If the user is using GNOME, then it is expected that GNOME Keyring will
be used for Launchpad API token storage, which requires this module (via
keyring) to work.
python3-secretstorage depends on python3-cryptography, which must
explicitly be specified in snapcraft.yaml due to LP: #1918999.
I've been unable to write a test for this. Creating a collection in
secretservice (as implemented by gnome-keyring) doesn't work because a
prompt is required, and gnome-keyring apparently won't do that headless.
I found one reference to this at: https://github.com/99designs/aws-vault/issues/304#issuecomment-497387162
Otherwise, a simple test that does "import keyring;
keyring.backends.SecretService.Keyring().get_preferred_collection()"
might have worked.
build.py currently has no tests, so it's difficult to add a test for
this fix. But this is a trivial and obvious improvement, so I think it's
worth landing without.
Now that we have unpinned pygit2, the newer version of pygit2 provides a
pygit2.Repository.descendant_of() method directly, so we can drop our
temporary implementation and adjust the single caller.
We retain the test to ensure that the implementation swap does not
change behaviour.
With LP: #1918967 fixed in snapcraft, we must match and change the
substring of the fingerprint used for the public key file supplied to
snapcraft; otherwise the build fails.