To test for a key that is completely unknown to the keyring we need one
to sign the commit with. This was done by generating a new key and not
add it into the keyring. To avoid the key generation overhead and
problems where GPG did hang in CI during it, switch GNUPGHOME to the
empty $GNUPGHOME_NOT_USED instead, therefore making all used keys unknown
for this single `verify-commit` call.
Reported-by: Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
Signed-off-by: Fabian Stelzer <fs@xxxxxxxxxxxx>
---
t/t7510-signed-commit.sh | 22 ++--------------------
1 file changed, 2 insertions(+), 20 deletions(-)
diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
index 9882b69ae2..8593b7e3cb 100755
--- a/t/t7510-signed-commit.sh
+++ b/t/t7510-signed-commit.sh
@@ -71,25 +71,7 @@ test_expect_success GPG 'create signed commits' '
git tag eleventh-signed $(cat oid) &&
echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
test_line_count = 1 oid &&
- git tag twelfth-signed-alt $(cat oid) &&
-
- cat >keydetails <<-\EOF &&
- Key-Type: RSA
- Key-Length: 2048
- Subkey-Type: RSA
- Subkey-Length: 2048
- Name-Real: Unknown User
- Name-Email: unknown@xxxxxxx
- Expire-Date: 0
- %no-ask-passphrase
- %no-protection
- EOF
- gpg --batch --gen-key keydetails &&
- echo 13 >file && git commit -a -S"unknown@xxxxxxx" -m thirteenth &&
- git tag thirteenth-signed &&
- DELETE_FINGERPRINT=$(gpg -K --with-colons --fingerprint --batch unknown@xxxxxxx | grep "^fpr" | head -n 1 | awk -F ":" "{print \$10;}") &&
- gpg --batch --yes --delete-secret-keys $DELETE_FINGERPRINT &&
- gpg --batch --yes --delete-keys unknown@xxxxxxx
+ git tag twelfth-signed-alt $(cat oid)
'
test_expect_success GPG 'verify and show signatures' '
@@ -129,7 +111,7 @@ test_expect_success GPG 'verify and show signatures' '
'
test_expect_success GPG 'verify-commit exits failure on unknown signature' '
- test_must_fail git verify-commit thirteenth-signed 2>actual &&
+ test_must_fail env GNUPGHOME="$GNUPGHOME_NOT_USED" git verify-commit initial 2>actual &&
! grep "Good signature from" actual &&
! grep "BAD signature from" actual &&
grep -q -F -e "No public key" -e "public key not found" actual
--
2.34.1
