ssh signing: make fmt-merge-msg consider key lifetime

Set the payload_type for check_signature() when generating merge messages to
verify merged tags signatures key lifetimes.
Implements the same tests as for verify-commit.

Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c
index deca1ea3a3a9ea02d1d4e8598ca070c4d4615354..e4f7810be208495e8883f3ca4abad3f21f320003 100644 (file)
--- a/fmt-merge-msg.c
+++ b/fmt-merge-msg.c
@@ -533,6 +533,7 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
                else {
                        buf = payload.buf;
                        len = payload.len;
+                       sigc.payload_type = SIGNATURE_PAYLOAD_TAG;
                        sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
                        if (check_signature(&sigc, sig.buf, sig.len) &&
                            !sigc.output)

diff --git a/t/t6200-fmt-merge-msg.sh b/t/t6200-fmt-merge-msg.sh
index eb2a9a4a78471dc7298260392e99138dbe2a768c..6e10a539ce69e81a36396b2b7b7210d20b03083a 100755 (executable)
--- a/t/t6200-fmt-merge-msg.sh
+++ b/t/t6200-fmt-merge-msg.sh
@@ -91,6 +91,26 @@ test_expect_success GPGSSH 'created ssh signed commit and tag' '
        git tag -s -u"${GPGSSH_KEY_UNTRUSTED}" -m signed-ssh-tag-msg-untrusted signed-untrusted-ssh-tag left
 '
 
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed tags with keys having defined lifetimes' '
+       test_when_finished "test_unconfig commit.gpgsign" &&
+       test_config gpg.format ssh &&
+       git checkout -b signed-expiry-ssh &&
+       touch file &&
+       git add file &&
+
+       echo expired >file && test_tick && git commit -a -m expired -S"${GPGSSH_KEY_EXPIRED}" &&
+       git tag -s -u "${GPGSSH_KEY_EXPIRED}" -m expired-signed expired-signed &&
+
+       echo notyetvalid >file && test_tick && git commit -a -m notyetvalid -S"${GPGSSH_KEY_NOTYETVALID}" &&
+       git tag -s -u "${GPGSSH_KEY_NOTYETVALID}" -m notyetvalid-signed notyetvalid-signed &&
+
+       echo timeboxedvalid >file && test_tick && git commit -a -m timeboxedvalid -S"${GPGSSH_KEY_TIMEBOXEDVALID}" &&
+       git tag -s -u "${GPGSSH_KEY_TIMEBOXEDVALID}" -m timeboxedvalid-signed timeboxedvalid-signed &&
+
+       echo timeboxedinvalid >file && test_tick && git commit -a -m timeboxedinvalid -S"${GPGSSH_KEY_TIMEBOXEDINVALID}" &&
+       git tag -s -u "${GPGSSH_KEY_TIMEBOXEDINVALID}" -m timeboxedinvalid-signed timeboxedinvalid-signed
+'
+
 test_expect_success 'message for merging local branch' '
        echo "Merge branch ${apos}left${apos}" >expected &&
 
@@ -139,6 +159,44 @@ test_expect_success GPGSSH 'message for merging local tag signed by unknown ssh
        ! grep "${GPGSSH_BAD_SIGNATURE}" actual &&
        grep "${GPGSSH_KEY_NOT_TRUSTED}" actual
 '
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by expired ssh key' '
+       test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+       git checkout main &&
+       git fetch . expired-signed &&
+       git fmt-merge-msg <.git/FETCH_HEAD >actual &&
+       grep "^Merge tag ${apos}expired-signed${apos}" actual &&
+       ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by not yet valid ssh key' '
+       test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+       git checkout main &&
+       git fetch . notyetvalid-signed &&
+       git fmt-merge-msg <.git/FETCH_HEAD >actual &&
+       grep "^Merge tag ${apos}notyetvalid-signed${apos}" actual &&
+       ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by valid timeboxed ssh key' '
+       test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+       git checkout main &&
+       git fetch . timeboxedvalid-signed &&
+       git fmt-merge-msg <.git/FETCH_HEAD >actual &&
+       grep "^Merge tag ${apos}timeboxedvalid-signed${apos}" actual &&
+       grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual &&
+       ! grep "${GPGSSH_BAD_SIGNATURE}" actual
+'
+
+test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag signed by invalid timeboxed ssh key' '
+       test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
+       git checkout main &&
+       git fetch . timeboxedinvalid-signed &&
+       git fmt-merge-msg <.git/FETCH_HEAD >actual &&
+       grep "^Merge tag ${apos}timeboxedinvalid-signed${apos}" actual &&
+       ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual
+'
+
 test_expect_success 'message for merging external branch' '
        echo "Merge branch ${apos}left${apos} of $(pwd)" >expected &&