Skip to content

Commit 9d12546

Browse files
FStelzergitster
authored andcommitted
ssh signing: fmt-merge-msg tests & config parse
When merging a signed tag fmt-merge-msg was unable to verify its validity missing the necessary ssh allowedSignersFile config. Adds gpg config parsing to fmt-merge-msg. Adds tests for ssh signed tags to fmt-merge-msg tests. Signed-off-by: Fabian Stelzer <[email protected]> Signed-off-by: Junio C Hamano <[email protected]>
1 parent e8191a5 commit 9d12546

File tree

2 files changed

+34
-0
lines changed

2 files changed

+34
-0
lines changed

fmt-merge-msg.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,13 +9,16 @@
99
#include "branch.h"
1010
#include "fmt-merge-msg.h"
1111
#include "commit-reach.h"
12+
#include "gpg-interface.h"
1213

1314
static int use_branch_desc;
1415
static int suppress_dest_pattern_seen;
1516
static struct string_list suppress_dest_patterns = STRING_LIST_INIT_DUP;
1617

1718
int fmt_merge_msg_config(const char *key, const char *value, void *cb)
1819
{
20+
int status = 0;
21+
1922
if (!strcmp(key, "merge.log") || !strcmp(key, "merge.summary")) {
2023
int is_bool;
2124
merge_log_config = git_config_bool_or_int(key, value, &is_bool);
@@ -34,6 +37,9 @@ int fmt_merge_msg_config(const char *key, const char *value, void *cb)
3437
string_list_append(&suppress_dest_patterns, value);
3538
suppress_dest_pattern_seen = 1;
3639
} else {
40+
status = git_gpg_config(key, value, NULL);
41+
if (status)
42+
return status;
3743
return git_default_config(key, value, cb);
3844
}
3945
return 0;

t/t6200-fmt-merge-msg.sh

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,16 @@ test_expect_success GPG 'set up a signed tag' '
8181
git tag -s -m signed-tag-msg signed-good-tag left
8282
'
8383

84+
test_expect_success GPGSSH 'created ssh signed commit and tag' '
85+
test_config gpg.format ssh &&
86+
git checkout -b signed-ssh &&
87+
touch file &&
88+
git add file &&
89+
git commit -m "ssh signed" -S"${GPGSSH_KEY_PRIMARY}" &&
90+
git tag -s -u"${GPGSSH_KEY_PRIMARY}" -m signed-ssh-tag-msg signed-good-ssh-tag left &&
91+
git tag -s -u"${GPGSSH_KEY_UNTRUSTED}" -m signed-ssh-tag-msg-untrusted signed-untrusted-ssh-tag left
92+
'
93+
8494
test_expect_success 'message for merging local branch' '
8595
echo "Merge branch ${apos}left${apos}" >expected &&
8696
@@ -109,6 +119,24 @@ test_expect_success GPG 'message for merging local tag signed by unknown key' '
109119
grep -E "^# gpg: Can${apos}t check signature: (public key not found|No public key)" actual
110120
'
111121

122+
test_expect_success GPGSSH 'message for merging local tag signed by good ssh key' '
123+
test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
124+
git checkout main &&
125+
git fetch . signed-good-ssh-tag &&
126+
git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
127+
grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual &&
128+
! grep "${GPGSSH_BAD_SIGNATURE}" actual
129+
'
130+
131+
test_expect_success GPGSSH 'message for merging local tag signed by unknown ssh key' '
132+
test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
133+
git checkout main &&
134+
git fetch . signed-untrusted-ssh-tag &&
135+
git fmt-merge-msg <.git/FETCH_HEAD >actual 2>&1 &&
136+
grep "${GPGSSH_GOOD_SIGNATURE_UNTRUSTED}" actual &&
137+
! grep "${GPGSSH_BAD_SIGNATURE}" actual &&
138+
grep "${GPGSSH_KEY_NOT_TRUSTED}" actual
139+
'
112140
test_expect_success 'message for merging external branch' '
113141
echo "Merge branch ${apos}left${apos} of $(pwd)" >expected &&
114142

0 commit comments

Comments
 (0)