diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2025-02-27 13:14:08 -0500 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2025-02-28 15:32:36 -0500 |
| commit | d330971b8bdb159e58a806e7ee24f3e5551d3f89 (patch) | |
| tree | 60fe1bc0e7621f683e0761bfe3db4535537b22d6 /test/T350-crypto.sh | |
| parent | ed29a9c37ec382fc2d5b1d1ecc1f1fb28a6769c6 (diff) | |
Accept "key-missing" from a signature from a revoked key
We have traditionally expected a signature to show up as "revoked"
when the signing key is revoked. However, GnuPG's recent fix to avoid
a denial of service against legitimate signatures appears to have
changed the status of signature verification from keys which happen to
have been revoked.
See https://bugs.debian.org/1098995 and https://dev.gnupg.org/T7547
This change makes the test suite a little bit less brittle while we
look for a resolution from upstream. It should probably also be
backported to debian unstable unless a notmuch release to unstable is
imminent.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Diffstat (limited to 'test/T350-crypto.sh')
| -rwxr-xr-x | test/T350-crypto.sh | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh index 27c0e86d..712a0c07 100755 --- a/test/T350-crypto.sh +++ b/test/T350-crypto.sh @@ -453,6 +453,7 @@ y | gpg --no-tty --quiet --import output=$(notmuch show --format=json --verify subject:"test signed message 001" \ | notmuch_json_show_sanitize \ + | sed -e 's/"key-\(revoked\|missing\)"/"key-revoked"/g' \ | sed -e 's|"created": [1234567890]*|"created": 946728000|') expected='[[[{"id": "XXXXX", "match": true, |