--- /dev/null
+From: Simon McVittie <smcv@debian.org>
+Date: Thu, 31 Oct 2024 10:54:13 +0000
+Subject: tests: Work around GPG 2.2.45 error behaviour when revoking an
+ expired key
+
+In GPG 2.2.45, a diagnostic message about the only trusted key having
+already expired causes this import to produce exit status 2, but the
+import still succeeds (the key is still revoked).
+
+Bug: https://dev.gnupg.org/T7351
+Bug-Debian: https://bugs.debian.org/1086140
+Forwarded: https://github.com/ostreedev/ostree/pull/3333
+---
+ tests/test-remote-gpg-list-keys.sh | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/tests/test-remote-gpg-list-keys.sh b/tests/test-remote-gpg-list-keys.sh
+index 1c1697d..de24bf4 100755
+--- a/tests/test-remote-gpg-list-keys.sh
++++ b/tests/test-remote-gpg-list-keys.sh
+@@ -137,8 +137,23 @@ else
+
+ echo "ok remote expired key"
+
++ # GPG 2.2.45 fails with exit status 2 when importing a revocation cert
++ # for a key that already expired. https://dev.gnupg.org/T7351
++ may_exit_2 () {
++ local e=0
++ "$@" || e="$?"
++ case "$e" in
++ (0|2)
++ return 0
++ ;;
++ (*)
++ fatal "should have exited with status 0 or 2, not $e: $*"
++ ;;
++ esac
++ }
++
+ # Revoke key1 and re-import it.
+- ${GPG} --homedir=${TEST_GPG_KEYHOME} --import ${TEST_GPG_KEYHOME}/revocations/key1.rev
++ may_exit_2 ${GPG} --homedir=${TEST_GPG_KEYHOME} --import ${TEST_GPG_KEYHOME}/revocations/key1.rev
+ ${GPG} --homedir=${test_tmpdir}/gpghome --armor --export ${TEST_GPG_KEYID_1} > ${test_tmpdir}/key1revoked.asc
+ ${OSTREE} remote gpg-import --keyring ${test_tmpdir}/key1revoked.asc R1
+ ${OSTREE} remote gpg-list-keys R1 > result
projects / ostree.git / commitdiff