mirror of
https://github.com/git/git.git
synced 2024-11-25 19:04:18 +08:00
53fc999306
Add test cases to cover the new X509/gpgsm support. Most of them resemble existing ones. They just switch the format to x509 and set the signingkey when creating signatures. Validation of signatures does not need any configuration of git, it does need gpgsm to be configured to trust the key(-chain). Several of the testcases build on top of existing gpg testcases. The commit ships a self-signed key for committer@example.com and configures gpgsm to trust it. Signed-off-by: Henning Schild <henning.schild@siemens.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
85 lines
2.9 KiB
Bash
Executable File
85 lines
2.9 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
gpg_version=$(gpg --version 2>&1)
|
|
if test $? != 127
|
|
then
|
|
# As said here: http://www.gnupg.org/documentation/faqs.html#q6.19
|
|
# the gpg version 1.0.6 didn't parse trust packets correctly, so for
|
|
# that version, creation of signed tags using the generated key fails.
|
|
case "$gpg_version" in
|
|
'gpg (GnuPG) 1.0.6'*)
|
|
say "Your version of gpg (1.0.6) is too buggy for testing"
|
|
;;
|
|
*)
|
|
# Available key info:
|
|
# * Type DSA and Elgamal, size 2048 bits, no expiration date,
|
|
# name and email: C O Mitter <committer@example.com>
|
|
# * Type RSA, size 2048 bits, no expiration date,
|
|
# name and email: Eris Discordia <discord@example.net>
|
|
# No password given, to enable non-interactive operation.
|
|
# To generate new key:
|
|
# gpg --homedir /tmp/gpghome --gen-key
|
|
# To write armored exported key to keyring:
|
|
# gpg --homedir /tmp/gpghome --export-secret-keys \
|
|
# --armor 0xDEADBEEF >> lib-gpg/keyring.gpg
|
|
# gpg --homedir /tmp/gpghome --export \
|
|
# --armor 0xDEADBEEF >> lib-gpg/keyring.gpg
|
|
# To export ownertrust:
|
|
# gpg --homedir /tmp/gpghome --export-ownertrust \
|
|
# > lib-gpg/ownertrust
|
|
mkdir ./gpghome &&
|
|
chmod 0700 ./gpghome &&
|
|
GNUPGHOME="$(pwd)/gpghome" &&
|
|
export GNUPGHOME &&
|
|
(gpgconf --kill gpg-agent >/dev/null 2>&1 || : ) &&
|
|
gpg --homedir "${GNUPGHOME}" 2>/dev/null --import \
|
|
"$TEST_DIRECTORY"/lib-gpg/keyring.gpg &&
|
|
gpg --homedir "${GNUPGHOME}" 2>/dev/null --import-ownertrust \
|
|
"$TEST_DIRECTORY"/lib-gpg/ownertrust &&
|
|
gpg --homedir "${GNUPGHOME}" </dev/null >/dev/null 2>&1 \
|
|
--sign -u committer@example.com &&
|
|
test_set_prereq GPG &&
|
|
# Available key info:
|
|
# * see t/lib-gpg/gpgsm-gen-key.in
|
|
# To generate new certificate:
|
|
# * no passphrase
|
|
# gpgsm --homedir /tmp/gpghome/ \
|
|
# -o /tmp/gpgsm.crt.user \
|
|
# --generate-key \
|
|
# --batch t/lib-gpg/gpgsm-gen-key.in
|
|
# To import certificate:
|
|
# gpgsm --homedir /tmp/gpghome/ \
|
|
# --import /tmp/gpgsm.crt.user
|
|
# To export into a .p12 we can later import:
|
|
# gpgsm --homedir /tmp/gpghome/ \
|
|
# -o t/lib-gpg/gpgsm_cert.p12 \
|
|
# --export-secret-key-p12 "committer@example.com"
|
|
echo | gpgsm --homedir "${GNUPGHOME}" 2>/dev/null \
|
|
--passphrase-fd 0 --pinentry-mode loopback \
|
|
--import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 &&
|
|
gpgsm --homedir "${GNUPGHOME}" 2>/dev/null -K \
|
|
| grep fingerprint: | cut -d" " -f4 | tr -d '\n' > \
|
|
${GNUPGHOME}/trustlist.txt &&
|
|
echo " S relax" >> ${GNUPGHOME}/trustlist.txt &&
|
|
(gpgconf --kill gpg-agent >/dev/null 2>&1 || : ) &&
|
|
echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \
|
|
-u committer@example.com -o /dev/null --sign - 2>&1 &&
|
|
test_set_prereq GPGSM
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
if test_have_prereq GPG &&
|
|
echo | gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null 2>&1
|
|
then
|
|
test_set_prereq RFC1991
|
|
fi
|
|
|
|
sanitize_pgp() {
|
|
perl -ne '
|
|
/^-----END PGP/ and $in_pgp = 0;
|
|
print unless $in_pgp;
|
|
/^-----BEGIN PGP/ and $in_pgp = 1;
|
|
'
|
|
}
|