Re: [PATCH v4 7/7] ssh signing: verify ssh-keygen in test prereq

[Fabian Stelzer <fs@gigacodes.de>]

On 03.12.2021 12:07, Ævar Arnfjörð Bjarmason wrote:
>
>On Thu, Dec 02 2021, Junio C Hamano wrote:
>
>> Fabian Stelzer <fs@gigacodes.de> writes:
>>
>>> Yes, that looks good. In this case the conflict is rather trivial, but
>>> how could i prevent this / make it easier for you to merge these?
>>> Especially since in this case the conflict only arose after a reroll
>>> when both topics were already in seen. For a new topic i can of course
>>> make them as "on top of XXX". Should I in the future rebase the
>>> "support non ssh-* keytypes" topic on top of this series and mark it
>>> as such? Or whats a good way to deal with things like this? (besides
>>> avoiding merge conflicts altogether :D)
>>
>> For this particular one, my rerere database already knows how the
>> conflict and its resolution should look like, so there is nothing
>> that is urgently needed.
>>
>> If the other topic were to be rerolled, since either has hit 'next',
>> basing it on top of the other, essentially making the result into a
>> single series, may be the easiest (and that is basically avoiding
>> conflicts altogether ;-).
>
>...but to answer a bit of Fabian's question: Just as someone giving
>these two topics a brief look it's not clear to me why the existing
>GPGSSH prerequisite needs an adjustment at the same time as adding a
>test that uses it (in addition to existing tests).
>
>I.e. was it that it was always wrong, in that case I'd expect a patch
>that fixes the prereq and doesn't make any other test changes in the
>same commit as [1] does.
>
>Or does it need to be more strict to cater to one new test being added
>in the same commit, but that strictness doesn't apply to existing tests?
>
>Then maybe it should be a new GPGSSH_THAT_NEW_REQUIRED_FEATURE, which
>can in turn depend on the GPGSSH prerequisite.
>
What [1] needed was another keytype set up for some tests to run. I could 
have done this in the test itself or in a separate setup function. But since 
all the other keys are set up in the prereq and we might want to reuse this 
new ecdsa key in other tests as well this seemed like the better place for 
it.
A new prereq depending on GPGSSH feels kinda wrong to me when it would just 
create the key and always succeed otherwise. I guess this is a side effect 
of using the prereq to do setup as well (something that we discussed in 
https://lore.kernel.org/git/YYXAwxmhrLLMBqa+@coredump.intra.peff.net/ ).

>Which, incidentally would help with any textual conflict, but more
>importantly makes for clearer end-state, and maps prerequisites to those
>existing tests that need those specific things, and not a more stricter
>& recent requirement.
>

The problem here was just that I also refactored the existing GPGSSH prereq 
to be more readable while doing the same for the new one. Only refactoring 
the new one while leaving the older one just above it untouched would have 
avoided the conflict but would have needed a follow up series. In the future 
I would probably do that or leave the code as is and refactor both in a 
follow up.

>I don't know/think that any of this needs re-rolling, just my 0.02.
>
>1. https://lore.kernel.org/git/20211119150707.3924636-2-fs@gigacodes.de/

Always glad for your input.
Thanks