From: Fabian Stelzer <fs@gigacodes.de>
To: git@vger.kernel.org
Cc: "Junio C Hamano" <gitster@pobox.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Fabian Stelzer" <fs@gigacodes.de>
Subject: [PATCH v3 0/7] ssh signing: verify key lifetime
Date: Wed, 17 Nov 2021 10:35:22 +0100 [thread overview]
Message-ID: <20211117093529.13953-1-fs@gigacodes.de> (raw)
In-Reply-To: <xmqqsfwmus5g.fsf@gitster.g>
changes since v2:
- fix swich/case indentation
- BUG() on unknown payload types
- improve test prereq by actually validating ssh-keygen functionality
changes since v1:
- struct signature_check is now used to input payload data into
check_function
- payload metadata parsing is completely internal to check_signature.
the caller only need to set the payload type in the sigc struct
- small nits and readability fixes
- removed payload_signer parameter. since we now use the struct we can extend
this later.
Fabian Stelzer (7):
ssh signing: use sigc struct to pass payload
ssh signing: add key lifetime test prereqs
ssh signing: make verify-commit consider key lifetime
ssh signing: make git log verify key lifetime
ssh signing: make verify-tag consider key lifetime
ssh signing: make fmt-merge-msg consider key lifetime
ssh signing: verify ssh-keygen in test prereq
Documentation/config/gpg.txt | 5 ++
builtin/receive-pack.c | 6 ++-
commit.c | 6 ++-
fmt-merge-msg.c | 5 +-
gpg-interface.c | 90 +++++++++++++++++++++++++-------
gpg-interface.h | 15 ++++--
log-tree.c | 10 ++--
t/lib-gpg.sh | 36 ++++++++++---
t/t4202-log.sh | 43 +++++++++++++++
t/t6200-fmt-merge-msg.sh | 54 +++++++++++++++++++
t/t7031-verify-tag-signed-ssh.sh | 42 +++++++++++++++
t/t7528-signed-commit-ssh.sh | 42 +++++++++++++++
tag.c | 5 +-
13 files changed, 318 insertions(+), 41 deletions(-)
Range-diff against v2:
1: 11d275b53f = 1: 9f71fd8639 ssh signing: use sigc struct to pass payload
2: 35ee285887 = 2: 5ee143bc38 ssh signing: add key lifetime test prereqs
3: ccfba23934 ! 3: 3183e84e2e ssh signing: make verify-commit consider key lifetime
@@ gpg-interface.c: static int verify_ssh_signed_buffer(struct signature_check *sig
+ struct ident_split ident;
+ const char *signer_header;
+
-+ switch(sigc->payload_type) {
-+ case SIGNATURE_PAYLOAD_COMMIT:
-+ signer_header = "committer";
-+ break;
-+ case SIGNATURE_PAYLOAD_TAG:
-+ signer_header = "tagger";
-+ break;
-+ default:
-+ /* Ignore unknown payload types */
-+ return 0;
++ switch (sigc->payload_type) {
++ case SIGNATURE_PAYLOAD_COMMIT:
++ signer_header = "committer";
++ break;
++ case SIGNATURE_PAYLOAD_TAG:
++ signer_header = "tagger";
++ break;
++ case SIGNATURE_PAYLOAD_UNDEFINED:
++ case SIGNATURE_PAYLOAD_PUSH_CERT:
++ /* Ignore payloads we don't want to parse */
++ return 0;
++ default:
++ BUG("invalid value for sigc->payload_type");
+ }
+
+ ident_line = find_commit_header(sigc->payload, signer_header, &ident_len);
4: ef8178f88b = 4: e35515867c ssh signing: make git log verify key lifetime
5: c12457020e = 5: e20177d950 ssh signing: make verify-tag consider key lifetime
6: fe17c60276 = 6: 2af2b6d098 ssh signing: make fmt-merge-msg consider key lifetime
-: ---------- > 7: e6e2236a52 ssh signing: verify ssh-keygen in test prereq
base-commit: cd3e606211bb1cf8bc57f7d76bab98cc17a150bc
--
2.31.1
next prev parent reply other threads:[~2021-11-17 9:35 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-27 8:06 [PATCH v2 0/6] ssh signing: verify key lifetime Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 1/6] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 2/6] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 3/6] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-10-27 20:30 ` Junio C Hamano
2021-10-28 8:01 ` Fabian Stelzer
2021-11-17 9:35 ` Fabian Stelzer [this message]
2021-11-17 9:35 ` [PATCH v3 1/7] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 2/7] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 3/7] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 4/7] ssh signing: make git log verify " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 5/7] ssh signing: make verify-tag consider " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 6/7] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-11-17 9:35 ` [PATCH v3 7/7] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-11-19 6:15 ` Junio C Hamano
2021-11-30 14:11 ` [PATCH v4 0/7] ssh signing: verify key lifetime Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 1/7] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 2/7] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 3/7] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 4/7] ssh signing: make git log verify " Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 5/7] ssh signing: make verify-tag consider " Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 6/7] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-05 19:23 ` SZEDER Gábor
2021-12-08 15:59 ` Fabian Stelzer
2021-11-30 14:11 ` [PATCH v4 7/7] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-12-02 0:18 ` Junio C Hamano
2021-12-02 9:31 ` Fabian Stelzer
2021-12-02 17:10 ` Junio C Hamano
2021-12-03 11:07 ` Ævar Arnfjörð Bjarmason
2021-12-03 12:20 ` Fabian Stelzer
2021-12-03 18:46 ` Junio C Hamano
2021-12-08 16:33 ` [PATCH v5 0/8] ssh signing: verify key lifetime Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 1/8] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 2/8] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 3/8] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 4/8] ssh signing: make git log verify " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 5/8] ssh signing: make verify-tag consider " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 6/8] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 7/8] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-12-08 16:33 ` [PATCH v5 8/8] t/fmt-merge-msg: make gpg/ssh tests more specific Fabian Stelzer
2021-12-08 23:20 ` Junio C Hamano
2021-12-09 8:36 ` Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 0/9] ssh signing: verify key lifetime Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 1/9] t/fmt-merge-msg: do not redirect stderr Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 2/9] t/fmt-merge-msg: make gpgssh tests more specific Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 3/9] ssh signing: use sigc struct to pass payload Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 4/9] ssh signing: add key lifetime test prereqs Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 5/9] ssh signing: make verify-commit consider key lifetime Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 6/9] ssh signing: make git log verify " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 7/9] ssh signing: make verify-tag consider " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 8/9] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-12-09 8:52 ` [PATCH v6 9/9] ssh signing: verify ssh-keygen in test prereq Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 4/6] ssh signing: make git log verify key lifetime Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 5/6] ssh signing: make verify-tag consider " Fabian Stelzer
2021-10-27 8:06 ` [PATCH v2 6/6] ssh signing: make fmt-merge-msg " Fabian Stelzer
2021-11-03 19:27 ` [PATCH v2 0/6] ssh signing: verify " Adam Dinwoodie
2021-11-03 19:45 ` Fabian Stelzer
2021-11-04 16:31 ` Adam Dinwoodie
2021-11-04 16:54 ` Fabian Stelzer
2021-11-04 17:22 ` Adam Dinwoodie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211117093529.13953-1-fs@gigacodes.de \
--to=fs@gigacodes.de \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).