[PATCH v4 0/7] ssh signing: verify key lifetime

Fabian Stelzer <fs@xxxxxxxxxxxx> · Tue, 30 Nov 2021 15:11:05 +0100



changes since v3:
 - improve readability of prereq setup code by using heredoc and some 
   variables

changes since v2:
 - fix swich/case indentation
 - BUG() on unknown payload types
 - improve test prereq by actually validating ssh-keygen functionality

changes since v1:
 - struct signature_check is now used to input payload data into
   check_function
 - payload metadata parsing is completely internal to check_signature.
   the caller only need to set the payload type in the sigc struct
 - small nits and readability fixes
 - removed payload_signer parameter. since we now use the struct we can 
   extend
   this later.

Fabian Stelzer (7):
  ssh signing: use sigc struct to pass payload
  ssh signing: add key lifetime test prereqs
  ssh signing: make verify-commit consider key lifetime
  ssh signing: make git log verify key lifetime
  ssh signing: make verify-tag consider key lifetime
  ssh signing: make fmt-merge-msg consider key lifetime
  ssh signing: verify ssh-keygen in test prereq

 Documentation/config/gpg.txt     |  5 ++
 builtin/receive-pack.c           |  6 ++-
 commit.c                         |  6 ++-
 fmt-merge-msg.c                  |  5 +-
 gpg-interface.c                  | 90 +++++++++++++++++++++++++-------
 gpg-interface.h                  | 15 ++++--
 log-tree.c                       | 10 ++--
 t/lib-gpg.sh                     | 62 ++++++++++++++++++----
 t/t4202-log.sh                   | 43 +++++++++++++++
 t/t6200-fmt-merge-msg.sh         | 54 +++++++++++++++++++
 t/t7031-verify-tag-signed-ssh.sh | 42 +++++++++++++++
 t/t7528-signed-commit-ssh.sh     | 42 +++++++++++++++
 tag.c                            |  5 +-
 13 files changed, 341 insertions(+), 44 deletions(-)

Range-diff against v3:
1:  9f71fd8639 = 1:  c4447d30f2 ssh signing: use sigc struct to pass payload
2:  5ee143bc38 = 2:  0bb1617529 ssh signing: add key lifetime test prereqs
3:  3183e84e2e = 3:  f60bd1efd0 ssh signing: make verify-commit consider key lifetime
4:  e35515867c = 4:  5fc0ad5c37 ssh signing: make git log verify key lifetime
5:  e20177d950 = 5:  f1c225871f ssh signing: make verify-tag consider key lifetime
6:  2af2b6d098 = 6:  1cbd4dbb6b ssh signing: make fmt-merge-msg consider key lifetime
7:  e6e2236a52 < -:  ---------- ssh signing: verify ssh-keygen in test prereq
-:  ---------- > 7:  d60f4ec82c ssh signing: verify ssh-keygen in test prereq

base-commit: abe6bb3905392d5eb6b01fa6e54d7e784e0522aa
-- 
2.31.1