Re: [PATCH v2 0/6] ssh signing: verify key lifetime

From: Adam Dinwoodie <adam@dinwoodie.org>
To: Fabian Stelzer <fs@gigacodes.de>
Cc: git@vger.kernel.org, "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
	"Junio C Hamano" <gitster@pobox.com>
Subject: Re: [PATCH v2 0/6] ssh signing: verify key lifetime
Date: Wed, 3 Nov 2021 19:27:20 +0000	[thread overview]
Message-ID: <CA+kUOakzQ5aEQf81rQULiz6FRdmCLnbhspt9e6behPS3sbZT8w@mail.gmail.com> (raw)
In-Reply-To: <20211027080616.619956-1-fs@gigacodes.de>

On Wed, 27 Oct 2021 at 09:06, Fabian Stelzer <fs@gigacodes.de> wrote:
> This series adds key lifetime validity checks by parsing commit/tag
> dates from the paylod and passing them to the ssh-keygen operations.
>
> changes since v1:
>  - struct signature_check is now used to input payload data into
>    check_function
>  - payload metadata parsing is completely internal to check_signature.
>    the caller only need to set the payload type in the sigc struct
>  - small nits and readability fixes
>  - removed payload_signer parameter. since we now use the struct we can extend
>    this later.
>
> Since the last 3 patches now only contain a minimal code change and the
> tests for the seperate callers we could merge them together. I don't
> mind either way.
>
> Fabian Stelzer (6):
>   ssh signing: use sigc struct to pass payload
>   ssh signing: add key lifetime test prereqs
>   ssh signing: make verify-commit consider key lifetime
>   ssh signing: make git log verify key lifetime
>   ssh signing: make verify-tag consider key lifetime
>   ssh signing: make fmt-merge-msg consider key lifetime
>
>  Documentation/config/gpg.txt     |  5 ++
>  builtin/receive-pack.c           |  6 ++-
>  commit.c                         |  6 ++-
>  fmt-merge-msg.c                  |  5 +-
>  gpg-interface.c                  | 87 ++++++++++++++++++++++++--------
>  gpg-interface.h                  | 15 ++++--
>  log-tree.c                       | 10 ++--
>  t/lib-gpg.sh                     | 19 ++++++-
>  t/t4202-log.sh                   | 43 ++++++++++++++++
>  t/t6200-fmt-merge-msg.sh         | 54 ++++++++++++++++++++
>  t/t7031-verify-tag-signed-ssh.sh | 42 +++++++++++++++
>  t/t7528-signed-commit-ssh.sh     | 42 +++++++++++++++
>  tag.c                            |  5 +-
>  13 files changed, 303 insertions(+), 36 deletions(-)
>
>
> base-commit: e9e5ba39a78c8f5057262d49e261b42a8660d5b9

As part of testing v2.34-rc0 on Cygwin, I've found this patch series
is breaking t4202, t5534, and t6200.

Specifically, bisecting points to f265f2d630 (ssh signing: tests for
logs, tags & push certs, 2021-09-10) as breaking t4202 and t5534,
while responsibility for t6200 seems to be 9d12546de9 (ssh signing:
fmt-merge-msg tests & config parse, 2021-10-12).

I've not yet done any investigation into the specifics of these
failures, but I wanted to report them early so other folks could get
on with investigating as appropriate.