This series adds key lifetime validity checks by parsing commit/tag dates from the paylod and passing them to the ssh-keygen operations. changes since v1: - struct signature_check is now used to input payload data into check_function - payload metadata parsing is completely internal to check_signature. the caller only need to set the payload type in the sigc struct - small nits and readability fixes - removed payload_signer parameter. since we now use the struct we can extend this later. Since the last 3 patches now only contain a minimal code change and the tests for the seperate callers we could merge them together. I don't mind either way. Fabian Stelzer (6): ssh signing: use sigc struct to pass payload ssh signing: add key lifetime test prereqs ssh signing: make verify-commit consider key lifetime ssh signing: make git log verify key lifetime ssh signing: make verify-tag consider key lifetime ssh signing: make fmt-merge-msg consider key lifetime Documentation/config/gpg.txt | 5 ++ builtin/receive-pack.c | 6 ++- commit.c | 6 ++- fmt-merge-msg.c | 5 +- gpg-interface.c | 87 ++++++++++++++++++++++++-------- gpg-interface.h | 15 ++++-- log-tree.c | 10 ++-- t/lib-gpg.sh | 19 ++++++- t/t4202-log.sh | 43 ++++++++++++++++ t/t6200-fmt-merge-msg.sh | 54 ++++++++++++++++++++ t/t7031-verify-tag-signed-ssh.sh | 42 +++++++++++++++ t/t7528-signed-commit-ssh.sh | 42 +++++++++++++++ tag.c | 5 +- 13 files changed, 303 insertions(+), 36 deletions(-) base-commit: e9e5ba39a78c8f5057262d49e261b42a8660d5b9 -- 2.31.1
