From: Kevin Daudt <me@ikke.info>
To: Hans Jerry Illikainen <hji@dyntopia.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 1/3] merge: add config option for verifySignatures
Date: Sat, 9 Dec 2017 13:05:37 +0100 [thread overview]
Message-ID: <20171209120537.GA6006@alpha.vpn.ikke.info> (raw)
In-Reply-To: <20171209090530.6747-1-hji@dyntopia.com>
Hello Hans Jerry,
Thank you for your contribution. I have soem remarks below.
On Sat, Dec 09, 2017 at 09:05:28AM +0000, Hans Jerry Illikainen wrote:
> Verify the signature of the tip commit when `merge.verifySignatures` is
> true. This can be overridden with `--no-verify-signatures`.
>
> Signed-off-by: Hans Jerry Illikainen <hji@dyntopia.com>
I miss the motivation in the commit message. I imagine something like:
git merge --verify-signatures can be used to verify that the tip
commit of the branch being merged in is properly signed, but it's
cumbersome to have to specify that every time.
Add a configuration option that enables this behaviour by default,
which can be overridden by --no-verify-signatures.
> ---
> Documentation/merge-config.txt | 7 +++++++
> builtin/merge.c | 2 ++
> t/t7612-merge-verify-signatures.sh | 43 ++++++++++++++++++++++++++++++++++++--
> 3 files changed, 50 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/merge-config.txt b/Documentation/merge-config.txt
> index df3ea3779..76571cd3b 100644
> --- a/Documentation/merge-config.txt
> +++ b/Documentation/merge-config.txt
> @@ -26,6 +26,13 @@ merge.ff::
> allowed (equivalent to giving the `--ff-only` option from the
> command line).
>
> +merge.verifySignatures::
> + Verify that the tip commit of the side branch being merged is
> + signed with a valid key, i.e. a key that has a valid uid: in the
> + default trust model, this means the signing key has been signed
> + by a trusted key. If the tip commit of the side branch is not
> + signed with a valid key, the merge is aborted.
> +
This is a verbatim copy of the explenation of --verify-signatures. Would
it be an idea to refer to the explenation of merge --verify-signatures?
> include::fmt-merge-msg-config.txt[]
>
> merge.renameLimit::
> diff --git a/builtin/merge.c b/builtin/merge.c
> index 612dd7bfb..30264cfd7 100644
> --- a/builtin/merge.c
> +++ b/builtin/merge.c
> @@ -567,6 +567,8 @@ static int git_merge_config(const char *k, const char *v, void *cb)
>
> if (!strcmp(k, "merge.diffstat") || !strcmp(k, "merge.stat"))
> show_diffstat = git_config_bool(k, v);
> + else if (!strcmp(k, "merge.verifysignatures"))
> + verify_signatures = git_config_bool(k, v);
> else if (!strcmp(k, "pull.twohead"))
> return git_config_string(&pull_twohead, k, v);
> else if (!strcmp(k, "pull.octopus"))
> diff --git a/t/t7612-merge-verify-signatures.sh b/t/t7612-merge-verify-signatures.sh
> index 8ae69a61c..f1a74a683 100755
> --- a/t/t7612-merge-verify-signatures.sh
> +++ b/t/t7612-merge-verify-signatures.sh
> @@ -39,23 +39,62 @@ test_expect_success GPG 'merge unsigned commit with verification' '
> test_i18ngrep "does not have a GPG signature" mergeerror
> '
>
> +test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' '
> + test_config merge.verifySignatures true &&
> + test_must_fail git merge --ff-only side-unsigned 2>mergeerror &&
> + test_i18ngrep "does not have a GPG signature" mergeerror
> +'
> +
> test_expect_success GPG 'merge commit with bad signature with verification' '
> test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror &&
> test_i18ngrep "has a bad GPG signature" mergeerror
> '
>
> +test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' '
> + test_config merge.verifySignatures true &&
> + test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror &&
> + test_i18ngrep "has a bad GPG signature" mergeerror
> +'
> +
> test_expect_success GPG 'merge commit with untrusted signature with verification' '
> test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
> test_i18ngrep "has an untrusted GPG signature" mergeerror
> '
>
> +test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' '
> + test_config merge.verifySignatures true &&
> + test_must_fail git merge --ff-only side-untrusted 2>mergeerror &&
> + test_i18ngrep "has an untrusted GPG signature" mergeerror
> +'
> +
> test_expect_success GPG 'merge signed commit with verification' '
> git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&
> - test_i18ngrep "has a good GPG signature" mergeoutput
> + test_i18ngrep "has a good GPG signature" mergeoutput &&
> + git checkout initial
This looks like a clean up step. If so, it's better to add
`test_when_finished 'git checkout initial'` at the beginning to clearly
mark it as a clean up step and make sure it's run even when the test
fails. Same counts for the other occurances.
> +'
> +
> +test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' '
> + test_config merge.verifySignatures true &&
> + git merge --verbose --ff-only side-signed >mergeoutput &&
> + test_i18ngrep "has a good GPG signature" mergeoutput &&
> + git checkout initial
> '
>
> test_expect_success GPG 'merge commit with bad signature without verification' '
> - git merge $(cat forged.commit)
> + git merge $(cat forged.commit) &&
> + git checkout initial
> +'
> +
> +test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' '
> + test_config merge.verifySignatures false &&
> + git merge $(cat forged.commit) &&
> + git checkout initial
> +'
> +
> +test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' '
> + test_config merge.verifySignatures true &&
> + git merge --no-verify-signatures $(cat forged.commit) &&
> + git checkout initial
> '
>
> test_done
Kevin.
next prev parent reply other threads:[~2017-12-09 12:05 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-09 9:05 [PATCH 1/3] merge: add config option for verifySignatures Hans Jerry Illikainen
2017-12-09 9:05 ` [PATCH 2/3] t: add tests for pull --verify-signatures Hans Jerry Illikainen
2017-12-09 12:06 ` Kevin Daudt
2017-12-09 9:05 ` [PATCH 3/3] pull: add config option for verifySignatures Hans Jerry Illikainen
2017-12-09 12:06 ` Kevin Daudt
2017-12-10 6:48 ` Hans Jerry Illikainen
2017-12-09 12:05 ` Kevin Daudt [this message]
2017-12-12 18:56 ` [PATCH 1/3] merge: " Junio C Hamano
2017-12-10 6:53 ` [PATCH v2 1/2] " Hans Jerry Illikainen
2017-12-10 6:53 ` [PATCH v2 2/2] t: add tests for pull --verify-signatures Hans Jerry Illikainen
2017-12-12 19:03 ` Junio C Hamano
2017-12-15 19:48 ` Re* " Junio C Hamano
2017-12-16 9:34 ` Hans Jerry Illikainen
2017-12-17 6:18 ` Junio C Hamano
2017-12-19 21:01 ` [PATCH v2 3/2] t5573, t7612: clean up after unexpected success of 'pull' and 'merge' Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171209120537.GA6006@alpha.vpn.ikke.info \
--to=me@ikke.info \
--cc=git@vger.kernel.org \
--cc=hji@dyntopia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).