gpg tests fail if a yubikey is connected #787

jku · 2024-04-16T11:50:30Z

The GPG tests that try to use "default key" fail for me locally.

EDIT: this happens when a yubikey happens to be connected: gpg sees two options (yubikey and the test key) and since the test does not actually set a default key, gpg does not know what to do...

We should either stop testing "default key" or actually set the default in the tests

$ tox -e test
test: install_deps> pip install -r /home/jkukkonen/src/securesystemslib/requirements-pinned.txt -r /home/jkukkonen/src/securesystemslib/requirements-test.txt
test: commands[0]> python -m tests.check_gpg_available
.
----------------------------------------------------------------------
Ran 1 test in 0.002s

OK
test: commands[1]> coverage run tests/aggregate_tests.py
.................EE........E.................ss..............................
======================================================================
ERROR: test_gpg_sign_and_verify_object_with_default_key (tests.test_gpg.TestGPGDSA.test_gpg_sign_and_verify_object_with_default_key)
Create a signature using the default key on the keyring
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/jkukkonen/src/securesystemslib/tests/test_gpg.py", line 826, in test_gpg_sign_and_verify_object_with_default_key
    signature = create_signature(test_data, homedir=self.gnupg_home)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/jkukkonen/src/securesystemslib/securesystemslib/gpg/functions.py", line 137, in create_signature
    raise CommandError(
securesystemslib.gpg.exceptions.CommandError: Command '['gpg', '--detach-sign', '--digest-algo', 'SHA256', '--homedir', 'dsa']' returned non-zero exit status '2', stderr was:
gpg: WARNING: unsafe permissions on homedir '/tmp/tmp5ffatewa/dsa'
gpg: no default secret key: No public key
gpg: signing failed: No public key
.

======================================================================
ERROR: test_gpg_sign_and_verify_object_with_default_key (tests.test_gpg.TestGPGEdDSA.test_gpg_sign_and_verify_object_with_default_key)
Create a signature using the default key on the keyring
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/jkukkonen/src/securesystemslib/tests/test_gpg.py", line 883, in test_gpg_sign_and_verify_object_with_default_key
    signature = create_signature(test_data, homedir=self.gnupg_home)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/jkukkonen/src/securesystemslib/securesystemslib/gpg/functions.py", line 137, in create_signature
    raise CommandError(
securesystemslib.gpg.exceptions.CommandError: Command '['gpg', '--detach-sign', '--digest-algo', 'SHA256', '--homedir', 'dsa']' returned non-zero exit status '2', stderr was:
gpg: WARNING: unsafe permissions on homedir '/tmp/tmpama_mynb/dsa'
gpg: no default secret key: No public key
gpg: signing failed: No public key
.

======================================================================
ERROR: test_gpg_sign_and_verify_object_with_default_key (tests.test_gpg.TestGPGRSA.test_gpg_sign_and_verify_object_with_default_key)
Create a signature using the default key on the keyring
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/jkukkonen/src/securesystemslib/tests/test_gpg.py", line 667, in test_gpg_sign_and_verify_object_with_default_key
    signature = create_signature(test_data, homedir=self.gnupg_home)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/jkukkonen/src/securesystemslib/securesystemslib/gpg/functions.py", line 137, in create_signature
    raise CommandError(
securesystemslib.gpg.exceptions.CommandError: Command '['gpg', '--detach-sign', '--digest-algo', 'SHA256', '--homedir', 'rsa']' returned non-zero exit status '2', stderr was:
gpg: WARNING: unsafe permissions on homedir '/tmp/tmpvxwlk8ze/rsa'
gpg: no default secret key: No public key
gpg: signing failed: No public key
.

----------------------------------------------------------------------
Ran 77 tests in 2.810s

FAILED (errors=3, skipped=2)
test: exit 1 (2.99 seconds) /home/jkukkonen/src/securesystemslib> coverage run tests/aggregate_tests.py pid=1703498
  test: FAIL code 1 (4.94=setup[1.92]+cmd[0.04,2.99] seconds)
  evaluation failed :( (4.98 seconds)

The text was updated successfully, but these errors were encountered:

jku · 2024-04-16T12:02:14Z

$ gpg --version
gpg (GnuPG) 2.2.40
libgcrypt 1.10.3
...

lukpueh · 2024-04-16T12:08:23Z

Odd. Seems to work on ubuntu CI. Unfortunately, we don't log the gpg version in the tests (anymore?). It also works for me locally on my mac:

gpg --version
gpg (GnuPG) 2.4.5
libgcrypt 1.10.3

jku · 2024-04-16T12:17:19Z

Tests started succeeding again after I disconnected my yubikey.

So this is no longer that urgent.... but gpg sees two potential private keys (test key and yubikey) during the test and the default key selection fails because the test never configures default key. I think the test should either not test "default key" or should actually configure gpg so that there is a default key

jku changed the title ~~test suite fails locally (gpg)~~ gpg tests fail if a yubikey is connected Apr 16, 2024

lukpueh modified the milestone: 1.0.0 May 14, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

gpg tests fail if a yubikey is connected #787

gpg tests fail if a yubikey is connected #787

jku commented Apr 16, 2024 •

edited

Loading

jku commented Apr 16, 2024

lukpueh commented Apr 16, 2024

jku commented Apr 16, 2024

gpg tests fail if a yubikey is connected #787

gpg tests fail if a yubikey is connected #787

Comments

jku commented Apr 16, 2024 • edited Loading

jku commented Apr 16, 2024

lukpueh commented Apr 16, 2024

jku commented Apr 16, 2024

jku commented Apr 16, 2024 •

edited

Loading