mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'fs/ssh-signing-other-keytypes'

Browse Source 
The cryptographic signing using ssh keys can specify literal keys
for keytypes whose name do not begin with the "ssh-" prefix by
using the "key::" prefix mechanism (e.g. "key::ecdsa-sha2-nistp256").

* fs/ssh-signing-other-keytypes:
  ssh signing: make sign/amend test more resilient
  ssh signing: support non ssh-* keytypes
This commit is contained in:
Junio C Hamano
2021-12-21 15:03:16 -08:00
parent d2f0b72759 3b4b5a793a
commit ee1dc493d1
5 changed files with 67 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
t/t7528-signed-commit-ssh.sh
View File

@ -73,7 +73,29 @@ test_expect_success GPGSSH 'create signed commits' '
git tag eleventh-signed $(cat oid) &&
echo 12 | git commit-tree --gpg-sign="${GPGSSH_KEY_UNTRUSTED}" HEAD^{tree} >oid &&
test_line_count = 1 oid &&
git tag twelfth-signed-alt $(cat oid)
git tag twelfth-signed-alt $(cat oid) &&
echo 13>file && test_tick && git commit -a -m thirteenth -S"${GPGSSH_KEY_ECDSA}" &&
git tag thirteenth-signed-ecdsa
'
test_expect_success GPGSSH 'sign commits using literal public keys with ssh-agent' '
test_when_finished "test_unconfig commit.gpgsign" &&
test_config gpg.format ssh &&
eval $(ssh-agent) &&
test_when_finished "kill ${SSH_AGENT_PID}" &&
ssh-add "${GPGSSH_KEY_PRIMARY}" &&
echo 1 >file && git add file &&
git commit -a -m rsa-inline -S"$(cat "${GPGSSH_KEY_PRIMARY}.pub")" &&
echo 2 >file &&
test_config user.signingkey "$(cat "${GPGSSH_KEY_PRIMARY}.pub")" &&
git commit -a -m rsa-config -S &&
ssh-add "${GPGSSH_KEY_ECDSA}" &&
echo 3 >file &&
git commit -a -m ecdsa-inline -S"key::$(cat "${GPGSSH_KEY_ECDSA}.pub")" &&
echo 4 >file &&
test_config user.signingkey "key::$(cat "${GPGSSH_KEY_ECDSA}.pub")" &&
git commit -a -m ecdsa-config -S
'
test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed commits with keys having defined lifetimes' '
@ -259,7 +281,7 @@ test_expect_success GPGSSH 'amending already signed commit' '
test_config gpg.format ssh &&
test_config user.signingkey "${GPGSSH_KEY_PRIMARY}" &&
test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
git checkout fourth-signed^0 &&
git checkout -f fourth-signed^0 &&
git commit --amend -S --no-edit &&
git verify-commit HEAD &&
git show -s --show-signature HEAD >actual &&