From: Fabian Stelzer <fs@gigacodes.de>
To: git@vger.kernel.org
Cc: "Junio C Hamano" <gitster@pobox.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Fabian Stelzer" <fs@gigacodes.de>
Subject: [PATCH v3 0/7] ssh signing: verify key lifetime
Date: Wed, 17 Nov 2021 10:35:22 +0100 [thread overview]
Message-ID: <20211117093529.13953-1-fs@gigacodes.de> (raw)
In-Reply-To: <xmqqsfwmus5g.fsf@gitster.g>
changes since v2:
- fix swich/case indentation
- BUG() on unknown payload types
- improve test prereq by actually validating ssh-keygen functionality
changes since v1:
- struct signature_check is now used to input payload data into
check_function
- payload metadata parsing is completely internal to check_signature.
the caller only need to set the payload type in the sigc struct
- small nits and readability fixes
- removed payload_signer parameter. since we now use the struct we can extend
this later.
Fabian Stelzer (7):
ssh signing: use sigc struct to pass payload
ssh signing: add key lifetime test prereqs
ssh signing: make verify-commit consider key lifetime
ssh signing: make git log verify key lifetime
ssh signing: make verify-tag consider key lifetime
ssh signing: make fmt-merge-msg consider key lifetime
ssh signing: verify ssh-keygen in test prereq
Documentation/config/gpg.txt | 5 ++
builtin/receive-pack.c | 6 ++-
commit.c | 6 ++-
fmt-merge-msg.c | 5 +-
gpg-interface.c | 90 +++++++++++++++++++++++++-------
gpg-interface.h | 15 ++++--
log-tree.c | 10 ++--
t/lib-gpg.sh | 36 ++++++++++---
t/t4202-log.sh | 43 +++++++++++++++
t/t6200-fmt-merge-msg.sh | 54 +++++++++++++++++++
t/t7031-verify-tag-signed-ssh.sh | 42 +++++++++++++++
t/t7528-signed-commit-ssh.sh | 42 +++++++++++++++
tag.c | 5 +-
13 files changed, 318 insertions(+), 41 deletions(-)
Range-diff against v2:
1: 11d275b53f = 1: 9f71fd8639 ssh signing: use sigc struct to pass payload
2: 35ee285887 = 2: 5ee143bc38 ssh signing: add key lifetime test prereqs
3: ccfba23934 ! 3: 3183e84e2e ssh signing: make verify-commit consider key lifetime
@@ gpg-interface.c: static int verify_ssh_signed_buffer(struct signature_check *sig
+ struct ident_split ident;
+ const char *signer_header;
+
-+ switch(sigc->payload_type) {
-+ case SIGNATURE_PAYLOAD_COMMIT:
-+ signer_header = "committer";
-+ break;
-+ case SIGNATURE_PAYLOAD_TAG:
-+ signer_header = "tagger";
-+ break;
-+ default:
-+ /* Ignore unknown payload types */
-+ return 0;
++ switch (sigc->payload_type) {
++ case SIGNATURE_PAYLOAD_COMMIT:
++ signer_header = "committer";
++ break;
++ case SIGNATURE_PAYLOAD_TAG:
++ signer_header = "tagger";
++ break;
++ case SIGNATURE_PAYLOAD_UNDEFINED:
++ case SIGNATURE_PAYLOAD_PUSH_CERT:
++ /* Ignore payloads we don't want to parse */
++ return 0;
++ default:
++ BUG("invalid value for sigc->payload_type");
+ }
+
+ ident_line = find_commit_header(sigc->payload, signer_header, &ident_len);
4: ef8178f88b = 4: e35515867c ssh signing: make git log verify key lifetime
5: c12457020e = 5: e20177d950 ssh signing: make verify-tag consider key lifetime
6: fe17c60276 = 6: 2af2b6d098 ssh signing: make fmt-merge-msg consider key lifetime
-: ---------- > 7: e6e2236a52 ssh signing: verify ssh-keygen in test prereq
base-commit: cd3e606211bb1cf8bc57f7d76bab98cc17a150bc
--
2.31.1
next prev parent reply other threads:[~2021-11-17 9:35 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-27 8:06 [PATCH v2 0/6] ssh signing: verify key lifetime Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 1/6] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 2/6] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 3/6] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-10-27 20:30 ` Junio C Hamano
2021-10-28 8:01 ` Fabian Stelzer
2021-11-17 9:35 ` Fabian Stelzer [this message]
2021-11-17 9:35 ` [PATCH v3 1/7] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 2/7] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 3/7] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 4/7] ssh signing: make git log verify " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 5/7] ssh signing: make verify-tag consider " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 6/7] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 7/7] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-11-19 6:15 ` Junio C Hamano
2021-11-30 14:11 ` [PATCH v4 0/7] ssh signing: verify key lifetime Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 1/7] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 2/7] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 3/7] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 4/7] ssh signing: make git log verify " Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 5/7] ssh signing: make verify-tag consider " Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 6/7] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-05 19:23 ` SZEDER Gábor
2021-12-08 15:59 ` Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 7/7] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-12-02 0:18 ` Junio C Hamano
2021-12-02 9:31 ` Fabian Stelzer
2021-12-02 17:10 ` Junio C Hamano
2021-12-03 11:07 ` Ævar Arnfjörð Bjarmason
2021-12-03 12:20 ` Fabian Stelzer
2021-12-03 18:46 ` Junio C Hamano
2021-12-08 16:33 ` [PATCH v5 0/8] ssh signing: verify key lifetime Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 1/8] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 2/8] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 3/8] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 4/8] ssh signing: make git log verify " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 5/8] ssh signing: make verify-tag consider " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 6/8] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 7/8] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 8/8] t/fmt-merge-msg: make gpg/ssh tests more specific Fabian Stelzer
2021-12-08 23:20 ` Junio C Hamano
2021-12-09 8:36 ` Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 0/9] ssh signing: verify key lifetime Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 1/9] t/fmt-merge-msg: do not redirect stderr Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 2/9] t/fmt-merge-msg: make gpgssh tests more specific Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 3/9] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 4/9] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 5/9] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 6/9] ssh signing: make git log verify " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 7/9] ssh signing: make verify-tag consider " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 8/9] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 9/9] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 4/6] ssh signing: make git log verify key lifetime Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 5/6] ssh signing: make verify-tag consider " Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 6/6] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-11-03 19:27 ` [PATCH v2 0/6] ssh signing: verify " Adam Dinwoodie
2021-11-03 19:45 ` Fabian Stelzer
2021-11-04 16:31 ` Adam Dinwoodie
2021-11-04 16:54 ` Fabian Stelzer
2021-11-04 17:22 ` Adam Dinwoodie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211117093529.13953-1-fs@gigacodes.de \
--to=fs@gigacodes.de \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.