From: Fabian Stelzer <fs@gigacodes.de>
To: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Fabian Stelzer via GitGitGadget" <gitgitgadget@gmail.com>
Cc: git@vger.kernel.org, Han-Wen Nienhuys <hanwen@google.com>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
"Randall S. Becker" <rsbecker@nexbridge.com>,
Bagas Sanjaya <bagasdotme@gmail.com>,
Hans Jerry Illikainen <hji@dyntopia.com>
Subject: Re: [PATCH v2] Add commit, tag & push signing/verification via SSH keys using ssh-keygen
Date: Mon, 12 Jul 2021 22:35:55 +0200 [thread overview]
Message-ID: <ddba5667-346d-de64-ac6a-a27d78bc266d@gigacodes.de> (raw)
In-Reply-To: <87y2ab30yr.fsf@evledraar.gmail.com>
On 12.07.21 18:55, Ævar Arnfjörð Bjarmason wrote:
I'll change all the whitespace / comments / style issues with the next
commit. Thanks
>> + sigc->result = 'G';
>> + sigc->trust_level = TRUST_FULLY;
>> +
>> + next = strchrnul(output, ' '); // 'principal'
>> + replace_cstring(&sigc->signer, output, next);
>> + output = next + 1;
>> + next = strchrnul(output, ' '); // 'with'
>> + output = next + 1;
>> + next = strchrnul(output, ' '); // KEY Type
>> + output = next + 1;
>> + next = strchrnul(output, ' '); // 'key'
>> + output = next + 1;
> FWIW for new code we'd probably use string_list_split() or
> string_list_split_in_place() or strbuf_split_buf() or something, but I
> see this is following the existing pattern in the file...
I agree. This is my first patch in the git codebase so it takes a bit
getting used to all the available utilities.
>> + const char *payload, size_t payload_size,
>> + const char *signature, size_t signature_size)
>> {
>> - struct child_process gpg = CHILD_PROCESS_INIT;
>> - struct gpg_format *fmt;
>> + struct child_process ssh_keygen = CHILD_PROCESS_INIT;
>> struct tempfile *temp;
>> int ret;
>> - struct strbuf buf = STRBUF_INIT;
>> + const char *line;
>> + size_t trust_size;
>> + char *principal;
>> + struct strbuf ssh_keygen_out = STRBUF_INIT;
>> + struct strbuf ssh_keygen_err = STRBUF_INIT;
>>
>> temp = mks_tempfile_t(".git_vtag_tmpXXXXXX");
>> if (!temp)
>> @@ -279,29 +342,125 @@ static int verify_signed_buffer(const char *payload, size_t payload_size,
>> return -1;
>> }
>>
>> - fmt = get_format_by_sig(signature);
>> - if (!fmt)
>> - BUG("bad signature '%s'", signature);
>> + // Find the principal from the signers
>> + strvec_pushl(&ssh_keygen.args, fmt->program,
>> + "-Y", "find-principals",
>> + "-f", get_ssh_allowed_signers(),
>> + "-s", temp->filename.buf,
>> + NULL);
>> + ret = pipe_command(&ssh_keygen, NULL, 0, &ssh_keygen_out, 0, &ssh_keygen_err, 0);
>> + if (strstr(ssh_keygen_err.buf, "unknown option")) {
>> + error(_("openssh version > 8.2p1 is needed for ssh signature verification (ssh-keygen needs -Y find-principals/verify option)"));
>> + }
>> + if (ret || !ssh_keygen_out.len) {
>> + // We did not find a matching principal in the keyring - Check without validation
>> + child_process_init(&ssh_keygen);
>> + strvec_pushl(&ssh_keygen.args, fmt->program,
>> + "-Y", "check-novalidate",
>> + "-n", "git",
>> + "-s", temp->filename.buf,
>> + NULL);
>> + ret = pipe_command(&ssh_keygen, payload, payload_size, &ssh_keygen_out, 0, &ssh_keygen_err, 0);
>> + } else {
>> + // Check every principal we found (one per line)
>> + for (line = ssh_keygen_out.buf; *line; line = strchrnul(line + 1, '\n')) {
> Hrm, can't we use strbuf_getline() here with the underlying io_pump API
> that pipe_command() uses, instead of slurping it all up, and then
> splitting on '\n' ourselves? (I'm not sure)
Sounds good. I'll give it a try.
>> + while (*line == '\n')
>> + line++;
>> + if (!*line)
>> + break;
>> +
>> + trust_size = strcspn(line, " \n");
>> + principal = xmemdupz(line, trust_size);
>> +
>> + child_process_init(&ssh_keygen);
>> + strbuf_release(&ssh_keygen_out);
>> + strbuf_release(&ssh_keygen_err);
>> + strvec_push(&ssh_keygen.args,fmt->program);
>> + // We found principals - Try with each until we find a match
>> + strvec_pushl(&ssh_keygen.args, "-Y", "verify",
>> + //TODO: sprintf("-Overify-time=%s", commit->date...),
>> + "-n", "git",
>> + "-f", get_ssh_allowed_signers(),
>> + "-I", principal,
>> + "-s", temp->filename.buf,
>> + NULL);
>> +
>> + if (ssh_revocation_file && file_exists(ssh_revocation_file)) {
>> + strvec_pushl(&ssh_keygen.args, "-r", ssh_revocation_file, NULL);
> Do we want to silently ignore missing but configured revocation files?
I'll add a warning
>
>> + }
>> +
>> + sigchain_push(SIGPIPE, SIG_IGN);
>> + ret = pipe_command(&ssh_keygen, payload, payload_size,
>> + &ssh_keygen_out, 0, &ssh_keygen_err, 0);
>> + sigchain_pop(SIGPIPE);
>> +
>> + ret &= starts_with(ssh_keygen_out.buf, "Good");
>> + if (ret == 0)
>> + break;
>> + }
>> + }
>> +
>> + sigc->payload = xmemdupz(payload, payload_size);
>> + strbuf_stripspace(&ssh_keygen_out, 0);
>> + strbuf_stripspace(&ssh_keygen_err, 0);
>> + strbuf_add(&ssh_keygen_out, ssh_keygen_err.buf, ssh_keygen_err.len);
>> + sigc->output = strbuf_detach(&ssh_keygen_out, NULL);
>> +
>> + //sigc->gpg_output = strbuf_detach(&ssh_keygen_err, NULL); // This flip around is broken...
> Broken how? And why the commented-out code as part of the patch?
Sorry, i should have removed it. The original code assigned gpg's stdout
to gpg_status and stdout to gpg_output which can be a bit confusing.
>
>> - status = verify_signed_buffer(payload, plen, signature, slen,
>> - &gpg_output, &gpg_status);
>> - if (status && !gpg_output.len)
>> - goto out;
>> - sigc->payload = xmemdupz(payload, plen);
>> - sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
>> - sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
>> - parse_gpg_output(sigc);
>> + fmt = get_format_by_sig(signature);
>> + if (!fmt)
>> + BUG("bad signature '%s'", signature);
> So if we run this from receive-pack or whatever we'll BUG() out? I.e. I
> think this should be an fsck check or something, but not a BUG(), or
> does this not rely on potentially bad object-store state?
The BUG() call is also from the original code. I agree that it should be
handled differently.
Unfortunately this call is also the reason that when trying to verify a
new SSH signature with a current git version you'll get a segfault from
this BUG() :/
I'm not sure if i can do anything about this other than adding a
completely new tag in the commit itself instead of "gpgsig" which might
be quite involved. I haven't looked into that too much yet.
>
>> +static char *get_ssh_key_fingerprint(const char *signing_key) {
>> + struct child_process ssh_keygen = CHILD_PROCESS_INIT;
>> + int ret = -1;
>> + struct strbuf fingerprint_stdout = STRBUF_INIT;
>> + struct strbuf **fingerprint;
>> +
>> + /* For SSH Signing this can contain a filename or a public key
>> + * For textual representation we usually want a fingerprint
>> + */
>> + if (istarts_with(signing_key, "ssh-")) {
>> + strvec_pushl(&ssh_keygen.args, "ssh-keygen",
>> + "-lf", "-",
>> + NULL);
>> + ret = pipe_command(&ssh_keygen, signing_key, strlen(signing_key), &fingerprint_stdout, 0, NULL, 0);
>> + } else {
>> + strvec_pushl(&ssh_keygen.args, "ssh-keygen",
>> + "-lf", configured_signing_key,
>> + NULL);
>> + ret = pipe_command(&ssh_keygen, NULL, 0, &fingerprint_stdout, 0, NULL, 0);
>> + if (!!ret)
>> + die_errno(_("failed to get the ssh fingerprint for key '%s'"), signing_key);
>> + fingerprint = strbuf_split_max(&fingerprint_stdout, ' ', 3);
>> + if (fingerprint[1]) {
>> + return strbuf_detach(fingerprint[1], NULL);
>> + }
>> + }
>> + die_errno(_("failed to get the ssh fingerprint for key '%s'"), signing_key);
>> +}
> Her you declare a ret that's not used at all in the "istarts_with"
> branch, and we fall through to die_errno()?
I'll clean up the logic. Thanks
>
> [I stopped reading mostly at this point]
>
>> [...]
>> +# test_expect_success GPGSSH 'detect fudged commit with double signature' '
>> +# sed -e "/gpgsig/,/END PGP/d" forged1 >double-base &&
>> +# sed -n -e "/gpgsig/,/END PGP/p" forged1 | \
>> +# sed -e "s/^$(test_oid header)//;s/^ //" | gpg --dearmor >double-sig1.sig &&
>> +# gpg -o double-sig2.sig -u 29472784 --detach-sign double-base &&
>> +# cat double-sig1.sig double-sig2.sig | gpg --enarmor >double-combined.asc &&
>> +# sed -e "s/^\(-.*\)ARMORED FILE/\1SIGNATURE/;1s/^/$(test_oid header) /;2,\$s/^/ /" \
>> +# double-combined.asc > double-gpgsig &&
>> +# sed -e "/committer/r double-gpgsig" double-base >double-commit &&
>> +# git hash-object -w -t commit double-commit >double-commit.commit &&
>> +# test_must_fail git verify-commit $(cat double-commit.commit) &&
>> +# git show --pretty=short --show-signature $(cat double-commit.commit) >double-actual &&
>> +# grep "BAD signature from" double-actual &&
>> +# grep "Good signature from" double-actual
>> +# '
>> +
>> +# test_expect_success GPGSSH 'show double signature with custom format' '
>> +# cat >expect <<-\EOF &&
>> +# E
>> +
>> +
>> +
>> +
>> +# EOF
>> +# git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat double-commit.commit) >actual &&
>> +# test_cmp expect actual
>> +# '
> Perhaps you're looking for test_expect_failure for TODO tests?
Yes. Although this test explicitly i'm having a hard time to duplicate
for ssh. I'm still trying to find out if the duplicate signature thing
is actually an issue with ssh.
>
> I think this patch is *way* past the point of benefitting from being
> split into a patch series. It grew from ~200 lines added to ~1k.
Sure, I can easily split the patch into seperate commits. But do i
create a v3 patch from this or issue a new pull request?
The diff between v2 & v3 would be quite useless otherwise wouldn't it?
And maybe another beginner contribution question:
When i make changes to a patchset do i put new changes from the review
on top as new commits or do i edit the existing commits?
If so what is the workflow you normally use for this? fixup commits? I
know about those but haven't worked with them before.
Thanks for your help!
next prev parent reply other threads:[~2021-07-12 20:36 UTC|newest]
Thread overview: 153+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 8:19 [PATCH] Add commit & tag signing/verification via SSH keys using ssh-keygen Fabian Stelzer via GitGitGadget
2021-07-06 10:07 ` Han-Wen Nienhuys
2021-07-06 11:23 ` Fabian Stelzer
2021-07-06 14:44 ` brian m. carlson
2021-07-06 15:33 ` Fabian Stelzer
2021-07-06 15:04 ` Junio C Hamano
2021-07-06 15:45 ` Fabian Stelzer
2021-07-06 17:55 ` Junio C Hamano
2021-07-06 19:39 ` Randall S. Becker
2021-07-07 6:26 ` Bagas Sanjaya
2021-07-07 8:48 ` Fabian Stelzer
2021-07-12 12:19 ` [PATCH v2] Add commit, tag & push " Fabian Stelzer via GitGitGadget
2021-07-12 16:55 ` Ævar Arnfjörð Bjarmason
2021-07-12 20:35 ` Fabian Stelzer [this message]
2021-07-12 21:16 ` Felipe Contreras
2021-07-14 12:10 ` [PATCH v3 0/9] RFC: Add commit & tag " Fabian Stelzer via GitGitGadget
2021-07-14 12:10 ` [PATCH v3 1/9] Add commit, tag & push signing via SSH keys Fabian Stelzer via GitGitGadget
2021-07-14 18:19 ` Junio C Hamano
2021-07-14 23:57 ` Eric Sunshine
2021-07-15 8:20 ` Fabian Stelzer
2021-07-14 12:10 ` [PATCH v3 2/9] ssh signing: add documentation Fabian Stelzer via GitGitGadget
2021-07-14 20:07 ` Junio C Hamano
2021-07-15 8:48 ` Fabian Stelzer
2021-07-15 10:43 ` Bagas Sanjaya
2021-07-15 16:29 ` Junio C Hamano
2021-07-14 12:10 ` [PATCH v3 3/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-07-14 20:20 ` Junio C Hamano
2021-07-15 7:49 ` Han-Wen Nienhuys
2021-07-15 8:06 ` Fabian Stelzer
2021-07-15 8:13 ` Fabian Stelzer
2021-07-14 12:10 ` [PATCH v3 4/9] ssh signing: sign using either gpg or ssh keys Fabian Stelzer via GitGitGadget
2021-07-14 20:32 ` Junio C Hamano
2021-07-15 8:28 ` Fabian Stelzer
2021-07-14 12:10 ` [PATCH v3 5/9] ssh signing: provide a textual representation of the signing key Fabian Stelzer via GitGitGadget
2021-07-14 12:10 ` [PATCH v3 6/9] ssh signing: parse ssh-keygen output and verify signatures Fabian Stelzer via GitGitGadget
2021-07-16 0:07 ` Gwyneth Morgan
2021-07-16 7:00 ` Fabian Stelzer
2021-07-14 12:10 ` [PATCH v3 7/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-07-14 12:10 ` [PATCH v3 8/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-07-14 12:10 ` [PATCH v3 9/9] ssh signing: add more tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 1/9] ssh signing: preliminary refactoring and clean-up Fabian Stelzer via GitGitGadget
2021-07-19 23:07 ` Junio C Hamano
2021-07-19 13:33 ` [PATCH v4 2/9] ssh signing: add ssh signature format and signing using ssh keys Fabian Stelzer via GitGitGadget
2021-07-19 23:53 ` Junio C Hamano
2021-07-20 12:26 ` Fabian Stelzer
2021-07-19 13:33 ` [PATCH v4 3/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 4/9] ssh signing: provide a textual representation of the signing key Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 5/9] ssh signing: parse ssh-keygen output and verify signatures Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 6/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 7/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 8/9] ssh signing: add more tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-07-19 13:33 ` [PATCH v4 9/9] ssh signing: add documentation Fabian Stelzer via GitGitGadget
2021-07-20 0:38 ` [PATCH v4 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Junio C Hamano
2021-07-27 13:15 ` [PATCH v5 " Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 1/9] ssh signing: preliminary refactoring and clean-up Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 2/9] ssh signing: add ssh signature format and signing using ssh keys Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 3/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 4/9] ssh signing: provide a textual representation of the signing key Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 5/9] ssh signing: parse ssh-keygen output and verify signatures Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 6/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 7/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 8/9] ssh signing: add more tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-07-27 13:15 ` [PATCH v5 9/9] ssh signing: add documentation Fabian Stelzer via GitGitGadget
2021-07-28 19:36 ` [PATCH v6 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Fabian Stelzer via GitGitGadget
2021-07-28 19:36 ` [PATCH v6 1/9] ssh signing: preliminary refactoring and clean-up Fabian Stelzer via GitGitGadget
2021-07-28 22:32 ` Jonathan Tan
2021-07-29 0:58 ` Junio C Hamano
2021-07-29 7:44 ` Fabian Stelzer
2021-07-29 8:43 ` Fabian Stelzer
2021-07-28 19:36 ` [PATCH v6 2/9] ssh signing: add ssh signature format and signing using ssh keys Fabian Stelzer via GitGitGadget
2021-07-28 22:45 ` Jonathan Tan
2021-07-29 1:01 ` Junio C Hamano
2021-07-29 11:01 ` Fabian Stelzer
2021-07-29 19:09 ` Josh Steadmon
2021-07-29 21:25 ` Fabian Stelzer
2021-07-28 19:36 ` [PATCH v6 3/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-07-28 21:29 ` Junio C Hamano
2021-07-28 22:48 ` Jonathan Tan
2021-07-29 8:59 ` Fabian Stelzer
2021-07-29 19:09 ` Josh Steadmon
2021-07-29 19:56 ` Junio C Hamano
2021-07-29 21:21 ` Fabian Stelzer
2021-07-28 19:36 ` [PATCH v6 4/9] ssh signing: provide a textual representation of the signing key Fabian Stelzer via GitGitGadget
2021-07-28 21:34 ` Junio C Hamano
2021-07-29 8:21 ` Fabian Stelzer
2021-07-28 19:36 ` [PATCH v6 5/9] ssh signing: parse ssh-keygen output and verify signatures Fabian Stelzer via GitGitGadget
2021-07-28 21:55 ` Junio C Hamano
2021-07-29 9:12 ` Fabian Stelzer
2021-07-29 20:43 ` Junio C Hamano
2021-07-28 23:04 ` Jonathan Tan
2021-07-29 9:48 ` Fabian Stelzer
2021-07-29 13:52 ` Fabian Stelzer
2021-08-03 7:43 ` Fabian Stelzer
2021-08-03 9:33 ` Fabian Stelzer
2021-07-29 20:46 ` Junio C Hamano
2021-07-29 21:01 ` Randall S. Becker
2021-07-29 21:12 ` Fabian Stelzer
2021-07-29 21:25 ` Randall S. Becker
2021-07-29 21:28 ` Fabian Stelzer
2021-07-29 22:28 ` Randall S. Becker
2021-07-30 8:17 ` Fabian Stelzer
2021-07-30 14:26 ` Randall S. Becker
2021-07-30 14:32 ` Fabian Stelzer
2021-07-30 15:05 ` Randall S. Becker
2021-07-28 19:36 ` [PATCH v6 6/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-07-29 19:09 ` Josh Steadmon
2021-07-29 19:57 ` Junio C Hamano
2021-07-30 7:32 ` Fabian Stelzer
2021-07-28 19:36 ` [PATCH v6 7/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-07-28 19:36 ` [PATCH v6 8/9] ssh signing: add more tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-07-28 19:36 ` [PATCH v6 9/9] ssh signing: add documentation Fabian Stelzer via GitGitGadget
2021-07-29 8:19 ` [PATCH v6 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Bagas Sanjaya
2021-07-29 11:03 ` Fabian Stelzer
2021-08-03 13:45 ` [PATCH v7 " Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 1/9] ssh signing: preliminary refactoring and clean-up Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 2/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 3/9] ssh signing: add ssh key format and signing code Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 4/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 5/9] ssh signing: provide a textual signing_key_id Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 6/9] ssh signing: verify signatures using ssh-keygen Fabian Stelzer via GitGitGadget
2021-08-03 23:47 ` Junio C Hamano
2021-08-04 9:01 ` Fabian Stelzer
2021-08-04 17:32 ` Junio C Hamano
2021-08-03 13:45 ` [PATCH v7 7/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 8/9] ssh signing: tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-08-03 13:45 ` [PATCH v7 9/9] ssh signing: test that gpg fails for unkown keys Fabian Stelzer via GitGitGadget
2021-08-29 22:15 ` [PATCH v7 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Junio C Hamano
2021-08-29 23:56 ` Gwyneth Morgan
2021-08-30 10:35 ` Fabian Stelzer
2021-09-07 17:35 ` Junio C Hamano
2021-09-10 8:03 ` Fabian Stelzer
2021-09-10 18:44 ` Junio C Hamano
2021-09-10 19:49 ` Fabian Stelzer
2021-09-10 20:20 ` Carlo Arenas
2021-09-10 20:07 ` [PATCH v8 " Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 1/9] ssh signing: preliminary refactoring and clean-up Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 2/9] ssh signing: add test prereqs Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 3/9] ssh signing: add ssh key format and signing code Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 4/9] ssh signing: retrieve a default key from ssh-agent Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 5/9] ssh signing: provide a textual signing_key_id Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 6/9] ssh signing: verify signatures using ssh-keygen Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 7/9] ssh signing: duplicate t7510 tests for commits Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 8/9] ssh signing: tests for logs, tags & push certs Fabian Stelzer via GitGitGadget
2021-09-10 20:07 ` [PATCH v8 9/9] ssh signing: test that gpg fails for unknown keys Fabian Stelzer via GitGitGadget
2021-12-22 3:18 ` t7510-signed-commit.sh hangs on old gpg, regression in 1bfb57f642d (was: [PATCH v8 9/9] ssh signing: test that gpg fails for unknown keys) Ævar Arnfjörð Bjarmason
2021-12-22 10:13 ` Fabian Stelzer
2021-12-22 15:58 ` brian m. carlson
2021-12-26 22:53 ` Ævar Arnfjörð Bjarmason
2021-12-30 11:10 ` Fabian Stelzer
2021-09-10 20:23 ` [PATCH v8 0/9] ssh signing: Add commit & tag signing/verification via SSH keys using ssh-keygen Junio C Hamano
2021-09-10 20:48 ` Fabian Stelzer
2021-09-10 21:01 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ddba5667-346d-de64-ac6a-a27d78bc266d@gigacodes.de \
--to=fs@gigacodes.de \
--cc=avarab@gmail.com \
--cc=bagasdotme@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=hanwen@google.com \
--cc=hji@dyntopia.com \
--cc=rsbecker@nexbridge.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).