From: "SZEDER Gábor" <szeder.dev@gmail.com>
To: Fabian Stelzer <fs@gigacodes.de>
Cc: git@vger.kernel.org, "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Junio C Hamano" <gitster@pobox.com>
Subject: Re: [PATCH v4 6/7] ssh signing: make fmt-merge-msg consider key lifetime
Date: Sun, 5 Dec 2021 20:23:44 +0100 [thread overview]
Message-ID: <20211205192344.GB624717@szeder.dev> (raw)
In-Reply-To: <20211130141112.78193-7-fs@gigacodes.de>
On Tue, Nov 30, 2021 at 03:11:11PM +0100, Fabian Stelzer wrote:
> diff --git a/t/t6200-fmt-merge-msg.sh b/t/t6200-fmt-merge-msg.sh
> index 06c5fb5615..2dd2423643 100755
> --- a/t/t6200-fmt-merge-msg.sh
> +++ b/t/t6200-fmt-merge-msg.sh
> @@ -91,6 +91,26 @@ test_expect_success GPGSSH 'created ssh signed commit and tag' '
> git tag -s -u"${GPGSSH_KEY_UNTRUSTED}" -m signed-ssh-tag-msg-untrusted signed-untrusted-ssh-tag left
> '
>
> +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed tags with keys having defined lifetimes' '
> + test_when_finished "test_unconfig commit.gpgsign" &&
> + test_config gpg.format ssh &&
> + git checkout -b signed-expiry-ssh &&
> + touch file &&
> + git add file &&
> +
> + echo expired >file && test_tick && git commit -a -m expired -S"${GPGSSH_KEY_EXPIRED}" &&
> + git tag -s -u "${GPGSSH_KEY_EXPIRED}" -m expired-signed expired-signed &&
> +
> + echo notyetvalid >file && test_tick && git commit -a -m notyetvalid -S"${GPGSSH_KEY_NOTYETVALID}" &&
> + git tag -s -u "${GPGSSH_KEY_NOTYETVALID}" -m notyetvalid-signed notyetvalid-signed &&
> +
> + echo timeboxedvalid >file && test_tick && git commit -a -m timeboxedvalid -S"${GPGSSH_KEY_TIMEBOXEDVALID}" &&
> + git tag -s -u "${GPGSSH_KEY_TIMEBOXEDVALID}" -m timeboxedvalid-signed timeboxedvalid-signed &&
> +
> + echo timeboxedinvalid >file && test_tick && git commit -a -m timeboxedinvalid -S"${GPGSSH_KEY_TIMEBOXEDINVALID}" &&
> + git tag -s -u "${GPGSSH_KEY_TIMEBOXEDINVALID}" -m timeboxedinvalid-signed timeboxedinvalid-signed
> +'
> +
> test_expect_success 'message for merging local branch' '
> echo "Merge branch ${apos}left${apos}" >expected &&
>
> @@ -137,6 +157,40 @@ test_expect_success GPGSSH 'message for merging local tag signed by unknown ssh
> ! grep "${GPGSSH_BAD_SIGNATURE}" actual &&
> grep "${GPGSSH_KEY_NOT_TRUSTED}" actual
> '
> +
> +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by expired ssh key' '
> + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
> + git checkout main &&
> + git fetch . expired-signed &&
> + git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
> + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
Are these messages supposed to go to standard output or error? If
it's the former, then please drop the unnecessary (and confusing)
'2>&1' redirection, but if it's the latter, then save and 'grep' only
stderr.
> +'
> +
> +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by not yet valid ssh key' '
> + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
> + git checkout main &&
> + git fetch . notyetvalid-signed &&
> + git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
> + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
> +'
> +
> +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by valid timeboxed ssh key' '
> + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
> + git checkout main &&
> + git fetch . timeboxedvalid-signed &&
> + git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
> + grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual &&
> + ! grep "${GPGSSH_BAD_SIGNATURE}" actual
> +'
> +
> +test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by invalid timeboxed ssh key' '
> + test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
> + git checkout main &&
> + git fetch . timeboxedinvalid-signed &&
> + git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
> + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
> +'
> +
> test_expect_success 'message for merging external branch' '
> echo "Merge branch ${apos}left${apos} of $(pwd)" >expected &&
>
> --
> 2.31.1
>
next prev parent reply other threads:[~2021-12-05 19:23 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-27 8:06 [PATCH v2 0/6] ssh signing: verify key lifetime Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 1/6] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 2/6] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 3/6] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-10-27 20:30 ` Junio C Hamano
2021-10-28 8:01 ` Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 0/7] ssh signing: verify " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 1/7] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 2/7] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 3/7] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 4/7] ssh signing: make git log verify " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 5/7] ssh signing: make verify-tag consider " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 6/7] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 7/7] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-11-19 6:15 ` Junio C Hamano
2021-11-30 14:11 ` [PATCH v4 0/7] ssh signing: verify key lifetime Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 1/7] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 2/7] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 3/7] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 4/7] ssh signing: make git log verify " Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 5/7] ssh signing: make verify-tag consider " Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 6/7] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-05 19:23 ` SZEDER Gábor [this message]
2021-12-08 15:59 ` Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 7/7] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-12-02 0:18 ` Junio C Hamano
2021-12-02 9:31 ` Fabian Stelzer
2021-12-02 17:10 ` Junio C Hamano
2021-12-03 11:07 ` Ævar Arnfjörð Bjarmason
2021-12-03 12:20 ` Fabian Stelzer
2021-12-03 18:46 ` Junio C Hamano
2021-12-08 16:33 ` [PATCH v5 0/8] ssh signing: verify key lifetime Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 1/8] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 2/8] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 3/8] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 4/8] ssh signing: make git log verify " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 5/8] ssh signing: make verify-tag consider " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 6/8] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 7/8] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 8/8] t/fmt-merge-msg: make gpg/ssh tests more specific Fabian Stelzer
2021-12-08 23:20 ` Junio C Hamano
2021-12-09 8:36 ` Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 0/9] ssh signing: verify key lifetime Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 1/9] t/fmt-merge-msg: do not redirect stderr Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 2/9] t/fmt-merge-msg: make gpgssh tests more specific Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 3/9] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 4/9] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 5/9] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 6/9] ssh signing: make git log verify " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 7/9] ssh signing: make verify-tag consider " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 8/9] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 9/9] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 4/6] ssh signing: make git log verify key lifetime Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 5/6] ssh signing: make verify-tag consider " Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 6/6] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-11-03 19:27 ` [PATCH v2 0/6] ssh signing: verify " Adam Dinwoodie
2021-11-03 19:45 ` Fabian Stelzer
2021-11-04 16:31 ` Adam Dinwoodie
2021-11-04 16:54 ` Fabian Stelzer
2021-11-04 17:22 ` Adam Dinwoodie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211205192344.GB624717@szeder.dev \
--to=szeder.dev@gmail.com \
--cc=avarab@gmail.com \
--cc=fs@gigacodes.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.