From: Fabian Stelzer <fs@gigacodes.de>
To: git@vger.kernel.org
Cc: "Fabian Stelzer" <fs@gigacodes.de>,
"Han-Wen Nienhuys" <hanwen@google.com>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
"Randall S. Becker" <rsbecker@nexbridge.com>,
"Bagas Sanjaya" <bagasdotme@gmail.com>,
"Hans Jerry Illikainen" <hji@dyntopia.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Felipe Contreras" <felipe.contreras@gmail.com>,
"Eric Sunshine" <sunshine@sunshineco.com>,
"Gwyneth Morgan" <gwymor@tilde.club>,
"Jonathan Tan" <jonathantanmy@google.com>,
"Josh Steadmon" <steadmon@google.com>
Subject: [PATCH 6/6] ssh signing: fmt-merge-msg/check_signature with tag date
Date: Fri, 22 Oct 2021 17:09:49 +0200 [thread overview]
Message-ID: <20211022150949.1754477-7-fs@gigacodes.de> (raw)
In-Reply-To: <20211022150949.1754477-1-fs@gigacodes.de>
Pass the tag date and tagger ident to check_signature when generating merge
messages to verify merged tags signatures.
Implements the same tests as for verify-commit.
Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
---
fmt-merge-msg.c | 13 +++++++++-
t/t6200-fmt-merge-msg.sh | 54 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 66 insertions(+), 1 deletion(-)
diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c
index d2cedad6b7..4f49dd9341 100644
--- a/fmt-merge-msg.c
+++ b/fmt-merge-msg.c
@@ -524,6 +524,8 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
unsigned long len = size;
struct signature_check sigc = { NULL };
struct strbuf payload = STRBUF_INIT, sig = STRBUF_INIT;
+ struct strbuf payload_signer = STRBUF_INIT;
+ timestamp_t payload_timestamp = 0;
if (!buf || type != OBJ_TAG)
goto next;
@@ -533,7 +535,15 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
else {
buf = payload.buf;
len = payload.len;
- if (check_signature(payload.buf, payload.len, 0, NULL,
+
+ if (parse_signed_buffer_metadata(payload.buf, "tagger",
+ &payload_timestamp,
+ &payload_signer))
+ strbuf_addstr(&sig,
+ _("failed to parse timestamp and signer info from payload"));
+
+ if (check_signature(payload.buf, payload.len,
+ payload_timestamp, &payload_signer,
sig.buf, sig.len, &sigc) &&
!sigc.output)
strbuf_addstr(&sig, "gpg verification failed.\n");
@@ -564,6 +574,7 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
}
strbuf_release(&payload);
strbuf_release(&sig);
+ strbuf_release(&payload_signer);
next:
free(origbuf);
}
diff --git a/t/t6200-fmt-merge-msg.sh b/t/t6200-fmt-merge-msg.sh
index 06c5fb5615..2dd2423643 100755
--- a/t/t6200-fmt-merge-msg.sh
+++ b/t/t6200-fmt-merge-msg.sh
@@ -91,6 +91,26 @@ test_expect_success GPGSSH 'created ssh signed commit and tag' '
git tag -s -u"${GPGSSH_KEY_UNTRUSTED}" -m signed-ssh-tag-msg-untrusted signed-untrusted-ssh-tag left
'
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed tags with keys having defined lifetimes' '
+ test_when_finished "test_unconfig commit.gpgsign" &&
+ test_config gpg.format ssh &&
+ git checkout -b signed-expiry-ssh &&
+ touch file &&
+ git add file &&
+
+ echo expired >file && test_tick && git commit -a -m expired -S"${GPGSSH_KEY_EXPIRED}" &&
+ git tag -s -u "${GPGSSH_KEY_EXPIRED}" -m expired-signed expired-signed &&
+
+ echo notyetvalid >file && test_tick && git commit -a -m notyetvalid -S"${GPGSSH_KEY_NOTYETVALID}" &&
+ git tag -s -u "${GPGSSH_KEY_NOTYETVALID}" -m notyetvalid-signed notyetvalid-signed &&
+
+ echo timeboxedvalid >file && test_tick && git commit -a -m timeboxedvalid -S"${GPGSSH_KEY_TIMEBOXEDVALID}" &&
+ git tag -s -u "${GPGSSH_KEY_TIMEBOXEDVALID}" -m timeboxedvalid-signed timeboxedvalid-signed &&
+
+ echo timeboxedinvalid >file && test_tick && git commit -a -m timeboxedinvalid -S"${GPGSSH_KEY_TIMEBOXEDINVALID}" &&
+ git tag -s -u "${GPGSSH_KEY_TIMEBOXEDINVALID}" -m timeboxedinvalid-signed timeboxedinvalid-signed
+'
+
test_expect_success 'message for merging local branch' '
echo "Merge branch ${apos}left${apos}" >expected &&
@@ -137,6 +157,40 @@ test_expect_success GPGSSH 'message for merging local tag signed by unknown ssh
! grep "${GPGSSH_BAD_SIGNATURE}" actual &&
grep "${GPGSSH_KEY_NOT_TRUSTED}" actual
'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by expired ssh key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . expired-signed &&
+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by not yet valid ssh key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . notyetvalid-signed &&
+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by valid timeboxed ssh key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . timeboxedvalid-signed &&
+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
+ grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual &&
+ ! grep "${GPGSSH_BAD_SIGNATURE}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by invalid timeboxed ssh key' '
+ test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+ git checkout main &&
+ git fetch . timeboxedinvalid-signed &&
+ git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
+ ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
test_expect_success 'message for merging external branch' '
echo "Merge branch ${apos}left${apos} of $(pwd)" >expected &&
--
2.31.1
next prev parent reply other threads:[~2021-10-22 15:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-22 15:09 [PATCH 0/6] ssh signing: verify key lifetime Fabian Stelzer
2021-10-22 15:09 ` [PATCH 1/6] ssh signing: extend check_signature to accept payload metadata Fabian Stelzer
2021-10-23 23:13 ` Junio C Hamano
2021-10-25 8:28 ` Fabian Stelzer
2021-10-25 17:16 ` Junio C Hamano
2021-10-22 15:09 ` [PATCH 2/6] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-10-22 15:09 ` [PATCH 3/6] ssh signing: verify-commit/check_signature with commit date Fabian Stelzer
2021-10-22 17:37 ` Ævar Arnfjörð Bjarmason
2021-10-25 8:31 ` Fabian Stelzer
2021-10-22 15:09 ` [PATCH 4/6] ssh signing: git log/check_signature " Fabian Stelzer
2021-10-22 15:09 ` [PATCH 5/6] ssh signing: verify-tag/check_signature with tag date Fabian Stelzer
2021-10-22 15:09 ` Fabian Stelzer [this message]
2021-10-22 18:12 ` [PATCH 6/6] ssh signing: fmt-merge-msg/check_signature " Ævar Arnfjörð Bjarmason
2021-10-25 8:39 ` Fabian Stelzer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211022150949.1754477-7-fs@gigacodes.de \
--to=fs@gigacodes.de \
--cc=avarab@gmail.com \
--cc=bagasdotme@gmail.com \
--cc=felipe.contreras@gmail.com \
--cc=git@vger.kernel.org \
--cc=gwymor@tilde.club \
--cc=hanwen@google.com \
--cc=hji@dyntopia.com \
--cc=jonathantanmy@google.com \
--cc=rsbecker@nexbridge.com \
--cc=sandals@crustytoothpaste.net \
--cc=steadmon@google.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).