Adam Dinwoodie <adam@xxxxxxxxxxxxx> writes: > On Thursday 04 November 2021 at 12:49 pm -0700, Junio C Hamano wrote: >> Adam Dinwoodie <adam@xxxxxxxxxxxxx> writes: >> >> > SSH keys are expected to be created with very restrictive permissions, >> > and SSH commands will fail if the permissions are not appropriate. When >> > creating a directory for SSH keys in test scripts, attempt to clear any >> > ACLs that might otherwise cause the private key to inherit less >> > restrictive permissions than it requires. >> >> All of the above makes sense as an explanation as to why the >> ssh-keygen command may be unhappy with the $GNUPGHOME directory that >> is prepared here, but ... >> >> > This change is required in particular to avoid tests relating to SSH >> > signing failing in Cygwin. >> >> ... I am not quite sure how this explains "tests relating to ssh >> signing failing on Cygwin". After all, this piece of code is >> lazy_prereq, which means that ssh-keygen in this block that fails >> (due to a less restrictive permissions) would merely mean that tests >> that are protected with GPGSSH prerequisite will be skipped without >> causing test failures. After all that is the whole point of >> computing prereq on the fly. > > The issue is that the prerequisite check isn't _just_ checking a > prerequisite: it's also creating an SSH key that's used without further > modification by the tests. > > There are three cases to consider: > > - On systems where this prerequisite check fails, a key may or may not > be created, but the tests that rely on the key won't be run, so it > doesn't matter either way. > > - On (clearly the mainline) systems where this check passes and there > are no ACL problems, the key that's generated is stored with > sufficiently restrictive permissions that the tests that rely on the > key can pass. > > - On my system, where ACLs are a problem, the prerequisite check passes, > and a key is created, but it has permissions that are too permissive. > As a result, when a test calls OpenSSH to use that key, OpenSSH > refuses due to the permissions, and the test fails. Makes sense. If we can update the commit log message so that the above three points are clear to readers without asking (all three may not necessarily need to be spelled out in the bulletted list form), that would be great.
