From: Simon McVittie <smcv@debian.org>
Date: Thu, 31 Oct 2024 10:59:03 +0000 (+0000)
Subject: Add proposed patch to work around a test failure with gnupg 2.2.45
X-Git-Tag: archive/raspbian/2024.8-2+rpi1^2~6
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e0aa1ed539571fb69cd5835ddc1c24e9a2998039;p=ostree.git

Add proposed patch to work around a test failure with gnupg 2.2.45

Mitigates: #1086140
---

diff --git a/debian/patches/series b/debian/patches/series
index 78a4e054..a9b49e6c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
+tests-Work-around-GPG-2.2.45-error-behaviour-when-revokin.patch
 debian/Skip-test-pull-repeated-during-CI.patch
 debian/test-sysroot-Skip-on-s390x-by-default.patch
 debian/Skip-test-admin-deploy-uboot.sh-on-s390x.patch
diff --git a/debian/patches/tests-Work-around-GPG-2.2.45-error-behaviour-when-revokin.patch b/debian/patches/tests-Work-around-GPG-2.2.45-error-behaviour-when-revokin.patch
new file mode 100644
index 00000000..9a4c9d6e
--- /dev/null
+++ b/debian/patches/tests-Work-around-GPG-2.2.45-error-behaviour-when-revokin.patch
@@ -0,0 +1,45 @@
+From: Simon McVittie <smcv@debian.org>
+Date: Thu, 31 Oct 2024 10:54:13 +0000
+Subject: tests: Work around GPG 2.2.45 error behaviour when revoking an
+ expired key
+
+In GPG 2.2.45, a diagnostic message about the only trusted key having
+already expired causes this import to produce exit status 2, but the
+import still succeeds (the key is still revoked).
+
+Bug: https://dev.gnupg.org/T7351
+Bug-Debian: https://bugs.debian.org/1086140
+Forwarded: https://github.com/ostreedev/ostree/pull/3333
+---
+ tests/test-remote-gpg-list-keys.sh | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/tests/test-remote-gpg-list-keys.sh b/tests/test-remote-gpg-list-keys.sh
+index 1c1697d..de24bf4 100755
+--- a/tests/test-remote-gpg-list-keys.sh
++++ b/tests/test-remote-gpg-list-keys.sh
+@@ -137,8 +137,23 @@ else
+ 
+     echo "ok remote expired key"
+ 
++    # GPG 2.2.45 fails with exit status 2 when importing a revocation cert
++    # for a key that already expired. https://dev.gnupg.org/T7351
++    may_exit_2 () {
++        local e=0
++        "$@" || e="$?"
++        case "$e" in
++            (0|2)
++                return 0
++                ;;
++            (*)
++                fatal "should have exited with status 0 or 2, not $e: $*"
++                ;;
++        esac
++    }
++
+     # Revoke key1 and re-import it.
+-    ${GPG} --homedir=${TEST_GPG_KEYHOME} --import ${TEST_GPG_KEYHOME}/revocations/key1.rev
++    may_exit_2 ${GPG} --homedir=${TEST_GPG_KEYHOME} --import ${TEST_GPG_KEYHOME}/revocations/key1.rev
+     ${GPG} --homedir=${test_tmpdir}/gpghome --armor --export ${TEST_GPG_KEYID_1} > ${test_tmpdir}/key1revoked.asc
+     ${OSTREE} remote gpg-import --keyring ${test_tmpdir}/key1revoked.asc R1
+     ${OSTREE} remote gpg-list-keys R1 > result