 if ($ascii_armor_mode ) {734 if ($ascii_armor_mode or $signing_mode) { 628 735 $encrypt_filename = "$filename.asc"; 629 736 } 630 737 631 738 if (-e $encrypt_filename and not $overwrite_encrypted) { 632 print "[-] Encrypted file $dir/$encrypt_filename already ", 739 my $str = 'Encrypted'; 740 $str = 'Signed' if $signing_mode; 741 print "[-] $str file $dir/$encrypt_filename already ", 633 742 "exists, skipping.\n" unless $quiet; 634 743 next FILE; … … 636 745 637 746 if ($interactive_mode) { 747 my $str = 'Encrypt'; 748 $str = 'Sign' if $signing_mode; 638 749 next FILE unless (&query_yes_no( 639 " Encrypt: $file ([y]/n)? ", $ACCEPT_YES_DEFAULT)); 640 } 641 642 print "[+] Encrypting: $file\n" unless $quiet; 750 " $str: $file ([y]/n)? ", $ACCEPT_YES_DEFAULT)); 751 } 752 753 my $str = 'Encrypting'; 754 $str = 'Signing' if $signing_mode; 755 print "[+] $str: $file\n" unless $quiet; 643 756 644 757 unless ($trial_run) { 645 758 646 &encrypt_ file($filename, $encrypt_filename,759 &encrypt_or_sign_file($filename, $encrypt_filename, 647 760 $NO_DEL_SOURCE_FILE); 648 761 649 if (-e $encrypt_filename &&-s $encrypt_filename != 0) {762 if (-e $encrypt_filename and -s $encrypt_filename != 0) { 650 763 ### set the atime and mtime to be the same as the 651 764 ### original file. … … 656 769 } 657 770 } 658 ### only delete the original file if 659 ### the encrypted one exists 660 if ($wipe_mode and not $quiet) { 661 print " Securely deleting file: $file\n"; 771 772 unless ($signing_mode) { 773 ### only delete the original file if 774 ### the encrypted one exists 775 if ($wipe_mode and not $quiet) { 776 print " Securely deleting file: $file\n"; 777 } 778 &delete_file($filename); 779 780 if ($obfuscate_mode) { 781 782 ### record the original file name mapping 783 &append_obfuscated_mapping($filename, 784 $encrypt_filename); 785 786 $obfuscate_ctrs{$dir}++; 787 } 662 788 } 663 &delete_file($filename);664 665 if ($obfuscate_mode) {666 667 ### record the original file name mapping668 &append_obfuscated_mapping($filename,669 $encrypt_filename);670 671 $obfuscate_ctrs{$dir}++;672 }673 789 674 790 $total_encrypted++; 675 791 676 792 } else { 677 print "[-] Could not encrypt file: $file\n" unless $quiet; 793 my $str = 'encrypt'; 794 $str = 'sign' if $signing_mode; 795 print "[-] Could not $str file: $file\n" unless $quiet; 678 796 next FILE; 679 797 } … … 720 838 next FILE unless length($decrypt_filename) > 0; 721 839 722 ### don't decrypt a file on top of a normal file of 723 ### the same name 724 if (-e $decrypt_filename and not $overwrite_decrypted) { 725 print "[-] Decrypted file $dir/$decrypt_filename ", 726 "already exists. Skipping.\n" unless $quiet; 727 next FILE; 840 if ($verify_mode) { 841 unless (-e $decrypt_filename) { 842 print "[-] Original file $decrypt_filename ", 843 "does not exist, skipping.\n"; 844 next FILE; 845 } 846 } else { 847 ### don't decrypt a file on top of a normal file of 848 ### the same name 849 if (-e $decrypt_filename and not $overwrite_decrypted) { 850 print "[-] Decrypted file $dir/$decrypt_filename ", 851 "already exists. Skipping.\n" unless $quiet; 852 next FILE; 853 } 728 854 } 729 855 730 856 if ($interactive_mode) { 857 my $str = 'Decrypt'; 858 $str = 'Verify' if $verify_mode; 731 859 next FILE unless (&query_yes_no( 732 " Decrypt: $file ([y]/n)? ", $ACCEPT_YES_DEFAULT));860 " $str: $file ([y]/n)? ", $ACCEPT_YES_DEFAULT)); 733 861 } 734 862 735 863 unless ($trial_run) { 736 737 print "[+] Decrypting: $dir/$filename\n" unless $quiet; 738 &decrypt_file($filename, $decrypt_filename, 864 my $str = 'Decrypting'; 865 $str = 'Verifying' if $verify_mode; 866 print "[+] $str: $dir/$filename\n" unless $quiet; 867 &decrypt_or_verify_file($filename, $decrypt_filename, 739 868 $NO_DEL_SOURCE_FILE); 740 869 741 if (-e $decrypt_filename && -s $decrypt_filename != 0) { 742 ### set the atime and mtime to be the same as the 743 ### original file. 744 unless ($no_fs_times) { 745 if (defined $mtime and $mtime and 746 defined $atime and $atime) { 747 utime $atime, $mtime, $decrypt_filename; 870 unless ($verify_mode) { 871 if (-e $decrypt_filename and -s $decrypt_filename != 0) { 872 ### set the atime and mtime to be the same as the 873 ### original file. 874 unless ($no_fs_times) { 875 if (defined $mtime and $mtime and 876 defined $atime and $atime) { 877 utime $atime, $mtime, $decrypt_filename; 878 } 748 879 } 880 if ($wipe_mode and not $quiet) { 881 print " Securely deleting file: $file\n"; 882 } 883 ### only delete the original encrypted 884 ### file if the decrypted one exists 885 &delete_file($filename); 886 887 $total_decrypted++; 888 889 } else { 890 print "[-] Could not decrypt file: $file\n" 891 unless $quiet; 892 next FILE; 749 893 } 750 if ($wipe_mode and not $quiet) {751 print " Securely deleting file: $file\n";752 }753 ### only delete the original encrypted754 ### file if the decrypted one exists755 &delete_file($filename);756 757 $total_decrypted++;758 759 } else {760 print "[-] Could not decrypt file: $file\n" unless $quiet;761 next FILE;762 894 } 763 895 } … … 837 969 "$dir/$obfuscate_map_filename\n" unless $quiet; 838 970 unless ($trial_run) { 839 &encrypt_ file($obfuscate_map_filename,971 &encrypt_or_sign_file($obfuscate_map_filename, 840 972 "$obfuscate_map_filename.gpg", $NO_DEL_SOURCE_FILE); 841 973 … … 849 981 "$dir/$obfuscate_map_filename.gpg\n" unless $quiet; 850 982 unless ($trial_run) { 851 &decrypt_ file("$obfuscate_map_filename.gpg",983 &decrypt_or_verify_file("$obfuscate_map_filename.gpg", 852 984 $obfuscate_map_filename, $NO_DEL_SOURCE_FILE); 853 985 … … 867 999 return unless -e "$obfuscate_map_filename.gpg"; 868 1000 869 &decrypt_ file("$obfuscate_map_filename.gpg",1001 &decrypt_or_verify_file("$obfuscate_map_filename.gpg", 870 1002 $obfuscate_map_filename, $NO_DEL_SOURCE_FILE); 871 1003 … … 917 1049 return unless -e "$obfuscate_map_filename.gpg"; 918 1050 919 &decrypt_ file("$obfuscate_map_filename.gpg",1051 &decrypt_or_verify_file("$obfuscate_map_filename.gpg", 920 1052 $obfuscate_map_filename, $NO_DEL_SOURCE_FILE); 921 1053 … … 1007 1139 1008 1140 close F; 1009 print1141 die 1010 1142 "[*] Please edit $homedir/.gpgdirrc to include your gpg key identifier,\n", 1011 1143 " or use the default GnuPG key defined in ~/.gnupg/options. Exiting.\n"; 1012 exit 0;1013 1144 } 1014 1145 … … 1026 1157 if (-e $file and not -l $file and -s $file != 0 1027 1158 and $file !~ m|/\.|) { 1028 if ($encrypt_mode ) {1159 if ($encrypt_mode or $signing_mode) { 1029 1160 if ($file =~ m|\.gpg| or $file =~ m|\.asc|) { 1030 print "[-] Skipping encrypted file: $file\n" unless $quiet; 1161 print "[-] Skipping encrypted/signed file: $file\n" unless $quiet; 1162 return; 1163 } 1164 } elsif ($verify_mode) { 1165 unless ($file =~ m|\.asc|) { 1166 ### only pick up the signature files 1031 1167 return; 1032 1168 } … … 1076 1212 print " *** test_mode() ***\n" unless $quiet; 1077 1213 } 1078 if ($encrypt_mode) { 1214 if ($signing_mode) { 1215 print " Enter signing password.\n" unless $quiet; 1216 } elsif ($encrypt_mode) { 1079 1217 print ' Enter password (for initial ' . 1080 1218 "encrypt/decrypt test)\n" unless $quiet; … … 1083 1221 ### get the password without echoing the chars back to the screen 1084 1222 ReadMode('noecho'); 1085 while ( !$pw) {1223 while (not $pw) { 1086 1224 print $msg; 1087 1225 $pw = ReadLine(0); … … 1126 1264 } 1127 1265 1128 &encrypt_ file($test_file, "${test_file}.gpg", $DEL_SOURCE_FILE);1266 &encrypt_or_sign_file($test_file, "${test_file}.gpg", $DEL_SOURCE_FILE); 1129 1267 1130 1268 if (-e "$test_file.gpg" and (-s $test_file != 0)) { … … 1136 1274 } 1137 1275 1138 &decrypt_ file("${test_file}.gpg", $test_file, $DEL_SOURCE_FILE);1276 &decrypt_or_verify_file("${test_file}.gpg", $test_file, $DEL_SOURCE_FILE); 1139 1277 1140 1278 if (-e $test_file and (-s $test_file != 0)) { … … 1254 1392 next unless -d "$lib_dir/$dir"; 1255 1393 push @paths, "$lib_dir/$dir" 1256 if $dir =~ m|linux| or $dir =~ m|thread|; 1394 if $dir =~ m|linux| or $dir =~ m|thread| 1395 or (-d "$lib_dir/$dir/auto"); 1257 1396 } 1258 1397 return \@paths; … … 1271 1410 1272 1411 Options: 1273 -e, --encrypt <directory> - Encrypt <directory> and all of its 1274 subdirectories. 1275 -d, --decrypt <directory> - Decrypt <directory> and all of its 1276 subdirectories. 1412 -e, --encrypt <directory> - Recursively encrypt all files in 1413 <directory> and all subdirectories. 1414 -d, --decrypt <directory> - Recursively decrypt all files in 1415 <directory> and all subdirectories. 1416 --sign <directory> - Recursively sign all files in <directory> 1417 and all subdirectories. 1418 --verify <directory> - Recursively verify all GnuPG signatures 1419 in <directory>. 1420 -K, --Key-id <id> - Specify GnuPG key ID, or key-matching 1421 string. This overrides the use_key value 1422 in ~/.gpgdirrc 1423 -D, --Default-key - Use the key that GnuPG defines as the 1424 default (i.e. the key that is specified 1425 by the default-key option in 1426 ~/.gnupg/options). 1277 1427 -a, --agent - Acquire password information from a 1278 1428 running instance of gpg-agent. … … 1283 1433 gpg keys (the default is ~/.gnupg if this 1284 1434 option is not used). 1435 -S, --Symmetric - Use symmetric encryption instead of the 1436 default asymmetric encryption. 1285 1437 -p, --pw-file <file> - Read password in from <file>. 1286 - s, --skip-test- Skip encrypt -> decrypt test.1438 --skip-test - Skip encrypt -> decrypt test. 1287 1439 -t, --test-mode - Run encrypt -> decrypt test and exit. 1288 1440 -T, --Trial-run - Show what filesystem actions would take … … 1299 1451 --Include-from <file> - Include only those filenames that match a 1300 1452 pattern contained within <file>. 1301 -K, --Key-id <id> - Specify GnuPG key ID, or key-matching1302 string. This overrides the use_key value1303 in ~/.gpgdirrc1304 -D, --Default-key - Use the key that GnuPG defines as the1305 default (i.e. the key that is specified1306 by the default-key option in1307 ~/.gnupg/options).1308 1453 -O, --Obfuscate-filenames - Substitute all real filenames in a 1309 1454 directory with manufactured ones (the … … 1342 1487 --no-locale - Don't set the locale to anything (the 1343 1488 default is the "C" locale). 1344 - v, --verbose - Run in verbose mode.1489 --verbose - Run in verbose mode. 1345 1490 -V, --Version - print version. 1346 1491 -h, --help - print help. gpgdir/trunk/test/gpgdir_test.pl
r308 r310 33 33 use Digest::MD5 'md5_base64'; 34 34 use File::Find; 35 use File::Copy; 35 36 use Getopt::Long; 36 37 use strict; … … 47 48 my $gpg_dir = "$conf_dir/test-gpg"; 48 49 my $pw_file = "$conf_dir/test.pw"; 50 my $broken_pw_file = "$conf_dir/broken.pw"; 49 51 my $key_id = '375D7DB9'; 50 51 my $cmd_stdout = "$output_dir/cmd.stdout";52 my $cmd_stderr = "$output_dir/cmd.stderr";53 52 #==================== end config ================== 54 53 … … 56 55 my $test_num = 0; 57 56 my $PRINT_LEN = 68; 57 my $APPEND = 1; 58 my $NO_APPEND = 0; 58 59 my $failed_tests = 0; 59 60 my $prepare_results = 0; 60 61 my $successful_tests = 0; 62 my $current_test_file = "$output_dir/$test_num.test"; 63 my $previous_test_file = ''; 61 64 my @data_dir_files = (); 62 65 my %md5sums = (); … … 125 128 &test_driver('(Sign/verify dir) Excluded hidden files/dirs', 126 129 \&skipped_hidden_files_dirs); 130 &test_driver('(Sign/verify dir) Broken signature detection', 131 \&broken_sig_detection); 127 132 &test_driver('(Sign/verify dir) gpgdir directory verification', \&verify); 128 133 &test_driver('(Sign/verify dir) Files recursively verified', 129 134 \&recursively_verified); 130 ### remove all .asc files now 135 136 ### bad password detection 137 &test_driver('(Bad passphrase) detected broken passphrase', 138 \&broken_passphrase); 131 139 132 140 &logr("\n"); … … 147 155 my ($msg, $func_ref) = @_; 148 156 157 my $test_status = 'pass'; 149 158 &dots_print($msg); 150 159 if (&{$func_ref}) { 151 160 &pass(); 152 161 } else { 162 $test_status = 'fail'; 153 163 $failed_tests++; 154 164 } 165 166 open C, ">> $current_test_file" 167 or die "[*] Could not open $current_test_file: $!"; 168 print C "\nTEST: $msg, STATUS: $test_status\n"; 169 close C; 170 171 $previous_test_file = $current_test_file; 155 172 $test_num++; 173 $current_test_file = "$output_dir/$test_num.test"; 156 174 return; 175 } 176 177 sub broken_passphrase() { 178 if (not &run_cmd("$gpgdirCmd --gnupg-dir $gpg_dir " . 179 " --pw-file $broken_pw_file --Key-id $key_id -e $data_dir", 180 $NO_APPEND)) { 181 my $found_bad_pass = 0; 182 open F, "< $current_test_file" or die $!; 183 while (<F>) { 184 if (/BAD_?PASS/) { 185 $found_bad_pass = 1; 186 } 187 } 188 close F; 189 if ($found_bad_pass) { 190 return 1; 191 } 192 } 193 return &print_errors("[-] Accepted broken passphrase"); 157 194 } 158 195 159 196 sub encrypt() { 160 197 if (&run_cmd("$gpgdirCmd --gnupg-dir $gpg_dir " . 161 " --pw-file $pw_file --Key-id $key_id -e $data_dir" )) {162 return 1;163 }164 return &print_errors("fail ($test_num)\n[*] " .165 "Directory encryption");198 " --pw-file $pw_file --Key-id $key_id -e $data_dir", 199 $NO_APPEND)) { 200 return 1; 201 } 202 return &print_errors("[-] Directory encryption"); 166 203 } 167 204 168 205 sub ascii_encrypt() { 169 206 if (&run_cmd("$gpgdirCmd --Plain-ascii --gnupg-dir $gpg_dir " . 170 " --pw-file $pw_file --Key-id $key_id -e $data_dir" )) {171 return 1;172 }173 return &print_errors("fail ($test_num)\n[*] " .174 "Directory encryption");207 " --pw-file $pw_file --Key-id $key_id -e $data_dir", 208 $NO_APPEND)) { 209 return 1; 210 } 211 return &print_errors("[-] Directory encryption"); 175 212 } 176 213 177 214 sub obf_encrypt() { 178 215 if (&run_cmd("$gpgdirCmd -O --gnupg-dir $gpg_dir " . 179 " --pw-file $pw_file --Key-id $key_id -e $data_dir" )) {180 return 1;181 }182 return &print_errors("fail ($test_num)\n[*] " .183 "Directory encryption");216 " --pw-file $pw_file --Key-id $key_id -e $data_dir", 217 $NO_APPEND)) { 218 return 1; 219 } 220 return &print_errors("[-] Directory encryption"); 184 221 } 185 222 186 223 sub sign() { 187 224 if (&run_cmd("$gpgdirCmd --gnupg-dir $gpg_dir " . 188 " --pw-file $pw_file --Key-id $key_id --sign $data_dir" )) {189 return 1;190 }191 return &print_errors("fail ($test_num)\n[*] " .192 "Directory signing");225 " --pw-file $pw_file --Key-id $key_id --sign $data_dir", 226 $NO_APPEND)) { 227 return 1; 228 } 229 return &print_errors("[-] Directory signing"); 193 230 } 194 231 195 232 sub decrypt() { 196 233 if (&run_cmd("$gpgdirCmd --gnupg-dir $gpg_dir " . 197 " --pw-file $pw_file --Key-id $key_id -d $data_dir" )) {198 return 1;199 }200 return &print_errors("fail ($test_num)\n[*] " .201 "Directory decryption");234 " --pw-file $pw_file --Key-id $key_id -d $data_dir", 235 $NO_APPEND)) { 236 return 1; 237 } 238 return &print_errors("[-] Directory decryption"); 202 239 } 203 240 204 241 sub obf_decrypt() { 205 242 if (&run_cmd("$gpgdirCmd -O --gnupg-dir $gpg_dir " . 206 " --pw-file $pw_file --Key-id $key_id -d $data_dir" )) {207 return 1;208 }209 return &print_errors("fail ($test_num)\n[*] " .210 "Directory decryption");243 " --pw-file $pw_file --Key-id $key_id -d $data_dir", 244 $NO_APPEND)) { 245 return 1; 246 } 247 return &print_errors("[-] Directory decryption"); 211 248 } 212 249 213 250 sub verify() { 214 251 if (&run_cmd("$gpgdirCmd --gnupg-dir $gpg_dir " . 215 " --pw-file $pw_file --Key-id $key_id --verify $data_dir" )) {216 return 1;217 }218 return &print_errors("fail ($test_num)\n[*] " .219 "Directory verification");252 " --pw-file $pw_file --Key-id $key_id --verify $data_dir", 253 $NO_APPEND)) { 254 return 1; 255 } 256 return &print_errors("[-] Directory verification"); 220 257 } 221 258 … … 226 263 if (-f $file and not ($file =~ m|^\.| or $file =~ m|/\.|)) { 227 264 unless ($file =~ m|\.gpg$|) { 228 return &print_errors("fail ($test_num)\n[*] " . 229 "File $file not encrypted"); 265 return &print_errors("[-] File $file not encrypted"); 230 266 } 231 267 } … … 241 277 if ($file !~ m|\.asc$|) { 242 278 unless (-e "$file.asc") { 243 &nb