Community
Participate
Working Groups
There should be real GPG signing tests, with real GPG (pubring.gpg,secring.gpg) and (pubring.kbx,gnupg/private-keys-v1.d/) setups. The tests should do really signed commits, and verify signatures after the commit.
Does the scope of this bug also include implementing a GpgVerifier or should a new bug be opened for this? Currently the commits that fixed https://bugs.eclipse.org/bugs/show_bug.cgi?id=491169 only implement a GpgSigner class.
Yes, open a new bug for that. Completely missed that. In that case, the scope of this bug covers only really signing commits, without verifying. Tests for verifying should then be added when the verifier is implemented.
I've opened https://bugs.eclipse.org/bugs/show_bug.cgi?id=547751 to track implementation of GPG verification feature. Mentioned this bug as well since the GPG verification libraries would be useful while writing the GPG signing tests.