This fixes an issue reported by @adulau on Github where importing KeyA
and asking for the ``ImportResult.fingerprints`` would list KeyA's
fingerprints, and then importing KeyB and asking for the
``ImportResult.fingerprints`` would list both KeyA and KeyB's
fingerprints.
This was caused by a side effect resulting from the
``ImportResult.fingerprints`` being a class-level attribute, which gets
modified by the first call to ``gnupg.GPG.import_key()``, causing later
instances of ``ImportResult`` to retain the side effect. This commit
causes the ``ImportResult`` class to be indempotent under sequential
composition calls to ``gnupg.GPG.import_keys()``, ultimately resulting
in listing, upon each key import attempt, only the fingerprints of the
keys which were listed *that* time.
* FIXES Issue #81https://github.com/isislovecruft/python-gnupg/issues/81
Windows doesn't have EUIDs, so instead we'll check that the usernames
match. This doesn't seem the least bit secure to me, but it's Windows so
they're probably owned anyway. If anyone knows one of the "proper" ways
to determine if another process has the same owner on Windows, I'd love
to know about it.
* FIXES Issue #58 but I don't have a Windows machine to test so maybe
it's still broken.
https://github.com/isislovecruft/python-gnupg/issues/58
It seems that more modern versions of Python (e.g. 2.7.8), doing:
from __future__ import print_function
print("SIG=%s" % sig)
with some binary data doesn't actually produce a UnicodeDecodeError,
which means that Python2 is slowly getting less retarded. :D
On the downside, we probably shouldn't have been testing for things
which are Python2.x mis-design issues (and not really our fault, nor a
bug in python-gnupg) anyway.
Existing code gives up searching for a GnuPG executable (returning None --
contrary to the docstring indicating that a RuntimeError will be thrown in all
cases where no binary can be found) if the first item found is a symlink or is
not accessed via an absolute path.
This refactored version moves the filtering logic down into the _which helper
-- and thus continues to search past unacceptable results -- even if the first
item found is not acceptable.
Parsing such messages would change documented behavior (which specifies a
limited set of messages, not conforming with the given status codes). Ignoring
them is thus the safer change.
* FIXES and issue discovered by ttanner (https://github.com/ttanner)
in `gnupg._meta.GPGBase._check_sane_and_get_gpg_version()` where the
GnuPG process wasn't closed and its file descriptors were left
hanging.
* FIXES part of Issue #63.
https://github.com/isislovecruft/python-gnupg/issues/63
There were so many hanging FD issues when I started patching
upstream python-gnupg ― I doubt I found all of them. I probably even
introduced some along the way. And, as ttanner pointed out, this
patch doesn't fix the issue fully, so there are likely more.
It wouldn't be very nice to test this on Travis for three versions of
Python, because some of the integration tests generate keys, and
although this is usually done with a UID comment saying `(INSECURE!)`
in order to trigger libgcrypt's use of the dummy RNG, the testing
process is still a little brutal on heavily used headless machines.
Isis Lovecruft
Tom Galloway
Ruben Pollan
Charles Duffy