gpg4libre: check if we can really verify OpenPGP signatures

And disable unit tests otherwise

Change-Id: I32e1d8d2f8b0013d9cb43b78a55d23a1a29a8e8d
Reviewed-on: https://gerrit.libreoffice.org/46057
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
(cherry picked from commit 7886de305809e265cd2126d39912147131d3a004)
Reviewed-on: https://gerrit.libreoffice.org/46191
Reviewed-by: Rene Engelhard <rene@debian.org>

3 files changed, 26 insertions, 14 deletions

diff --git a/config_host/config_gpgme.h.in b/config_host/config_gpgme.h.in
index a8435bd0aa43..7e46f3703ec3 100644
--- a/config_host/config_gpgme.h.in
+++ b/config_host/config_gpgme.h.in
@@ -16,6 +16,9 @@
 // Defined if gpgme support is available
 #define HAVE_FEATURE_GPGME 0
 
+// Defined if gpg and gpgme signature verification is available
+#define HAVE_FEATURE_GPGVERIFY 0
+
 #if HAVE_FEATURE_GPGME
 # include "config_lgpl.h"
 #endif
diff --git a/configure.ac b/configure.ac
index d65ade3281fd..6a6aac317628 100644
--- a/configure.ac
+++ b/configure.ac
@@ -133,9 +133,16 @@ dnl path location is git, so make sure we have it
     if test -n "$mac_git_path" -a -x "$mac_git_path" -a "$mac_git_path" != "/usr/bin/git" ; then
         mac_path="$mac_path:`dirname $mac_git_path`"
     fi
+dnl a not so common but nevertheless quite helpful thing that may be in a fancy
+dnl path location is gpg, so make sure we find it
+    mac_gpg_path=`which gpg 2>/dev/null`
+    if test -n "$mac_gpg_path" -a -x "$mac_gpg_path" -a "$mac_gpg_path" != "/usr/bin/gpg" ; then
+        mac_path="$mac_path:`dirname $mac_gpg_path`"
+    fi
     PATH="$mac_path"
     unset mac_path
-    unset git_mac_path
+    unset mac_git_path
+    unset mac_gpg_path
 }
 
 echo "********************************************************************"
@@ -10172,6 +10179,14 @@ if test "$_os" = "Linux" -o "$_os" = "Darwin" \
     fi
     ENABLE_GPGMEPP=TRUE
     AC_DEFINE([HAVE_FEATURE_GPGME])
+    AC_PATH_PROG(GPG, gpg)
+    # TODO: Windows's cygwin gpg does not seem to work with our gpgme,
+    # so let's exclude that manually for the moment
+    if test -n "$GPG" -a "$_os" != "WINNT"; then
+        # make sure we not only have a working gpgme, but a full working
+        # gpg installation to run OpenPGP signature verification
+        AC_DEFINE([HAVE_FEATURE_GPGVERIFY])
+    fi
 fi
 AC_SUBST(ENABLE_GPGMEPP)
 AC_SUBST(SYSTEM_GPGMEPP)
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx
index 9ea266907bcb..7e737f8f3bd4 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -42,6 +42,7 @@
 #include <sfx2/sfxbasemodel.hxx>
 #include <sfx2/objsh.hxx>
 #include <osl/file.hxx>
+#include <osl/process.h>
 #include <comphelper/ofopxmlhelper.hxx>
 
 #include <documentsignaturehelper.hxx>
@@ -103,8 +104,7 @@ public:
     void testXAdESGood();
     /// Test importing of signature line images
     void testSignatureLineImages();
-#ifdef LINUX
-# if HAVE_FEATURE_GPGME
+#if HAVE_FEATURE_GPGVERIFY
     /// Test a typical ODF where all streams are GPG-signed.
     void testODFGoodGPG();
     /// Test a typical ODF where all streams are GPG-signed, but we don't trust the signature.
@@ -113,7 +113,6 @@ public:
     void testODFBrokenStreamGPG();
     /// Test a typical broken ODF signature where the XML dsig hash is corrupted.
     void testODFBrokenDsigGPG();
-# endif
 #endif
     CPPUNIT_TEST_SUITE(SigningTest);
     CPPUNIT_TEST(testDescription);
@@ -137,13 +136,11 @@ public:
     CPPUNIT_TEST(testXAdES);
     CPPUNIT_TEST(testXAdESGood);
     CPPUNIT_TEST(testSignatureLineImages);
-#ifdef LINUX
-# if HAVE_FEATURE_GPGME
+#if HAVE_FEATURE_GPGVERIFY
     CPPUNIT_TEST(testODFGoodGPG);
     CPPUNIT_TEST(testODFUntrustedGoodGPG);
     CPPUNIT_TEST(testODFBrokenStreamGPG);
     CPPUNIT_TEST(testODFBrokenDsigGPG);
-# endif
 #endif
     CPPUNIT_TEST_SUITE_END();
 
@@ -177,15 +174,14 @@ void SigningTest::setUp()
     osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
     setenv("MOZILLA_CERTIFICATE_FOLDER", aTargetPath.toUtf8().getStr(), 1);
 #endif
-#ifdef LINUX
-# if HAVE_FEATURE_GPGME
+#if HAVE_FEATURE_GPGVERIFY
     // Make gpg use our own defined setup below data dir
     OUString aHomePath;
     osl::FileBase::getSystemPathFromFileURL(
         m_directories.getURLFromSrc(DATA_DIRECTORY),
         aHomePath);
-    setenv("GNUPGHOME", aHomePath.toUtf8().getStr(), 1);
-# endif
+    OUString envVar("GNUPGHOME");
+    osl_setEnvironment(envVar.pData, aHomePath.pData);
 #endif
 }
 
@@ -687,8 +683,7 @@ void SigningTest::testSignatureLineImages()
     CPPUNIT_ASSERT(xSignatureInfo[0].InvalidSignatureLineImage.is());
 }
 
-#ifdef LINUX
-# if HAVE_FEATURE_GPGME
+#if HAVE_FEATURE_GPGVERIFY
 void SigningTest::testODFGoodGPG()
 {
     createDoc(m_directories.getURLFromSrc(DATA_DIRECTORY) + "goodGPG.odt");
@@ -743,7 +738,6 @@ void SigningTest::testODFBrokenDsigGPG()
     CPPUNIT_ASSERT(pObjectShell);
     CPPUNIT_ASSERT_EQUAL(static_cast<int>(SignatureState::BROKEN), static_cast<int>(pObjectShell->GetDocumentSignatureState()));
 }
-# endif
 #endif
 
 void SigningTest::registerNamespaces(xmlXPathContextPtr& pXmlXpathCtx)