admin/git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 're/ssh-sign-buffer-fix'

Browse Source 
Tempfile removal fix in the codepath to sign commits with SSH keys.

* re/ssh-sign-buffer-fix:
  ssh signing: don't detach the filename strbuf from key_file tempfile
This commit is contained in:
Junio C Hamano
2025-07-14 11:19:26 -07:00
parent 69ea767bc3 4498127b04
commit f4fd906350
2 changed files with 21 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gpg-interface.c
View File

@@ -1048,7 +1048,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
key_file->filename.buf);
goto out;
}
ssh_signing_key_file = strbuf_detach(&key_file->filename, NULL);
ssh_signing_key_file = xstrdup(key_file->filename.buf);
} else {
/* We assume a file */
ssh_signing_key_file = interpolate_path(signing_key, 1);

32
t/t7528-signed-commit-ssh.sh
View File

@@ -84,18 +84,26 @@ test_expect_success GPGSSH 'sign commits using literal public keys with ssh-agen
test_config gpg.format ssh &&
eval $(ssh-agent) &&
test_when_finished "kill ${SSH_AGENT_PID}" &&
ssh-add "${GPGSSH_KEY_PRIMARY}" &&
echo 1 >file && git add file &&
git commit -a -m rsa-inline -S"$(cat "${GPGSSH_KEY_PRIMARY}.pub")" &&
echo 2 >file &&
test_config user.signingkey "$(cat "${GPGSSH_KEY_PRIMARY}.pub")" &&
git commit -a -m rsa-config -S &&
ssh-add "${GPGSSH_KEY_ECDSA}" &&
echo 3 >file &&
git commit -a -m ecdsa-inline -S"key::$(cat "${GPGSSH_KEY_ECDSA}.pub")" &&
echo 4 >file &&
test_config user.signingkey "key::$(cat "${GPGSSH_KEY_ECDSA}.pub")" &&
git commit -a -m ecdsa-config -S
test_when_finished "test_unconfig user.signingkey" &&
mkdir tmpdir &&
TMPDIR="$(pwd)/tmpdir" &&
(
export TMPDIR &&
ssh-add "${GPGSSH_KEY_PRIMARY}" &&
echo 1 >file && git add file &&
git commit -a -m rsa-inline -S"$(cat "${GPGSSH_KEY_PRIMARY}.pub")" &&
echo 2 >file &&
git config user.signingkey "$(cat "${GPGSSH_KEY_PRIMARY}.pub")" &&
git commit -a -m rsa-config -S &&
ssh-add "${GPGSSH_KEY_ECDSA}" &&
echo 3 >file &&
git commit -a -m ecdsa-inline -S"key::$(cat "${GPGSSH_KEY_ECDSA}.pub")" &&
echo 4 >file &&
git config user.signingkey "key::$(cat "${GPGSSH_KEY_ECDSA}.pub")" &&
git commit -a -m ecdsa-config -S
) &&
find tmpdir -type f >tmpfiles &&
test_must_be_empty tmpfiles
'
test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'create signed commits with keys having defined lifetimes' '