On 09.01.26 20:02, Gary Gregory wrote:
On Fri, Jan 9, 2026 at 1:48 PM Thomas Wolf <[email protected]> wrote:
Funny that this didn't crop up much earlier. It's a problem
with these tests.
sshd-git is unchanged in 2.17.0. The JGit dependency saw a
patch version update, but that update didn't change anything
even remotely related to this.
On 09.01.26 15:36, Gary Gregory wrote:
I tested the src zip file.
- ASC OK
- SHA512 OK
- `mvn clean verify` fails with:
https://gist.github.com/garydgregory/ee05f1b6df7722827788d1af676e724e
For example:
[INFO] Running org.apache.sshd.git.pack.GitPackCommandTest
[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time
elapsed: 0.061 s <<< FAILURE! -- in
org.apache.sshd.git.pack.GitPackCommandTest
[ERROR] org.apache.sshd.git.pack.GitPackCommandTest.gitPack -- Time
elapsed: 0.061 s <<< ERROR!
org.eclipse.jgit.api.errors.JGitInternalException: Unable to find a
public-key with key or user id: 530AA5F25C25011F
at
org.eclipse.jgit.gpg.bc.internal.BouncyCastleGpgSigner.signObject(BouncyCastleGpgSigner.java:211)
at org.eclipse.jgit.api.CommitCommand.sign(CommitCommand.java:294)
at org.eclipse.jgit.api.CommitCommand.call(CommitCommand.java:247)
at
org.apache.sshd.git.pack.GitPackCommandTest.gitPack(GitPackCommandTest.java:111)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
Caused by: org.bouncycastle.openpgp.PGPException: Unable to find a
public-key with key or user id: 530AA5F25C25011F
at
org.eclipse.jgit.gpg.bc.internal.BouncyCastleGpgKeyLocator.findSecretKey(BouncyCastleGpgKeyLocator.java:431)
at
org.eclipse.jgit.gpg.bc.internal.BouncyCastleGpgSigner.locateSigningKey(BouncyCastleGpgSigner.java:120)
at
org.eclipse.jgit.gpg.bc.internal.BouncyCastleGpgSigner.signObject(BouncyCastleGpgSigner.java:146)
... 6 more
The tests do not mock the git user and system config. Looks like
the test picks up some commit signing configuration, probably
from your real ~/.gitconfig.
Hi Thomas,
It took a surprising amount of time and effort for me to get git to
sign my commits from Eclipse and the command line somewhat
transparently. I don't plan on touching any of it.
Getting the tests to behave sensibly seems reasonable to me, not that
I can help with this ATM.
If the only way for me to validate a build is to skip that module
entirely, then that'll have to be the caveat for any review from me
going forward.
Gary
Oh, it's fixable all right; it'll just take a moment. I'd prefer to do
it after this release.
For this release I see five options:
1. You temporarily comment out the "gpgSign = true" line in the "commit"
section of your ~/.gitconfig, run the tests, then uncomment that line again.
2. You skip module sshd-git.
3. You base your vote on the run you did -- everything after sshd-git
is minor or assembly stuff only anyway.
4. You decide not to vote this time.
5. We cancel this vote, and maybe I'll have time to find a fix next week
and re-do the release candidate.
Cheers,
Thomas
Fixing this in the test will be some work, as will testing that
the fix works.
Cheers,
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
