changes since v5:
- moved the fixes to existing test to the first two commits and merged
those fixing new tests into the corresponding commit
changes since v4:
- removed unneccessary io redir in merge-msg tests
- added grep for merged tag to gpgssh merge-msg tests
changes since v3:
- improve readability of prereq setup code by using heredoc and some
variables
changes since v2:
- fix swich/case indentation
- BUG() on unknown payload types
- improve test prereq by actually validating ssh-keygen functionality
changes since v1:
- struct signature_check is now used to input payload data into
check_function
- payload metadata parsing is completely internal to check_signature.
the caller only need to set the payload type in the sigc struct
- small nits and readability fixes
- removed payload_signer parameter. since we now use the struct we can
extend
this later.
Fabian Stelzer (9):
t/fmt-merge-msg: do not redirect stderr
t/fmt-merge-msg: make gpgssh tests more specific
ssh signing: use sigc struct to pass payload
ssh signing: add key lifetime test prereqs
ssh signing: make verify-commit consider key lifetime
ssh signing: make git log verify key lifetime
ssh signing: make verify-tag consider key lifetime
ssh signing: make fmt-merge-msg consider key lifetime
ssh signing: verify ssh-keygen in test prereq
Documentation/config/gpg.txt | 5 ++
builtin/receive-pack.c | 6 ++-
commit.c | 6 ++-
fmt-merge-msg.c | 5 +-
gpg-interface.c | 90 +++++++++++++++++++++++++-------
gpg-interface.h | 15 ++++--
log-tree.c | 10 ++--
t/lib-gpg.sh | 62 ++++++++++++++++++----
t/t4202-log.sh | 43 +++++++++++++++
t/t6200-fmt-merge-msg.sh | 68 ++++++++++++++++++++++--
t/t7031-verify-tag-signed-ssh.sh | 42 +++++++++++++++
t/t7528-signed-commit-ssh.sh | 42 +++++++++++++++
tag.c | 5 +-
13 files changed, 351 insertions(+), 48 deletions(-)
Range-diff against v5:
-: ---------- > 1: 0b3848d23b t/fmt-merge-msg: do not redirect stderr
-: ---------- > 2: f29d838574 t/fmt-merge-msg: make gpgssh tests more specific
1: c4447d30f2 = 3: b065dcb7fb ssh signing: use sigc struct to pass payload
2: 0bb1617529 = 4: c37d33db31 ssh signing: add key lifetime test prereqs
3: f60bd1efd0 = 5: 640e9a4a99 ssh signing: make verify-commit consider key lifetime
4: 5fc0ad5c37 = 6: 2e98307c18 ssh signing: make git log verify key lifetime
5: f1c225871f = 7: 75d213ab15 ssh signing: make verify-tag consider key lifetime
6: 1cbd4dbb6b ! 8: 498821af14 ssh signing: make fmt-merge-msg consider key lifetime
@@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . expired-signed &&
-+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
++ git fmt-merge-msg <.git/FETCH_HEAD >actual &&
++ grep "^Merge tag ${apos}expired-signed${apos}" actual &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
@@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . notyetvalid-signed &&
-+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
++ git fmt-merge-msg <.git/FETCH_HEAD >actual &&
++ grep "^Merge tag ${apos}notyetvalid-signed${apos}" actual &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
@@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . timeboxedvalid-signed &&
-+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
++ git fmt-merge-msg <.git/FETCH_HEAD >actual &&
++ grep "^Merge tag ${apos}timeboxedvalid-signed${apos}" actual &&
+ grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual &&
+ ! grep "${GPGSSH_BAD_SIGNATURE}" actual
+'
@@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . timeboxedinvalid-signed &&
-+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
++ git fmt-merge-msg <.git/FETCH_HEAD >actual &&
++ grep "^Merge tag ${apos}timeboxedinvalid-signed${apos}" actual &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
7: d60f4ec82c = 9: 0816dd2ec8 ssh signing: verify ssh-keygen in test prereq
--
2.31.1
