Christian Hesse <list@xxxxxxxx> wrote: > From: Christian Hesse <mail@xxxxxxxx> > > Running the tests in a build environment makes gnupg print a warning: > > gpg: Warning: using insecure memory! > > This warning breaks the match, as `head` misses one line. Let's strip > the line, make `head` return what is expected and fix the match. > > Signed-off-by: Christian Hesse <mail@xxxxxxxx> I think a bit of an explanation about why this warning is showing up in the commit message would be good. "man gpg" gives me On older systems this program should be installed as setuid(root). This is necessary to lock memory pages. Locking memory pages prevents the operating system from writing memory pages (which may contain passphrases or other sensitive material) to disk. If you get no warning message about insecure memory your operating system supports locking without being root. The program drops root privileges as soon as locked memory is allocated. Note also that some systems (especially laptops) have the ability to ``suspend to disk'' (also known as ``safe sleep'' or ``hibernate''). This writes all memory to disk before going into a low power or even powered off mode. Unless measures are taken in the operating system to protect the saved memory, passphrases or other sensitive material may be recoverable from it later. So it seems that this warning will pop up if gpg is writing memory pages to disk which is bad because as stated above we don't want these pages written to disk which is a security risk. > --- > t/t6300-for-each-ref.sh | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/t/t6300-for-each-ref.sh b/t/t6300-for-each-ref.sh > index 5b434ab451..0f9981798e 100755 > --- a/t/t6300-for-each-ref.sh > +++ b/t/t6300-for-each-ref.sh > @@ -1764,12 +1764,13 @@ test_expect_success GPGSSH 'setup for signature atom using ssh' ' > > test_expect_success GPG2 'bare signature atom' ' > git verify-commit first-signed 2>out.raw && > - grep -Ev "checking the trustdb|PGP trust model" out.raw >out && > + grep -Ev "checking the trustdb|PGP trust model|using insecure memory" out.raw >out && > head -3 out >expect && > tail -1 out >>expect && > echo >>expect && > git for-each-ref refs/tags/first-signed \ > - --format="%(signature)" >actual && > + --format="%(signature)" >out.raw && > + grep -Ev "using insecure memory" out.raw >actual && > test_cmp expect actual > ' > > -- > 2.41.0 We skip "checking the trustdb" and "PGP trust model" lines (which are not warnings) here because we don't really need those from the output that GPG produces here but skipping a warning too seems kind of a question mark. It also seems that one could use "--no-secmem-warning" to suppress such a warning. So a better place to make a change would not be in t/t6300 but in t/lib-gpg from where the prereq GPG2 comes from. Although I'm against this, because we don't really want to suppress any warnings. I think it is a good thing this test is breaking because it informs us about the security risk. I have Cc'ed people who might have a thought on this. So it's better to wait for their response. Thanks
