[v3,7/9] ssh signing: add test prereqs

Message ID	1d292a8d7a286ff588a9c189ca961f2ab844d723.1626264613.git.gitgitgadget@gmail.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <git-owner@kernel.org> Message-Id: <1d292a8d7a286ff588a9c189ca961f2ab844d723.1626264613.git.gitgitgadget@gmail.com> In-Reply-To: <pull.1041.v3.git.git.1626264613.gitgitgadget@gmail.com> References: <pull.1041.v2.git.git.1626092359713.gitgitgadget@gmail.com> <pull.1041.v3.git.git.1626264613.gitgitgadget@gmail.com> Date: Wed, 14 Jul 2021 12:10:11 +0000 Subject: [PATCH v3 7/9] ssh signing: add test prereqs Fcc: Sent Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MIME-Version: 1.0 To: git@vger.kernel.org Cc: Han-Wen Nienhuys <hanwen@google.com>, Fabian Stelzer <fs@gigacodes.de>, "brian m. carlson" <sandals@crustytoothpaste.net>, "Randall S. Becker" <rsbecker@nexbridge.com>, Bagas Sanjaya <bagasdotme@gmail.com>, Hans Jerry Illikainen <hji@dyntopia.com>, =?utf-8?b?w4Z2YXIgQXJuZmrDtnI=?= =?utf-8?b?w7A=?= Bjarmason <avarab@gmail.com>, Felipe Contreras <felipe.contreras@gmail.com>, Fabian Stelzer <fs@gigacodes.de>, Fabian Stelzer <fs@gigacodes.de> Precedence: bulk From: Fabian Stelzer <fs@gigacodes.de>
Series	RFC: Add commit & tag signing/verification via SSH keys using ssh-keygen \| expand [v3,0/9] RFC: Add commit & tag signing/verification via SSH keys using ssh-keygen [v3,1/9] Add commit, tag & push signing via SSH keys [v3,3/9] ssh signing: retrieve a default key from ssh-agent [v3,4/9] ssh signing: sign using either gpg or ssh keys [v3,5/9] ssh signing: provide a textual representation of the signing key [v3,6/9] ssh signing: parse ssh-keygen output and verify signatures [v3,7/9] ssh signing: add test prereqs [v3,8/9] ssh signing: duplicate t7510 tests for commits [v3,9/9] ssh signing: add more tests for logs, tags & push certs

Message ID

1d292a8d7a286ff588a9c189ca961f2ab844d723.1626264613.git.gitgitgadget@gmail.com (mailing list archive)

State

New, archived

Headers

Message-Id: 
 <1d292a8d7a286ff588a9c189ca961f2ab844d723.1626264613.git.gitgitgadget@gmail.com>
In-Reply-To: <pull.1041.v3.git.git.1626264613.gitgitgadget@gmail.com>
References: <pull.1041.v2.git.git.1626092359713.gitgitgadget@gmail.com>
        <pull.1041.v3.git.git.1626264613.gitgitgadget@gmail.com>
Date: Wed, 14 Jul 2021 12:10:11 +0000
Subject: [PATCH v3 7/9] ssh signing: add test prereqs
Fcc: Sent
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
To: git@vger.kernel.org
Cc: Han-Wen Nienhuys <hanwen@google.com>, Fabian Stelzer <fs@gigacodes.de>,
 "brian m. carlson" <sandals@crustytoothpaste.net>,
 "Randall S. Becker" <rsbecker@nexbridge.com>,
 Bagas Sanjaya <bagasdotme@gmail.com>,
 Hans Jerry Illikainen <hji@dyntopia.com>, =?utf-8?b?w4Z2YXIgQXJuZmrDtnI=?=
	=?utf-8?b?w7A=?= Bjarmason  <avarab@gmail.com>,
 Felipe Contreras <felipe.contreras@gmail.com>,
 Fabian Stelzer <fs@gigacodes.de>, Fabian Stelzer <fs@gigacodes.de>
Precedence: bulk
From: Fabian Stelzer <fs@gigacodes.de>

Series

RFC: Add commit & tag signing/verification via SSH keys using ssh-keygen | expand

Commit Message

Fabian Stelzer July 14, 2021, 12:10 p.m. UTC

From: Fabian Stelzer <fs@gigacodes.de>

generate some ssh keys and a allowed keys keyring for testing

Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
---
 t/lib-gpg.sh | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh
index 9fc5241228e..c65cdde9e5f 100644
--- a/t/lib-gpg.sh
+++ b/t/lib-gpg.sh
@@ -87,6 +87,33 @@  test_lazy_prereq RFC1991 '
 	echo | gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null
 '
 
+test_lazy_prereq GPGSSH '
+	ssh_version=$(ssh-keygen -Y find-principals -n "git" 2>&1)
+	test $? != 127 || exit 1
+	echo $ssh_version | grep -q "find-principals:missing signature file"
+	test $? = 0 || exit 1;
+	mkdir -p "${GNUPGHOME}" &&
+	chmod 0700 "${GNUPGHOME}" &&
+	ssh-keygen -t ed25519 -N "" -f "${GNUPGHOME}/ed25519_ssh_signing_key" >/dev/null &&
+	ssh-keygen -t rsa -b 2048 -N "" -f "${GNUPGHOME}/rsa_2048_ssh_signing_key" >/dev/null &&
+	ssh-keygen -t ed25519 -N "super_secret" -f "${GNUPGHOME}/protected_ssh_signing_key" >/dev/null &&
+	find "${GNUPGHOME}" -name *ssh_signing_key.pub -exec cat {} \; | awk "{print \"principal_\" NR \" \" \$0}" > "${GNUPGHOME}/ssh.all_valid.keyring" &&
+	cat "${GNUPGHOME}/ssh.all_valid.keyring" &&
+	ssh-keygen -t ed25519 -N "" -f "${GNUPGHOME}/untrusted_ssh_signing_key" >/dev/null
+'
+
+SIGNING_KEY_PRIMARY="${GNUPGHOME}/ed25519_ssh_signing_key"
+SIGNING_KEY_SECONDARY="${GNUPGHOME}/rsa_2048_ssh_signing_key"
+SIGNING_KEY_UNTRUSTED="${GNUPGHOME}/untrusted_ssh_signing_key"
+SIGNING_KEY_WITH_PASSPHRASE="${GNUPGHOME}/protected_ssh_signing_key"
+SIGNING_KEY_PASSPHRASE="super_secret"
+SIGNING_KEYRING="${GNUPGHOME}/ssh.all_valid.keyring"
+
+GOOD_SIGNATURE_TRUSTED='Good "git" signature for'
+GOOD_SIGNATURE_UNTRUSTED='Good "git" signature with'
+KEY_NOT_TRUSTED="No principal matched"
+BAD_SIGNATURE="Signature verification failed"
+
 sanitize_pgp() {
 	perl -ne '
 		/^-----END PGP/ and $in_pgp = 0;

[v3,7/9] ssh signing: add test prereqs

Commit Message

Patch