From 292b2fd9bab4b98ad23939635b1a4894edeb17f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= <pawel.gronowski@docker.com>
Date: Wed, 6 May 2026 12:32:31 +0200
Subject: [PATCH] tests: Migrate off gpg2 and regenerate key ed25519
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
---
 tests/Dockerfile                                |  10 +++++-----
 tests/gpg-keys/ownertrust                       |   4 ++--
 tests/gpg-keys/secret                           | Bin 966 -> 489 bytes
 tests/integration/credentials/create_gpg_key.sh |  14 +++-----------
 4 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/tests/Dockerfile b/tests/Dockerfile
index 1d967e563b..6b78754e74 100644
--- a/tests/Dockerfile
+++ b/tests/Dockerfile
@@ -4,7 +4,7 @@ ARG PYTHON_VERSION=3.12
 FROM python:${PYTHON_VERSION}
 
 RUN apt-get update && apt-get -y install --no-install-recommends \
-    gnupg2 \
+    gnupg \
     pass
 
 # Add SSH keys and set permissions
@@ -14,10 +14,10 @@ RUN sed -i '1s;^;dpy-dind-ssh ;' /root/.ssh/known_hosts
 RUN chmod -R 600 /root/.ssh
 
 COPY ./tests/gpg-keys /gpg-keys
-RUN gpg2 --import gpg-keys/secret
-RUN gpg2 --import-ownertrust gpg-keys/ownertrust
-RUN yes | pass init $(gpg2 --no-auto-check-trustdb --list-secret-key | awk '/^sec/{getline; $1=$1; print}')
-RUN gpg2 --check-trustdb
+RUN gpg --batch --pinentry-mode loopback --passphrase '' --import gpg-keys/secret
+RUN gpg --import-ownertrust gpg-keys/ownertrust
+RUN yes | pass init $(gpg --no-auto-check-trustdb --list-secret-key | awk '/^sec/{getline; $1=$1; print}')
+RUN gpg --check-trustdb
 ARG CREDSTORE_VERSION=v0.6.3
 RUN curl -sSL -o /opt/docker-credential-pass.tar.gz \
     https://github.com/docker/docker-credential-helpers/releases/download/$CREDSTORE_VERSION/docker-credential-pass-$CREDSTORE_VERSION-amd64.tar.gz && \
diff --git a/tests/gpg-keys/ownertrust b/tests/gpg-keys/ownertrust
index 141ea57e8d..31360dea4e 100644
--- a/tests/gpg-keys/ownertrust
+++ b/tests/gpg-keys/ownertrust
@@ -1,3 +1,3 @@
-# List of assigned trustvalues, created Wed 25 Apr 2018 01:28:17 PM PDT
+# List of assigned trustvalues, created Wed May 20 14:53:47 2026 UTC
 # (Use "gpg --import-ownertrust" to restore them)
-9781B87DAB042E6FD51388A5464ED987A7B21401:6:
+713D05DCAFD74767847E4BBBE596CB09C46DE21F:6:
diff --git a/tests/gpg-keys/secret b/tests/gpg-keys/secret
index 412294db8492a86a109545e31888b5b230017b4d..b4522c63d6b7426cbe934ddba14fd1a8caf0577d 100644
GIT binary patch
literal 489
zcmbOd!IH&$>bDrDHX9=g<1Kf7Mn-lA??-2JivIM>%Hh$RxAyUZ*448N;;k~Ch%PNV
z9%^yyNEHLa|A5$U>}L-Ythw8t8~0Q;s;7L?oeT5#%4}v|bf-8*)qR!V?k)1J6^Xe8
zIjIVv#i>OKHl;w)Ar&H|mz<w#*D;wzSd5FoT1=6p(3bVi`s?oLEp^_zpH4f?c_jCd
zJS!8(VNBADtlXR&>`Y8bOl+cDoE+RtEMiQ|j7)OuOyUg;T$}<h_50>C{FU*`sGM$R
zX|*C=dhP263l}&9UQs$wkg}60(Xjp8{ix3jzggA@E!sc-XkgnHBgd~>K0g-x`bsHT
z{rl@bb;2H|)7#kR#Dc>^hzlGZ(?c0qK>@;lXm!}W$u17AZ(J59?wwd5G2KSLZ*#(F
z>8VwRZ=P5z&&<fd4h)od-J%%LqS=A@2@ew{BpEDywEFqGB`NPjwgqsg?yFOf;NR9!
z!6E_lvjPD>^B{Zd@HIw;Ut7X5HZ77f))9PoMqDD}R0^M*%+~wWNq2W9`-F47Vqj#r
mwqu(2+4qif!>sOpebJY^^o^V==ZXt0(~PJ1eR{9T!w&#hSH&{`

literal 966
zcmV;%13CPa0lNfR;MwsJ1OT9MDfJwS(eFF4u%|6O+V;@nXyh}N3JQBjI;zcUW-XT9
zaG7iCNTsErINPbwhKkhqBEL7K%)>|l%|7<T-<?)BYv82``==AbMDw6Oz8kBQw&CJ<
z1*aKg0^w!F*CcSWj!%<dP@GXhG-By*0ixc$Fzy^x{1bcu%(pbmwYvbIx|GVG8lUaq
zp};PU7qwZDRdZ_l1OIR3abj5x06MN0Sgp=!tn^2T&V-O%`<sw>6`yGw3PkhkWv4a3
zE`6J5cQlHWX7-66CA@P)lWU%iSfo}pZkc13MBQb^3>ts8S&yoPUuJd5Mx$jnZAeL7
z0zAcmWp+hXz~f4lPQ{t3ERNjVp!@|-+Tf5|795qpWtFb$+R+36ipYm_E{{YIj=r~P
zhDgerPA@%P9tyu^R;9JfI%G&`CN3RPT++*Iok+3wqDJ1MI#nH8bX*ba7E;mD3oKWx
z4F)RmD9X8Gek8e@9)D0vFD16xns4w9V?I0;7-YhszQ6_J9jFZstH=sIsFyTOh7<wE
zaCv4-)Eh06&a{WA005mAr1FQTrkwH)O!H$)2Ao<b2T217AG9J<VQY1HVIWC*VR>(9
zAUtznYjt^HKxbucb8l;TZ!T(ZK8Ruj6A=OcA_W3k;Mws48zTk_2?z%R0tOWb0tpHW
z1Qr4V0RkQY0vCV)3JDNKPT7a2vJ?SJ!vLNlQ2c^gnajF&6@3oWB3pxV$5IRcpLjI|
zaM)KtsV+Ogrz|M%1rjc@)SUq`1X|$P@el+6*?$94?5D}G;(n*OHUX4mi&Uz(Ekblp
zx#Z#D2=83>X=T>HpnuCrx0%>I6aHAJdUBQ5OT?3M@xWi{Qhp7n_^wx*ZKjl?)arA#
z!%d7}b^_>O3L)$l(zL3NZ3NBX|2Y=a1RpjR*Z0_r`V_7_DtROw1Yd~QdJwNW-&Y_f
z00RXB{0M;!W|?O7&g9-Kp;{9790`zvjA5%QL168tfB>R_(~>4ekzQsQyf<onhD^?}
zGHBbj0Zm8Ld~^tlb;pK5a!^<bK#=j)ymQxb^Egj%m88^4JNY2!CW+sra9H4(&U>A|
zp#lMz98D=hpP1>ygj2Rt)a9rmuw9RtI<#`f)c^qc0%I1YGSqC3F1t6W2UVO?<>3=n
zob?W;+amTvGA{v(4#|i~1Q-zl00{*GTHx970vikf3JDNKPT7a2vJ?UJWB{P14n<>s
o>?00~Fi*{Ffy<B;GL}dHoCy#z;XZ`;9((7F)Gbp=PTHwXYqTM;2><{9

diff --git a/tests/integration/credentials/create_gpg_key.sh b/tests/integration/credentials/create_gpg_key.sh
index b276c20dc5..9f6d5b2b97 100644
--- a/tests/integration/credentials/create_gpg_key.sh
+++ b/tests/integration/credentials/create_gpg_key.sh
@@ -1,12 +1,4 @@
 #!/usr/bin/sh
-haveged
-gpg --batch --gen-key <<-EOF
-%echo Generating a standard key
-Key-Type: DSA
-Key-Length: 1024
-Subkey-Type: ELG-E
-Subkey-Length: 1024
-Name-Real: Sakuya Izayoi
-Name-Email: sakuya@gensokyo.jp
-Expire-Date: 0
-EOF
\ No newline at end of file
+gpg --batch --passphrase '' --quick-gen-key 'Example User <user@example.com>' ed25519 cert 0
+FINGERPRINT=$(gpg --no-auto-check-trustdb --list-secret-keys --with-colons | awk -F: '/^fpr/{print $10; exit}')
+gpg --batch --passphrase '' --quick-add-key "$FINGERPRINT" cv25519 encr 0