From: Hans Jerry Illikainen <hji@dyntopia.com>
To: git@vger.kernel.org
Subject: [PATCH 1/3] merge: add config option for verifySignatures
Date: Sat, 9 Dec 2017 09:05:28 +0000 [thread overview]
Message-ID: <20171209090530.6747-1-hji@dyntopia.com> (raw)
Verify the signature of the tip commit when `merge.verifySignatures` is
true. This can be overridden with `--no-verify-signatures`.
Signed-off-by: Hans Jerry Illikainen <hji@dyntopia.com>
---
Documentation/merge-config.txt | 7 +++++++
builtin/merge.c | 2 ++
t/t7612-merge-verify-signatures.sh | 43 ++++++++++++++++++++++++++++++++++++--
3 files changed, 50 insertions(+), 2 deletions(-)
diff --git a/Documentation/merge-config.txt b/Documentation/merge-config.txt
index df3ea3779..76571cd3b 100644
--- a/Documentation/merge-config.txt
+++ b/Documentation/merge-config.txt
@@ -26,6 +26,13 @@ merge.ff::
allowed (equivalent to giving the `--ff-only` option from the
command line).
+merge.verifySignatures::
+ Verify that the tip commit of the side branch being merged is
+ signed with a valid key, i.e. a key that has a valid uid: in the
+ default trust model, this means the signing key has been signed
+ by a trusted key. If the tip commit of the side branch is not
+ signed with a valid key, the merge is aborted.
+
include::fmt-merge-msg-config.txt[]
merge.renameLimit::
diff --git a/builtin/merge.c b/builtin/merge.c
index 612dd7bfb..30264cfd7 100644
--- a/builtin/merge.c
+++ b/builtin/merge.c
@@ -567,6 +567,8 @@ static int git_merge_config(const char *k, const char *v, void *cb)
if (!strcmp(k, "merge.diffstat") || !strcmp(k, "merge.stat"))
show_diffstat = git_config_bool(k, v);
+ else if (!strcmp(k, "merge.verifysignatures"))
+ verify_signatures = git_config_bool(k, v);
else if (!strcmp(k, "pull.twohead"))
return git_config_string(&pull_twohead, k, v);
else if (!strcmp(k, "pull.octopus"))
diff --git a/t/t7612-merge-verify-signatures.sh b/t/t7612-merge-verify-signatures.sh
index 8ae69a61c..f1a74a683 100755
--- a/t/t7612-merge-verify-signatures.sh
+++ b/t/t7612-merge-verify-signatures.sh
@@ -39,23 +39,62 @@ test_expect_success GPG 'merge unsigned commit with verification' '
test_i18ngrep "does not have a GPG signature" mergeerror
'
+test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' '
+ test_config merge.verifySignatures true &&
+ test_must_fail git merge --ff-only side-unsigned 2>mergeerror &&
+ test_i18ngrep "does not have a GPG signature" mergeerror
+'
+
test_expect_success GPG 'merge commit with bad signature with verification' '
test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror &&
test_i18ngrep "has a bad GPG signature" mergeerror
'
+test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' '
+ test_config merge.verifySignatures true &&
+ test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror &&
+ test_i18ngrep "has a bad GPG signature" mergeerror
+'
+
test_expect_success GPG 'merge commit with untrusted signature with verification' '
test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
test_i18ngrep "has an untrusted GPG signature" mergeerror
'
+test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' '
+ test_config merge.verifySignatures true &&
+ test_must_fail git merge --ff-only side-untrusted 2>mergeerror &&
+ test_i18ngrep "has an untrusted GPG signature" mergeerror
+'
+
test_expect_success GPG 'merge signed commit with verification' '
git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&
- test_i18ngrep "has a good GPG signature" mergeoutput
+ test_i18ngrep "has a good GPG signature" mergeoutput &&
+ git checkout initial
+'
+
+test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' '
+ test_config merge.verifySignatures true &&
+ git merge --verbose --ff-only side-signed >mergeoutput &&
+ test_i18ngrep "has a good GPG signature" mergeoutput &&
+ git checkout initial
'
test_expect_success GPG 'merge commit with bad signature without verification' '
- git merge $(cat forged.commit)
+ git merge $(cat forged.commit) &&
+ git checkout initial
+'
+
+test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' '
+ test_config merge.verifySignatures false &&
+ git merge $(cat forged.commit) &&
+ git checkout initial
+'
+
+test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' '
+ test_config merge.verifySignatures true &&
+ git merge --no-verify-signatures $(cat forged.commit) &&
+ git checkout initial
'
test_done
--
2.11.0
next reply other threads:[~2017-12-09 9:06 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-09 9:05 Hans Jerry Illikainen [this message]
2017-12-09 9:05 ` [PATCH 2/3] t: add tests for pull --verify-signatures Hans Jerry Illikainen
2017-12-09 12:06 ` Kevin Daudt
2017-12-09 9:05 ` [PATCH 3/3] pull: add config option for verifySignatures Hans Jerry Illikainen
2017-12-09 12:06 ` Kevin Daudt
2017-12-10 6:48 ` Hans Jerry Illikainen
2017-12-09 12:05 ` [PATCH 1/3] merge: " Kevin Daudt
2017-12-12 18:56 ` Junio C Hamano
2017-12-10 6:53 ` [PATCH v2 1/2] " Hans Jerry Illikainen
2017-12-10 6:53 ` [PATCH v2 2/2] t: add tests for pull --verify-signatures Hans Jerry Illikainen
2017-12-12 19:03 ` Junio C Hamano
2017-12-15 19:48 ` Re* " Junio C Hamano
2017-12-16 9:34 ` Hans Jerry Illikainen
2017-12-17 6:18 ` Junio C Hamano
2017-12-19 21:01 ` [PATCH v2 3/2] t5573, t7612: clean up after unexpected success of 'pull' and 'merge' Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171209090530.6747-1-hji@dyntopia.com \
--to=hji@dyntopia.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).