From: Hans Jerry Illikainen <hji@dyntopia.com>
To: git@vger.kernel.org
Subject: [PATCH 3/3] pull: add config option for verifySignatures
Date: Sat, 9 Dec 2017 09:05:30 +0000 [thread overview]
Message-ID: <20171209090530.6747-3-hji@dyntopia.com> (raw)
In-Reply-To: <20171209090530.6747-1-hji@dyntopia.com>
Verify the signature of the tip commit when `pull.verifySignatures` is
true. This option overrides `merge.verifySignatures` on pull, and can
be disabled with the option `--no-verify-signatures`.
Signed-off-by: Hans Jerry Illikainen <hji@dyntopia.com>
---
Documentation/config.txt | 8 ++++++++
builtin/pull.c | 25 +++++++++++++++++++++++++
t/t5520-pull.sh | 18 ++++++++++++++++++
t/t5573-pull-verify-signatures.sh | 32 ++++++++++++++++++++++++++++++++
4 files changed, 83 insertions(+)
diff --git a/Documentation/config.txt b/Documentation/config.txt
index c1598ee70..0cd2bc597 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -2596,6 +2596,14 @@ pull.ff::
allowed (equivalent to giving the `--ff-only` option from the
command line). This setting overrides `merge.ff` when pulling.
+pull.verifySignatures::
+ Verify that the tip commit of the side branch being merged is
+ signed with a valid key, i.e. a key that has a valid uid: in the
+ default trust model, this means the signing key has been signed
+ by a trusted key. If the tip commit of the side branch is not
+ signed with a valid key, the merge is aborted. This setting
+ overrides `merge.verifySignatures` when pulling.
+
pull.rebase::
When true, rebase branches on top of the fetched branch, instead
of merging the default branch from the default remote when "git
diff --git a/builtin/pull.c b/builtin/pull.c
index 166b777ed..791365915 100644
--- a/builtin/pull.c
+++ b/builtin/pull.c
@@ -300,6 +300,28 @@ static const char *config_get_ff(void)
}
/**
+ * If pull.verifySignatures is unset, returns NULL. If pull.verifySignatures is
+ * "true", returns "--verify-signatures". If pull.verifySignatures is "false",
+ * returns "--no-verify-signatures". Otherwise, die with an error.
+ */
+static const char *config_get_verify_signatures(void)
+{
+ const char *value;
+
+ if (git_config_get_value("pull.verifysignatures", &value))
+ return NULL;
+
+ switch (git_parse_maybe_bool(value)) {
+ case 0:
+ return "--no-verify-signatures";
+ case 1:
+ return "--verify-signatures";
+ default:
+ die(_("Invalid value for pull.verifysignatures: %s"), value);
+ }
+}
+
+/**
* Returns the default configured value for --rebase. It first looks for the
* value of "branch.$curr_branch.rebase", where $curr_branch is the current
* branch, and if HEAD is detached or the configuration key does not exist,
@@ -849,6 +871,9 @@ int cmd_pull(int argc, const char **argv, const char *prefix)
if (!opt_ff)
opt_ff = xstrdup_or_null(config_get_ff());
+ if (!opt_verify_signatures)
+ opt_verify_signatures = xstrdup_or_null(config_get_verify_signatures());
+
if (opt_rebase < 0)
opt_rebase = config_get_rebase();
diff --git a/t/t5520-pull.sh b/t/t5520-pull.sh
index 59c4b778d..cdf1fd213 100755
--- a/t/t5520-pull.sh
+++ b/t/t5520-pull.sh
@@ -416,6 +416,15 @@ test_expect_success "pull --rebase warns on --verify-signatures" '
test_i18ngrep "ignoring --verify-signatures for rebase" err
'
+test_expect_success "pull --rebase warns on pull.verifySignatures=true" '
+ test_config pull.verifySignatures true &&
+ git reset --hard before-rebase &&
+ git pull --rebase . copy 2>err &&
+ test "$(git rev-parse HEAD^)" = "$(git rev-parse copy)" &&
+ test new = "$(git show HEAD:file2)" &&
+ test_i18ngrep "ignoring --verify-signatures for rebase" err
+'
+
test_expect_success "pull --rebase does not warn on --no-verify-signatures" '
git reset --hard before-rebase &&
git pull --rebase --no-verify-signatures . copy 2>err &&
@@ -424,6 +433,15 @@ test_expect_success "pull --rebase does not warn on --no-verify-signatures" '
test_i18ngrep ! "verify-signatures" err
'
+test_expect_success "pull --rebase does not warn on pull.verifySignatures=false" '
+ test_config pull.verifySignatures false &&
+ git reset --hard before-rebase &&
+ git pull --rebase . copy 2>err &&
+ test "$(git rev-parse HEAD^)" = "$(git rev-parse copy)" &&
+ test new = "$(git show HEAD:file2)" &&
+ test_i18ngrep ! "verify-signatures" err
+'
+
# add a feature branch, keep-merge, that is merged into master, so the
# test can try preserving the merge commit (or not) with various
# --rebase flags/pull.rebase settings.
diff --git a/t/t5573-pull-verify-signatures.sh b/t/t5573-pull-verify-signatures.sh
index 700247910..d1e8263d9 100755
--- a/t/t5573-pull-verify-signatures.sh
+++ b/t/t5573-pull-verify-signatures.sh
@@ -47,22 +47,54 @@ test_expect_success GPG 'pull unsigned commit with --verify-signatures' '
test_i18ngrep "does not have a GPG signature" pullerror
'
+test_expect_success GPG 'pull unsigned commit with pull.verifySignatures=true' '
+ test_config pull.verifySignatures true &&
+ test_must_fail git pull --ff-only unsigned 2>pullerror &&
+ test_i18ngrep "does not have a GPG signature" pullerror
+'
+
test_expect_success GPG 'pull commit with bad signature with --verify-signatures' '
test_must_fail git pull --ff-only --verify-signatures bad 2>pullerror &&
test_i18ngrep "has a bad GPG signature" pullerror
'
+test_expect_success GPG 'pull commit with bad signature with pull.verifySignatures=true' '
+ test_config pull.verifySignatures true &&
+ test_must_fail git pull --ff-only bad 2>pullerror &&
+ test_i18ngrep "has a bad GPG signature" pullerror
+'
+
test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures' '
test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror &&
test_i18ngrep "has an untrusted GPG signature" pullerror
'
+test_expect_success GPG 'pull commit with untrusted signature with pull.verifySignatures=true' '
+ test_config pull.verifySignatures true &&
+ test_must_fail git pull --ff-only untrusted 2>pullerror &&
+ test_i18ngrep "has an untrusted GPG signature" pullerror
+'
+
+test_expect_success GPG 'pull commit with untrusted signature with pull.verifySignatures=true and merge.verifySignatures=false' '
+ test_config merge.verifySignatures false &&
+ test_config pull.verifySignatures true &&
+ test_must_fail git pull --ff-only untrusted 2>pullerror &&
+ test_i18ngrep "has an untrusted GPG signature" pullerror
+'
+
test_expect_success GPG 'pull signed commit with --verify-signatures' '
git pull --verify-signatures signed >pulloutput &&
test_i18ngrep "has a good GPG signature" pulloutput &&
git checkout initial
'
+test_expect_success GPG 'pull signed commit with pull.verifySignatures=true' '
+ test_config pull.verifySignatures true &&
+ git pull signed >pulloutput &&
+ test_i18ngrep "has a good GPG signature" pulloutput &&
+ git checkout initial
+'
+
test_expect_success GPG 'pull commit with bad signature without verification' '
git pull --ff-only bad 2>pullerror &&
git checkout initial
--
2.11.0
next prev parent reply other threads:[~2017-12-09 9:06 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-09 9:05 [PATCH 1/3] merge: add config option for verifySignatures Hans Jerry Illikainen
2017-12-09 9:05 ` [PATCH 2/3] t: add tests for pull --verify-signatures Hans Jerry Illikainen
2017-12-09 12:06 ` Kevin Daudt
2017-12-09 9:05 ` Hans Jerry Illikainen [this message]
2017-12-09 12:06 ` [PATCH 3/3] pull: add config option for verifySignatures Kevin Daudt
2017-12-10 6:48 ` Hans Jerry Illikainen
2017-12-09 12:05 ` [PATCH 1/3] merge: " Kevin Daudt
2017-12-12 18:56 ` Junio C Hamano
2017-12-10 6:53 ` [PATCH v2 1/2] " Hans Jerry Illikainen
2017-12-10 6:53 ` [PATCH v2 2/2] t: add tests for pull --verify-signatures Hans Jerry Illikainen
2017-12-12 19:03 ` Junio C Hamano
2017-12-15 19:48 ` Re* " Junio C Hamano
2017-12-16 9:34 ` Hans Jerry Illikainen
2017-12-17 6:18 ` Junio C Hamano
2017-12-19 21:01 ` [PATCH v2 3/2] t5573, t7612: clean up after unexpected success of 'pull' and 'merge' Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171209090530.6747-3-hji@dyntopia.com \
--to=hji@dyntopia.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).