Fork of git SCM with my patches. http://git.kilabit.info/git/atom?h=gitk-resize-error 2021-12-21T23:03:16Z 2021-12-21T23:03:16Z Junio C Hamano gitster@pobox.com 2021-12-21T23:03:16Z urn:sha1:ee1dc493d10d814ceba1a551d9a185b9da627ad8 The cryptographic signing using ssh keys can specify literal keys for keytypes whose name do not begin with the "ssh-" prefix by using the "key::" prefix mechanism (e.g. "key::ecdsa-sha2-nistp256"). * fs/ssh-signing-other-keytypes: ssh signing: make sign/amend test more resilient ssh signing: support non ssh-* keytypes 2021-12-09T21:38:04Z Fabian Stelzer fs@gigacodes.de 2021-12-09T08:52:45Z urn:sha1:6393c956f4e7061d6b19981bd8cd28ef037b911e If valid-before/after dates are configured for this signatures key in the allowedSigners file then the verification should check if the key was valid at the time the commit was made. This allows for graceful key rollover and revoking keys without invalidating all previous commits. This feature needs openssh > 8.8. Older ssh-keygen versions will simply ignore this flag and use the current time. Strictly speaking this feature is available in 8.7, but since 8.7 has a bug that makes it unusable in another needed call we require 8.8. Timestamp information is present on most invocations of check_signature. However signer ident is not. We will need the signer email / name to be able to implement "Trust on first use" functionality later. Since the payload contains all necessary information we can parse it from there. The caller only needs to provide us some info about the payload by setting payload_type in the signature_check struct. - Add payload_type field & enum and payload_timestamp to struct signature_check - Populate the timestamp when not already set if we know about the payload type - Pass -Overify-time={payload_timestamp} in the users timezone to all ssh-keygen verification calls - Set the payload type when verifying commits - Add tests for expired, not yet valid and keys having a commit date outside of key validity as well as within Signed-off-by: Fabian Stelzer <fs@gigacodes.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2021-12-09T21:38:04Z Fabian Stelzer fs@gigacodes.de 2021-12-09T08:52:43Z urn:sha1:02769437e1421d837f6de27cfb5c14087cfec8dd To be able to extend the payload metadata with things like its creation timestamp or the creators ident we remove the payload parameters to check_signature() and use the already existing sigc->payload field instead, only adding the length field to the struct. This also allows us to get rid of the xmemdupz() calls in the verify functions. Since sigc is now used to input data as well as output the result move it to the front of the function list. - Add payload_length to struct signature_check - Populate sigc.payload/payload_len on all call sites - Remove payload parameters to check_signature() - Remove payload parameters to internal verify_* functions and use sigc instead - Remove xmemdupz() used for verbose output since payload is now already populated. Signed-off-by: Fabian Stelzer <fs@gigacodes.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2021-11-19T17:05:25Z Fabian Stelzer fs@gigacodes.de 2021-11-19T15:07:06Z urn:sha1:350a2518c8ea4f42934b4d6f3466d2815efff97f The user.signingKey config for ssh signing supports either a path to a file containing the key or for the sake of convenience a literal string with the ssh public key. To differentiate between those two cases we check if the first few characters contain "ssh-" which is unlikely to be the start of a path. ssh supports other key types which are not prefixed with "ssh-" and will currently be treated as a file path and therefore fail to load. To remedy this we move the prefix check into its own function and introduce the prefix `key::` for literal ssh keys. This way we don't need to add new key types when they become available. The existing `ssh-` prefix is retained for compatibility with current user configs but removed from the official documentation to discourage its use. Signed-off-by: Fabian Stelzer <fs@gigacodes.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2021-11-03T20:32:28Z Junio C Hamano gitster@pobox.com 2021-11-03T20:32:28Z urn:sha1:e2a33ef9e280def6f593b6dc7b9d07421c35b3db Fixes to recently added messages. * jx/message-fixes: i18n: fix typos found during l10n for git 2.34.0 2021-11-02T00:00:41Z René Scharfe l.s.r@web.de 2021-10-30T17:07:38Z urn:sha1:65db97b4fa6b03059f2f14f313e07ca799d4ef3f If the string "key" we found in the output of ssh-keygen happens to be located at the very end of the line, then going four characters further leaves us beyond the end of the string. Explicitly search for the space after "key" to handle a missing one gracefully. Signed-off-by: René Scharfe <l.s.r@web.de> Acked-by: Fabian Stelzer <fs@gigacodes.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2021-11-02T00:00:41Z René Scharfe l.s.r@web.de 2021-10-30T17:04:56Z urn:sha1:18b18503e3b3721e0a513cbc83971a960e944c19 If the output of ssh-keygen starts with "Good \"git\" signature for ", but is not followed by " with " for some reason, then parse_ssh_output() uses -1 as the len parameter of xmemdupz(), which in turn will end the program. Reject the signature and carry on instead in that case. Signed-off-by: René Scharfe <l.s.r@web.de> Acked-by: Fabian Stelzer <fs@gigacodes.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2021-11-01T05:49:49Z Jiang Xin worldhello.net@gmail.com 2021-11-01T02:14:17Z urn:sha1:f73371931686f16c2b5df49cb6a4b16c5fdfe79c Emir and Jean-Noël reported typos in some i18n messages when preparing l10n for git 2.34.0. * Fix unstable spelling of config variable "gpg.ssh.defaultKeyCommand" which was introduced in commit fd9e226776 (ssh signing: retrieve a default key from ssh-agent, 2021-09-10). * Add missing space between "with" and "--python" which was introduced in commit bd0708c7eb (ref-filter: add %(raw) atom, 2021-07-26). * Fix unmatched single quote in 'builtin/index-pack.c' which was introduced in commit 8737dab346 (index-pack: refactor renaming in final(), 2021-09-09) [1] https://github.com/git-l10n/git-po/pull/567 Reported-by: Emir Sarı <bitigchi@me.com> Reported-by: Jean-Noël Avila <jn.avila@free.fr> Signed-off-by: Jiang Xin <worldhello.net@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2021-10-18T20:16:53Z Jeff King peff@peff.net 2021-10-18T17:15:37Z urn:sha1:f3af71c947cdf2e5acd16cacf50586b829a68f6e We read stdout from gpg into a strbuf, then split it into a list of strbufs, pull out one element, and return it. But we don't free either the original stdout buffer, nor the list returned from strbuf_split(). This patch fixes both. Note that we have to detach the returned string from its strbuf before calling strbuf_list_free(), as that would otherwise throw it away. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2021-10-18T20:16:51Z Jeff King peff@peff.net 2021-10-18T17:15:00Z urn:sha1:78d468f1a9c7bf9d1724840ff322b9144061b308 We xmemdupz() this buffer, but never free it. Let's do so. We'll use a cleanup label, since there are multiple exits from the function. Note that it was also declared a "const char *". We could switch that to "char *" to indicate that it's allocated, but that make it awkward to use with skip_prefix(). So instead, we'll introduce an extra non-const pointer. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>