From: Fabian Stelzer <fs@gigacodes.de>
To: git@vger.kernel.org
Cc: Fabian Stelzer <fs@gigacodes.de>
Subject: [PATCH v2 1/2] ssh signing: fmt-merge-msg tests & config parse
Date: Wed, 13 Oct 2021 09:51:06 +0200 [thread overview]
Message-ID: <20211013075107.8584-2-fs@gigacodes.de> (raw)
In-Reply-To: <20211013075107.8584-1-fs@gigacodes.de>
When merging a signed tag fmt-merge-msg was unable to verify its
validity missing the necessary ssh allowedSignersFile config.
Adds gpg config parsing to fmt-merge-msg.
Adds tests for ssh signed tags to fmt-merge-msg tests.
Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
---
fmt-merge-msg.c | 6 ++++++
t/t6200-fmt-merge-msg.sh | 28 ++++++++++++++++++++++++++++
2 files changed, 34 insertions(+)
diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c
index fb300bb4b6..2d49584bf5 100644
--- a/fmt-merge-msg.c
+++ b/fmt-merge-msg.c
@@ -9,6 +9,7 @@
#include "branch.h"
#include "fmt-merge-msg.h"
#include "commit-reach.h"
+#include "gpg-interface.h"
static int use_branch_desc;
static int suppress_dest_pattern_seen;
@@ -16,6 +17,8 @@ static struct string_list suppress_dest_patterns = STRING_LIST_INIT_DUP;
int fmt_merge_msg_config(const char *key, const char *value, void *cb)
{
+ int status = 0;
+
if (!strcmp(key, "merge.log") || !strcmp(key, "merge.summary")) {
int is_bool;
merge_log_config = git_config_bool_or_int(key, value, &is_bool);
@@ -34,6 +37,9 @@ int fmt_merge_msg_config(const char *key, const char *value, void *cb)
string_list_append(&suppress_dest_patterns, value);
suppress_dest_pattern_seen = 1;
} else {
+ status = git_gpg_config(key, value, NULL);
+ if (status)
+ return status;
return git_default_config(key, value, cb);
}
return 0;
diff --git a/t/t6200-fmt-merge-msg.sh b/t/t6200-fmt-merge-msg.sh
index 44f55d93fe..06c5fb5615 100755
--- a/t/t6200-fmt-merge-msg.sh
+++ b/t/t6200-fmt-merge-msg.sh
@@ -81,6 +81,16 @@ test_expect_success GPG 'set up a signed tag' '
git tag -s -m signed-tag-msg signed-good-tag left
'
+test_expect_success GPGSSH 'created ssh signed commit and tag' '
+ test_config gpg.format ssh &&
+ git checkout -b signed-ssh &&
+ touch file &&
+ git add file &&
+ git commit -m "ssh signed" -S"${GPGSSH_KEY_PRIMARY}" &&
+ git tag -s -u"${GPGSSH_KEY_PRIMARY}" -m signed-ssh-tag-msg signed-good-ssh-tag left &&
+ git tag -s -u"${GPGSSH_KEY_UNTRUSTED}" -m signed-ssh-tag-msg-untrusted signed-untrusted-ssh-tag left
+'
+
test_expect_success 'message for merging local branch' '
echo "Merge branch ${apos}left${apos}" >expected &&
@@ -109,6 +119,24 @@ test_expect_success GPG 'message for merging local tag signed by unknown key' '
grep -E "^# gpg: Can${apos}t check signature: (public key not found|No public key)" actual
'
+test_expect_success GPGSSH 'message for merging local tag signed by good ssh key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . signed-good-ssh-tag &&
+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
+ grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual &&
+ ! grep "${GPGSSH_BAD_SIGNATURE}" actual
+'
+
+test_expect_success GPGSSH 'message for merging local tag signed by unknown ssh key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . signed-untrusted-ssh-tag &&
+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
+ grep "${GPGSSH_GOOD_SIGNATURE_UNTRUSTED}" actual &&
+ ! grep "${GPGSSH_BAD_SIGNATURE}" actual &&
+ grep "${GPGSSH_KEY_NOT_TRUSTED}" actual
+'
test_expect_success 'message for merging external branch' '
echo "Merge branch ${apos}left${apos} of $(pwd)" >expected &&
--
2.31.1
next prev parent reply other threads:[~2021-10-13 7:54 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-13 7:51 [PATCH v2 0/2] ssh signing: fix merging signed tags & docs Fabian Stelzer
2021-10-13 7:51 ` Fabian Stelzer [this message]
2021-10-13 7:51 ` [PATCH v2 2/2] ssh signing: clarify trustlevel usage in docs Fabian Stelzer
2021-10-13 17:03 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211013075107.8584-2-fs@gigacodes.de \
--to=fs@gigacodes.de \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).