From 8cbd118637941e9d2621cb248ffd1ed3f7905413 Mon Sep 17 00:00:00 2001
From: Ben Boeckel <mathstuf@gmail.com>
Date: Fri, 25 Sep 2015 01:37:54 -0400
Subject: encryption_plugin: add a gnupghome configuration option

Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
---
 yarns/0060-encryption.yarn | 16 ++++++++++++++++
 yarns/9000-implements.yarn | 26 ++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)

(limited to 'yarns')

diff --git a/yarns/0060-encryption.yarn b/yarns/0060-encryption.yarn
index acbade88..6985f1ff 100644
--- a/yarns/0060-encryption.yarn
+++ b/yarns/0060-encryption.yarn
@@ -46,6 +46,22 @@ that encryption is done at the I/O abstraction level.
     AND user U restores their latest generation in repository R into X
     THEN L, restored to X, matches manifest M
 
+Keys provided by a custom directory
+-----------------------------------
+
+We'll make a simple backup and restore using encryption. If this
+works, we can probably assume that any other normal repository
+operations (those not part of encryption management) also work, given
+that encryption is done at the I/O abstraction level.
+
+    SCENARIO encrypted backup and restore with a separate keyring
+    GIVEN user U separately uses encryption key "Test Key One" from test-data/keyring-1
+    AND 128kB of new data in directory L
+    AND a manifest of L in M
+    WHEN user U backs up directory L to repository R
+    AND user U restores their latest generation in repository R into X
+    THEN L, restored to X, matches manifest M
+
 Adding and removing keys to clients
 -----------------------------------
 
diff --git a/yarns/9000-implements.yarn b/yarns/9000-implements.yarn
index 204611cf..4a03f3d8 100644
--- a/yarns/9000-implements.yarn
+++ b/yarns/9000-implements.yarn
@@ -231,6 +231,32 @@ use. We store that.
 
     add_to_config "$MATCH_1" encrypt-with "$MATCH_2"
 
+Scenarios involving encryption may also use a private keyring directory.
+
+    IMPLEMENTS GIVEN user (\S+) separately uses encryption key "(.*)" from (\S+)
+    if [ ! -e "$DATADIR/$MATCH_1.gnupg" ]
+    then
+        mkdir "$DATADIR/$MATCH_1.gnupg"
+        cp -a "$SRCDIR/$MATCH_3/." "$DATADIR/$MATCH_1.gnupg/."
+        add_to_config "$MATCH_1" gnupghome "$DATADIR/$MATCH_1.gnupg"
+    else
+        # Export public and secret keys from new keyring.
+        export GNUPGHOME="$SRCDIR/$MATCH_3"
+        gpg --export "$MATCH_2" > "$DATADIR/public.key"
+        gpg --export-secret-keys "$MATCH_2" > "$DATADIR/secret.key"
+
+        # Import into the keyring uses for tests.
+        export GNUPGHOME="$DATADIR/$MATCH_1.gnupg"
+        gpg --import "$DATADIR/public.key"
+        gpg --import "$DATADIR/secret.key"
+
+        # Use the configuration rather than the environment.
+        add_to_config "$MATCH_1" gnupghome "$GNUPGHOME"
+        unset GNUPGHOME
+    fi
+
+    add_to_config "$MATCH_1" encrypt-with "$MATCH_2"
+
 Encryption scenarions, at least, also need users that pretend to be
 someone else.
 
-- 
cgit v1.2.1