diff options
authorJeff King <>2021-11-10 06:00:47 (GMT)
committerJunio C Hamano <>2021-11-10 22:14:37 (GMT)
commitca7a5bf4bd41daa2d475fa98dd014a97e02eb08e (patch)
parent65db97b4fa6b03059f2f14f313e07ca799d4ef3f (diff)
t/lib-gpg: avoid broken versions of ssh-keygen
The "-Y find-principals" option of ssh-keygen seems to be broken in Debian's openssh-client 1:8.7p1-1, whereas it works fine in 1:8.4p1-5. This causes several failures for GPGSSH tests. We fulfill the prerequisite because generating the keys works fine, but actually verifying a signature causes results ranging from bogus results to ssh-keygen segfaulting. We can find the broken version during the prereq check by feeding it empty input. This should result in it complaining to stderr, but in the broken version it triggers the segfault, causing the GPGSSH tests to be skipped. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
1 files changed, 6 insertions, 0 deletions
diff --git a/t/ b/t/
index f99ef3e..4c549be 100644
--- a/t/
+++ b/t/
@@ -104,6 +104,12 @@ test_lazy_prereq GPGSSH '
test $? != 127 || exit 1
echo $ssh_version | grep -q "find-principals:missing signature file"
test $? = 0 || exit 1;
+ # some broken versions of ssh-keygen segfault on find-principals;
+ # avoid testing with them.
+ ssh-keygen -Y find-principals -f /dev/null -s /dev/null
+ test $? = 139 && exit 1
mkdir -p "${GNUPGHOME}" &&
chmod 0700 "${GNUPGHOME}" &&
ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_PRIMARY}" >/dev/null &&