From: Fabian Stelzer <fs@gigacodes.de>
To: git@vger.kernel.org
Cc: "Fabian Stelzer" <fs@gigacodes.de>,
"Han-Wen Nienhuys" <hanwen@google.com>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
"Randall S. Becker" <rsbecker@nexbridge.com>,
"Bagas Sanjaya" <bagasdotme@gmail.com>,
"Hans Jerry Illikainen" <hji@dyntopia.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Felipe Contreras" <felipe.contreras@gmail.com>,
"Eric Sunshine" <sunshine@sunshineco.com>,
"Gwyneth Morgan" <gwymor@tilde.club>,
"Jonathan Tan" <jonathantanmy@google.com>,
"Josh Steadmon" <steadmon@google.com>
Subject: [PATCH 6/6] ssh signing: fmt-merge-msg/check_signature with tag date
Date: Fri, 22 Oct 2021 17:09:49 +0200 [thread overview]
Message-ID: <20211022150949.1754477-7-fs@gigacodes.de> (raw)
In-Reply-To: <20211022150949.1754477-1-fs@gigacodes.de>
Pass the tag date and tagger ident to check_signature when generating merge
messages to verify merged tags signatures.
Implements the same tests as for verify-commit.
Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
---
fmt-merge-msg.c | 13 +++++++++-
t/t6200-fmt-merge-msg.sh | 54 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 66 insertions(+), 1 deletion(-)
diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c
index d2cedad6b7..4f49dd9341 100644
--- a/fmt-merge-msg.c
+++ b/fmt-merge-msg.c
@@ -524,6 +524,8 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
unsigned long len = size;
struct signature_check sigc = { NULL };
struct strbuf payload = STRBUF_INIT, sig = STRBUF_INIT;
+ struct strbuf payload_signer = STRBUF_INIT;
+ timestamp_t payload_timestamp = 0;
if (!buf || type != OBJ_TAG)
goto next;
@@ -533,7 +535,15 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
else {
buf = payload.buf;
len = payload.len;
- if (check_signature(payload.buf, payload.len, 0, NULL,
+
+ if (parse_signed_buffer_metadata(payload.buf, "tagger",
+ &payload_timestamp,
+ &payload_signer))
+ strbuf_addstr(&sig,
+ _("failed to parse timestamp and signer info from payload"));
+
+ if (check_signature(payload.buf, payload.len,
+ payload_timestamp, &payload_signer,
sig.buf, sig.len, &sigc) &&
!sigc.output)
strbuf_addstr(&sig, "gpg verification failed.\n");
@@ -564,6 +574,7 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
}
strbuf_release(&payload);
strbuf_release(&sig);
+ strbuf_release(&payload_signer);
next:
free(origbuf);
}
diff --git a/t/t6200-fmt-merge-msg.sh b/t/t6200-fmt-merge-msg.sh
index 06c5fb5615..2dd2423643 100755
--- a/t/t6200-fmt-merge-msg.sh
+++ b/t/t6200-fmt-merge-msg.sh
@@ -91,6 +91,26 @@ test_expect_success GPGSSH 'created ssh signed commit and tag' '
git tag -s -u"${GPGSSH_KEY_UNTRUSTED}" -m signed-ssh-tag-msg-untrusted signed-untrusted-ssh-tag left
'
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed tags with keys having defined lifetimes' '
+ test_when_finished "test_unconfig commit.gpgsign" &&
+ test_config gpg.format ssh &&
+ git checkout -b signed-expiry-ssh &&
+ touch file &&
+ git add file &&
+
+ echo expired >file && test_tick && git commit -a -m expired -S"${GPGSSH_KEY_EXPIRED}" &&
+ git tag -s -u "${GPGSSH_KEY_EXPIRED}" -m expired-signed expired-signed &&
+
+ echo notyetvalid >file && test_tick && git commit -a -m notyetvalid -S"${GPGSSH_KEY_NOTYETVALID}" &&
+ git tag -s -u "${GPGSSH_KEY_NOTYETVALID}" -m notyetvalid-signed notyetvalid-signed &&
+
+ echo timeboxedvalid >file && test_tick && git commit -a -m timeboxedvalid -S"${GPGSSH_KEY_TIMEBOXEDVALID}" &&
+ git tag -s -u "${GPGSSH_KEY_TIMEBOXEDVALID}" -m timeboxedvalid-signed timeboxedvalid-signed &&
+
+ echo timeboxedinvalid >file && test_tick && git commit -a -m timeboxedinvalid -S"${GPGSSH_KEY_TIMEBOXEDINVALID}" &&
+ git tag -s -u "${GPGSSH_KEY_TIMEBOXEDINVALID}" -m timeboxedinvalid-signed timeboxedinvalid-signed
+'
+
test_expect_success 'message for merging local branch' '
echo "Merge branch ${apos}left${apos}" >expected &&
@@ -137,6 +157,40 @@ test_expect_success GPGSSH 'message for merging local tag signed by unknown ssh
! grep "${GPGSSH_BAD_SIGNATURE}" actual &&
grep "${GPGSSH_KEY_NOT_TRUSTED}" actual
'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by expired ssh key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . expired-signed &&
+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by not yet valid ssh key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . notyetvalid-signed &&
+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by valid timeboxed ssh key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . timeboxedvalid-signed &&
+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
+ grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual &&
+ ! grep "${GPGSSH_BAD_SIGNATURE}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by invalid timeboxed ssh key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . timeboxedinvalid-signed &&
+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
test_expect_success 'message for merging external branch' '
echo "Merge branch ${apos}left${apos} of $(pwd)" >expected &&
--
2.31.1
next prev parent reply other threads:[~2021-10-22 15:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-22 15:09 [PATCH 0/6] ssh signing: verify key lifetime Fabian Stelzer
2021-10-22 15:09 ` [PATCH 1/6] ssh signing: extend check_signature to accept payload metadata Fabian Stelzer
2021-10-23 23:13 ` Junio C Hamano
2021-10-25 8:28 ` Fabian Stelzer
2021-10-25 17:16 ` Junio C Hamano
2021-10-22 15:09 ` [PATCH 2/6] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-10-22 15:09 ` [PATCH 3/6] ssh signing: verify-commit/check_signature with commit date Fabian Stelzer
2021-10-22 17:37 ` Ævar Arnfjörð Bjarmason
2021-10-25 8:31 ` Fabian Stelzer
2021-10-22 15:09 ` [PATCH 4/6] ssh signing: git log/check_signature " Fabian Stelzer
2021-10-22 15:09 ` [PATCH 5/6] ssh signing: verify-tag/check_signature with tag date Fabian Stelzer
2021-10-22 15:09 ` Fabian Stelzer [this message]
2021-10-22 18:12 ` [PATCH 6/6] ssh signing: fmt-merge-msg/check_signature " Ævar Arnfjörð Bjarmason
2021-10-25 8:39 ` Fabian Stelzer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211022150949.1754477-7-fs@gigacodes.de \
--to=fs@gigacodes.de \
--cc=avarab@gmail.com \
--cc=bagasdotme@gmail.com \
--cc=felipe.contreras@gmail.com \
--cc=git@vger.kernel.org \
--cc=gwymor@tilde.club \
--cc=hanwen@google.com \
--cc=hji@dyntopia.com \
--cc=jonathantanmy@google.com \
--cc=rsbecker@nexbridge.com \
--cc=sandals@crustytoothpaste.net \
--cc=steadmon@google.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.