diff options
author | Lars Wirzenius <liw@sequoia-pgp.org> | 2021-12-07 17:58:47 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@sequoia-pgp.org> | 2021-12-07 18:54:07 +0200 |
commit | cd5515c684d3b734171ee5cfafbdec934f7d07a8 (patch) | |
tree | 2f38c825619294bfc846a19b479b1cc49ab1edf3 | |
parent | 7731320e2d99a9e1793018e45f0300e55323a238 (diff) |
fix: change how signed file is mangled
The "binary signature" Subplot scenario was a little flaky. I could
reproduce this locally by running it repeatedly, and it would
invariably fail before the 300th repetition.
The problem is that the signature file produced by sq did not always
look like what the scenario expected. The fix is to change how the
signed file is modified: always remove the third line, after the
"BEGIN PGP SIGNATURE" and empty lines. Also, don't insist on the exit
code 1 for failure, until we've established what sq's exit codes can
be.
Fixes #786. This passes over 2000 runs of the "binary signature" test
run.
-rw-r--r-- | sq/sq-subplot.md | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sq/sq-subplot.md b/sq/sq-subplot.md index 65fb0e2a..f77649b1 100644 --- a/sq/sq-subplot.md +++ b/sq/sq-subplot.md @@ -156,7 +156,7 @@ then file output.txt contains "hello, world" ~~~ However, if the signed file is modified, verification must fail. We -check this by removing lines from the signed file, which is a crude +check this by removing a line from the signed file, which is a crude way of making sure the signature doesn't match. Further, the output must not contain the input if the verification @@ -165,12 +165,13 @@ text, and possibly a warning that it's not to be trusted, but they make use of the text anyway. ~~~scenario -when I run sed -i '/^[A-Za-z]/d' s.pgp +when I run sed -i 3d s.pgp when I try to run sq verify --signer-cert tomjon.pgp s.pgp -then exit code is 1 +then exit code is not 0 then stdout doesn't contain "hello, world" ~~~ + ## Cleartext signature This scenario is essentially the same, but uses a cleartext signature, |