[PATCH v6 0/9] ssh signing: verify key lifetime

From: Fabian Stelzer <fs@gigacodes.de>
To: git@vger.kernel.org
Cc: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
	"Junio C Hamano" <gitster@pobox.com>,
	"SZEDER Gábor" <szeder.dev@gmail.com>,
	"Fabian Stelzer" <fs@gigacodes.de>
Subject: [PATCH v6 0/9] ssh signing: verify key lifetime
Date: Thu,  9 Dec 2021 09:52:40 +0100	[thread overview]
Message-ID: <20211209085249.13587-1-fs@gigacodes.de> (raw)
In-Reply-To: <20211208163335.1231795-1-fs@gigacodes.de>

changes since v5:
 - moved the fixes to existing test to the first two commits and merged
   those fixing new tests into the corresponding commit

changes since v4:
 - removed unneccessary io redir in merge-msg tests
 - added grep for merged tag to gpgssh merge-msg tests

changes since v3:
 - improve readability of prereq setup code by using heredoc and some
   variables

changes since v2:
 - fix swich/case indentation
 - BUG() on unknown payload types
 - improve test prereq by actually validating ssh-keygen functionality

changes since v1:
 - struct signature_check is now used to input payload data into
   check_function
 - payload metadata parsing is completely internal to check_signature.
   the caller only need to set the payload type in the sigc struct
 - small nits and readability fixes
 - removed payload_signer parameter. since we now use the struct we can
   extend
   this later.

Fabian Stelzer (9):
  t/fmt-merge-msg: do not redirect stderr
  t/fmt-merge-msg: make gpgssh tests more specific
  ssh signing: use sigc struct to pass payload
  ssh signing: add key lifetime test prereqs
  ssh signing: make verify-commit consider key lifetime
  ssh signing: make git log verify key lifetime
  ssh signing: make verify-tag consider key lifetime
  ssh signing: make fmt-merge-msg consider key lifetime
  ssh signing: verify ssh-keygen in test prereq

 Documentation/config/gpg.txt     |  5 ++
 builtin/receive-pack.c           |  6 ++-
 commit.c                         |  6 ++-
 fmt-merge-msg.c                  |  5 +-
 gpg-interface.c                  | 90 +++++++++++++++++++++++++-------
 gpg-interface.h                  | 15 ++++--
 log-tree.c                       | 10 ++--
 t/lib-gpg.sh                     | 62 ++++++++++++++++++----
 t/t4202-log.sh                   | 43 +++++++++++++++
 t/t6200-fmt-merge-msg.sh         | 68 ++++++++++++++++++++++--
 t/t7031-verify-tag-signed-ssh.sh | 42 +++++++++++++++
 t/t7528-signed-commit-ssh.sh     | 42 +++++++++++++++
 tag.c                            |  5 +-
 13 files changed, 351 insertions(+), 48 deletions(-)

Range-diff against v5:
 -:  ---------- >  1:  0b3848d23b t/fmt-merge-msg: do not redirect stderr
 -:  ---------- >  2:  f29d838574 t/fmt-merge-msg: make gpgssh tests more specific
 1:  c4447d30f2 =  3:  b065dcb7fb ssh signing: use sigc struct to pass payload
 2:  0bb1617529 =  4:  c37d33db31 ssh signing: add key lifetime test prereqs
 3:  f60bd1efd0 =  5:  640e9a4a99 ssh signing: make verify-commit consider key lifetime
 4:  5fc0ad5c37 =  6:  2e98307c18 ssh signing: make git log verify key lifetime
 5:  f1c225871f =  7:  75d213ab15 ssh signing: make verify-tag consider key lifetime
 6:  1cbd4dbb6b !  8:  498821af14 ssh signing: make fmt-merge-msg consider key lifetime
    @@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
     +	test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
     +	git checkout main &&
     +	git fetch . expired-signed &&
    -+	git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
    ++	git fmt-merge-msg <.git/FETCH_HEAD >actual &&
    ++	grep "^Merge tag ${apos}expired-signed${apos}" actual &&
     +	! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
     +'
     +
    @@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
     +	test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
     +	git checkout main &&
     +	git fetch . notyetvalid-signed &&
    -+	git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
    ++	git fmt-merge-msg <.git/FETCH_HEAD >actual &&
    ++	grep "^Merge tag ${apos}notyetvalid-signed${apos}" actual &&
     +	! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
     +'
     +
    @@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
     +	test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
     +	git checkout main &&
     +	git fetch . timeboxedvalid-signed &&
    -+	git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
    ++	git fmt-merge-msg <.git/FETCH_HEAD >actual &&
    ++	grep "^Merge tag ${apos}timeboxedvalid-signed${apos}" actual &&
     +	grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual &&
     +	! grep "${GPGSSH_BAD_SIGNATURE}" actual
     +'
    @@ t/t6200-fmt-merge-msg.sh: test_expect_success GPGSSH 'message for merging local
     +	test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
     +	git checkout main &&
     +	git fetch . timeboxedinvalid-signed &&
    -+	git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
    ++	git fmt-merge-msg <.git/FETCH_HEAD >actual &&
    ++	grep "^Merge tag ${apos}timeboxedinvalid-signed${apos}" actual &&
     +	! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
     +'
     +
 7:  d60f4ec82c =  9:  0816dd2ec8 ssh signing: verify ssh-keygen in test prereq
-- 
2.31.1