Existing code gives up searching for a GnuPG executable (returning None --
contrary to the docstring indicating that a RuntimeError will be thrown in all
cases where no binary can be found) if the first item found is a symlink or is
not accessed via an absolute path.
This refactored version moves the filtering logic down into the _which helper
-- and thus continues to search past unacceptable results -- even if the first
item found is not acceptable.
Parsing such messages would change documented behavior (which specifies a
limited set of messages, not conforming with the given status codes). Ignoring
them is thus the safer change.
* ADD test_encryption_to_filename which checks that encrypt(...,
output='somefilename.gpg') works correctly (when `output` is a string
containing the filename).
This tests for the bug reported in Issue #24.
https://github.com/isislovecruft/python-gnupg/issues/24
* FIXES Issue#24, which prevented python-gnupg from encrypting to a
filename given as a string to the `output` parameter of
`gnupg.GPGMeta._encrypt()`.
* THANKS TO by Bill Buddington of SecureDrop and Yan Zhu of the
Electronic Frontier Foundation (EFF) for finding and reporting the
bug. The ticket for this bug can be viewed at:
https://github.com/isislovecruft/python-gnupg/issues/24
In the method `gnupg.GPG.verify_file()`, the `writer` was improperly
initialised: `_util._threaded_copy_data` was being given a filename when
it expects an open `file` object which it can read() from. Additionally,
the `writer` parameter was missing from the call to
`gnupg.GPG._collect_output()`, so even if it had been properly
initialised, the output would not have been written to the stdin of the
thread GnuPG was being called within.
When gnupg.GPG.verify_file() was changed recently to take the filename
of the signature file as an argument to GnuPG, and then take the data
file to be verified on stdin, the parser in _parsers._check_options()
would call _util._is_file(), which would return False and log an error
that "'-' is not a file!". This fixes that issue by catching OSError and
treating it differently.
Additionally, I renamed the _util._is_file() parameter
`input`→`filename` to avoid overriding a builtin method.
I also replaced the `assert` lines with explicit checks, because
`assert`s are stripped out when the Python interpreter is run with -OO.
* FIXES an issue with verification of detached signatures whose
datafiles are read from stdin.
Charles Duffy
Isis Lovecruft
kali
Kali Kaneko
Thomas Tanner
Matt Behrens