Commit Graph

16 Commits

Author SHA1 Message Date
Henning Schild
53fc999306 gpg-interface t: extend the existing GPG tests with GPGSM
Add test cases to cover the new X509/gpgsm support. Most of them
resemble existing ones. They just switch the format to x509 and set the
signingkey when creating signatures. Validation of signatures does not
need any configuration of git, it does need gpgsm to be configured to
trust the key(-chain).
Several of the testcases build on top of existing gpg testcases.
The commit ships a self-signed key for committer@example.com and
configures gpgsm to trust it.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-07-20 08:41:42 -07:00
Todd Zullinger
4c180f60a4 t/lib-gpg: fix gpgconf stderr redirect to /dev/null
In 29ff1f8f74 (t: lib-gpg: flush gpg agent on startup, 2017-07-20), a
call to gpgconf was added to kill the gpg-agent.  The intention was to
ignore all output from the call, but the order of the redirection needs
to be switched to ensure that both stdout and stderr are redirected to
/dev/null.  Without this, gpgconf from gnupg-2.0 releases would output
'gpgconf: invalid option "--kill"' each time it was called.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-11-14 11:51:35 +09:00
Santiago Torres
29ff1f8f74 t: lib-gpg: flush gpg agent on startup
When running gpg-relevant tests, a gpg-daemon is spawned for each
GNUPGHOME used. This daemon may stay running after the test and cache
file descriptors for the trash directories, even after the trash
directory is removed. This leads to ENOENT errors when attempting to
create files if tests are run multiple times.

Add a cleanup script to force flushing the gpg-agent for that GNUPGHOME
(if any) before setting up the GPG relevant-environment.

Helped-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Santiago Torres <santiago@nyu.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-20 15:46:20 -07:00
Eric Sunshine
f9e9c0d104 lib-gpg: drop unnecessary "missing GPG" warning
When 37d3e85 (t7004: factor out gpg setup, 2011-09-07) pulled gpg
detection code out of t7004-tag.sh and turned it into a standard test
prerequisite, it added an unconditional "missing GPG" warning when gpg
is not detected.

However, this is redundant since all tests which require GPG already
warn via either 'test_expect_success GPG' ("skipping: missing GPG") on a
test-by-test basis, or when skipping all tests in a script ("skipping
all foobar tests; missing GPG").  Consequently, the extra warning from
lib-gpg.sh is unnecessary, so retire it.

Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-03-06 18:50:32 -08:00
Jeff King
1f985d60ef t/lib-gpg: sanity-check that we can actually sign
Some older versions of gpg (reportedly v1.2.6 from RHEL4) cannot
import the keyrings found in our test suite, and thus cannot even
make a signature.  The previous change works it around, but we
cannot anticipate breakages update to GPG would cause in the future.

Do a test-sign before declaring the GPG prerequisite fulfilled
to future-proof our tests.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-01-29 12:35:05 -08:00
Jeff King
830ff021aa t/lib-gpg: include separate public keys in keyring.gpg
Since 1e3eefb (tests: replace binary GPG keyrings with
ASCII-armored keys, 2014-12-12), we import our test GPG keys
from a single file. Each keypair in the import stream
contains both the secret and public keys. However, older
versions of gpg reportedly fail to import the public half of
the key. We can solve this by including duplicates of the
public keys separately. The duplicates are ignored by modern
gpg, and this makes older versions work.

Reported by Tom G. Christensen <tgc@statsbiblioteket.dk> on
gpg 1.2.6 (from RHEL4).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-01-29 11:56:19 -08:00
Christian Hesse
6fb5df6c77 tests: make comment on GPG keyring match the code
GnuPG homedir is generated on the fly and keys are imported from
armored key file. Make comment match available key info and new key
generation procedure.

Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-12-16 12:37:43 -08:00
Junio C Hamano
4b0bf39dd5 tests: squelch noise from GPG machinery set-up
It is distracting to let the GPG message while setting up the test
gpghome leak into the test output, especially without running these
tests with "-v" option.

The splitting of RFC1991 prerequiste part is about future-proofing.
When we want to define other kinds of specific prerequisites in the
future, we'd prefer to see it done separately from the basic set-up
code.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-12-12 13:54:05 -08:00
Christian Hesse
1e3eefbc8d tests: replace binary GPG keyrings with ASCII-armored keys
Importing PGP key public and security ring works, but we do not have
all secret keys in one binary blob and all public keys in another.
Instead import public and secret keys for one key pair from a text
file that holds ASCII-armored export of them.

Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-12-12 13:51:54 -08:00
Christian Hesse
c0e0ed6efe tests: skip RFC1991 tests for gnupg 2.1
GnuPG >= 2.1.0 no longer supports RFC1991, so skip these tests.

Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-12-12 10:26:08 -08:00
Christian Hesse
b41a36e635 tests: create gpg homedir on the fly
GnuPG 2.1 homedir looks different, so just create it on the fly by
importing needed private and public keys and ownertrust.

This solves an issue with gnupg 2.1 running interactive pinentry
when old secret key is present.

Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-12-12 10:23:36 -08:00
Junio C Hamano
7654ca6963 Merge branch 'mg/lib-gpg-ro-safety'
In a tarball extract whose files are all read-only, running GPG
tests would have failed due to unwritable files.

* mg/lib-gpg-ro-safety:
  t/lib-gpg: make gpghome files writable
2014-10-29 10:08:16 -07:00
Michael J Gruber
e7f224f780 t/lib-gpg: make gpghome files writable
t/lib-gpg.sh copies the test environment's gpg home to the trash
directory and makes sure the directoty is writable.

Make sure the copied files are writable, too.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-27 12:09:36 -07:00
Elia Pinto
be194d53c0 lib-gpg.sh: use the $( ... ) construct for command substitution
The Git CodingGuidelines prefer the $(...) construct for command
substitution instead of using the backquotes `...`.

The backquoted form is the traditional method for command
substitution, and is supported by POSIX.  However, all but the
simplest uses become complicated quickly.  In particular, embedded
command substitutions and/or the use of double quotes require
careful escaping with the backslash character.

The patch was generated by:

for _f in $(find . -name "*.sh")
do
   sed -i 's@`\(.*\)`@$(\1)@g' ${_f}
done

and then carefully proof-read.

Signed-off-by: Elia Pinto <gitter.spiros@gmail.com>
Reviewed-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-23 15:17:03 -07:00
Michał Górny
e2b239722a for-each-ref: add split message parts to %(contents:*).
The %(body) placeholder returns the whole body of a tag or
commit, including the signature. However, callers may want
to get just the body without signature, or just the
signature.

Rather than change the meaning of %(body), which might break
some scripts, this patch introduces a new set of
placeholders which break down the %(contents) placeholder
into its constituent parts.

[jk: initial patch by mg, rebased on top of my refactoring
and with tests by me]

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2011-09-08 13:56:19 -07:00
Jeff King
37d3e85912 t7004: factor out gpg setup
Other test scripts may want to look at or verify signed
tags, and the setup is non-trivial. Let's factor this out
into lib-gpg.sh for other tests to use.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2011-09-08 13:50:58 -07:00