Fabian Stelzer <fs@xxxxxxxxxxxx> writes:
> To test for a key that is completely unknown to the keyring we need one
> to sign the commit with. This was done by generating a new key and not
> add it into the keyring. To avoid the key generation overhead and
> problems where GPG did hang in CI during it, switch GNUPGHOME to an
> empty directory instead, therefore making all used keys unknown for this
> single `verify-commit` call.
>
> Reported-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
> Signed-off-by: Fabian Stelzer <fs@xxxxxxxxxxxx>
> ---
> This was reported by Ævar in <211222.86ilvhpbl0.gmgdl@xxxxxxxxxxxxxxxxxxx>.
> Just using an empty keyring / gpg homedir should achieve the same effect and
> keeps the stress of generating a gpg key out of the CI.
Clever. Losing lines of code and gaining more stability in CI is a
great thing.
>
>
> t/t7510-signed-commit.sh | 22 ++--------------------
> 1 file changed, 2 insertions(+), 20 deletions(-)
>
> diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
> index 9882b69ae2..2d38580847 100755
> --- a/t/t7510-signed-commit.sh
> +++ b/t/t7510-signed-commit.sh
> @@ -71,25 +71,7 @@ test_expect_success GPG 'create signed commits' '
> git tag eleventh-signed $(cat oid) &&
> echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
> test_line_count = 1 oid &&
> - git tag twelfth-signed-alt $(cat oid) &&
> -
> - cat >keydetails <<-\EOF &&
> - Key-Type: RSA
> - Key-Length: 2048
> - Subkey-Type: RSA
> - Subkey-Length: 2048
> - Name-Real: Unknown User
> - Name-Email: unknown@xxxxxxx
> - Expire-Date: 0
> - %no-ask-passphrase
> - %no-protection
> - EOF
> - gpg --batch --gen-key keydetails &&
> - echo 13 >file && git commit -a -S"unknown@xxxxxxx" -m thirteenth &&
> - git tag thirteenth-signed &&
> - DELETE_FINGERPRINT=$(gpg -K --with-colons --fingerprint --batch unknown@xxxxxxx | grep "^fpr" | head -n 1 | awk -F ":" "{print \$10;}") &&
> - gpg --batch --yes --delete-secret-keys $DELETE_FINGERPRINT &&
> - gpg --batch --yes --delete-keys unknown@xxxxxxx
> + git tag twelfth-signed-alt $(cat oid)
> '
>
> test_expect_success GPG 'verify and show signatures' '
> @@ -129,7 +111,7 @@ test_expect_success GPG 'verify and show signatures' '
> '
>
> test_expect_success GPG 'verify-commit exits failure on unknown signature' '
> - test_must_fail git verify-commit thirteenth-signed 2>actual &&
> + GNUPGHOME=./empty_home test_must_fail git verify-commit initial 2>actual &&
> ! grep "Good signature from" actual &&
> ! grep "BAD signature from" actual &&
> grep -q -F -e "No public key" -e "public key not found" actual
