gpg-interface/gpgsm: fix for v2.3

Checking if signing was successful will now accept '[GNUPG]: SIG_CREATED' on the beginning of the first or any subsequent line. Not just explictly the second one anymore. Gpgsm v2.3 changed its output when listing keys from `fingerprint` to `sha1/2 fpr`. This leads to the gpgsm tests silently not being executed because of a failed prerequisite. Switch to gpg's `--with-colons` output format when evaluating test prerequisites to make parsing more robust. This also allows us to combine the existing grep/cut/tr/echo pipe for writing the trustlist.txt into a single awk expression. Adjust error message checking in test for v2.3 specific output changes. Helped-By: Junio C Hamano <gitster@pobox.com> Helped-By: Todd Zullinger <tmz@pobox.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-03-04 11:25:17 +01:00 · 2022-03-04 11:25:17 +01:00 · a075e79d2c
--- a/gpg-interface.c
+++ b/gpg-interface.c
@ -920,6 +920,7 @@ static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
 	struct child_process gpg = CHILD_PROCESS_INIT;
 	int ret;
 	size_t bottom;
+	const char *cp;
 	struct strbuf gpg_status = STRBUF_INIT;

 	strvec_pushl(&gpg.args,
@ -939,7 +940,13 @@ static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
 			   signature, 1024, &gpg_status, 0);
 	sigchain_pop(SIGPIPE);

-	ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
+	for (cp = gpg_status.buf;
+	     cp && (cp = strstr(cp, "[GNUPG:] SIG_CREATED "));
+	     cp++) {
+		if (cp == gpg_status.buf || cp[-1] == '\n')
+			break; /* found */
+	}
+	ret |= !cp;
 	strbuf_release(&gpg_status);
 	if (ret)
 		return error(_("gpg failed to sign the data"));
--- a/t/lib-gpg.sh
+++ b/t/lib-gpg.sh
@ -72,12 +72,10 @@ test_lazy_prereq GPGSM '
 		--passphrase-fd 0 --pinentry-mode loopback \
 		--import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 &&

-	gpgsm --homedir "${GNUPGHOME}" -K |
-	grep fingerprint: |
-	cut -d" " -f4 |
-	tr -d "\\n" >"${GNUPGHOME}/trustlist.txt" &&
+	gpgsm --homedir "${GNUPGHOME}" -K --with-colons |
+	awk -F ":" "/^fpr:/ {printf \"%s S relax\\n\", \$10}" \
+		>"${GNUPGHOME}/trustlist.txt" &&

-	echo " S relax" >>"${GNUPGHOME}/trustlist.txt" &&
 	echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \
 	       -u committer@example.com -o /dev/null --sign -
 '
--- a/t/t4202-log.sh
+++ b/t/t4202-log.sh
@ -1931,7 +1931,8 @@ test_expect_success GPGSM 'log --graph --show-signature for merged tag x509 miss
 	git merge --no-ff -m msg signed_tag_x509_nokey &&
 	GNUPGHOME=. git log --graph --show-signature -n1 plain-x509-nokey >actual &&
 	grep "^|\\\  merged tag" actual &&
-	grep "^| | gpgsm: certificate not found" actual
+	grep -e "^| | gpgsm: certificate not found" \
+	     -e "^| | gpgsm: failed to find the certificate: Not found" actual
 '

 test_expect_success GPGSM 'log --graph --show-signature for merged tag x509 bad signature' '