diff options
| author | Justin Tobler <jltobler@gmail.com> | 2026-03-26 14:14:13 -0500 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2026-03-26 12:42:58 -0700 |
| commit | 2b1546c03cc3e02e51261fa38fe47a4f1b4e295b (patch) | |
| tree | 7be74f13c31ddd66f4c4506264c7a0d5e0191238 /t | |
| parent | 817b0428797742829b57538210ad8404b09f9cb1 (diff) | |
| download | git-2b1546c03cc3e02e51261fa38fe47a4f1b4e295b.tar.xz | |
fast-import: add 'sign-if-invalid' mode to '--signed-tags=<mode>'
With ee66c793f8 (fast-import: add mode to sign commits with invalid
signatures, 2026-03-12), git-fast-import(1) learned to verify commit
signatures during import and replace signatures that fail verification
with a newly generated one. Extend the same behavior to signed tag
objects by introducing a 'sign-if-invalid' mode for the '--signed-tags'
option.
Signed-off-by: Justin Tobler <jltobler@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't')
| -rwxr-xr-x | t/t9306-fast-import-signed-tags.sh | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/t/t9306-fast-import-signed-tags.sh b/t/t9306-fast-import-signed-tags.sh index fd43b0b52a..bb4c8008ef 100755 --- a/t/t9306-fast-import-signed-tags.sh +++ b/t/t9306-fast-import-signed-tags.sh @@ -77,7 +77,7 @@ test_expect_success GPGSSH 'import SSH signed tag with --signed-tags=strip' ' test_grep ! "SSH SIGNATURE" out ' -for mode in strip-if-invalid +for mode in strip-if-invalid sign-if-invalid do test_expect_success GPG "import tag with no signature with --signed-tags=$mode" ' test_when_finished rm -rf import && @@ -117,7 +117,15 @@ do IMPORTED=$(git -C import rev-parse --verify refs/tags/openpgp-signed) && test $OPENPGP_SIGNED != $IMPORTED && git -C import cat-file tag "$IMPORTED" >actual && - test_grep ! -E "^-----BEGIN PGP SIGNATURE-----" actual && + + if test "$mode" = strip-if-invalid + then + test_grep ! -E "^-----BEGIN PGP SIGNATURE-----" actual + else + test_grep -E "^-----BEGIN PGP SIGNATURE-----" actual && + git -C import verify-tag "$IMPORTED" + fi && + test_must_be_empty log ' @@ -150,4 +158,33 @@ do ' done +test_expect_success GPGSSH 'sign invalid tag with explicit keyid' ' + test_when_finished rm -rf import && + git init import && + + git fast-export --signed-tags=verbatim ssh-signed >output && + + # Change the tag message, which invalidates the signature. The tag + # message length should not change though, otherwise the corresponding + # `data <length>` command would have to be changed too. + sed "s/SSH signed tag/SSH forged tag/" output >modified && + + # Configure the target repository with an invalid default signing key. + test_config -C import user.signingkey "not-a-real-key-id" && + test_config -C import gpg.format ssh && + test_config -C import gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && + test_must_fail git -C import fast-import --quiet \ + --signed-tags=sign-if-invalid <modified >/dev/null 2>&1 && + + # Import using explicitly provided signing key. + git -C import fast-import --quiet \ + --signed-tags=sign-if-invalid="${GPGSSH_KEY_PRIMARY}" <modified && + + IMPORTED=$(git -C import rev-parse --verify refs/tags/ssh-signed) && + test $SSH_SIGNED != $IMPORTED && + git -C import cat-file tag "$IMPORTED" >actual && + test_grep -E "^-----BEGIN SSH SIGNATURE-----" actual && + git -C import verify-tag "$IMPORTED" +' + test_done |