microsoft
/
git
зеркало из https://github.com/microsoft/git.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge branch 'fs/ssh-signing-other-keytypes' 

The cryptographic signing using ssh keys can specify literal keys
for keytypes whose name do not begin with the "ssh-" prefix by
using the "key::" prefix mechanism (e.g. "key::ecdsa-sha2-nistp256").

* fs/ssh-signing-other-keytypes:
  ssh signing: make sign/amend test more resilient
  ssh signing: support non ssh-* keytypes
This commit is contained in:
Junio C Hamano 2021-12-21 15:03:16 -08:00
Родитель d2f0b72759 3b4b5a793a
Коммит ee1dc493d1
5 изменённых файлов: 67 добавлений и 17 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

17
Documentation/config/user.txt
Просмотреть файл

@ -36,10 +36,13 @@ user.signingKey::
commit, you can override the default selection with this variable. commit, you can override the default selection with this variable.
This option is passed unchanged to gpg's --local-user parameter, This option is passed unchanged to gpg's --local-user parameter,
so you may specify a key using any method that gpg supports. so you may specify a key using any method that gpg supports.
If gpg.format is set to "ssh" this can contain the literal ssh public If gpg.format is set to `ssh` this can contain the path to either
key (e.g.: "ssh-rsa XXXXXX identifier") or a file which contains it and your private ssh key or the public key when ssh-agent is used.
corresponds to the private key used for signing. The private key Alternatively it can contain a public key prefixed with `key::`
needs to be available via ssh-agent. Alternatively it can be set to directly (e.g.: "key::ssh-rsa XXXXXX identifier"). The private key
a file containing a private key directly. If not set git will call needs to be available via ssh-agent. If not set git will call
gpg.ssh.defaultKeyCommand (e.g.: "ssh-add -L") and try to use the first gpg.ssh.defaultKeyCommand (e.g.: "ssh-add -L") and try to use the
key available. first key available. For backward compatibility, a raw key which
begins with "ssh-", such as "ssh-rsa XXXXXX identifier", is treated
as "key::ssh-rsa XXXXXX identifier", but this form is deprecated;
use the `key::` form instead.

36
gpg-interface.c
Просмотреть файл

@ -757,6 +757,21 @@ int git_gpg_config(const char *var, const char *value, void *cb)
return 0; return 0;
} }
/*
* Returns 1 if `string` contains a literal ssh key, 0 otherwise
* `key` will be set to the start of the actual key if a prefix is present.
*/
static int is_literal_ssh_key(const char *string, const char **key)
{
if (skip_prefix(string, "key::", key))
return 1;
if (starts_with(string, "ssh-")) {
*key = string;
return 1;
}
return 0;
}
static char *get_ssh_key_fingerprint(const char *signing_key) static char *get_ssh_key_fingerprint(const char *signing_key)
{ {
struct child_process ssh_keygen = CHILD_PROCESS_INIT; struct child_process ssh_keygen = CHILD_PROCESS_INIT;
@ -764,15 +779,16 @@ static char *get_ssh_key_fingerprint(const char *signing_key)
struct strbuf fingerprint_stdout = STRBUF_INIT; struct strbuf fingerprint_stdout = STRBUF_INIT;
struct strbuf **fingerprint; struct strbuf **fingerprint;
char *fingerprint_ret; char *fingerprint_ret;
const char *literal_key = NULL;
/* /*
* With SSH Signing this can contain a filename or a public key * With SSH Signing this can contain a filename or a public key
* For textual representation we usually want a fingerprint * For textual representation we usually want a fingerprint
*/ */
if (starts_with(signing_key, "ssh-")) { if (is_literal_ssh_key(signing_key, &literal_key)) {
strvec_pushl(&ssh_keygen.args, "ssh-keygen", "-lf", "-", NULL); strvec_pushl(&ssh_keygen.args, "ssh-keygen", "-lf", "-", NULL);
ret = pipe_command(&ssh_keygen, signing_key, ret = pipe_command(&ssh_keygen, literal_key,
strlen(signing_key), &fingerprint_stdout, 0, strlen(literal_key), &fingerprint_stdout, 0,
NULL, 0); NULL, 0);
} else { } else {
strvec_pushl(&ssh_keygen.args, "ssh-keygen", "-lf", strvec_pushl(&ssh_keygen.args, "ssh-keygen", "-lf",
@ -807,6 +823,7 @@ static const char *get_default_ssh_signing_key(void)
const char **argv; const char **argv;
int n; int n;
char *default_key = NULL; char *default_key = NULL;
const char *literal_key = NULL;
if (!ssh_default_key_command) if (!ssh_default_key_command)
die(_("either user.signingkey or gpg.ssh.defaultKeyCommand needs to be configured")); die(_("either user.signingkey or gpg.ssh.defaultKeyCommand needs to be configured"));
@ -824,7 +841,11 @@ static const char *get_default_ssh_signing_key(void)
if (!ret) { if (!ret) {
keys = strbuf_split_max(&key_stdout, '\n', 2); keys = strbuf_split_max(&key_stdout, '\n', 2);
if (keys[0] && starts_with(keys[0]->buf, "ssh-")) { if (keys[0] && is_literal_ssh_key(keys[0]->buf, &literal_key)) {
/*
* We only use `is_literal_ssh_key` here to check validity
* The prefix will be stripped when the key is used.
*/
default_key = strbuf_detach(keys[0], NULL); default_key = strbuf_detach(keys[0], NULL);
} else { } else {
warning(_("gpg.ssh.defaultKeyCommand succeeded but returned no keys: %s %s"), warning(_("gpg.ssh.defaultKeyCommand succeeded but returned no keys: %s %s"),
@ -939,19 +960,20 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
struct tempfile *key_file = NULL, *buffer_file = NULL; struct tempfile *key_file = NULL, *buffer_file = NULL;
char *ssh_signing_key_file = NULL; char *ssh_signing_key_file = NULL;
struct strbuf ssh_signature_filename = STRBUF_INIT; struct strbuf ssh_signature_filename = STRBUF_INIT;
const char *literal_key = NULL;
if (!signing_key || signing_key[0] == '\0') if (!signing_key || signing_key[0] == '\0')
return error( return error(
_("user.signingkey needs to be set for ssh signing")); _("user.signingkey needs to be set for ssh signing"));
if (starts_with(signing_key, "ssh-")) { if (is_literal_ssh_key(signing_key, &literal_key)) {
/* A literal ssh key */ /* A literal ssh key */
key_file = mks_tempfile_t(".git_signing_key_tmpXXXXXX"); key_file = mks_tempfile_t(".git_signing_key_tmpXXXXXX");
if (!key_file) if (!key_file)
return error_errno( return error_errno(
_("could not create temporary file")); _("could not create temporary file"));
keylen = strlen(signing_key); keylen = strlen(literal_key);
if (write_in_full(key_file->fd, signing_key, keylen) < 0 || if (write_in_full(key_file->fd, literal_key, keylen) < 0 ||
close_tempfile_gently(key_file) < 0) { close_tempfile_gently(key_file) < 0) {
error_errno(_("failed writing ssh signing key to '%s'"), error_errno(_("failed writing ssh signing key to '%s'"),
key_file->filename.buf); key_file->filename.buf);

3
t/lib-gpg.sh
Просмотреть файл

@ -95,6 +95,7 @@ GPGSSH_KEY_NOTYETVALID="${GNUPGHOME}/notyetvalid_ssh_signing_key"
GPGSSH_KEY_TIMEBOXEDVALID="${GNUPGHOME}/timeboxed_valid_ssh_signing_key" GPGSSH_KEY_TIMEBOXEDVALID="${GNUPGHOME}/timeboxed_valid_ssh_signing_key"
GPGSSH_KEY_TIMEBOXEDINVALID="${GNUPGHOME}/timeboxed_invalid_ssh_signing_key" GPGSSH_KEY_TIMEBOXEDINVALID="${GNUPGHOME}/timeboxed_invalid_ssh_signing_key"
GPGSSH_KEY_WITH_PASSPHRASE="${GNUPGHOME}/protected_ssh_signing_key" GPGSSH_KEY_WITH_PASSPHRASE="${GNUPGHOME}/protected_ssh_signing_key"
GPGSSH_KEY_ECDSA="${GNUPGHOME}/ecdsa_ssh_signing_key"
GPGSSH_KEY_PASSPHRASE="super_secret" GPGSSH_KEY_PASSPHRASE="super_secret"
GPGSSH_ALLOWED_SIGNERS="${GNUPGHOME}/ssh.all_valid.allowedSignersFile" GPGSSH_ALLOWED_SIGNERS="${GNUPGHOME}/ssh.all_valid.allowedSignersFile"
@ -116,12 +117,14 @@ test_lazy_prereq GPGSSH '
ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_PRIMARY}" >/dev/null && ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_PRIMARY}" >/dev/null &&
ssh-keygen -t rsa -b 2048 -N "" -C "git rsa2048 key" -f "${GPGSSH_KEY_SECONDARY}" >/dev/null && ssh-keygen -t rsa -b 2048 -N "" -C "git rsa2048 key" -f "${GPGSSH_KEY_SECONDARY}" >/dev/null &&
ssh-keygen -t ed25519 -N "${GPGSSH_KEY_PASSPHRASE}" -C "git ed25519 encrypted key" -f "${GPGSSH_KEY_WITH_PASSPHRASE}" >/dev/null && ssh-keygen -t ed25519 -N "${GPGSSH_KEY_PASSPHRASE}" -C "git ed25519 encrypted key" -f "${GPGSSH_KEY_WITH_PASSPHRASE}" >/dev/null &&
ssh-keygen -t ecdsa -N "" -f "${GPGSSH_KEY_ECDSA}" >/dev/null &&
ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_UNTRUSTED}" >/dev/null && ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_UNTRUSTED}" >/dev/null &&
cat >"${GPGSSH_ALLOWED_SIGNERS}" <<-EOF && cat >"${GPGSSH_ALLOWED_SIGNERS}" <<-EOF &&
"principal with number 1" $(cat "${GPGSSH_KEY_PRIMARY}.pub")" "principal with number 1" $(cat "${GPGSSH_KEY_PRIMARY}.pub")"
"principal with number 2" $(cat "${GPGSSH_KEY_SECONDARY}.pub")" "principal with number 2" $(cat "${GPGSSH_KEY_SECONDARY}.pub")"
"principal with number 3" $(cat "${GPGSSH_KEY_WITH_PASSPHRASE}.pub")" "principal with number 3" $(cat "${GPGSSH_KEY_WITH_PASSPHRASE}.pub")"
"principal with number 4" $(cat "${GPGSSH_KEY_ECDSA}.pub")"
EOF EOF
# Verify if at least one key and ssh-keygen works as expected # Verify if at least one key and ssh-keygen works as expected

2
t/t7510-signed-commit.sh
Просмотреть файл

@ -228,7 +228,7 @@ test_expect_success GPG 'detect fudged signature with NUL' '
' '
test_expect_success GPG 'amending already signed commit' ' test_expect_success GPG 'amending already signed commit' '
git checkout fourth-signed^0 && git checkout -f fourth-signed^0 &&
git commit --amend -S --no-edit && git commit --amend -S --no-edit &&
git verify-commit HEAD && git verify-commit HEAD &&
git show -s --show-signature HEAD >actual && git show -s --show-signature HEAD >actual &&

26
t/t7528-signed-commit-ssh.sh
Просмотреть файл

@ -73,7 +73,29 @@ test_expect_success GPGSSH 'create signed commits' '
git tag eleventh-signed $(cat oid) && git tag eleventh-signed $(cat oid) &&
echo 12 | git commit-tree --gpg-sign="${GPGSSH_KEY_UNTRUSTED}" HEAD^{tree} >oid && echo 12 | git commit-tree --gpg-sign="${GPGSSH_KEY_UNTRUSTED}" HEAD^{tree} >oid &&
test_line_count = 1 oid && test_line_count = 1 oid &&
git tag twelfth-signed-alt $(cat oid) git tag twelfth-signed-alt $(cat oid) &&
echo 13>file && test_tick && git commit -a -m thirteenth -S"${GPGSSH_KEY_ECDSA}" &&
git tag thirteenth-signed-ecdsa
'
test_expect_success GPGSSH 'sign commits using literal public keys with ssh-agent' '
test_when_finished "test_unconfig commit.gpgsign" &&
test_config gpg.format ssh &&
eval $(ssh-agent) &&
test_when_finished "kill ${SSH_AGENT_PID}" &&
ssh-add "${GPGSSH_KEY_PRIMARY}" &&
echo 1 >file && git add file &&
git commit -a -m rsa-inline -S"$(cat "${GPGSSH_KEY_PRIMARY}.pub")" &&
echo 2 >file &&
test_config user.signingkey "$(cat "${GPGSSH_KEY_PRIMARY}.pub")" &&
git commit -a -m rsa-config -S &&
ssh-add "${GPGSSH_KEY_ECDSA}" &&
echo 3 >file &&
git commit -a -m ecdsa-inline -S"key::$(cat "${GPGSSH_KEY_ECDSA}.pub")" &&
echo 4 >file &&
test_config user.signingkey "key::$(cat "${GPGSSH_KEY_ECDSA}.pub")" &&
git commit -a -m ecdsa-config -S
' '
test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed commits with keys having defined lifetimes' ' test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed commits with keys having defined lifetimes' '
@ -259,7 +281,7 @@ test_expect_success GPGSSH 'amending already signed commit' '
test_config gpg.format ssh && test_config gpg.format ssh &&
test_config user.signingkey "${GPGSSH_KEY_PRIMARY}" && test_config user.signingkey "${GPGSSH_KEY_PRIMARY}" &&
test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" && test_config gpg.ssh.allowedSignersFile "${GPGSSH_ALLOWED_SIGNERS}" &&
git checkout fourth-signed^0 && git checkout -f fourth-signed^0 &&
git commit --amend -S --no-edit && git commit --amend -S --no-edit &&
git verify-commit HEAD && git verify-commit HEAD &&
git show -s --show-signature HEAD >actual && git show -s --show-signature HEAD >actual &&