Daniel Kahn Gillmor <[email protected]> writes: > > Please see the attached patch. > > --dkg > > From 6d7f5791830c6d3e7607812116e63c866f3c587c Mon Sep 17 00:00:00 2001 > From: Daniel Kahn Gillmor <[email protected]> > Date: Thu, 27 Feb 2025 13:14:08 -0500 > Subject: [PATCH] Accept "key-missing" from a signature from a revoked key > > We have traditionally expected a signature to show up as "revoked" > when the signing key is revoked. However, GnuPG's recent fix to avoid > a denial of service against legitimate signatures appears to have > changed the status of signature verification from keys which happen to > have been revoked. > > See https://bugs.debian.org/1098995 and https://dev.gnupg.org/T7547 > > This change makes the test suite a little bit less brittle while we > look for a resolution from upstream. It should probably also be > backported to debian unstable unless a notmuch release to unstable is > imminent. > > Signed-off-by: Daniel Kahn Gillmor <[email protected]> > --- > test/T350-crypto.sh | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh > index 27c0e86d..712a0c07 100755 > --- a/test/T350-crypto.sh > +++ b/test/T350-crypto.sh > @@ -453,6 +453,7 @@ y > | gpg --no-tty --quiet --import > output=$(notmuch show --format=json --verify subject:"test signed message > 001" \ > | notmuch_json_show_sanitize \ > + | sed -e 's/"key-\(revoked\|missing\)"/"key-revoked"/g' \ > | sed -e 's|"created": [1234567890]*|"created": 946728000|') > expected='[[[{"id": "XXXXX", > "match": true, > -- > 2.47.2
I have applied this patch to the release and master branches. It will be part of 0.39~rc2 or 0.39. _______________________________________________ notmuch mailing list -- [email protected] To unsubscribe send an email to [email protected]
