tofu.test fails in a few months
Closed, ResolvedPublic

Description

the keys in tests/openpgp/tofu-keys.asc all expire on 2016-09-17, less than
three months away.

This means that tofu.test will fail with:

   Wrong default trust.  Got: `e', expected `m'

in about 90 days.

We're already seeing this problem in debian's reproducible builds, where one
build is done with a clock that is advanced 398 days from the present.

For example:

https://tests.reproducible-builds.org/debian/logs/experimental/amd64/gnupg2_2.1.13-2.build2.log.gz

(you can see that clock variations are the likely culprit:

    https://tests.reproducible-builds.org/debian/index_variations.html )

I'm not sure the right way to deal with test keys like this so that the test
suite itself doesn't gratuitously fail just because the wall clock advances.
Maybe 10-year expirations would be sufficient, with a warning (not a failure)
that shows up in the test suite when the keys have less than 2 years left?

dkg added subscribers: dkg, neal.
werner added a subscriber: justus.Jun 22 2016, 11:32 AM
werner added a subscriber: werner.

For the few gpgsm tests we have, the --faked-system-time option is used. We
should use this here too.

werner assigned this task to justus.Jun 22 2016, 11:32 AM
justus closed this task as Resolved.Jun 23 2016, 5:53 PM

Fixed in e584d646. Includes a fix for the old test for those who need to
backport it.