From: Junio C Hamano <gitster@pobox.com>
To: Fabian Stelzer <fs@gigacodes.de>
Cc: git@vger.kernel.org, "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Han-Wen Nienhuys" <hanwen@google.com>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
"Randall S. Becker" <rsbecker@nexbridge.com>,
"Bagas Sanjaya" <bagasdotme@gmail.com>,
"Hans Jerry Illikainen" <hji@dyntopia.com>,
"Felipe Contreras" <felipe.contreras@gmail.com>,
"Eric Sunshine" <sunshine@sunshineco.com>,
"Gwyneth Morgan" <gwymor@tilde.club>,
"Jonathan Tan" <jonathantanmy@google.com>,
"Josh Steadmon" <steadmon@google.com>
Subject: Re: [PATCH v2] t/gpg: simplify test for unknown key
Date: Wed, 12 Jan 2022 11:23:06 -0800 [thread overview]
Message-ID: <xmqqv8you5b9.fsf@gitster.g> (raw)
In-Reply-To: <20220112120757.874714-1-fs@gigacodes.de> (Fabian Stelzer's message of "Wed, 12 Jan 2022 13:07:57 +0100")
Fabian Stelzer <fs@gigacodes.de> writes:
> To test for a key that is completely unknown to the keyring we need one
> to sign the commit with. This was done by generating a new key and not
> add it into the keyring. To avoid the key generation overhead and
> problems where GPG did hang in CI during it, switch GNUPGHOME to the
> empty $GNUPGHOME_NOT_USED instead, therefore making all used keys unknown
> for this single `verify-commit` call.
>
> Reported-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
> Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
> ---
The original one is already in 'next' so I'll revert the merge and
queue this one instead.
We could turn this into incremental and apply it on the original
one, which may give us a chance to highlight this common mistake
of using a single-shot environment with shell functions, but let's
not bother.
Thanks.
> t/t7510-signed-commit.sh | 22 ++--------------------
> 1 file changed, 2 insertions(+), 20 deletions(-)
>
> diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
> index 9882b69ae2..8593b7e3cb 100755
> --- a/t/t7510-signed-commit.sh
> +++ b/t/t7510-signed-commit.sh
> @@ -71,25 +71,7 @@ test_expect_success GPG 'create signed commits' '
> git tag eleventh-signed $(cat oid) &&
> echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
> test_line_count = 1 oid &&
> - git tag twelfth-signed-alt $(cat oid) &&
> -
> - cat >keydetails <<-\EOF &&
> - Key-Type: RSA
> - Key-Length: 2048
> - Subkey-Type: RSA
> - Subkey-Length: 2048
> - Name-Real: Unknown User
> - Name-Email: unknown@git.com
> - Expire-Date: 0
> - %no-ask-passphrase
> - %no-protection
> - EOF
> - gpg --batch --gen-key keydetails &&
> - echo 13 >file && git commit -a -S"unknown@git.com" -m thirteenth &&
> - git tag thirteenth-signed &&
> - DELETE_FINGERPRINT=$(gpg -K --with-colons --fingerprint --batch unknown@git.com | grep "^fpr" | head -n 1 | awk -F ":" "{print \$10;}") &&
> - gpg --batch --yes --delete-secret-keys $DELETE_FINGERPRINT &&
> - gpg --batch --yes --delete-keys unknown@git.com
> + git tag twelfth-signed-alt $(cat oid)
> '
>
> test_expect_success GPG 'verify and show signatures' '
> @@ -129,7 +111,7 @@ test_expect_success GPG 'verify and show signatures' '
> '
>
> test_expect_success GPG 'verify-commit exits failure on unknown signature' '
> - test_must_fail git verify-commit thirteenth-signed 2>actual &&
> + test_must_fail env GNUPGHOME="$GNUPGHOME_NOT_USED" git verify-commit initial 2>actual &&
> ! grep "Good signature from" actual &&
> ! grep "BAD signature from" actual &&
> grep -q -F -e "No public key" -e "public key not found" actual
next prev parent reply other threads:[~2022-01-12 19:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-07 9:14 [PATCH] t/gpg: simplify test for unknown key Fabian Stelzer
2022-01-07 21:43 ` Junio C Hamano
2022-01-11 16:56 ` Ævar Arnfjörð Bjarmason
2022-01-11 17:26 ` Fabian Stelzer
2022-01-11 19:40 ` Taylor Blau
2022-01-12 12:10 ` Fabian Stelzer
2022-01-12 12:07 ` [PATCH v2] " Fabian Stelzer
2022-01-12 18:57 ` Taylor Blau
2022-01-12 19:23 ` Junio C Hamano [this message]
2022-01-14 3:52 ` [PATCH] " Josh Steadmon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqv8you5b9.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=avarab@gmail.com \
--cc=bagasdotme@gmail.com \
--cc=felipe.contreras@gmail.com \
--cc=fs@gigacodes.de \
--cc=git@vger.kernel.org \
--cc=gwymor@tilde.club \
--cc=hanwen@google.com \
--cc=hji@dyntopia.com \
--cc=jonathantanmy@google.com \
--cc=rsbecker@nexbridge.com \
--cc=sandals@crustytoothpaste.net \
--cc=steadmon@google.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).