diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2021-12-21 15:03:16 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-12-21 15:03:16 -0800 |
| commit | ee1dc493d10d814ceba1a551d9a185b9da627ad8 (patch) | |
| tree | 1a32ad2fc46c8f42889d7a75c364aa436047e18a /t | |
| parent | Merge branch 'fs/ssh-signing-key-lifetime' (diff) | |
| parent | ssh signing: make sign/amend test more resilient (diff) | |
| download | tgif-ee1dc493d10d814ceba1a551d9a185b9da627ad8.tar.xz | |
Merge branch 'fs/ssh-signing-other-keytypes'
The cryptographic signing using ssh keys can specify literal keys
for keytypes whose name do not begin with the "ssh-" prefix by
using the "key::" prefix mechanism (e.g. "key::ecdsa-sha2-nistp256").
* fs/ssh-signing-other-keytypes:
ssh signing: make sign/amend test more resilient
ssh signing: support non ssh-* keytypes
Diffstat (limited to 't')
| -rw-r--r-- | t/lib-gpg.sh | 3 | ||||
| -rwxr-xr-x | t/t7510-signed-commit.sh | 2 | ||||
| -rwxr-xr-x | t/t7528-signed-commit-ssh.sh | 26 |
3 files changed, 28 insertions, 3 deletions
diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh index 3fadfcb306..3e7ee1386a 100644 --- a/t/lib-gpg.sh +++ b/t/lib-gpg.sh @@ -95,6 +95,7 @@ GPGSSH_KEY_NOTYETVALID="${GNUPGHOME}/notyetvalid_ssh_signing_key" GPGSSH_KEY_TIMEBOXEDVALID="${GNUPGHOME}/timeboxed_valid_ssh_signing_key" GPGSSH_KEY_TIMEBOXEDINVALID="${GNUPGHOME}/timeboxed_invalid_ssh_signing_key" GPGSSH_KEY_WITH_PASSPHRASE="${GNUPGHOME}/protected_ssh_signing_key" +GPGSSH_KEY_ECDSA="${GNUPGHOME}/ecdsa_ssh_signing_key" GPGSSH_KEY_PASSPHRASE="super_secret" GPGSSH_ALLOWED_SIGNERS="${GNUPGHOME}/ssh.all_valid.allowedSignersFile" @@ -116,12 +117,14 @@ test_lazy_prereq GPGSSH ' ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_PRIMARY}" >/dev/null && ssh-keygen -t rsa -b 2048 -N "" -C "git rsa2048 key" -f "${GPGSSH_KEY_SECONDARY}" >/dev/null && ssh-keygen -t ed25519 -N "${GPGSSH_KEY_PASSPHRASE}" -C "git ed25519 encrypted key" -f "${GPGSSH_KEY_WITH_PASSPHRASE}" >/dev/null && + ssh-keygen -t ecdsa -N "" -f "${GPGSSH_KEY_ECDSA}" >/dev/null && ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_UNTRUSTED}" >/dev/null && cat >"${GPGSSH_ALLOWED_SIGNERS}" <<-EOF && "principal with number 1" $(cat "${GPGSSH_KEY_PRIMARY}.pub")" "principal with number 2" $(cat "${GPGSSH_KEY_SECONDARY}.pub")" "principal with number 3" $(cat "${GPGSSH_KEY_WITH_PASSPHRASE}.pub")" + "principal with number 4" $(cat "${GPGSSH_KEY_ECDSA}.pub")" EOF # Verify if at least one key and ssh-keygen works as expected diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh index d65a0171f2..9882b69ae2 100755 --- a/t/t7510-signed-commit.sh +++ b/t/t7510-signed-commit.sh @@ -228,7 +228,7 @@ test_expect_success GPG 'detect fudged signature with NUL' ' ' test_expect_success GPG 'amending already signed commit' ' - git checkout fourth-signed^0 && + git checkout -f fourth-signed^0 && git commit --amend -S --no-edit && git verify-commit HEAD && git show -s --show-signature HEAD >actual && diff --git a/t/t7528-signed-commit-ssh.sh b/t/t7528-signed-commit-ssh.sh index dae76ded0c..f47e995179 100755 --- a/t/t7528-signed-commit-ssh.sh +++ b/t/t7528-signed-commit-ssh.sh @@ -73,7 +73,29 @@ test_expect_success GPGSSH 'create signed commits' ' git tag eleventh-signed $(cat oid) && echo 12 | git commit-tree --gpg-sign="${GPGSSH_KEY_UNTRUSTED}" HEAD^{tree} >oid && test_line_count = 1 oid && - git tag twelfth-signed-alt $(cat oid) + git tag twelfth-signed-alt $(cat oid) && + + echo 13>file && test_tick && git commit -a -m thirteenth -S"${GPGSSH_KEY_ECDSA}" && + git tag thirteenth-signed-ecdsa +' + +test_expect_success GPGSSH 'sign commits using literal public keys with ssh-agent' ' + test_when_finished "test_unconfig commit.gpgsign" && + test_config gpg.format ssh && + eval $(ssh-agent) && + test_when_finished "kill ${SSH_AGENT_PID}" && + ssh-add "${GPGSSH_KEY_PRIMARY}" && + echo 1 >file && git add file && + git commit -a -m rsa-inline -S"$(cat "${GPGSSH_KEY_PRIMARY}.pub")" && + echo 2 >file && + test_config user.signingkey "$(cat "${GPGSSH_KEY_PRIMARY}.pub")" && + git commit -a -m rsa-config -S && + ssh-add "${GPGSSH_KEY_ECDSA}" && + echo 3 >file && + git commit -a -m ecdsa-inline -S"key::$(cat "${GPGSSH_KEY_ECDSA}.pub")" && + echo 4 >file && + test_config user.signingkey "key::$(cat "${GPGSSH_KEY_ECDSA}.pub")" && + git commit -a -m ecdsa-config -S ' test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed commits with keys having defined lifetimes' ' @@ -259,7 +281,7 @@ test_expect_success GPGSSH 'amending already signed commit' ' test_config gpg.format ssh && test_config user.signingkey "${GPGSSH_KEY_PRIMARY}" && test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && - git checkout fourth-signed^0 && + git checkout -f fourth-signed^0 && git commit --amend -S --no-edit && git verify-commit HEAD && git show -s --show-signature HEAD >actual && |