From db4d52d923b69bb604ffa2fee5006d42c1c06701 Mon Sep 17 00:00:00 2001
From: Scott Wittenburg <scott.wittenburg@kitware.com>
Date: Fri, 13 Sep 2019 13:57:55 -0600
Subject: Fix how 'gpg --list-secret-keys ...' output is parsed

---
 lib/spack/spack/test/util/util_gpg.py | 60 +++++++++++++++++++++++++++++++++++
 lib/spack/spack/util/gpg.py           | 23 ++++++++++----
 2 files changed, 77 insertions(+), 6 deletions(-)
 create mode 100644 lib/spack/spack/test/util/util_gpg.py

diff --git a/lib/spack/spack/test/util/util_gpg.py b/lib/spack/spack/test/util/util_gpg.py
new file mode 100644
index 0000000000..a0d9d4d807
--- /dev/null
+++ b/lib/spack/spack/test/util/util_gpg.py
@@ -0,0 +1,60 @@
+# Copyright 2013-2019 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+import spack.util.gpg as gpg
+
+
+def test_parse_gpg_output_case_one():
+    # Two keys, fingerprint for primary keys, but not subkeys
+    output = """sec::2048:1:AAAAAAAAAAAAAAAA:AAAAAAAAAA:AAAAAAAAAA:::::::::
+fpr:::::::::XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
+uid:::::::AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA::Joe (Test) <j.s@s.com>:
+ssb::2048:1:AAAAAAAAAAAAAAAA:AAAAAAAAAA::::::::::
+sec::2048:1:AAAAAAAAAAAAAAAA:AAAAAAAAAA:AAAAAAAAAA:::::::::
+fpr:::::::::YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY:
+uid:::::::AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA::Joe (Test) <j.s@s.com>:
+ssb::2048:1:AAAAAAAAAAAAAAAA:AAAAAAAAAA::::::::::
+"""
+    keys = gpg.parse_keys_output(output)
+
+    assert len(keys) == 2
+    assert keys[0] == 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
+    assert keys[1] == 'YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY'
+
+
+def test_parse_gpg_output_case_two():
+    # One key, fingerprint for primary key as well as subkey
+    output = """sec:-:2048:1:AAAAAAAAAA:AAAAAAAA:::-:::escaESCA:::+:::23::0:
+fpr:::::::::XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
+grp:::::::::AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:
+uid:-::::AAAAAAAAA::AAAAAAAAA::Joe (Test) <j.s@s.com>::::::::::0:
+ssb:-:2048:1:AAAAAAAAA::::::esa:::+:::23:
+fpr:::::::::YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY:
+grp:::::::::AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:
+"""
+    keys = gpg.parse_keys_output(output)
+
+    assert len(keys) == 1
+    assert keys[0] == 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
+
+
+def test_parse_gpg_output_case_three():
+    # Two keys, fingerprint for primary keys as well as subkeys
+    output = """sec::2048:1:AAAAAAAAAAAAAAAA:AAAAAAAAAA:AAAAAAAAAA:::::::::
+fpr:::::::::WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
+uid:::::::AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA::Joe (Test) <j.s@s.com>:
+ssb::2048:1:AAAAAAAAAAAAAAAA:AAAAAAAAAA::::::::::
+fpr:::::::::XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
+sec::2048:1:AAAAAAAAAAAAAAAA:AAAAAAAAAA:AAAAAAAAAA:::::::::
+fpr:::::::::YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY:
+uid:::::::AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA::Joe (Test) <j.s@s.com>:
+ssb::2048:1:AAAAAAAAAAAAAAAA:AAAAAAAAAA::::::::::
+fpr:::::::::ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ:"""
+
+    keys = gpg.parse_keys_output(output)
+
+    assert len(keys) == 2
+    assert keys[0] == 'WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW'
+    assert keys[1] == 'YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY'
diff --git a/lib/spack/spack/util/gpg.py b/lib/spack/spack/util/gpg.py
index f6fd7b7a28..a5c10d2151 100644
--- a/lib/spack/spack/util/gpg.py
+++ b/lib/spack/spack/util/gpg.py
@@ -12,6 +12,21 @@ from spack.util.executable import Executable
 GNUPGHOME = spack.paths.gpg_path
 
 
+def parse_keys_output(output):
+    keys = []
+    found_sec = False
+    for line in output.split('\n'):
+        if found_sec:
+            if line.startswith('fpr'):
+                keys.append(line.split(':')[9])
+                found_sec = False
+            elif line.startswith('ssb'):
+                found_sec = False
+        elif line.startswith('sec'):
+            found_sec = True
+    return keys
+
+
 class Gpg(object):
     @staticmethod
     def gpg():
@@ -45,13 +60,9 @@ class Gpg(object):
 
     @classmethod
     def signing_keys(cls):
-        keys = []
         output = cls.gpg()('--list-secret-keys', '--with-colons',
-                           '--fingerprint', output=str)
-        for line in output.split('\n'):
-            if line.startswith('fpr'):
-                keys.append(line.split(':')[9])
-        return keys
+                           '--fingerprint', '--fingerprint', output=str)
+        return parse_keys_output(output)
 
     @classmethod
     def export_keys(cls, location, *keys):
-- 
cgit v1.2.3-60-g2f50