[GSoC][PATCH 0/2] Add new "signature" atom

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
This series duplicates the code for signature related formats from
pretty to ref-filter, which is a step in the process of duplicating all
the pretty formats which are not present in ref-filter, with the end
goal of a single formatting interface for git in mind.

PATCH 1/2 introduces a new prereq GPG2 for the purpose of testing stuff
that breaks with GPG version <= v2. This is evident from the CI failure
in [1] that was sent with the same subject as this series (more info
below).

PATCH 2/2 adds a new "signature" atom, which is a duplication of the %G*
formats in pretty. This was sent before by Nsengiyumva Wilberforce and
was in "seen" until May and was removed because of CI failure. I have
built upon it and have done some minor changes to it. The CI jobs are
now successful which can be found at [2].

[1]: Patch

	https://lore.kernel.org/git/20230311210607.64927-1-nsengiyumvawilberforce@xxxxxxxxx/

     Junio's email about CI failure

	https://lore.kernel.org/git/xmqqpm9bosjw.fsf@gitster.g/

[2]: https://github.com/five-sh/git/actions/runs/5114306975/workflow

Here is the range-diff, compared to Nsengiyumva's final version posted
to the mailing list

-:  ---------- > 1:  5c97d11b79 t/lib-gpg: introduce new prereq GPG2
1:  8a49102b1f ! 2:  e89f14283d ref-filter: add new "signature" atom
    @@
      ## Metadata ##
    -Author: Nsengiyumva Wilberforce <nsengiyumvawilberforce@xxxxxxxxx>
    +Author: Kousik Sanagavarapu <five231003@xxxxxxxxx>
     
      ## Commit message ##
         ref-filter: add new "signature" atom
     
    -    This commit duplicates the code for `signature` atom from
         pretty.c
    -    to ref-filter.c. This feature will help to get rid of current
         duplicate
    -    implementation of `signature` atom when unifying
         implementations by
    -    using ref-filter logic everywhere when ref-filter can do
         everything
    -    pretty is doing.
    +    Duplicate the code for outputting the signature and it's other
    +    parameters for commits and tags in ref-filter from pretty. In
the
    +    future, this will help in getting rid of the current duplicate
    +    implementations of such logic everywhere, when ref-filter can
do
    +    everything that pretty is doing.
     
    -    Add "signature" atom with `grade`, `signer`, `key`,
    -    `fingerprint`, `primarykeyfingerprint`, `trustlevel` as
         arguments.
    -    This code and its documentation are inspired by how the %GG,
         %G?,
    -    %GS, %GK, %GF, %GP, and %GT pretty formats were implemented.
    +    The new atom "signature" and it's friends are equivalent to the
existing
    +    pretty formats as follows:
    +
    +            %(signature) = %GG
    +            %(signature:grade) = %G?
    +            %(siganture:signer) = %GS
    +            %(signature:key) = %GK
    +            %(signature:fingerprint) = %GF
    +            %(signature:primarykeyfingerprint) = %GP
    +            %(signature:trustlevel) = %GT
     
         Co-authored-by: Hariom Verma <hariom18599@xxxxxxxxx>
         Co-authored-by: Jaydeep Das <jaydeepjd.8914@xxxxxxxxx>
    -    Mentored-by: Christian Couder <chriscool@xxxxxxxxxxxxx>
    +    Co-authored-by: Nsengiyumva Wilberforce
<nsengiyumvawilberforce@xxxxxxxxx>
    +    Mentored-by: Christian Couder <christian.couder@xxxxxxxxx>
         Mentored-by: Hariom Verma <hariom18599@xxxxxxxxx>
    -    Signed-off-by: Nsengiyumva Wilberforce
         <nsengiyumvawilberforce@xxxxxxxxx>
    +    Signed-off-by: Kousik Sanagavarapu <five231003@xxxxxxxxx>
     
      ## Documentation/git-for-each-ref.txt ##
     @@ Documentation/git-for-each-ref.txt: symref::
    @@ ref-filter.c: static int subject_atom_parser(struct ref_format
*format UNUSED,
     +  return -1;
     +}
     +
    -+static int signature_atom_parser(struct ref_format *format UNUSED,
struct used_atom *atom,
    -+                         const char *arg, struct strbuf *err){
    ++static int signature_atom_parser(struct ref_format *format UNUSED,
    ++                           struct used_atom *atom,
    ++                           const char *arg, struct strbuf *err)
    ++{
     +  int opt = parse_signature_option(arg);
     +  if (opt < 0)
     +          return err_bad_arg(err, "signature", arg);
    @@ t/t6300-for-each-ref.sh: test_expect_success 'git for-each-ref
with non-existing
     +GRADE_FORMAT="%(signature:grade)%0a%(signature:key)%0a%(signature:signer)%0a%(signature:fingerprint)%0a%(signature:primarykeyfingerprint)"
     +TRUSTLEVEL_FORMAT="%(signature:trustlevel)%0a%(signature:key)%0a%(signature:signer)%0a%(signature:fingerprint)%0a%(signature:primarykeyfingerprint)"
     +
    -+test_expect_success GPG 'test bare signature atom' '
    ++test_expect_success GPG 'setup: signature gpg' '
     +  git checkout -b signed &&
    -+  echo 1 >file && git add file &&
    -+  test_tick && git commit -S -m initial &&
    -+  git verify-commit signed 2>out_orig &&
    -+  grep -v "checking the trustdb" out_orig >out &&
    -+  head -3 out >expected &&
    -+  tail -1 out >>expected &&
    -+  echo >>expected &&
    -+  git for-each-ref refs/heads/signed --format="%(signature)"
>actual &&
    -+  test_cmp expected actual
    ++
    ++  test_when_finished "test_unconfig commit.gpgSign" &&
    ++
    ++  echo "1" >file &&
    ++  git add file &&
    ++  test_tick &&
    ++  git commit -S -m "file: 1" &&
    ++  git tag first-signed &&
    ++
    ++  echo "2" >file &&
    ++  test_tick &&
    ++  git commit -a -m "file: 2" &&
    ++  git tag second-unsigned &&
    ++
    ++  git config commit.gpgSign 1 &&
    ++  echo "3" >file &&
    ++  test_tick &&
    ++  git commit -a --no-gpg-sign -m "file: 3" &&
    ++  git tag third-unsigned &&
    ++
    ++  test_tick &&
    ++  git rebase -f HEAD^^ && git tag second-signed HEAD^ &&
    ++  git tag third-signed &&
    ++
    ++  echo "4" >file &&
    ++  test_tick &&
    ++  git commit -a -SB7227189 -m "file: 4" &&
    ++  git tag fourth-signed &&
    ++
    ++  echo "5" >file &&
    ++  test_tick &&
    ++  git commit -a --no-gpg-sign -m "file: 5" &&
    ++  git tag fifth-unsigned &&
    ++
    ++  echo "6" >file &&
    ++  test_tick &&
    ++  git commit -a --no-gpg-sign -m "file: 6" &&
    ++
    ++  test_tick &&
    ++  git rebase -f HEAD^^ &&
    ++  git tag fifth-signed HEAD^ &&
    ++  git tag sixth-signed &&
    ++
    ++  echo "7" >file &&
    ++  test_tick &&
    ++  git commit -a --no-gpg-sign -m "file: 7" &&
    ++  git tag seventh-unsigned
    ++'
    ++
    ++test_expect_success GPGSSH 'setup: signature ssh' '
    ++  test_config gpg.format ssh &&
    ++  test_config user.signingkey "${GPGSSH_KEY_PRIMARY}" &&
    ++  echo "8" >file &&
    ++  test_tick &&
    ++  git commit -a -S -m "file: 8" &&
    ++  git tag eighth-signed-ssh
    ++'
    ++
    ++test_expect_success GPG2 'bare signature atom' '
    ++  git verify-commit first-signed 2>out.raw &&
    ++  grep -Ev "checking the trustdb|PGP trust model" out.raw >out &&
    ++  head -3 out >expect &&
    ++  tail -1 out >>expect &&
    ++  echo "" >>expect &&
    ++  git for-each-ref refs/tags/first-signed \
    ++          --format="%(signature)" >actual &&
    ++  test_cmp expect actual
     +'
     +
     +test_expect_success GPG 'show good signature with custom format' '
    -+  echo 2 >file && git add file &&
    -+  test_tick && git commit -S -m initial &&
    -+  git verify-commit signed 2>out &&
    ++  git verify-commit first-signed &&
     +  cat >expect <<-\EOF &&
     +  G
     +  13B6F51ECDDE430D
    @@ t/t6300-for-each-ref.sh: test_expect_success 'git for-each-ref
with non-existing
     +  73D758744BE721698EC54E8713B6F51ECDDE430D
     +  73D758744BE721698EC54E8713B6F51ECDDE430D
     +  EOF
    -+  git for-each-ref refs/heads/signed --format="$GRADE_FORMAT"
>actual &&
    ++  git for-each-ref refs/tags/first-signed \
    ++          --format="$GRADE_FORMAT" >actual &&
     +  test_cmp expect actual
     +'
    ++test_expect_success GPGSSH 'show good signature with custom format
    ++                      with ssh' '
    ++  test_config gpg.ssh.allowedSignersFile
"${GPGSSH_ALLOWED_SIGNERS}" &&
    ++  FINGERPRINT=$(ssh-keygen -lf "${GPGSSH_KEY_PRIMARY}" | awk
"{print \$2;}") &&
    ++  cat >expect.tmpl <<-\EOF &&
    ++  G
    ++  FINGERPRINT
    ++  principal with number 1
    ++  FINGERPRINT
     +
    -+test_expect_success GPG 'test signature atom with grade option and
bad signature' '
    -+  git config commit.gpgsign true &&
    -+  echo 3 >file && test_tick && git commit -a -m "third"
--no-gpg-sign &&
    -+  git tag third-unsigned &&
    -+
    -+  test_tick && git rebase -f HEAD^^ && git tag second-signed HEAD^
&&
    -+  git tag third-signed &&
    ++  EOF
    ++  sed "s|FINGERPRINT|$FINGERPRINT|g" expect.tmpl >expect &&
    ++  git for-each-ref refs/tags/eighth-signed-ssh \
    ++          --format="$GRADE_FORMAT" >actual &&
    ++  test_cmp expect actual
    ++'
     +
    ++test_expect_success GPG 'signature atom with grade option and bad
signature' '
     +  git cat-file commit third-signed >raw &&
    -+  sed -e "s/^third/3rd forged/" raw >forged1 &&
    ++  sed -e "s/^file: 3/file: 3 forged/" raw >forged1 &&
     +  FORGED1=$(git hash-object -w -t commit forged1) &&
     +  git update-ref refs/tags/third-signed "$FORGED1" &&
     +  test_must_fail git verify-commit "$FORGED1" &&
    @@ t/t6300-for-each-ref.sh: test_expect_success 'git for-each-ref
with non-existing
     +
     +
     +  EOF
    -+  git for-each-ref refs/tags/third-signed --format="$GRADE_FORMAT"
>actual &&
    ++  git for-each-ref refs/tags/third-signed \
    ++          --format="$GRADE_FORMAT" >actual &&
     +  test_cmp expect actual
     +'
     +
     +test_expect_success GPG 'show untrusted signature with custom
format' '
    -+  echo 4 >file && test_tick && git commit -a -m fourth -SB7227189
&&
    -+  git tag signed-fourth &&
     +  cat >expect <<-\EOF &&
     +  U
     +  65A0EEA02E30CAD7
    @@ t/t6300-for-each-ref.sh: test_expect_success 'git for-each-ref
with non-existing
     +  F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
     +  D4BE22311AD3131E5EDA29A461092E85B7227189
     +  EOF
    -+  git for-each-ref refs/tags/signed-fourth
--format="$GRADE_FORMAT" >actual &&
    ++  git for-each-ref refs/tags/fourth-signed \
    ++          --format="$GRADE_FORMAT" >actual &&
     +  test_cmp expect actual
     +'
     +
     +test_expect_success GPG 'show untrusted signature with undefined
trust level' '
    -+  echo 5 >file && test_tick && git commit -a -m fifth -SB7227189
&&
    -+  git tag fifth-signed &&
     +  cat >expect <<-\EOF &&
     +  undefined
     +  65A0EEA02E30CAD7
    @@ t/t6300-for-each-ref.sh: test_expect_success 'git for-each-ref
with non-existing
     +  F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
     +  D4BE22311AD3131E5EDA29A461092E85B7227189
     +  EOF
    -+  git for-each-ref refs/tags/fifth-signed
--format="$TRUSTLEVEL_FORMAT" >actual &&
    ++  git for-each-ref refs/tags/fourth-signed \
    ++          --format="$TRUSTLEVEL_FORMAT" >actual &&
     +  test_cmp expect actual
     +'
     +
     +test_expect_success GPG 'show untrusted signature with ultimate
trust level' '
    -+  echo 7 >file && test_tick && git commit -a -m "seventh"
--no-gpg-sign &&
    -+  git tag seventh-unsigned &&
    -+
    -+  test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^
&&
    -+  git tag seventh-signed &&
     +  cat >expect <<-\EOF &&
     +  ultimate
     +  13B6F51ECDDE430D
    @@ t/t6300-for-each-ref.sh: test_expect_success 'git for-each-ref
with non-existing
     +  73D758744BE721698EC54E8713B6F51ECDDE430D
     +  73D758744BE721698EC54E8713B6F51ECDDE430D
     +  EOF
    -+  git for-each-ref refs/tags/seventh-signed
--format="$TRUSTLEVEL_FORMAT" >actual &&
    ++  git for-each-ref refs/tags/sixth-signed \
    ++          --format="$TRUSTLEVEL_FORMAT" >actual &&
     +  test_cmp expect actual
     +'
     +
     +test_expect_success GPG 'show unknown signature with custom
format' '
     +  cat >expect <<-\EOF &&
     +  E
    -+  65A0EEA02E30CAD7
    ++  13B6F51ECDDE430D
     +
     +
     +
     +  EOF
    -+  GNUPGHOME="$GNUPGHOME_NOT_USED" git for-each-ref
refs/tags/fifth-signed --format="$GRADE_FORMAT" >actual &&
    ++  GNUPGHOME="$GNUPGHOME_NOT_USED" git for-each-ref \
    ++          refs/tags/sixth-signed --format="$GRADE_FORMAT" >actual
&&
     +  test_cmp expect actual
     +'
     +
     +test_expect_success GPG 'show lack of signature with custom
format' '
    -+  echo 8 >file && test_tick && git commit -a -m "eigth unsigned"
--no-gpg-sign &&
    -+  git tag eigth-unsigned &&
     +  cat >expect <<-\EOF &&
     +  N
     +
    @@ t/t6300-for-each-ref.sh: test_expect_success 'git for-each-ref
with non-existing
     +
     +
     +  EOF
    -+  git for-each-ref refs/tags/eigth-unsigned
--format="$GRADE_FORMAT" >actual &&
    ++  git for-each-ref refs/tags/seventh-unsigned \
    ++          --format="$GRADE_FORMAT" >actual &&
     +  test_cmp expect actual
     +'
     + 

Kousik Sanagavarapu (2):
  t/lib-gpg: introduce new prereq GPG2
  ref-filter: add new "signature" atom

 Documentation/git-for-each-ref.txt |  27 +++++
 ref-filter.c                       | 111 ++++++++++++++++-
 t/lib-gpg.sh                       |  21 ++++
 t/t6300-for-each-ref.sh            | 189 +++++++++++++++++++++++++++++
 t/t7510-signed-commit.sh           |   7 ++
 5 files changed, 353 insertions(+), 2 deletions(-)

-- 
2.41.0.rc0




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux