From 8300d15d5ecea1e41b2b1d381238ccaaec501dd4 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 15 Feb 2023 05:58:33 +0000 Subject: [PATCH 1/2] t7510: add a test case that does not need gpg This test case not only increases test coverage in setups without working gpg, but also prepares for verifying that the error message of `gpg.program` is shown upon failure. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- t/t7510-signed-commit.sh | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh index 8593b7e3cb..24dc3ef0a2 100755 --- a/t/t7510-signed-commit.sh +++ b/t/t7510-signed-commit.sh @@ -387,4 +387,40 @@ test_expect_success GPG 'verify-commit verifies multiply signed commits' ' ! grep "BAD signature from" actual ' +test_expect_success 'custom `gpg.program`' ' + write_script fake-gpg <<-\EOF && + args="$*" + + # skip uninteresting options + while case "$1" in + --status-fd=*|--keyid-format=*) ;; # skip + *) break;; + esac; do shift; done + + case "$1" in + -bsau) + cat >sign.file + echo "[GNUPG:] SIG_CREATED $args" >&2 + echo "-----BEGIN PGP MESSAGE-----" + echo "$args" + echo "-----END PGP MESSAGE-----" + ;; + --verify) + cat "$2" >verify.file + exit 0 + ;; + *) + echo "Unhandled args: $*" >&2 + exit 1 + ;; + esac + EOF + + test_config gpg.program "$(pwd)/fake-gpg" && + git commit -S --allow-empty -m signed-commit && + test_path_exists sign.file && + git show --show-signature && + test_path_exists verify.file +' + test_done From ad6b320756d8d9150291c696a02c86d1c2f0f4b2 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 15 Feb 2023 05:58:34 +0000 Subject: [PATCH 2/2] gpg: do show gpg's error message upon failure There are few things more frustrating when signing a commit fails than reading a terse "error: gpg failed to sign the data" message followed by the unsurprising "fatal: failed to write commit object" message. In many cases where signing a commit or tag fails, `gpg` actually said something helpful, on its stderr, and Git even consumed that, but then keeps mum about it. Teach Git to stop withholding that rather important information. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- gpg-interface.c | 8 ++++++-- t/t7510-signed-commit.sh | 10 +++++++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/gpg-interface.c b/gpg-interface.c index f877a1ea56..917144f32e 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -977,9 +977,13 @@ static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature, break; /* found */ } ret |= !cp; + if (ret) { + error(_("gpg failed to sign the data:\n%s"), + gpg_status.len ? gpg_status.buf : "(no gpg output)"); + strbuf_release(&gpg_status); + return -1; + } strbuf_release(&gpg_status); - if (ret) - return error(_("gpg failed to sign the data")); /* Strip CR from the line endings, in case we are on Windows. */ remove_cr_after(signature, bottom); diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh index 24dc3ef0a2..1d41683119 100755 --- a/t/t7510-signed-commit.sh +++ b/t/t7510-signed-commit.sh @@ -399,6 +399,10 @@ test_expect_success 'custom `gpg.program`' ' case "$1" in -bsau) + test -z "$LET_GPG_PROGRAM_FAIL" || { + echo "zOMG signing failed!" >&2 + exit 1 + } cat >sign.file echo "[GNUPG:] SIG_CREATED $args" >&2 echo "-----BEGIN PGP MESSAGE-----" @@ -420,7 +424,11 @@ test_expect_success 'custom `gpg.program`' ' git commit -S --allow-empty -m signed-commit && test_path_exists sign.file && git show --show-signature && - test_path_exists verify.file + test_path_exists verify.file && + + test_must_fail env LET_GPG_PROGRAM_FAIL=1 \ + git commit -S --allow-empty -m must-fail 2>err && + grep zOMG err ' test_done