We have traditionally expected a signature to show up as "revoked"
when the signing key is revoked. However, GnuPG's recent fix to avoid
a denial of service against legitimate signatures appears to have
changed the status of signature verification from keys which happen to
have been revoked.
See https://bugs.debian.org/
1098995 and https://dev.gnupg.org/T7547
This change makes the test suite a little bit less brittle while we
look for a resolution from upstream. It should probably also be
backported to debian unstable unless a notmuch release to unstable is
imminent.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit
d330971b8bdb159e58a806e7ee24f3e5551d3f89)
| gpg --no-tty --quiet --import
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
+ | sed -e 's/"key-\(revoked\|missing\)"/"key-revoked"/g' \
| sed -e 's|"created": [1234567890]*|"created": 946728000|')
expected='[[[{"id": "XXXXX",
"match": true,
projects / notmuch / commitdiff