From: Hans Jerry Illikainen <hji@dyntopia.com>
To: git@vger.kernel.org
Cc: Hans Jerry Illikainen <hji@dyntopia.com>
Subject: [PATCH 4/5] merge: verify signatures if gpg.verifySignatures is true
Date: Sun, 5 Jan 2020 13:56:15 +0000 [thread overview]
Message-ID: <20200105135616.19102-5-hji@dyntopia.com> (raw)
In-Reply-To: <20200105135616.19102-1-hji@dyntopia.com>
Merge operations has had support for a merge.verifySignatures config
knob for quite some time. However, there is no global option to enable
signature verification for all operations that support it. This makes
sense because only merges (and, by extent, pulls) has support for
configurable signature verifications.
However, with the upcoming introduction of signature verification for
clones, it seems reasonable to have a global option that enables
verification for all operations that support it. Otherwise, users would
have to track down and enable every *.verifySignatures knob.
This patch adds support for a global gpg.verifySignatures in
git_merge_config(). The global variant is overridden by both
merge.verifySignatures and the --(no-)verify-signatures command-line
parameter.
Signed-off-by: Hans Jerry Illikainen <hji@dyntopia.com>
---
Documentation/config/gpg.txt | 6 ++++++
Documentation/config/merge.txt | 4 +++-
builtin/merge.c | 8 +++++---
t/t7612-merge-verify-signatures.sh | 27 +++++++++++++++++++++++++++
4 files changed, 41 insertions(+), 4 deletions(-)
diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt
index d94025cb36..7bf64cff24 100644
--- a/Documentation/config/gpg.txt
+++ b/Documentation/config/gpg.txt
@@ -33,3 +33,9 @@ gpg.minTrustLevel::
* `marginal`
* `fully`
* `ultimate`
+
+gpg.verifySignatures::
+ Verify that commits are signed with a valid key for operations
+ that support signature verification. This option act as a
+ global default and can be overridden in sections specific to
+ individual operations.
diff --git a/Documentation/config/merge.txt b/Documentation/config/merge.txt
index 6a313937f8..7ff72fafc2 100644
--- a/Documentation/config/merge.txt
+++ b/Documentation/config/merge.txt
@@ -28,7 +28,9 @@ merge.ff::
merge.verifySignatures::
If true, this is equivalent to the --verify-signatures command
- line option. See linkgit:git-merge[1] for details.
+ line option. See linkgit:git-merge[1] for details. Also see
+ `gpg.verifySignatures` for a global option to enable signature
+ verification.
include::fmt-merge-msg.txt[]
diff --git a/builtin/merge.c b/builtin/merge.c
index e472f17738..539dd1dbfc 100644
--- a/builtin/merge.c
+++ b/builtin/merge.c
@@ -61,7 +61,7 @@ static const char * const builtin_merge_usage[] = {
static int show_diffstat = 1, shortlog_len = -1, squash;
static int option_commit = -1;
static int option_edit = -1;
-static int allow_trivial = 1, have_message, verify_signatures;
+static int allow_trivial = 1, have_message, verify_signatures = -1;
static int overwrite_ignore = 1;
static unsigned gpg_flags = GPG_VERIFY_SHORT | GPG_VERIFY_COMPAT;
static struct strbuf merge_msg = STRBUF_INIT;
@@ -610,6 +610,8 @@ static int git_merge_config(const char *k, const char *v, void *cb)
show_diffstat = git_config_bool(k, v);
else if (!strcmp(k, "merge.verifysignatures"))
verify_signatures = git_config_bool(k, v);
+ else if (!strcmp(k, "gpg.verifysignatures") && verify_signatures < 0)
+ verify_signatures = git_config_bool(k, v);
else if (!strcmp(k, "pull.twohead"))
return git_config_string(&pull_twohead, k, v);
else if (!strcmp(k, "pull.octopus"))
@@ -1399,7 +1401,7 @@ int cmd_merge(int argc, const char **argv, const char *prefix)
if (remoteheads->next)
die(_("Can merge only exactly one commit into empty head"));
- if (verify_signatures &&
+ if (verify_signatures == 1 &&
gpg_verify_commit(&remoteheads->item->object.oid, NULL,
NULL, gpg_flags))
die(_("Signature verification failed"));
@@ -1423,7 +1425,7 @@ int cmd_merge(int argc, const char **argv, const char *prefix)
usage_with_options(builtin_merge_usage,
builtin_merge_options);
- if (verify_signatures) {
+ if (verify_signatures == 1) {
for (p = remoteheads; p; p = p->next) {
if (gpg_verify_commit(&p->item->object.oid, NULL, NULL,
gpg_flags))
diff --git a/t/t7612-merge-verify-signatures.sh b/t/t7612-merge-verify-signatures.sh
index a426f3a89a..10ab2fa119 100755
--- a/t/t7612-merge-verify-signatures.sh
+++ b/t/t7612-merge-verify-signatures.sh
@@ -125,6 +125,33 @@ test_expect_success GPG 'merge commit with bad signature with merge.verifySignat
git merge --no-verify-signatures $(cat forged.commit)
'
+test_expect_success GPG 'merge commit with bad signature with gpg.verifySignatures=true and --no-verify-signatures' '
+ test_when_finished "git reset --hard && git checkout initial" &&
+ test_config gpg.verifySignatures true &&
+ git merge --no-verify-signatures $(cat forged.commit)
+'
+
+test_expect_success GPG 'merge commit with bad signature with gpg.verifySignatures=true and merge.verifySignatures=false' '
+ test_when_finished "git reset --hard && git checkout initial" &&
+ test_config gpg.verifySignatures true &&
+ test_config merge.verifySignatures false &&
+ git merge $(cat forged.commit)
+'
+
+test_expect_success GPG 'merge commit with bad signature with clone.verifySignatures=false and gpg.verifySignatures=true' '
+ test_when_finished "git reset --hard && git checkout initial" &&
+ test_config merge.verifySignatures false &&
+ test_config gpg.verifySignatures true &&
+ git merge $(cat forged.commit)
+'
+
+test_expect_success GPG 'merge commit with bad signature with gpg.verifySignatures=true' '
+ test_when_finished "git reset --hard && git checkout initial" &&
+ test_config gpg.verifySignatures true &&
+ test_must_fail git merge $(cat forged.commit) 2>mergeerror &&
+ test_i18ngrep "has a bad GPG signature allegedly by" mergeerror
+'
+
test_expect_success GPG 'merge unsigned commit into unborn branch' '
test_when_finished "git checkout initial" &&
git checkout --orphan unborn &&
--
2.25.0.rc1.302.gc71d20beed
next prev parent reply other threads:[~2020-01-05 13:56 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-05 13:56 [PATCH 0/5] refactor gpg-interface and add gpg verification for clones Hans Jerry Illikainen
2020-01-05 13:56 ` [PATCH 1/5] gpg-interface: conditionally show the result in print_signature_buffer() Hans Jerry Illikainen
2020-01-06 19:07 ` Junio C Hamano
2020-01-05 13:56 ` [PATCH 2/5] gpg-interface: support one-line summaries " Hans Jerry Illikainen
2020-01-06 19:33 ` Junio C Hamano
2020-01-05 13:56 ` [PATCH 3/5] commit: refactor signature verification helpers Hans Jerry Illikainen
2020-01-06 19:36 ` Junio C Hamano
2020-01-05 13:56 ` Hans Jerry Illikainen [this message]
2020-01-06 21:01 ` [PATCH 4/5] merge: verify signatures if gpg.verifySignatures is true Junio C Hamano
2020-01-05 13:56 ` [PATCH 5/5] clone: support signature verification Hans Jerry Illikainen
2020-01-05 23:11 ` [PATCH 0/5] refactor gpg-interface and add gpg verification for clones Junio C Hamano
2020-01-07 4:06 ` Hans Jerry Illikainen
2020-01-07 16:54 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200105135616.19102-5-hji@dyntopia.com \
--to=hji@dyntopia.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.