From: Junio C Hamano <gitster@pobox.com>
To: Fabian Stelzer <fs@gigacodes.de>
Cc: git@vger.kernel.org, "Han-Wen Nienhuys" <hanwen@google.com>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
"Randall S. Becker" <rsbecker@nexbridge.com>,
"Bagas Sanjaya" <bagasdotme@gmail.com>,
"Hans Jerry Illikainen" <hji@dyntopia.com>,
"Felipe Contreras" <felipe.contreras@gmail.com>,
"Eric Sunshine" <sunshine@sunshineco.com>,
"Gwyneth Morgan" <gwymor@tilde.club>,
"Jonathan Tan" <jonathantanmy@google.com>,
"Josh Steadmon" <steadmon@google.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Subject: Re: [PATCH] t/gpg: simplify test for unknown key
Date: Fri, 07 Jan 2022 13:43:44 -0800 [thread overview]
Message-ID: <xmqqmtk76x2n.fsf@gitster.g> (raw)
In-Reply-To: <20220107091432.581225-1-fs@gigacodes.de> (Fabian Stelzer's message of "Fri, 7 Jan 2022 10:14:32 +0100")
Fabian Stelzer <fs@gigacodes.de> writes:
> To test for a key that is completely unknown to the keyring we need one
> to sign the commit with. This was done by generating a new key and not
> add it into the keyring. To avoid the key generation overhead and
> problems where GPG did hang in CI during it, switch GNUPGHOME to an
> empty directory instead, therefore making all used keys unknown for this
> single `verify-commit` call.
>
> Reported-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
> Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
> ---
> This was reported by Ævar in <211222.86ilvhpbl0.gmgdl@evledraar.gmail.com>.
> Just using an empty keyring / gpg homedir should achieve the same effect and
> keeps the stress of generating a gpg key out of the CI.
Clever. Losing lines of code and gaining more stability in CI is a
great thing.
>
>
> t/t7510-signed-commit.sh | 22 ++--------------------
> 1 file changed, 2 insertions(+), 20 deletions(-)
>
> diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
> index 9882b69ae2..2d38580847 100755
> --- a/t/t7510-signed-commit.sh
> +++ b/t/t7510-signed-commit.sh
> @@ -71,25 +71,7 @@ test_expect_success GPG 'create signed commits' '
> git tag eleventh-signed $(cat oid) &&
> echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
> test_line_count = 1 oid &&
> - git tag twelfth-signed-alt $(cat oid) &&
> -
> - cat >keydetails <<-\EOF &&
> - Key-Type: RSA
> - Key-Length: 2048
> - Subkey-Type: RSA
> - Subkey-Length: 2048
> - Name-Real: Unknown User
> - Name-Email: unknown@git.com
> - Expire-Date: 0
> - %no-ask-passphrase
> - %no-protection
> - EOF
> - gpg --batch --gen-key keydetails &&
> - echo 13 >file && git commit -a -S"unknown@git.com" -m thirteenth &&
> - git tag thirteenth-signed &&
> - DELETE_FINGERPRINT=$(gpg -K --with-colons --fingerprint --batch unknown@git.com | grep "^fpr" | head -n 1 | awk -F ":" "{print \$10;}") &&
> - gpg --batch --yes --delete-secret-keys $DELETE_FINGERPRINT &&
> - gpg --batch --yes --delete-keys unknown@git.com
> + git tag twelfth-signed-alt $(cat oid)
> '
>
> test_expect_success GPG 'verify and show signatures' '
> @@ -129,7 +111,7 @@ test_expect_success GPG 'verify and show signatures' '
> '
>
> test_expect_success GPG 'verify-commit exits failure on unknown signature' '
> - test_must_fail git verify-commit thirteenth-signed 2>actual &&
> + GNUPGHOME=./empty_home test_must_fail git verify-commit initial 2>actual &&
> ! grep "Good signature from" actual &&
> ! grep "BAD signature from" actual &&
> grep -q -F -e "No public key" -e "public key not found" actual
next prev parent reply other threads:[~2022-01-07 21:43 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-07 9:14 [PATCH] t/gpg: simplify test for unknown key Fabian Stelzer
2022-01-07 21:43 ` Junio C Hamano [this message]
2022-01-11 16:56 ` Ævar Arnfjörð Bjarmason
2022-01-11 17:26 ` Fabian Stelzer
2022-01-11 19:40 ` Taylor Blau
2022-01-12 12:10 ` Fabian Stelzer
2022-01-12 12:07 ` [PATCH v2] " Fabian Stelzer
2022-01-12 18:57 ` Taylor Blau
2022-01-12 19:23 ` Junio C Hamano
2022-01-14 3:52 ` [PATCH] " Josh Steadmon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqmtk76x2n.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=avarab@gmail.com \
--cc=bagasdotme@gmail.com \
--cc=felipe.contreras@gmail.com \
--cc=fs@gigacodes.de \
--cc=git@vger.kernel.org \
--cc=gwymor@tilde.club \
--cc=hanwen@google.com \
--cc=hji@dyntopia.com \
--cc=jonathantanmy@google.com \
--cc=rsbecker@nexbridge.com \
--cc=sandals@crustytoothpaste.net \
--cc=steadmon@google.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.