On 2021.07.28 19:36, Fabian Stelzer via GitGitGadget wrote:
> From: Fabian Stelzer <fs@xxxxxxxxxxxx>
>
> generate some ssh keys and a allowedSignersFile for testing
>
> Signed-off-by: Fabian Stelzer <fs@xxxxxxxxxxxx>
> ---
> t/lib-gpg.sh | 29 +++++++++++++++++++++++++++++
> 1 file changed, 29 insertions(+)
>
> diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh
> index 9fc5241228e..600c8d1a026 100644
> --- a/t/lib-gpg.sh
> +++ b/t/lib-gpg.sh
> @@ -87,6 +87,35 @@ test_lazy_prereq RFC1991 '
> echo | gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null
> '
>
> +test_lazy_prereq GPGSSH '
> + ssh_version=$(ssh-keygen -Y find-principals -n "git" 2>&1)
> + test $? != 127 || exit 1
> + echo $ssh_version | grep -q "find-principals:missing signature file"
> + test $? = 0 || exit 1;
> + mkdir -p "${GNUPGHOME}" &&
> + chmod 0700 "${GNUPGHOME}" &&
> + ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GNUPGHOME}/ed25519_ssh_signing_key" >/dev/null &&
> + echo "\"principal with number 1\" $(cat "${GNUPGHOME}/ed25519_ssh_signing_key.pub")" >> "${GNUPGHOME}/ssh.all_valid.allowedSignersFile" &&
> + ssh-keygen -t rsa -b 2048 -N "" -C "git rsa2048 key" -f "${GNUPGHOME}/rsa_2048_ssh_signing_key" >/dev/null &&
> + echo "\"principal with number 2\" $(cat "${GNUPGHOME}/rsa_2048_ssh_signing_key.pub")" >> "${GNUPGHOME}/ssh.all_valid.allowedSignersFile" &&
> + ssh-keygen -t ed25519 -N "super_secret" -C "git ed25519 encrypted key" -f "${GNUPGHOME}/protected_ssh_signing_key" >/dev/null &&
> + echo "\"principal with number 3\" $(cat "${GNUPGHOME}/protected_ssh_signing_key.pub")" >> "${GNUPGHOME}/ssh.all_valid.allowedSignersFile" &&
> + cat "${GNUPGHOME}/ssh.all_valid.allowedSignersFile" &&
> + ssh-keygen -t ed25519 -N "" -f "${GNUPGHOME}/untrusted_ssh_signing_key" >/dev/null
> +'
> +
> +SIGNING_KEY_PRIMARY="${GNUPGHOME}/ed25519_ssh_signing_key"
> +SIGNING_KEY_SECONDARY="${GNUPGHOME}/rsa_2048_ssh_signing_key"
> +SIGNING_KEY_UNTRUSTED="${GNUPGHOME}/untrusted_ssh_signing_key"
> +SIGNING_KEY_WITH_PASSPHRASE="${GNUPGHOME}/protected_ssh_signing_key"
> +SIGNING_KEY_PASSPHRASE="super_secret"
> +SIGNING_ALLOWED_SIGNERS="${GNUPGHOME}/ssh.all_valid.allowedSignersFile"
> +
> +GOOD_SIGNATURE_TRUSTED='Good "git" signature for'
> +GOOD_SIGNATURE_UNTRUSTED='Good "git" signature with'
> +KEY_NOT_TRUSTED="No principal matched"
> +BAD_SIGNATURE="Signature verification failed"
> +
Is there a reason why we don't use these variables in the script above?
Also, in general I feel that it's better to add tests in the same commit
where new features are added, rather than having standalone test
commits.
> sanitize_pgp() {
> perl -ne '
> /^-----END PGP/ and $in_pgp = 0;
> --
> gitgitgadget
>
