Re: [PATCH 2/2] t/t7510-signed-commit.sh: add signing subkey to Eris Discordia key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2018-11-04 at 15:10 +0000, brian m. carlson wrote:
> On Sun, Nov 04, 2018 at 10:47:10AM +0100, Michał Górny wrote:
> > diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
> > index e8377286d..86d3f93fa 100755
> > --- a/t/t7510-signed-commit.sh
> > +++ b/t/t7510-signed-commit.sh
> > @@ -197,9 +197,9 @@ test_expect_success GPG 'show bad signature with custom format' '
> >  test_expect_success GPG 'show untrusted signature with custom format' '
> >  	cat >expect <<-\EOF &&
> >  	U
> > -	61092E85B7227189
> > +	65A0EEA02E30CAD7
> >  	Eris Discordia <discord@xxxxxxxxxxx>
> > -	D4BE22311AD3131E5EDA29A461092E85B7227189
> > +	F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
> >  	D4BE22311AD3131E5EDA29A461092E85B7227189
> >  	EOF
> >  	git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
> > @@ -209,7 +209,7 @@ test_expect_success GPG 'show untrusted signature with custom format' '
> >  test_expect_success GPG 'show unknown signature with custom format' '
> >  	cat >expect <<-\EOF &&
> >  	E
> > -	61092E85B7227189
> > +	65A0EEA02E30CAD7
> 
> It's my understanding that GnuPG will use the most recent subkey
> suitable for a particular purpose, and I think the test relies on that
> behavior.  However, I'm not sure that's documented.  Do we want to rely
> on that behavior or be more explicit?  (This is a question, not an
> opinion.)

To be honest, I don't recall which suitable subkey is used.  However, it
definitely will prefer a subkey with signing capabilities over
the primary key if one is present, and this is well-known and expected
behavior.

In fact, if you have a key with two signing subkeys A and B and it
considers A better, then even if you explicitly pass keyid of B, it will
use A.  To force another subkey you have to append '!' to keyid.

Therefore, I think this is a behavior we can rely on.

-- 
Best regards,
Michał Górny

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux