diff options
| author |  Jeff King <peff@peff.net> | 2021-11-10 01:00:47 -0500 |
|---|---|---|
| committer |  Junio C Hamano <gitster@pobox.com> | 2021-11-10 14:14:37 -0800 |
| commit | ca7a5bf4bd41daa2d475fa98dd014a97e02eb08e (patch) | |
| tree | 517eaf0c2cf25edff811149d4db224dafd49f5c1 /t/lib-gpg.sh | |
| parent | gpg-interface: avoid buffer overrun in parse_ssh_output() (diff) | |
| download | tgif-ca7a5bf4bd41daa2d475fa98dd014a97e02eb08e.tar.xz | |
t/lib-gpg: avoid broken versions of ssh-keygen
The "-Y find-principals" option of ssh-keygen seems to be broken in
Debian's openssh-client 1:8.7p1-1, whereas it works fine in 1:8.4p1-5.
This causes several failures for GPGSSH tests. We fulfill the
prerequisite because generating the keys works fine, but actually
verifying a signature causes results ranging from bogus results to
ssh-keygen segfaulting.
We can find the broken version during the prereq check by feeding it
empty input. This should result in it complaining to stderr, but in the
broken version it triggers the segfault, causing the GPGSSH tests to be
skipped.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/lib-gpg.sh')
| -rw-r--r-- | t/lib-gpg.sh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh index f99ef3e859..4c549beba6 100644 --- a/t/lib-gpg.sh +++ b/t/lib-gpg.sh @@ -104,6 +104,12 @@ test_lazy_prereq GPGSSH ' test $? != 127 || exit 1 echo $ssh_version | grep -q "find-principals:missing signature file" test $? = 0 || exit 1; + + # some broken versions of ssh-keygen segfault on find-principals; + # avoid testing with them. + ssh-keygen -Y find-principals -f /dev/null -s /dev/null + test $? = 139 && exit 1 + mkdir -p "${GNUPGHOME}" && chmod 0700 "${GNUPGHOME}" && ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_PRIMARY}" >/dev/null && |