EMDIS-ECS
view release on metacpan or search on metacpan
========================
- ECS.pm: in openpgp_decrypt, openpgp_encrypt, pgp2_decrypt, and pgp2_encrypt
subroutines, revise code that composes encryption commands to handle multiple
occurrences of special symbols such as __INPUT__, __OUTPUT__, __RECIPIENT__,
and __SELF__
- Config.pm: add "--local-user __SELF__" to OPENPGP_CMD_ENCRYPT default value
- LICENSE: revise copyright notice for 2016
Version 0.39, 2016-12-05
========================
- ecs_setup: change GPG_HOMEDIR default value to /home/username/gpg and
PGP_HOMEDIR default value to /home/username/pgp
- Config.pm: add "-u __SELF__" to PGP2_CMD_ENCRYPT default value
- ECS.pm: add encr_out_keyid and encr_out_passphrase properties to NODE_TBL;
add encr_out_keyid and encr_out_passphrase parameters to
send_encrypted_email, openpgp_encrypt, and pgp2_encrypt subroutines; add
encr_out_passphrase parameter to openpgp_decrypt and pgp2_decrypt subroutines
- FileBackedMessage.pm: revise usage of send_encrypted_email subroutine
- Message.pm: revise usage of openpgp_decrypt and pgp2_decrypt subroutines
- ecstool: add encr_out_keyid and encr_out_passphrase properties to NODE_TBL;
revise usage of openpgp_decrypt and pgp2_decrypt subroutines; adjust
formatting of ecstool --view output
Version 0.40, 2018-03-19
========================
- ecstool: revise regex to avoid "Unescaped left brace in regex is illegal"
error
- Config.pm: add INBOX_USE_STARTTLS and SMTP_USE_STARTTLS settings;
assign default INBOX_PORT and SMTP_PORT
- ecs_setup: add INBOX_USE_STARTTLS and SMTP_USE_STARTTLS settings; allow
GPG_PASSPHRASE to be the empty string (don't initialize with 'gpgpg')
- ECS.pm: add subroutines is_yes and is_no; add support for
SMTP_USE_STARTTLS; perform SMTP authentication only if both
SMTP_USERNAME and SMTP_PASSWORD are configured; eliminate compile-time
circular dependency between ECS.pm and other modules (Config.pm,
LockedHash.pm); revise openpgp_decrypt and openpgp_encrypt subroutines
to handle empty GPG_PASSPHRASE (avoid broken pipe error)
- ecs_scan_mail: add support for INBOX_USE_STARTTLS
- Dockerfile.centos: enable step that installs modules from CPAN into
local-lib directory; various other tweaks and additions; move to
docker/centos/Dockerfile
- ECS.pm: in send_email(), set "From" header
- ecs_amqp_recv.py: use SSLDomain to configure SSL, revise connection teardown
to avoid causing transport error in broker: 'SSL Failure: error:0A000126:SSL
routines::unexpected eof while reading'
- ecs_amqp_send.py: use SSLDomain to configure SSL
- docker/centos/Dockerfile: modify to use post-EOL CentOS 7
- docker/dist/Dockerfile: modify to use Rocky Linux 9, revise tarball expansion
steps to guarantee perlecs:perlecs file ownership; add README_GPG,
README_SMOKE_TESTING, and generate_ca_and_certfiles.sh files
- docker/dist/certfiles.tar.gz: replace certificates with updated ones
- docker/dist/ecs-*.tar.gz: in ecs.cfg, add "--pinentry-mode loopback" to gpg
commands (see README_GPG for additional info)
- docker/dist/gnupg.tar.gz: update .gnupg snapshot for Rocky Linux 9 and add
gpg-agent.conf to allow-loopback-pinentry (see README_GPG for additional info)
- docker/qpid-broker-cpp/Dockerfile: modify to use post-EOL CentOS 7
- docker/qpid-broker-cpp/generate_ca_and_certfiles.sh: modify to use openssl
directly instead of using globus-simple-ca -- additionally, move this script
to docker/dist
- docker/qpid-broker-python: add Docker setup for Python AMQP test broker
(files added: Dockerfile, pybroker.conf, pybroker.py, run_broker.sh)
Version 0.45 2025-07-21
=======================
- Config.pm: add ENABLE_ENV_CONFIG setting, along with support for $ENV{envvar}
- docker/rockylinux/Dockerfile: add diffutils, pass (unix password manager),
perl-libwww-perl, and perl-LWP-Protocol-https packages; install
Authen::SASL::Perl via CPAN
- docker/ubuntu/Dockerfile: update to use Ubuntu 24.04; add pass (unix
password manager) package; install Authen::SASL::Perl via CPAN
- LICENSE: restore missing AGNIS license language about NIH
Version 0.46 2025-09-12
=======================
- ECS.pm: improve introductory info in embedded documentation
- ecs_token: use gpgconf to ensure gpg-agent is started before presetting
passphrase; in embedded documentation, add SASL related links, add info
about environment variables, and make adjustments to improve generated
PDF output
- generate_pdf.sh: add script/ecs_token
- docker/dist/Dockerfile: add gnupg1 package (provides gpg1)
- docker/rockylinux/Dockerfile: add gnupg1 package (provides gpg1)
- docker/ubuntu/Dockerfile: add gnupg1 package (provides gpg1)
Version 0.47 2025-10-01
=======================
- ECS.pm: fix typo in embedded documentation
- ecstool: add jsondump operation to --nodedata command
- Makefile.PL: add JSON::PP dependency
Version 0.48 2026-01-11
=======================
- ECS.pm: in pgp2_decrypt and pgp2_encrypt subroutines, pipe passphrase
to command being executed, to support usage of gpg1 in place of pgp2
- docker/greenmail/Dockerfile: update base image version and revise
ENV GREENMAIL_OPTS declaration to resolve LegacyKeyValueFormat error
Version 0.49 2026-03-20
=======================
- Config.pm: allow for special LOG_FILE value "__STDOUT__"
- ECS.pm: modify log() subroutine to send its output to STDOUT if
$cfg->LOG_FILE is "__STDOUT__"
- ecs_token: make $SECSTOR_TIMELIMIT and $TOKEN_CACHE_EXPIRATION_MARGIN
configurable; increase $SECSTOR_TIMELIMIT default value to 30
docker/dist/README_GPG view on Meta::CPAN
GnuPG Version 2.2 - Additional Notes
The default OpenPGP configuration used by Perl-ECS is intended for use
with GnuPG (gpg) versions 1.4 and 2.0. However, gpg version 2.2 is a
standard component of newer Linux systems such as Ubuntu 18.
For systems using gpg version 2.2, configuration adjustments are needed
in order to enable Perl-ECS to transmit the passphrase to gpg via stdin
(pinentry-mode loopback).
1. Create or edit $GNUPGHOME/gpg-agent.conf, adding the line:
allow-loopback-pinentry
2. Execute the command:
gpg-connect-agent /bye
3. In the ecs.cfg configuration file, revise the OPENPGP_CMD_ENCRYPT and
OPENPGP_CMD_DECRYPT settings to add the following. (If needed, first
uncomment those settings.):
--pinentry-mode loopback
4. If upgrading from an earlier gpg version, use ecstool --tweak to modify
all (addr_r) key IDs in the node table, because the IDs change when the
keyring is converted to gpg 2.2.
docker/rockylinux/Dockerfile view on Meta::CPAN
#
# docker build -t perlecs/rockylinux:0.50-1 .
#
# 3) Generate a Docker container based on the image, and run an interactive
# bash shell within the container.
#
# docker run --rm -it --name=perlecs_rockylinux perlecs/rockylinux:0.50-1 /bin/bash
#
# 4) Configure Perl ECS within the docker container. For example, use
# "ecs_setup" to generate an ecs.cfg configuration file, "ecstool" to
# set up the node table, "gpg" to configure the GnuPG keyring,
# "ecs_scan_mail" to start the mail processing daemon, and "ecs_chk_com"
# to start the communication status daemon.
#
# For additional information about Perl ECS, try "perldoc EMDIS::ECS",
# "perldoc EMDIS::ECS::Config", "perldoc ecstool", etc., or see the
# EMDIS::ECS documentation on CPAN. For additional information about
# ECS, refer to the EMDIS and ECS specifications available from
# http://emdis.net/.
# image is based on Rocky Linux 9
docker/ubuntu/Dockerfile view on Meta::CPAN
#
# docker build -t perlecs/ubuntu:0.50-1 .
#
# 3) Generate a Docker container based on the image, and run an interactive
# bash shell within the container.
#
# docker run --rm -it --name=perlecs_ubuntu perlecs/ubuntu:0.50-1 /bin/bash
#
# 4) Configure Perl ECS within the docker container. For example, use
# "ecs_setup" to generate an ecs.cfg configuration file, "ecstool" to
# set up the node table, "gpg" to configure the GnuPG keyring,
# "ecs_scan_mail" to start the mail processing daemon, and "ecs_chk_com"
# to start the communication status daemon.
#
# For additional information about Perl ECS, try "perldoc EMDIS::ECS",
# "perldoc EMDIS::ECS::Config", "perldoc ecstool", etc., or see the
# EMDIS::ECS documentation on CPAN. For additional information about
# ECS, refer to the EMDIS and ECS specifications available from
# http://emdis.net/.
# image is based on Ubuntu 24.04
docker/ubuntu/README_GPG view on Meta::CPAN
GnuPG Version 2.2 - Additional Notes
The default OpenPGP configuration used by Perl-ECS is intended for use
with GnuPG (gpg) versions 1.4 and 2.0. However, gpg version 2.2 is a
standard component of newer Linux systems such as Ubuntu 18.
For systems using gpg version 2.2, configuration adjustments are needed
in order to enable Perl-ECS to transmit the passphrase to gpg via stdin
(pinentry-mode loopback).
1. Create or edit $GNUPGHOME/gpg-agent.conf, adding the line:
allow-loopback-pinentry
2. Execute the command:
gpg-connect-agent /bye
3. In the ecs.cfg configuration file, revise the OPENPGP_CMD_ENCRYPT and
OPENPGP_CMD_DECRYPT settings to add the following. (If needed, first
uncomment those settings.):
--pinentry-mode loopback
4. If upgrading from an earlier gpg version, use ecstool --tweak to modify
all (addr_r) key IDs in the node table, because the IDs change when the
keyring is converted to gpg 2.2.
lib/EMDIS/ECS.pm view on Meta::CPAN
$cmd =~ s/__OUTPUT__/$output_filename/g;
print "<DEBUG> pgp2_decrypt() command: $cmd\n"
if $cfg->ECS_DEBUG > 0;
# set PGPPATH and PGPPASS environment variables
$ENV{PGPPATH} = $cfg->PGP_HOMEDIR;
my $passphrase = (defined $encr_out_passphrase and 0 < length $encr_out_passphrase) ?
$encr_out_passphrase : $cfg->PGP_PASSPHRASE;
$ENV{PGPPASS} = $passphrase;
# attempt to execute command - pipe passphrase to cmd, to support usage of gpg1 in place of pgp2
my $result = timelimit_cmd($cfg->T_MSG_PROC, $cmd, $passphrase);
$result = '' if($result =~ /^Status 0x0100/); # ignore exit value = 1
$result = "EMDIS::ECS::pgp2_decrypt(): $result" if $result;
# check signature, if indicated
if(defined($required_signature) and not $result) {
if($cmd_output !~ /Good signature from[^\n]+$required_signature/is) {
$result = "EMDIS::ECS::pgp2_decrypt(): required signature not " .
"present: $required_signature";
}
lib/EMDIS/ECS.pm view on Meta::CPAN
$cmd =~ s/__SELF__/$keyid/g;
print "<DEBUG> pgp2_encrypt() command: $cmd\n"
if $cfg->ECS_DEBUG > 0;
# set PGPPATH and PGPPASS environment variables
$ENV{PGPPATH} = $cfg->PGP_HOMEDIR;
my $passphrase = (defined $encr_out_passphrase and 0 < length $encr_out_passphrase) ?
$encr_out_passphrase : $cfg->PGP_PASSPHRASE;
$ENV{PGPPASS} = $passphrase;
# attempt to execute command - pipe passphrase to cmd, to support usage of gpg1 in place of pgp2
my $result = timelimit_cmd($cfg->T_MSG_PROC, $cmd, $passphrase);
$result = "EMDIS::ECS::pgp2_encrypt(): $result" if $result;
return $result;
}
# ----------------------------------------------------------------------
# Check whether another copy of the program is already running.
# If so, this one dies.
sub check_pid
{
lib/EMDIS/ECS.pm view on Meta::CPAN
=item Encryption Software
Install and configure PGP and/or GnuPG encryption software. Refer to
http://www.pgp.com/, http://www.pgpi.org/, http://www.gnupg.org/,
and http://www.philzimmermann.com/ for more information on the topic
of PGP and related software.
=item GnuPG Version 2.2 - Additional Notes
The default OpenPGP configuration used by Perl-ECS is intended for use
with GnuPG (gpg) versions 1.4 and 2.0. However, gpg version 2.2 is a
standard component of newer Linux systems such as Ubuntu 18.
For systems using gpg version 2.2, configuration adjustments are needed
in order to enable Perl-ECS to transmit the passphrase to gpg via stdin
(pinentry-mode loopback).
1. Create or edit $GNUPGHOME/gpg-agent.conf, adding the line:
allow-loopback-pinentry
2. Execute the command:
gpg-connect-agent /bye
3. In the ecs.cfg configuration file, revise the OPENPGP_CMD_ENCRYPT and
OPENPGP_CMD_DECRYPT settings to add the following. (If needed, first
uncomment those settings.):
--pinentry-mode loopback
4. If upgrading from an earlier gpg version, use ecstool --tweak to modify
all (addr_r) key IDs in the node table, because the IDs change when the
keyring is converted to gpg 2.2.
=item AMQP Messaging
As an experimental new feature, version 0.41 added support for use of
AMQP messaging as an alternative to email.
To use AMQP messaging, the ENABLE_AMQP setting must be set to YES or TRUE.
AMQP communications utilize a mboxes/amqp_staging directory, which will
need to be created manually, e.g.:
lib/EMDIS/ECS/Config.pm view on Meta::CPAN
$this->{SMTP_USE_SSL} = "NO";
$this->{SMTP_USE_STARTTLS} = "NO";
$this->{INBOX_PROTOCOL} = "POP3";
$this->{INBOX_HOST} = "mail";
$this->{INBOX_FOLDER} = "INBOX";
$this->{INBOX_TIMEOUT} = "60";
$this->{INBOX_DEBUG} = "0";
$this->{INBOX_USE_SSL} = "NO";
$this->{INBOX_USE_STARTTLS} = "NO";
$this->{INBOX_MAX_MSG_SIZE} = "1048576";
$this->{OPENPGP_CMD_ENCRYPT} = '/usr/local/bin/gpg --armor --batch ' .
'--charset ISO-8859-1 --force-mdc --logger-fd 1 --openpgp ' .
'--output __OUTPUT__ --pinentry-mode loopback --passphrase-fd 0 ' .
'--quiet --recipient __RECIPIENT__ --recipient __SELF__ --yes ' .
'--sign --local-user __SELF__ --encrypt __INPUT__';
$this->{OPENPGP_CMD_DECRYPT} = '/usr/local/bin/gpg --batch ' .
'--charset ISO-8859-1 --logger-fd 1 --openpgp --output __OUTPUT__ ' .
'--pinentry-mode loopback --passphrase-fd 0 --quiet --yes ' .
'--decrypt __INPUT__';
$this->{PGP2_CMD_ENCRYPT} = '/usr/local/bin/pgp +batchmode +verbose=0 ' .
'+force +CharSet=latin1 +ArmorLines=0 -o __OUTPUT__ ' .
'-u __SELF__ -eats __INPUT__ __RECIPIENT__ __SELF__';
$this->{PGP2_CMD_DECRYPT} = '/usr/local/bin/pgp +batchmode +verbose=0 ' .
'+force +CharSet=latin1 -o __OUTPUT__ __INPUT__';
$this->{ENABLE_AMQP} = "NO";
$this->{AMQP_RECV_TIMEOUT} = 5;
script/ecs_setup view on Meta::CPAN
ask('AMQP_TRUSTSTORE');
if(yes($term->readline("\nUse client-side SSL/TLS certificate for AMQP [Y/n]? "))) {
$cfg->{CFG_AMQP_SSL_CLIENT} = 1;
ask('AMQP_SSLCERT');
ask('AMQP_SSLKEY');
ask('AMQP_SSLPASS');
}
}
}
$cfg->{GPG_HOMEDIR} = '/home/username/gpg'
unless $cfg->{GPG_HOMEDIR};
$cfg->{GPG_KEYID} = '0x00000000'
unless $cfg->{GPG_KEYID};
$cfg->{GPG_PASSPHRASE} = ''
unless $cfg->{GPG_PASSPHRASE};
if(yes($term->readline("\nConfigure GnuPG encryption [Y/n]? ")))
{
$cfg->{CFG_GPG} = 1;
ask('GPG_HOMEDIR');
ask('GPG_KEYID');
ask('GPG_PASSPHRASE');
}
$cfg->{PGP_HOMEDIR} = '/home/username/pgp'
unless $cfg->{PGP_HOMEDIR};
$cfg->{PGP_KEYID} = '0x00000000'
unless $cfg->{PGP_KEYID};
$cfg->{PGP_PASSPHRASE} = 'pgpgp'
unless $cfg->{PGP_PASSPHRASE};
if(yes($term->readline("\nConfigure PGP encryption [Y/n]? ")))
{
$cfg->{CFG_PGP} = 1;
ask('PGP_HOMEDIR');
ask('PGP_KEYID');
ask('PGP_PASSPHRASE');
}
print $OUT "\nOutbound mail storage options are:";
script/ecs_token view on Meta::CPAN
my %options = ();
GetOptions(\%options, 'auth_endpoint=s', 'client_id=s', 'client_secret=s',
'nocache', 'redirect_uri=s', 'refresh_token=s', 'scope=s',
'token_endpoint=s')
or die "Error - Unrecognized command line option$/" . $USAGE;
my $command = ($#ARGV == 0 ? $ARGV[0] : '');
die "Error - unrecognized, invalid, or missing <command>$/" . $USAGE
unless $command eq 'code' or $command eq 'credentials' or $command eq 'refresh';
# if configured, have gpg-agent cache GnuPG passphrase used by "pass"
if(exists $ENV{PASS_GPG_KEYGRIP} and exists $ENV{PASS_GPG_PASSPHRASE}) {
# use gpgconf to ensure gpg-agent is started
my $gpgconf = exists $ENV{GPG_GPGCONF} ? $ENV{GPG_GPGCONF} : 'gpgconf';
my $err = timelimit_cmd($SECSTOR_TIMELIMIT, "$gpgconf --launch gpg-agent");
die "Error - gpgconf --launch gpg-agent command failed: $err\n"
if $err;
# default (linux) location of gpg-preset-passphrase program is in
# /usr/libexec (not on PATH)
my $gpg_preset_passphrase = exists $ENV{GPG_PRESET_PASSPHRASE}
? $ENV{GPG_PRESET_PASSPHRASE}
: '/usr/libexec/gpg-preset-passphrase';
# use gpg-preset-passphrase to set passphrase in gpg-agent cache
# (to prevent "pass" from prompting for it interactively)
my $keygrip = $ENV{PASS_GPG_KEYGRIP};
my $passphrase = $ENV{PASS_GPG_PASSPHRASE};
$err = timelimit_cmd(
$SECSTOR_TIMELIMIT,
"$gpg_preset_passphrase --preset $keygrip",
$passphrase);
die "Error - gpg-preset-passphrase command failed: $err\n"
if $err;
}
# define LWP user agent
my $user_agent = LWP::UserAgent->new;
$user_agent->agent("PerlECS/$EMDIS::ECS::VERSION ");
if($command eq 'code') {
# using authorization code flow ...
script/ecs_token view on Meta::CPAN
return $options{$param_name}
if exists $options{$param_name};
# get value from secure storage
return get_secret($SECSTOR_LOCATION->{$param_name});
}
# This subroutine uses "pass" to get the value of a secret.
#
# For this to work, the GnuPG passphrase needed by pass must be preloaded
# into the gpg-agent cache, e.g., using gpg-preset-passphrase.
#
# See also:
# - https://www.passwordstore.org/
# - https://www.gnupg.org/documentation/manuals/gnupg/gpg_002dpreset_002dpassphrase.html
# - embedded documentation below
#
sub get_secret {
my $location = shift;
die "Error - get_secret(): location not specified$/"
unless $location;
my $err = timelimit_cmd($SECSTOR_TIMELIMIT, "pass show $location");
die "Error - get_secret() - command failed: $err$/"
if $err;
script/ecs_token view on Meta::CPAN
encode_json(decode_json($token_response))); # re-encode JSON to store as single line
store_secret(
$SECSTOR_LOCATION->{cached_token_timestamp},
$token_timestamp);
}
}
# This subroutine uses "pass" to set the value of a secret.
#
# For this to work, the GnuPG passphrase needed by pass must be preloaded
# into the gpg-agent cache, e.g., using gpg-preset-passphrase.
#
# See also:
# - https://www.passwordstore.org/
# - https://www.gnupg.org/documentation/manuals/gnupg/gpg_002dpreset_002dpassphrase.html
# - embedded documentation below
#
sub store_secret {
my $location = shift;
my $new_value = shift;
die "Error - store_secret(): location not specified$/"
unless $location;
die "Error - store_secret(): new_value not specified$/"
unless $new_value;
script/ecs_token view on Meta::CPAN
valid OAuth 2.0 access token is needed when connecting to email services
that require "modern" SASL XOAUTH2 or OAUTHBEARER authentication.
When successful, the output of the non-interactive C<ecs_token credentials>
and C<ecs_token refresh> commands match the requirements of the
INBOX_OAUTH_TOKEN_CMD and SMTP_OAUTH_TOKEN_CMD configuration settings
for EMDIS::ECS.
To securely store the client id, client secret, refresh token and related
parameters, C<ecs_token> uses the C<pass> (passwordstore.org) command-line
password manager, which stores its data in gpg-encrypted files.
Note: Due to variations in OAuth 2.0 identity provider setup requirements
and implementation details, this C<ecs_token> program may not be directly
usable with all identity providers.
=head1 OPTIONS
=head2 Usage
ecs_token command [options]
script/ecs_token view on Meta::CPAN
=head1 SETUP
=head2 GnuPG
See also https://gnupg.org/ for additional details about GnuPG.
=over
=item 1.
Start C<gpg-agent> with C<--allow-preset-passphrase> option. E.g.:
gpg-agent --homedir /home/perlecs/.gnupg --daemon \
--allow-preset-passphrase
The C<allow-preset-passphrase> option can also be specified in a
C<gpg-agent.conf> configuration file.
=item 2.
Find the keygrip for the selected key.
gpg --list-keys --with-keygrip
=item 3.
Use the keygrip to preset the key's passphrase in the C<gpg-agent> cache.
echo -n 'gpg_passphrase' | \
/usr/libexec/gpg-preset-passphrase --preset <gpg_keygrip>
=back
=head2 pass
See also https://www.passwordstore.org/ for additional details about
C<pass>.
=over
=item 1.
Find the fingerprint for the selected key.
gpg --list-keys
=item 2.
Initialize password storage using the selected key.
pass init <gpg-key-fingerprint>
=item 3.
Populate the expected secure storage locations with information needed by
C<ecs_token>. E.g.:
echo -n 'https://accounts.google.com/o/oauth2/auth' | \
pass insert --echo emdis/ecs/oauth/auth_endpoint
echo -n '' | \
script/ecs_token view on Meta::CPAN
echo -n 'https://mail.google.com/' | \
pass insert --echo emdis/ecs/oauth/scope
echo -n 'https://accounts.google.com/o/oauth2/token' | \
pass insert --echo emdis/ecs/oauth/token_endpoint
=back
=head2 Environment Variables
The C<pass> program depends on C<gpg-agent> to supply the passphrase it
uses to decrypt its gpg-encrypted data. If C<PASS_GPG_KEYGRIP> and
C<PASS_GPG_PASSPHRASE> environment variables are defined, C<ecs_token>
uses the information they contain to preset the indicated passphrase.
Additionally, C<GPG_GPGCONF> and C<GPG_PRESET_PASSPHRASE> environment
variables, respectively, can be configured to override the default
locations of the C<gpgconf> and C<gpg-preset-passphrase> programs.
=over
=item GPG_GPGCONF
Location of C<gpgconf> program.
=item GPG_PRESET_PASSPHRASE
Location of C<gpg-preset-passphrase> program.
=item PASS_GPG_KEYGRIP
Keygrip identifying the GnuPG key used by C<pass>.
=item PASS_GPG_PASSPHRASE
Passphrase for the GnuPG key used by C<pass>.
=back
ok($cfg->SMTP_DEBUG == 0);
ok($cfg->SMTP_USE_SSL eq 'NO');
ok($cfg->SMTP_PORT == 25);
ok($cfg->INBOX_PROTOCOL eq 'POP3');
ok($cfg->INBOX_HOST eq 'mail');
ok($cfg->INBOX_TIMEOUT == 60);
ok($cfg->INBOX_DEBUG == 0);
ok($cfg->INBOX_USE_SSL eq 'NO');
ok($cfg->INBOX_PORT == 110);
ok($cfg->INBOX_MAX_MSG_SIZE == 1048576);
ok($cfg->OPENPGP_CMD_ENCRYPT eq '/usr/local/bin/gpg --armor --batch ' .
'--charset ISO-8859-1 --force-mdc --logger-fd 1 --openpgp ' .
'--output __OUTPUT__ --pinentry-mode loopback --passphrase-fd 0 ' .
'--quiet --recipient __RECIPIENT__ --recipient __SELF__ --yes ' .
'--sign --local-user __SELF__ --encrypt __INPUT__');
ok($cfg->OPENPGP_CMD_DECRYPT eq '/usr/local/bin/gpg --batch ' .
'--charset ISO-8859-1 --logger-fd 1 --openpgp --output __OUTPUT__ ' .
'--pinentry-mode loopback --passphrase-fd 0 --quiet --yes ' .
'--decrypt __INPUT__');
ok($cfg->PGP2_CMD_ENCRYPT eq '/usr/local/bin/pgp +batchmode +verbose=0 ' .
'+force +CharSet=latin1 +ArmorLines=0 -o __OUTPUT__ ' .
'-u __SELF__ -eats __INPUT__ __RECIPIENT__ __SELF__');
ok($cfg->PGP2_CMD_DECRYPT eq '/usr/local/bin/pgp +batchmode +verbose=0 ' .
'+force +CharSet=latin1 -o __OUTPUT__ __INPUT__');
ok(not defined $cfg->INBOX_OAUTH_TOKEN_CMD);
ok($cfg->INBOX_OAUTH_TOKEN_CMD_TIMELIMIT == 60);
ok($cfg->SMTP_USERNAME eq 'eemdis');
ok($cfg->SMTP_PASSWORD eq 'zzzz');
ok($cfg->INBOX_PROTOCOL eq 'IMAP');
ok($cfg->INBOX_HOST eq 'imap');
ok($cfg->INBOX_PORT == 993);
ok($cfg->INBOX_TIMEOUT == 162);
ok($cfg->INBOX_DEBUG == 13);
ok($cfg->INBOX_FOLDER eq 'IINBOXX');
ok($cfg->INBOX_USE_SSL eq 'YES');
ok($cfg->INBOX_MAX_MSG_SIZE == 11048577);
ok($cfg->OPENPGP_CMD_ENCRYPT eq '/usr/local/bin/gpg --armor ' .
'--logger-fd 1 --output __OUTPUT__ --passphrase-fd 0 ' .
'--recipient __RECIPIENT__ --recipient __SELF__ --yes ' .
'--sign --encrypt __INPUT__');
ok($cfg->OPENPGP_CMD_DECRYPT eq '/usr/local/bin/gpg ' .
'--logger-fd 1 --output __OUTPUT__ --passphrase-fd 0 --decrypt __INPUT__');
ok($cfg->PGP2_CMD_ENCRYPT eq '/usr/local/bin/pgp ' .
'-o __OUTPUT__ -eats __INPUT__ __RECIPIENT__ __SELF__');
ok($cfg->PGP2_CMD_DECRYPT eq '/usr/local/bin/pgp ' .
'-o __OUTPUT__ __INPUT__');
# derived values
ok($cfg->ECS_TMP_DIR =~ /tmp$/);
ok($cfg->ECS_DRP_DIR =~ /tmp$/);
ok($cfg->ECS_MBX_DIR =~ /mboxes$/);
ok($cfg->ECS_MBX_IN_DIR =~ /in$/);
ok($cfg->AMQP_USERNAME eq 'emdis-aa');
ok($cfg->AMQP_PASSWORD eq 'saslpass');
# [195..197] Read minimal config file, using $ENV{envvar} pattern for INBOX_PASSWORD and GPG_PASSPHRASE
copy catfile($datadir, '08-ecs.cfg'), $tmpcfg
or die 'copy failed';
# set values of environment variables referenced by config
my $prev_EMDIS_ECS_TEST_PWD_MBX = $ENV{EMDIS_ECS_TEST_PWD_MBX};
$ENV{EMDIS_ECS_TEST_PWD_MBX} = 'mbxpass';
my $prev_EMDIS_ECS_TEST_PWD_GPG = $ENV{EMDIS_ECS_TEST_PWD_GPG};
$ENV{EMDIS_ECS_TEST_PWD_GPG} = 'gpgpass';
# read config
$cfg = new EMDIS::ECS::Config($tmpcfg);
# restore previous values (if any) of environment variables
if(defined $prev_EMDIS_ECS_TEST_PWD_MBX) { $ENV{EMDIS_ECS_TEST_PWD_MBX} = $prev_EMDIS_ECS_TEST_PWD_MBX; }
else { delete($ENV{EMDIS_ECS_TEST_PWD_MBX}); }
if(defined $prev_EMDIS_ECS_TEST_PWD_GPG) { $ENV{EMDIS_ECS_TEST_PWD_GPG} = $prev_EMDIS_ECS_TEST_PWD_GPG; }
else { delete($ENV{EMDIS_ECS_TEST_PWD_GPG}); }
die "new EMDIS::ECS::Config failed: $cfg"
unless ref $cfg;
ok(1);
ok($cfg->INBOX_PASSWORD eq 'mbxpass');
ok($cfg->GPG_PASSPHRASE eq 'gpgpass');
# [198..200] Read minimal config file, using $ENV{envvar} pattern for INBOX_PASSWORD and GPG_PASSPHRASE, but ENABLE_ENV_CONFIG = NO
copy catfile($datadir, '09-ecs.cfg'), $tmpcfg
or die 'copy failed';
$cfg = new EMDIS::ECS::Config($tmpcfg);
ok(1);
ok($cfg->INBOX_PASSWORD eq '$ENV{EMDIS_ECS_TEST_PWD_MBX}');
ok($cfg->GPG_PASSPHRASE eq '$ENV{EMDIS_ECS_TEST_PWD_GPG}');
exit 0;
t/data/06-ecs.cfg view on Meta::CPAN
INBOX_FOLDER | IINBOXX | inbox folder, used by IMAP only
INBOX_USE_SSL | YES | Use SSL encryption when retrieving mail from inbox?
INBOX_USERNAME | emdis | user name
INBOX_PASSWORD | aaaaaaaa | password
INBOX_MAX_MSG_SIZE | 11048577 | size limit for incoming messages
# PGP/GPG cryptography configuration parameters
GPG_HOMEDIR | __CONFIG_DIR__/gnupg | GnuPG home dir (GNUPGHOME env var)
GPG_KEYID | 0xAAAAAAAAAA | this node's GnuPG key id
GPG_PASSPHRASE | aaaaaaaaa | passphrase for GnuPG private key
OPENPGP_CMD_ENCRYPT | /usr/local/bin/gpg --armor --logger-fd 1 --output __OUTPUT__ --passphrase-fd 0 --recipient __RECIPIENT__ --recipient __SELF__ --yes --sign --encrypt __INPUT__ | template for GnuPG encrypt command
OPENPGP_CMD_DECRYPT | /usr/local/bin/gpg --logger-fd 1 --output __OUTPUT__ --passphrase-fd 0 --decrypt __INPUT__ | template for GnuPG decrypt command
# PGP cryptography configuration parameters
PGP_HOMEDIR | __CONFIG_DIR__/pgp | PGP home dir (PGPPATH env variable)
PGP_KEYID | 0xAAAAAAAAAAA | this node's PGP key id
PGP_PASSPHRASE | aaaaaaaaaaa | PGP passphrase (PGPPASS env var)
PGP2_CMD_ENCRYPT | /usr/local/bin/pgp -o __OUTPUT__ -eats __INPUT__ __RECIPIENT__ __SELF__ | template for PGP encrypt command
PGP2_CMD_DECRYPT | /usr/local/bin/pgp -o __OUTPUT__ __INPUT__ | template for PGP decrypt command
( run in 0.908 second using v1.01-cache-2.11-cpan-e1769b4cff6 )