Hi. I had a background job doing 'make check' in a project that triggered a GnuPG private key operation PIN prompt... this was surprising to me, and the attached fix should avoid that happening. If my PIN had been cached, this would have signed a commit behind my back (although this would have been a harmless one). I think this behaviour should generally be considered a bug. I wonder if there are more examples of this hidden deep inside scripts.
/Simon
From 0ab73798b5bc703233195c1d37f96d977fc26ad8 Mon Sep 17 00:00:00 2001 From: Simon Josefsson <si...@josefsson.org> Date: Sun, 13 Nov 2022 11:50:51 +0100 Subject: [PATCH] vc-list-files-tests: Avoid OpenPGP private key operations. * tests/test-vc-list-files-git.sh (GIT_CONFIG_GLOBAL): Set it to /dev/null. --- ChangeLog | 6 ++++++ tests/test-vc-list-files-git.sh | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/ChangeLog b/ChangeLog index 70ece5200..d51a62a02 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2022-11-13 Simon Josefsson <si...@josefsson.org> + + vc-list-files-tests: Avoid OpenPGP private key operations. + * tests/test-vc-list-files-git.sh (GIT_CONFIG_GLOBAL): Set it to + /dev/null. + 2022-11-03 Bruno Haible <br...@clisp.org> dynarray: Rename to glibc-internal/dynarray. diff --git a/tests/test-vc-list-files-git.sh b/tests/test-vc-list-files-git.sh index 28292322a..d4e574370 100755 --- a/tests/test-vc-list-files-git.sh +++ b/tests/test-vc-list-files-git.sh @@ -22,6 +22,13 @@ tmpdir=vc-git-$$ GIT_DIR= GIT_WORK_TREE=; unset GIT_DIR GIT_WORK_TREE +# Ignore local git configurations that may interact badly with +# commands below. For example, if the user has set +# commit.gpgsign=true in ~/.gitconfig the 'git commit' below will +# require a OpenPGP private key operation which trigger PIN prompts +# and unwanted hardware access on the developer's machine. +GIT_CONFIG_GLOBAL=/dev/null; export GIT_CONFIG_GLOBAL + fail=1 mkdir $tmpdir && cd $tmpdir && # without git, skip the test -- 2.37.1 (Apple Git-137.1)
signature.asc
Description: PGP signature
