t/lib-gpg: avoid broken versions of ssh-keygen

The "-Y find-principals" option of ssh-keygen seems to be broken in
Debian's openssh-client 1:8.7p1-1, whereas it works fine in 1:8.4p1-5.
This causes several failures for GPGSSH tests. We fulfill the
prerequisite because generating the keys works fine, but actually
verifying a signature causes results ranging from bogus results to
ssh-keygen segfaulting.

We can find the broken version during the prereq check by feeding it
empty input. This should result in it complaining to stderr, but in the
broken version it triggers the segfault, causing the GPGSSH tests to be
skipped.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh
index f99ef3e859dd433b720c789cc1f26aae1796bbb6..4c549beba6a41fbe1342fe45ed9440199049c7b2 100644 (file)
--- a/t/lib-gpg.sh
+++ b/t/lib-gpg.sh
@@ -104,6 +104,12 @@ test_lazy_prereq GPGSSH '
        test $? != 127 || exit 1
        echo $ssh_version | grep -q "find-principals:missing signature file"
        test $? = 0 || exit 1;
+
+       # some broken versions of ssh-keygen segfault on find-principals;
+       # avoid testing with them.
+       ssh-keygen -Y find-principals -f /dev/null -s /dev/null
+       test $? = 139 && exit 1
+
        mkdir -p "${GNUPGHOME}" &&
        chmod 0700 "${GNUPGHOME}" &&
        ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_PRIMARY}" >/dev/null &&