Commit eb307ae7 authored by Sebastian Götte's avatar Sebastian Götte Committed by Junio C Hamano

merge/pull Check for untrusted good GPG signatures

When --verify-signatures is specified, abort the merge in case a good
GPG signature from an untrusted key is encountered.
Signed-off-by: default avatarSebastian Götte <[email protected]>
Signed-off-by: default avatarJunio C Hamano <[email protected]>
parent efed0022
......@@ -85,8 +85,8 @@ option can be used to override --squash.
--verify-signatures::
--no-verify-signatures::
Verify that the commits being merged have good GPG signatures and abort the
merge in case they do not.
Verify that the commits being merged have good and trusted GPG signatures
and abort the merge in case they do not.
--summary::
--no-summary::
......
......@@ -1248,6 +1248,9 @@ int cmd_merge(int argc, const char **argv, const char *prefix)
switch (signature_check.result) {
case 'G':
break;
case 'U':
die(_("Commit %s has an untrusted GPG signature, "
"allegedly by %s."), hex, signature_check.signer);
case 'B':
die(_("Commit %s has a bad GPG signature "
"allegedly by %s."), hex, signature_check.signer);
......
......@@ -1047,6 +1047,8 @@ static struct {
} sigcheck_gpg_status[] = {
{ 'G', "\n[GNUPG:] GOODSIG " },
{ 'B', "\n[GNUPG:] BADSIG " },
{ 'U', "\n[GNUPG:] TRUST_NEVER" },
{ 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
};
static void parse_gpg_output(struct signature_check *sigc)
......@@ -1068,11 +1070,13 @@ static void parse_gpg_output(struct signature_check *sigc)
found += strlen(sigcheck_gpg_status[i].check);
}
sigc->result = sigcheck_gpg_status[i].result;
sigc->key = xmemdupz(found, 16);
found += 17;
next = strchrnul(found, '\n');
sigc->signer = xmemdupz(found, next - found);
break;
/* The trust messages are not followed by key/signer information */
if (sigc->result != 'U') {
sigc->key = xmemdupz(found, 16);
found += 17;
next = strchrnul(found, '\n');
sigc->signer = xmemdupz(found, next - found);
}
}
}
......
......@@ -234,11 +234,11 @@ extern void print_commit_list(struct commit_list *list,
const char *format_last);
/*
* Check the signature of the given commit. The result of the check is stored in
* sig->result, 'G' for a good signature, 'B' for a bad signature and 'N'
* for no signature at all.
* This may allocate memory for sig->gpg_output, sig->gpg_status, sig->signer
* and sig->key.
* Check the signature of the given commit. The result of the check is stored
* in sig->check_result, 'G' for a good signature, 'U' for a good signature
* from an untrusted signer, 'B' for a bad signature and 'N' for no signature
* at all. This may allocate memory for sig->gpg_output, sig->gpg_status,
* sig->signer and sig->key.
*/
extern void check_commit_signature(const struct commit* commit, struct signature_check *sigc);
......
......@@ -6,6 +6,7 @@ struct signature_check {
char *gpg_status;
char result; /* 0 (not checked),
* N (checked but no further result),
* U (untrusted good),
* G (good)
* B (bad) */
char *signer;
......
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
......@@ -27,6 +27,10 @@ test_expect_success GPG 'create signed commits' '
git hash-object -w -t commit forged >forged.commit &&
git checkout initial &&
git checkout -b side-untrusted &&
echo 3 >baz && git add baz &&
test_tick && git commit -SB7227189 -m "untrusted on side"
git checkout master
'
......@@ -40,6 +44,11 @@ test_expect_success GPG 'merge commit with bad signature with verification' '
test_i18ngrep "has a bad GPG signature" mergeerror
'
test_expect_success GPG 'merge commit with untrusted signature with verification' '
test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
test_i18ngrep "has an untrusted GPG signature" mergeerror
'
test_expect_success GPG 'merge signed commit with verification' '
git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&
test_i18ngrep "has a good GPG signature" mergeoutput
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment