summaryrefslogtreecommitdiffstats
path: root/t/lib-gpg.sh
diff options
context:
space:
mode:
authorHenning Schild <henning.schild@siemens.com>2018-07-20 10:28:07 +0200
committerJunio C Hamano <gitster@pobox.com>2018-07-20 17:41:42 +0200
commit53fc999306af60213e18b3ffd4c0347e4a88af0a (patch)
tree93da297efbc28c5d9a0d04ee767d1e02fd5cb29c /t/lib-gpg.sh
parentgpg-interface: introduce new signature format "x509" using gpgsm (diff)
downloadgit-53fc999306af60213e18b3ffd4c0347e4a88af0a.tar.xz
git-53fc999306af60213e18b3ffd4c0347e4a88af0a.zip
gpg-interface t: extend the existing GPG tests with GPGSM
Add test cases to cover the new X509/gpgsm support. Most of them resemble existing ones. They just switch the format to x509 and set the signingkey when creating signatures. Validation of signatures does not need any configuration of git, it does need gpgsm to be configured to trust the key(-chain). Several of the testcases build on top of existing gpg testcases. The commit ships a self-signed key for committer@example.com and configures gpgsm to trust it. Signed-off-by: Henning Schild <henning.schild@siemens.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/lib-gpg.sh')
-rwxr-xr-xt/lib-gpg.sh28
1 files changed, 27 insertions, 1 deletions
diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh
index a5d3b2cbaa..3fe02876c1 100755
--- a/t/lib-gpg.sh
+++ b/t/lib-gpg.sh
@@ -38,7 +38,33 @@ then
"$TEST_DIRECTORY"/lib-gpg/ownertrust &&
gpg --homedir "${GNUPGHOME}" </dev/null >/dev/null 2>&1 \
--sign -u committer@example.com &&
- test_set_prereq GPG
+ test_set_prereq GPG &&
+ # Available key info:
+ # * see t/lib-gpg/gpgsm-gen-key.in
+ # To generate new certificate:
+ # * no passphrase
+ # gpgsm --homedir /tmp/gpghome/ \
+ # -o /tmp/gpgsm.crt.user \
+ # --generate-key \
+ # --batch t/lib-gpg/gpgsm-gen-key.in
+ # To import certificate:
+ # gpgsm --homedir /tmp/gpghome/ \
+ # --import /tmp/gpgsm.crt.user
+ # To export into a .p12 we can later import:
+ # gpgsm --homedir /tmp/gpghome/ \
+ # -o t/lib-gpg/gpgsm_cert.p12 \
+ # --export-secret-key-p12 "committer@example.com"
+ echo | gpgsm --homedir "${GNUPGHOME}" 2>/dev/null \
+ --passphrase-fd 0 --pinentry-mode loopback \
+ --import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 &&
+ gpgsm --homedir "${GNUPGHOME}" 2>/dev/null -K \
+ | grep fingerprint: | cut -d" " -f4 | tr -d '\n' > \
+ ${GNUPGHOME}/trustlist.txt &&
+ echo " S relax" >> ${GNUPGHOME}/trustlist.txt &&
+ (gpgconf --kill gpg-agent >/dev/null 2>&1 || : ) &&
+ echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \
+ -u committer@example.com -o /dev/null --sign - 2>&1 &&
+ test_set_prereq GPGSM
;;
esac
fi