547538 – [GPG signing] Implement real signing tests

Bug 547538 - [GPG signing] Implement real signing tests

Summary: [GPG signing] Implement real signing tests

Status:	NEW

Alias:	None

Product:	JGit
Classification:	Technology
Component:	JGit (show other bugs)
Version:	5.4
Hardware:	All All

Importance:	P3 enhancement (vote)
Target Milestone:	---
Assignee:	Project Inbox
QA Contact:

URL:
Whiteboard:
Keywords:	helpwanted

Depends on:
Blocks:

Reported:	2019-05-22 02:32 EDT by Thomas Wolf
Modified:	2019-05-29 03:57 EDT (History)
CC List:	2 users (show)

See Also:	547751

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Wolf

2019-05-22 02:32:10 EDT

There should be real GPG signing tests, with real GPG (pubring.gpg,secring.gpg) and (pubring.kbx,gnupg/private-keys-v1.d/) setups. The tests should do really signed commits, and verify signatures after the commit.

Comment 1 Shashank Yadav

2019-05-23 03:03:28 EDT

Does the scope of this bug also include implementing a GpgVerifier or should a new bug be opened for this? Currently the commits that fixed https://bugs.eclipse.org/bugs/show_bug.cgi?id=491169 only implement a GpgSigner class.

Comment 2 Thomas Wolf

2019-05-23 03:16:29 EDT

Yes, open a new bug for that. Completely missed that. In that case, the scope of this bug covers only really signing commits, without verifying. Tests for verifying should then be added when the verifier is implemented.

Comment 3 Shashank Yadav

2019-05-29 02:50:58 EDT

I've opened https://bugs.eclipse.org/bugs/show_bug.cgi?id=547751 to track implementation of GPG verification feature. Mentioned this bug as well since the GPG verification libraries would be useful while writing the GPG signing tests.