uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948 this can do it nicely. Signed-off-by: Anton Arapov <anton@deadbeef.mx>
2021-04-03 12:58:10 +02:00 · 2021-04-03 12:58:10 +02:00 · 56de2bcd43
commit 56de2bcd43
30691 changed files with 3076956 additions and 0 deletions
--- a/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch
+++ b/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch
@ -0,0 +1,34 @@
+From 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Sun, 30 Jun 2019 11:54:35 -0400
+Subject: [PATCH] dirmngr: Only use SKS pool CA for SKS pool
+
+* dirmngr/http.c (http_session_new): when checking whether the
+keyserver is the HKPS pool, check specifically against the pool name,
+as ./configure might have been used to select a different default
+keyserver.  It makes no sense to apply Kristian's certificate
+authority to anything other than the literal host
+hkps.pool.sks-keyservers.net.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+GnuPG-Bug-Id: 4593
+---
+ dirmngr/http.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index 384f2569d..8e5d53939 100644
+--- a/dirmngr/http.c
+++ b/dirmngr/http.c
+@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session,
+ 
+     is_hkps_pool = (intended_hostname
+                     && !ascii_strcasecmp (intended_hostname,
+-                                          get_default_keyserver (1)));
+                                          "hkps.pool.sks-keyservers.net"));
+ 
+     /* If the user has not specified a CA list, and they are looking
+      * for the hkps pool from sks-keyservers.net, then default to
+-- 
+2.22.0
+
--- a/pkgs/tools/security/gnupg/1.nix
+++ b/pkgs/tools/security/gnupg/1.nix
@ -0,0 +1,40 @@
+{ lib, stdenv, fetchurl, readline, bzip2 }:
+
+stdenv.mkDerivation rec {
+  pname = "gnupg";
+  version = "1.4.23";
+
+  src = fetchurl {
+    url = "mirror://gnupg/gnupg/gnupg-${version}.tar.bz2";
+    sha256 = "1fkq4sqldvf6a25mm2qz95swv1qjg464736091w51djiwqbjyin9";
+  };
+
+  buildInputs = [ readline bzip2 ];
+
+  # Workaround build failure on -fno-common toolchains like upstream
+  # gcc-10. Otherwise build fails as:
+  #   ld: ../util/libutil.a(estream-printf.o):/build/gnupg-1.4.23/util/../include/memory.h:100: multiple definition of
+  #     `memory_debug_mode'; gpgsplit.o:/build/gnupg-1.4.23/tools/../include/memory.h:100: first defined here
+  NIX_CFLAGS_COMPILE = "-fcommon";
+
+  doCheck = true;
+
+  meta = with lib; {
+    homepage = "https://gnupg.org";
+    description = "Classic (1.4) release of the GNU Privacy Guard, a GPL OpenPGP implementation";
+    license = licenses.gpl3Plus;
+    longDescription = ''
+      The GNU Privacy Guard is the GNU project's complete and free
+      implementation of the OpenPGP standard as defined by RFC4880.  GnuPG
+      "classic" (1.4) is the old standalone version which is most suitable for
+      older or embedded platforms.  GnuPG allows to encrypt and sign your data
+      and communication, features a versatile key management system as well as
+      access modules for all kind of public key directories.  GnuPG, also known
+      as GPG, is a command line tool with features for easy integration with
+      other applications.  A wealth of frontend applications and libraries are
+      available.
+    '';
+    platforms = platforms.all;
+    mainProgram = "gpg";
+  };
+}
--- a/pkgs/tools/security/gnupg/1compat.nix
+++ b/pkgs/tools/security/gnupg/1compat.nix
@ -0,0 +1,31 @@
+{ stdenv, gnupg, coreutils, writeScript }:
+
+stdenv.mkDerivation {
+  pname = "gnupg1compat";
+  version = gnupg.version;
+
+  builder = writeScript "gnupg1compat-builder" ''
+    PATH=${coreutils}/bin
+    # First symlink all top-level dirs
+    mkdir -p $out
+    ln -s "${gnupg}/"* $out
+
+    # Replace bin with directory and symlink it contents
+    rm $out/bin
+    mkdir -p $out/bin
+    ln -s "${gnupg}/bin/"* $out/bin
+
+    # Add symlinks for any executables that end in 2 and lack any non-*2 version
+    for f in $out/bin/*2; do
+      [[ -x $f ]] || continue # ignore failed globs and non-executable files
+      [[ -e ''${f%2} ]] && continue # ignore commands that already have non-*2 versions
+      ln -s -- "''${f##*/}" "''${f%2}"
+    done
+  '';
+
+  meta = gnupg.meta // {
+    description = gnupg.meta.description +
+      " with symbolic links for gpg and gpgv";
+    priority = -1;
+  };
+}
--- a/pkgs/tools/security/gnupg/23.nix
+++ b/pkgs/tools/security/gnupg/23.nix
@ -0,0 +1,98 @@
+{ fetchurl, fetchpatch, lib, stdenv, pkg-config, libgcrypt, libassuan, libksba
+, libgpg-error, libiconv, npth, gettext, texinfo, buildPackages
+
+# Each of the dependencies below are optional.
+# Gnupg can be built without them at the cost of reduced functionality.
+, guiSupport ? stdenv.isDarwin, enableMinimal ? false
+, adns ? null, bzip2 ? null , gnutls ? null , libusb1 ? null , openldap ? null
+, tpm2-tss ? null
+, pcsclite ? null , pinentry ? null , readline ? null , sqlite ? null , zlib ? null
+}:
+
+with lib;
+
+assert guiSupport -> pinentry != null && enableMinimal == false;
+
+stdenv.mkDerivation rec {
+  pname = "gnupg";
+  version = "2.3.4";
+
+  src = fetchurl {
+    url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
+    sha256 = "sha256-80aOyvsdf5rXtR/R23rr8XzridLvqKBc8vObTUBUAq4=";
+  };
+
+  depsBuildBuild = [ buildPackages.stdenv.cc ];
+  nativeBuildInputs = [ pkg-config texinfo ];
+  buildInputs = [
+    libgcrypt libassuan libksba libiconv npth gettext
+    readline libusb1 gnutls adns openldap zlib bzip2 sqlite
+  ] ++ optional (!stdenv.isDarwin) tpm2-tss ;
+
+  patches = [
+    ./fix-libusb-include-path.patch
+    ./tests-add-test-cases-for-import-without-uid.patch
+    ./allow-import-of-previously-known-keys-even-without-UI.patch
+    ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
+  ];
+  postPatch = ''
+    sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1
+  '' + lib.optionalString (stdenv.isLinux && pcsclite != null) ''
+    sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
+  '';
+
+  pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry";
+  configureFlags = [
+    "--with-libgpg-error-prefix=${libgpg-error.dev}"
+    "--with-libgcrypt-prefix=${libgcrypt.dev}"
+    "--with-libassuan-prefix=${libassuan.dev}"
+    "--with-ksba-prefix=${libksba.dev}"
+    "--with-npth-prefix=${npth}"
+  ] ++ optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"
+  ++ optional ( (!stdenv.isDarwin) && (tpm2-tss != null) ) "--with-tss=intel";
+  postInstall = if enableMinimal
+  then ''
+    rm -r $out/{libexec,sbin,share}
+    for f in $(find $out/bin -type f -not -name gpg)
+    do
+      rm $f
+    done
+  '' else ''
+    mkdir -p $out/lib/systemd/user
+    for f in doc/examples/systemd-user/*.{service,socket} ; do
+      substitute $f $out/lib/systemd/user/$(basename $f) \
+        --replace /usr/bin $out/bin
+    done
+
+    # add gpg2 symlink to make sure git does not break when signing commits
+    ln -s $out/bin/gpg $out/bin/gpg2
+
+    # Make libexec tools available in PATH
+    for f in $out/libexec/; do
+      if [[ "$(basename $f)" == "gpg-wks-client" ]]; then continue; fi
+      ln -s $f $out/bin/$(basename $f)
+    done
+  '';
+
+  enableParallelBuilding = true;
+
+  meta = with lib; {
+    homepage = "https://gnupg.org";
+    description = "Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation";
+    license = licenses.gpl3Plus;
+    longDescription = ''
+      The GNU Privacy Guard is the GNU project's complete and free
+      implementation of the OpenPGP standard as defined by RFC4880.  GnuPG
+      "modern" (2.1) is the latest development with a lot of new features.
+      GnuPG allows to encrypt and sign your data and communication, features a
+      versatile key management system as well as access modules for all kind of
+      public key directories.  GnuPG, also known as GPG, is a command line tool
+      with features for easy integration with other applications.  A wealth of
+      frontend applications and libraries are available.  Version 2 of GnuPG
+      also provides support for S/MIME.
+    '';
+    maintainers = with maintainers; [ fpletz vrthra ];
+    platforms = platforms.all;
+    mainProgram = "gpg";
+  };
+}
--- a/pkgs/tools/security/gnupg/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
+++ b/pkgs/tools/security/gnupg/accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
@ -0,0 +1,32 @@
+From: Vincent Breitmoser <look@my.amazin.horse>
+Date: Thu, 13 Jun 2019 21:27:43 +0200
+Subject: gpg: accept subkeys with a good revocation but no self-sig during
+ import
+
+* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we
+encounter a valid revocation signature. This allows import of subkey
+revocation signatures, even in the absence of a corresponding subkey
+binding signature.
+
+--
+
+This fixes the remaining test in import-incomplete.scm.
+
+GnuPG-Bug-id: 4393
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ g10/import.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/g10/import.c b/g10/import.c
+index 4fdf248..ee2fed8 100644
+--- a/g10/import.c
+++ b/g10/import.c
+@@ -3613,6 +3613,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self)
+                   /* It's valid, so is it newer? */
+                   if (sig->timestamp >= rsdate)
+                     {
+                      knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid.  */
+                       if (rsnode)
+                         {
+                           /* Delete the last revocation sig since
--- a/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch
+++ b/pkgs/tools/security/gnupg/allow-import-of-previously-known-keys-even-without-UI.patch
@ -0,0 +1,107 @@
+From: Vincent Breitmoser <look@my.amazin.horse>
+Date: Thu, 13 Jun 2019 21:27:42 +0200
+Subject: gpg: allow import of previously known keys, even without UIDs
+
+* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
+has no user id, as long as we already have a local variant of the cert
+that matches the primary key.
+
+--
+
+This fixes two of the three broken tests in import-incomplete.scm.
+
+GnuPG-Bug-id: 4393
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ g10/import.c | 44 +++++++++++---------------------------------
+ 1 file changed, 11 insertions(+), 33 deletions(-)
+
+diff --git a/g10/import.c b/g10/import.c
+index 5d3162c..f9acf95 100644
+--- a/g10/import.c
+++ b/g10/import.c
+@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl,
+   size_t an;
+   char pkstrbuf[PUBKEY_STRING_SIZE];
+   int merge_keys_done = 0;
+-  int any_filter = 0;
+   KEYDB_HANDLE hd = NULL;
+ 
+   if (r_valid)
+@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl,
+       log_printf ("\n");
+     }
+ 
+-
+-  if (!uidnode)
+-    {
+-      if (!silent)
+-        log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
+-      return 0;
+-    }
+-
+   if (screener && screener (keyblock, screener_arg))
+     {
+       log_error (_("key %s: %s\n"), keystr_from_pk (pk),
+@@ -1907,18 +1898,10 @@ import_one_real (ctrl_t ctrl,
+ 	  }
+     }
+ 
+-  /* Delete invalid parts and bail out if there are no user ids left.  */
+-  if (!delete_inv_parts (ctrl, keyblock, keyid, options))
+-    {
+-      if (!silent)
+-        {
+-          log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
+-          if (!opt.quiet)
+-            log_info(_("this may be caused by a missing self-signature\n"));
+-        }
+-      stats->no_user_id++;
+-      return 0;
+-    }
+  /* Delete invalid parts, and note if we have any valid ones left.
+   * We will later abort import if this key is new but contains
+   * no valid uids.  */
+  delete_inv_parts (ctrl, keyblock, keyid, options);
+ 
+   /* Get rid of deleted nodes.  */
+   commit_kbnode (&keyblock);
+@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl,
+     {
+       apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
+       commit_kbnode (&keyblock);
+-      any_filter = 1;
+     }
+   if (import_filter.drop_sig)
+     {
+       apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
+       commit_kbnode (&keyblock);
+-      any_filter = 1;
+-    }
+-
+-  /* If we ran any filter we need to check that at least one user id
+-   * is left in the keyring.  Note that we do not use log_error in
+-   * this case. */
+-  if (any_filter && !any_uid_left (keyblock))
+-    {
+-      if (!opt.quiet )
+-        log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
+-      stats->no_user_id++;
+-      return 0;
+     }
+ 
+   /* The keyblock is valid and ready for real import.  */
+@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl,
+       err = 0;
+       stats->skipped_new_keys++;
+     }
+  else if (err && !any_uid_left (keyblock))
+    {
+      if (!silent)
+        log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid));
+      err = 0;
+      stats->no_user_id++;
+    }
+   else if (err)  /* Insert this key. */
+     {
+       /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY.  */
--- a/pkgs/tools/security/gnupg/clang.patch
+++ b/pkgs/tools/security/gnupg/clang.patch
@ -0,0 +1,13 @@
+diff --git a/gl/stdint_.h b/gl/stdint_.h
+index bc27595..303e81a 100644
+--- a/gl/stdint_.h
+++ b/gl/stdint_.h
+@@ -62,7 +62,7 @@
+      int{8,16,32,64}_t, uint{8,16,32,64}_t and __BIT_TYPES_DEFINED__.
+      <inttypes.h> also defines intptr_t and uintptr_t.  */
+ # define _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H
+-# include <inttypes.h>
+// # include <inttypes.h>
+ # undef _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H
+ #elif @HAVE_SYS_INTTYPES_H@
+   /* Solaris 7 <sys/inttypes.h> has the types except the *_fast*_t types, and
--- a/pkgs/tools/security/gnupg/fix-libusb-include-path.patch
+++ b/pkgs/tools/security/gnupg/fix-libusb-include-path.patch
@ -0,0 +1,12 @@
+--- a/configure
+++ b/configure
+@@ -9281,8 +9281,7 @@ fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking libusb include dir" >&5
+ $as_echo_n "checking libusb include dir... " >&6; }
+    usb_incdir_found="no"
+-   for _incdir in "" "/usr/include/libusb-1.0" \
+-       "/usr/local/include/libusb-1.0" "/usr/pkg/include/libusb-1.0"; do
+   for _incdir in "$($PKG_CONFIG --variable=includedir libusb-1.0)/libusb-1.0"; do
+      _libusb_save_cppflags=$CPPFLAGS
+      if test -n "${_incdir}"; then
+        CPPFLAGS="-I${_incdir} ${CPPFLAGS}"
--- a/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch
+++ b/pkgs/tools/security/gnupg/gpgkey2ssh-20.patch
@ -0,0 +1,14 @@
+diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c
+index 903fb5b..d5611dc 100644
+--- a/tools/gpgkey2ssh.c
+++ b/tools/gpgkey2ssh.c
+@@ -268,7 +268,7 @@ main (int argc, char **argv)
+   keyid = argv[1];
+ 
+   ret = asprintf (&command,
+-		  "gpg --list-keys --with-colons --with-key-data '%s'",
+		  "@out@/bin/gpg --list-keys --with-colons --with-key-data '%s'",
+ 		  keyid);
+   assert (ret > 0);
+ 
+
--- a/pkgs/tools/security/gnupg/tests-add-test-cases-for-import-without-uid.patch
+++ b/pkgs/tools/security/gnupg/tests-add-test-cases-for-import-without-uid.patch
@ -0,0 +1,201 @@
+From: Vincent Breitmoser <look@my.amazin.horse>
+Date: Thu, 13 Jun 2019 21:27:41 +0200
+Subject: tests: add test cases for import without uid
+
+This commit adds a test case that does the following, in order:
+- Import of a primary key plus user id
+- Check that import of a subkey works, without a user id present in the
+imported key
+- Check that import of a subkey revocation works, without a user id or
+subkey binding signature present in the imported key
+- Check that import of a primary key revocation works, without a user id
+present in the imported key
+
+--
+
+Note that this test currently fails.  The following changesets will
+fix gpg so that the tests pass.
+
+GnuPG-Bug-id: 4393
+Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ tests/openpgp/Makefile.am                          |  1 +
+ tests/openpgp/import-incomplete.scm                | 68 ++++++++++++++++++++++
+ .../import-incomplete/primary+revocation.asc       |  9 +++
+ .../primary+subkey+sub-revocation.asc              | 10 ++++
+ .../import-incomplete/primary+subkey+sub-sig.asc   | 10 ++++
+ .../openpgp/import-incomplete/primary+uid-sig.asc  | 10 ++++
+ tests/openpgp/import-incomplete/primary+uid.asc    | 10 ++++
+ 7 files changed, 118 insertions(+)
+ create mode 100755 tests/openpgp/import-incomplete.scm
+ create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc
+ create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
+ create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
+ create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc
+ create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc
+
+diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
+index f6014c9..6423da1 100644
+--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
+@@ -78,6 +78,7 @@ XTESTS = \
+ 	gpgv-forged-keyring.scm \
+ 	armor.scm \
+ 	import.scm \
+	import-incomplete.scm \
+ 	import-revocation-certificate.scm \
+ 	ecc.scm \
+ 	4gb-packet.scm \
+diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm
+new file mode 100755
+index 0000000..727a027
+--- /dev/null
+++ b/tests/openpgp/import-incomplete.scm
+@@ -0,0 +1,68 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2016 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
+(setup-environment)
+
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc")))
+
+(info "Test import of new subkey, from a certificate without uid")
+(define keyid "573EA710367356BB")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc")))
+(tr:do
+ (tr:pipe-do
+  (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+  (lambda (c)
+    ;; XXX we do not have a regexp library
+    (unless (any (lambda (line)
+		   (and (string-prefix? line "sub:")
+			(string-contains? line "573EA710367356BB")))
+		 (string-split-newlines c))
+	    (exit 1)))))
+
+(info "Test import of a subkey revocation, from a certificate without uid")
+(define keyid "573EA710367356BB")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc")))
+(tr:do
+ (tr:pipe-do
+  (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+  (lambda (c)
+    ;; XXX we do not have a regexp library
+    (unless (any (lambda (line)
+		   (and (string-prefix? line "sub:r:")
+			(string-contains? line "573EA710367356BB")))
+		 (string-split-newlines c))
+	    (exit 1)))))
+
+(info "Test import of revocation, from a certificate without uid")
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc")))
+(tr:do
+ (tr:pipe-do
+  (pipe:gpg `(--list-keys --with-colons ,keyid)))
+ (tr:call-with-content
+  (lambda (c)
+    ;; XXX we do not have a regexp library
+    (unless (any (lambda (line)
+		   (and (string-prefix? line "pub:r:")
+			(string-contains? line "0843DA969AA8DAFB")))
+		 (string-split-newlines c))
+	    (exit 1)))))
+
+diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc
+new file mode 100644
+index 0000000..6b7b608
+--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+revocation.asc
+@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [E] primary key, revocation signature over primary (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ
+EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3
+XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ==
+=tM90
+-----END PGP PUBLIC KEY BLOCK-----
+diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
+new file mode 100644
+index 0000000..83a51a5
+--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
+@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [D] primary key, subkey, subkey revocation (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
+j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ
+3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ=
+=dwx2
+-----END PGP PUBLIC KEY BLOCK-----
+diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
+new file mode 100644
+index 0000000..dc47a02
+--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
+@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [B] primary key, subkey, subkey binding sig (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
+j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR
+Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg=
+=xuDu
+-----END PGP PUBLIC KEY BLOCK-----
+diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc
+new file mode 100644
+index 0000000..134607d
+--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc
+@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [C] primary key and self-sig expiring in 2024 (no user ID)
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8
+2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu
+3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN
+9ohXOEBWvdJgVv2YAg==
+=KWIK
+-----END PGP PUBLIC KEY BLOCK-----
+diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc
+new file mode 100644
+index 0000000..055f300
+--- /dev/null
+++ b/tests/openpgp/import-incomplete/primary+uid.asc
+@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: [A] primary key, user ID, and self-sig expiring in 2021
+
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
+631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
+XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja
++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI
+kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs=
+=1eII
+-----END PGP PUBLIC KEY BLOCK-----