Merge branch 'jk/ssh-signing-fix'

Reject OpenSSH 8.7 whose "ssh-keygen -Y find-principals" is
unusable from running the ssh signature tests.

* jk/ssh-signing-fix:
  t/lib-gpg: avoid broken versions of ssh-keygen

diff --cc t/lib-gpg.sh
index 1d8e5b5b7ec050f9b5c889d9147dc954d1a5a62d,4c549beba6a41fbe1342fe45ed9440199049c7b2..a3f285f5156670bb956494f2778891145339eaba
--- 1/t/lib-gpg.sh
--- 2/t/lib-gpg.sh
+++ b/t/lib-gpg.sh
@@@ -104,9 -104,14 +104,15 @@@ test_lazy_prereq GPGSSH 
        test $? != 127 || exit 1
        echo $ssh_version | grep -q "find-principals:missing signature file"
        test $? = 0 || exit 1;
+ 
+       # some broken versions of ssh-keygen segfault on find-principals;
+       # avoid testing with them.
+       ssh-keygen -Y find-principals -f /dev/null -s /dev/null
+       test $? = 139 && exit 1
+ 
        mkdir -p "${GNUPGHOME}" &&
        chmod 0700 "${GNUPGHOME}" &&
 +      (setfacl -k "${GNUPGHOME}" 2>/dev/null || true) &&
        ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_PRIMARY}" >/dev/null &&
        echo "\"principal with number 1\" $(cat "${GPGSSH_KEY_PRIMARY}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" &&
        ssh-keygen -t rsa -b 2048 -N "" -C "git rsa2048 key" -f "${GPGSSH_KEY_SECONDARY}" >/dev/null &&