libelektra: MSR fails with crypto tutorial with ini as default storage

Steps to Reproduce the Problem

Apply the patch:

diff --git a/doc/tutorials/crypto.md b/doc/tutorials/crypto.md
index 3881eb8dc..37f09d275 100644
--- a/doc/tutorials/crypto.md
+++ b/doc/tutorials/crypto.md
@@ -35,6 +35,14 @@ If you have no GPG private key available, you can generate one by entering the f
 
 The `fcrypt` plugin and the `crypto` plugin support both versions (version 1 and version 2) of GPG.
 
+In order to set up our tutorial we import the Elektra test key.
+We **DO NOT RECOMMEND** to use our key on your local machine, as it is available to the public!
+
+```sh
+gpg2 --import src/plugins/crypto/test_key.asc || gpg --import src/plugins/crypto/test_key.asc
+echo "trust-model always" > ~/.gnupg/gpg.conf
+```
+
 ## Introduction
 
 In this tutorial we explain the use of the `crypto` plugin and the `fcrypt` plugin by a simple example:
diff --git a/tests/shell/shell_recorder/tutorial_wrapper/CMakeLists.txt b/tests/shell/shell_recorder/tutorial_wrapper/CMakeLists.txt
index 60e8241fe..d991a9b25 100644
--- a/tests/shell/shell_recorder/tutorial_wrapper/CMakeLists.txt
+++ b/tests/shell/shell_recorder/tutorial_wrapper/CMakeLists.txt
@@ -12,5 +12,7 @@ add_msr_test (kdb-ls "${CMAKE_SOURCE_DIR}/doc/help/kdb-ls.md")
 
 add_msr_test (tutorial_validation "${CMAKE_SOURCE_DIR}/doc/tutorials/validation.md" REQUIRED_PLUGINS validation)
 
+add_msr_test (tutorial_crypto "${CMAKE_SOURCE_DIR}/doc/tutorials/crypto.md" REQUIRED_PLUGINS crypto_gcrypt fcrypt)
+
 # Only works with super user privileges, since it writes to `/etc/hosts`:
 # add_msr_test (tutorial_mount "${CMAKE_SOURCE_DIR}/doc/tutorials/mount.md")

Build Elektra with

cmake ..
        -DKDB_DB_FILE='default.ini' \
	-DKDB_DB_INIT='elektra.ini' \
	-DKDB_DEFAULT_STORAGE=ini

Run the test:

ctest --output-on-failure -V -R testshell_markdown_tutorial_crypto

Expected Result

Test should succeed.

Actual Result

Every execution step in the test fails, including the import of the GPG key.

System Information

  • Elektra Version: master
  • local, Docker Container. build server: elektra-ini-mergerequest

Further Log Files and Output

n/a

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 25 (25 by maintainers)

Commits related to this issue

Most upvoted comments

This is a good question! Afaik it does not but you can simply use KDB to store anything. So you would write something like (untested):

kdb set /tests/gpg/key/id `gpg2 --batch --with-colons --fixed-list-mode --list-secret-keys | grep sec | awk '{split($0,a,":"); print a[5]}'`
kdb get /tests/gpg/key/id
kdb set /sw/elektra/kdb/#0/current/plugins ""
sudo kdb mount test.ini user/test fcrypt "encrypt/key=`kdb get /tests/gpg/key/id`" ini
kdb set user/test/password 1234
#> Create a new key user/test/password with string "1234"
kdb file user/test/password | xargs cat

We should definitely add this information to tests/shell/shell_recorder/tutorial_wrapper/README.md

Btw. the kdb set /sw/elektra is quite dangerous, it might lead to data loss of the person executing the test. Tests should only write to /tests or, if the change is absolutely needed, restore what was in the KDB before.

+2
markus2330 on Mar 3, 2019

Actually there is a bug besides the limitation of how many plugins can exist (we are already working on this one). The bug is that kdb mount even tries to add the sync plugin because fcrypt already provides sync, so adding the sync plugin is not necessary. I tried to fix it in #2631.

+1
markus2330 on Apr 14, 2019

Status update: I have some progress to report. fcrypt is testable and running with MSR. crypto still causes troubles. I’m still at it.

I thought about providing a small setup tool, that generates a new GPG test-key using libgpgme.

This is the solution I’m currently following. It doesn’t look too bad:

sudo kdb mount test.ini user/test crypto_gcrypt "crypto/key=$(elektra-gpg-testkey)" base64 ini
+1
petermax2 on Apr 6, 2019

Can you fix this issue now?

Not quite, I thought about providing a small setup tool, that generates a new GPG test-key using libgpgme. I have to investigate further.

+1
petermax2 on Mar 31, 2019

UPDATE: I found a way to generate a “scripted” key that is usable, however a passphrase has to be set, otherwise the pinentry will come up asking for a passphrase.

cat >.elektra-test-key <<EOF
    Key-Type: RSA
    Key-Length: 512
    Subkey-Type: RSA
    Subkey-Length: 512
    Name-Real: libelektra test key
    Name-Comment: crypto plugin
    Name-Email: testkey@libelektra.org
    Expire-Date: 0
    Passphrase: 1234
    %commit
EOF
gpg2 --verbose --batch --gen-key .elektra-test-key

GnuPG is not meant to be “test-automated”. 😆

EDIT: add missing “be” in the last sentence.

+1
petermax2 on Mar 28, 2019

Not yet, I was just trying out

gpg2 --batch --passphrase '' --quick-generate-key elektra rsa512

to have some key for testing. MSR still fails but the key generation seems to work.

I can’t promise to have progress during the week.

+1
petermax2 on Feb 17, 2019

Is it possible to make a very small GPG key so that it is done fast?

Sure, that’s possible.

+1
petermax2 on May 12, 2018

except that this should not be done in the build server but in the test and reverted after the test is finished.

//EDIT: since I don’t want to sound like I am just passing work around because I do not want to do it: Imagine developer A at home wants to run the test. He does not care about the test server setting. A will get pissed because the test broke his setting.

+1
ingwinlu on May 12, 2018

@ingwinlu pointed out:

hmm the msr test for crypto should probably set HOME to a tmpdir so no overwrite of config can happen on dev machines

+1
petermax2 on May 12, 2018
Read more comments on GitHub
← libelektra: mmapstorage doesn't work with kdb export
libelektra: multiresolver: crash when used with cache →