tests: turn GPG, GPGSM and RFC1991 into lazy prereqs

The code to set those prereqs is executed completely outside of any
`test_eval_` block. As a consequence, its output had to be suppressed so
that it does not clutter the output of a regular test script run.

Unfortunately, the output *stays* suppressed even when the `--verbose`
option is in effect.

This hid important output when debugging why the GPG prereq was not
enabled in the Windows part of our CI builds.

In preparation for fixing that, let's move all of this code into lazy
prereqs.

The only slightly tricky part is the global environment variable
`GNUPGHOME`. Originally, it was configured only when we verified that
there is a `gpg` in the `PATH` that we can use. This is now no longer
possible, as lazy prereqs are evaluated in a subshell that changes the
working directory to a temporary one. Therefore, we simply _always_ set
that environment variable: it does not hurt anything because it does not
indicate the presence of a working GPG.

Side note: it was quite tempting to use a hack that is possible because
we do not validate what is passed to `test_lazy_prereq` (and it is
therefore possible to "break out" of the lazy_prereq subshell:

	test_lazy_prereq GPG '...) && GNUPGHOME=... && (...'

However, this is rather tricksy hobbitses code, and the current patch is
_much_ easier to understand.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Johannes Schindelin 2020-03-26 15:35:27 +00:00 committed by Junio C Hamano
parent 477dcaddb6
commit b417ec5f22

View File

@ -1,12 +1,25 @@
gpg_version=$(gpg --version 2>&1) # We always set GNUPGHOME, even if no usable GPG was found, as
if test $? != 127 #
then # - It does not hurt, and
#
# - we cannot set global environment variables in lazy prereqs because they are
# executed in an eval'ed subshell that changes the working directory to a
# temporary one.
GNUPGHOME="$PWD/gpghome"
export GNUPGHOME
test_lazy_prereq GPG '
gpg_version=$(gpg --version 2>&1)
test $? != 127 || exit 1
# As said here: http://www.gnupg.org/documentation/faqs.html#q6.19 # As said here: http://www.gnupg.org/documentation/faqs.html#q6.19
# the gpg version 1.0.6 didn't parse trust packets correctly, so for # the gpg version 1.0.6 did not parse trust packets correctly, so for
# that version, creation of signed tags using the generated key fails. # that version, creation of signed tags using the generated key fails.
case "$gpg_version" in case "$gpg_version" in
'gpg (GnuPG) 1.0.6'*) "gpg (GnuPG) 1.0.6"*)
say "Your version of gpg (1.0.6) is too buggy for testing" say "Your version of gpg (1.0.6) is too buggy for testing"
exit 1
;; ;;
*) *)
# Available key info: # Available key info:
@ -25,55 +38,54 @@ then
# To export ownertrust: # To export ownertrust:
# gpg --homedir /tmp/gpghome --export-ownertrust \ # gpg --homedir /tmp/gpghome --export-ownertrust \
# > lib-gpg/ownertrust # > lib-gpg/ownertrust
mkdir ./gpghome && mkdir "$GNUPGHOME" &&
chmod 0700 ./gpghome && chmod 0700 "$GNUPGHOME" &&
GNUPGHOME="$PWD/gpghome" &&
export GNUPGHOME &&
(gpgconf --kill gpg-agent >/dev/null 2>&1 || : ) && (gpgconf --kill gpg-agent >/dev/null 2>&1 || : ) &&
gpg --homedir "${GNUPGHOME}" 2>/dev/null --import \ gpg --homedir "${GNUPGHOME}" 2>/dev/null --import \
"$TEST_DIRECTORY"/lib-gpg/keyring.gpg && "$TEST_DIRECTORY"/lib-gpg/keyring.gpg &&
gpg --homedir "${GNUPGHOME}" 2>/dev/null --import-ownertrust \ gpg --homedir "${GNUPGHOME}" 2>/dev/null --import-ownertrust \
"$TEST_DIRECTORY"/lib-gpg/ownertrust && "$TEST_DIRECTORY"/lib-gpg/ownertrust &&
gpg --homedir "${GNUPGHOME}" </dev/null >/dev/null 2>&1 \ gpg --homedir "${GNUPGHOME}" </dev/null >/dev/null 2>&1 \
--sign -u committer@example.com && --sign -u committer@example.com
test_set_prereq GPG &&
# Available key info:
# * see t/lib-gpg/gpgsm-gen-key.in
# To generate new certificate:
# * no passphrase
# gpgsm --homedir /tmp/gpghome/ \
# -o /tmp/gpgsm.crt.user \
# --generate-key \
# --batch t/lib-gpg/gpgsm-gen-key.in
# To import certificate:
# gpgsm --homedir /tmp/gpghome/ \
# --import /tmp/gpgsm.crt.user
# To export into a .p12 we can later import:
# gpgsm --homedir /tmp/gpghome/ \
# -o t/lib-gpg/gpgsm_cert.p12 \
# --export-secret-key-p12 "committer@example.com"
echo | gpgsm --homedir "${GNUPGHOME}" 2>/dev/null \
--passphrase-fd 0 --pinentry-mode loopback \
--import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 &&
gpgsm --homedir "${GNUPGHOME}" 2>/dev/null -K |
grep fingerprint: |
cut -d" " -f4 |
tr -d '\n' >"${GNUPGHOME}/trustlist.txt" &&
echo " S relax" >>"${GNUPGHOME}/trustlist.txt" &&
echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \
-u committer@example.com -o /dev/null --sign - 2>&1 &&
test_set_prereq GPGSM
;; ;;
esac esac
fi '
if test_have_prereq GPG && test_lazy_prereq GPGSM '
echo | gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null 2>&1 test_have_prereq GPG &&
then # Available key info:
test_set_prereq RFC1991 # * see t/lib-gpg/gpgsm-gen-key.in
fi # To generate new certificate:
# * no passphrase
# gpgsm --homedir /tmp/gpghome/ \
# -o /tmp/gpgsm.crt.user \
# --generate-key \
# --batch t/lib-gpg/gpgsm-gen-key.in
# To import certificate:
# gpgsm --homedir /tmp/gpghome/ \
# --import /tmp/gpgsm.crt.user
# To export into a .p12 we can later import:
# gpgsm --homedir /tmp/gpghome/ \
# -o t/lib-gpg/gpgsm_cert.p12 \
# --export-secret-key-p12 "committer@example.com"
echo | gpgsm --homedir "${GNUPGHOME}" 2>/dev/null \
--passphrase-fd 0 --pinentry-mode loopback \
--import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 &&
gpgsm --homedir "${GNUPGHOME}" 2>/dev/null -K |
grep fingerprint: |
cut -d" " -f4 |
tr -d "\\n" >"${GNUPGHOME}/trustlist.txt" &&
echo " S relax" >>"${GNUPGHOME}/trustlist.txt" &&
echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \
-u committer@example.com -o /dev/null --sign - 2>&1
'
test_lazy_prereq RFC1991 '
test_have_prereq GPG &&
echo | gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null 2>&1
'
sanitize_pgp() { sanitize_pgp() {
perl -ne ' perl -ne '