@@ -87,6 +87,34 @@ test_lazy_prereq RFC1991 '
8787 echo | gpg --homedir "${GNUPGHOME}" -b --rfc1991 >/dev/null
8888'
8989
90+ GPGSSH_KEY_PRIMARY=" ${GNUPGHOME} /ed25519_ssh_signing_key"
91+ GPGSSH_KEY_SECONDARY=" ${GNUPGHOME} /rsa_2048_ssh_signing_key"
92+ GPGSSH_KEY_UNTRUSTED=" ${GNUPGHOME} /untrusted_ssh_signing_key"
93+ GPGSSH_KEY_WITH_PASSPHRASE=" ${GNUPGHOME} /protected_ssh_signing_key"
94+ GPGSSH_KEY_PASSPHRASE=" super_secret"
95+ GPGSSH_ALLOWED_SIGNERS=" ${GNUPGHOME} /ssh.all_valid.allowedSignersFile"
96+
97+ GPGSSH_GOOD_SIGNATURE_TRUSTED=' Good "git" signature for'
98+ GPGSSH_GOOD_SIGNATURE_UNTRUSTED=' Good "git" signature with'
99+ GPGSSH_KEY_NOT_TRUSTED=" No principal matched"
100+ GPGSSH_BAD_SIGNATURE=" Signature verification failed"
101+
102+ test_lazy_prereq GPGSSH '
103+ ssh_version=$(ssh-keygen -Y find-principals -n "git" 2>&1)
104+ test $? != 127 || exit 1
105+ echo $ssh_version | grep -q "find-principals:missing signature file"
106+ test $? = 0 || exit 1;
107+ mkdir -p "${GNUPGHOME}" &&
108+ chmod 0700 "${GNUPGHOME}" &&
109+ ssh-keygen -t ed25519 -N "" -C "git ed25519 key" -f "${GPGSSH_KEY_PRIMARY}" >/dev/null &&
110+ echo "\"principal with number 1\" $(cat "${GPGSSH_KEY_PRIMARY}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" &&
111+ ssh-keygen -t rsa -b 2048 -N "" -C "git rsa2048 key" -f "${GPGSSH_KEY_SECONDARY}" >/dev/null &&
112+ echo "\"principal with number 2\" $(cat "${GPGSSH_KEY_SECONDARY}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" &&
113+ ssh-keygen -t ed25519 -N "${GPGSSH_KEY_PASSPHRASE}" -C "git ed25519 encrypted key" -f "${GPGSSH_KEY_WITH_PASSPHRASE}" >/dev/null &&
114+ echo "\"principal with number 3\" $(cat "${GPGSSH_KEY_WITH_PASSPHRASE}.pub")" >> "${GPGSSH_ALLOWED_SIGNERS}" &&
115+ ssh-keygen -t ed25519 -N "" -f "${GPGSSH_KEY_UNTRUSTED}" >/dev/null
116+ '
117+
90118sanitize_pgp () {
91119 perl -ne '
92120 /^-----END PGP/ and $in_pgp = 0;
0 commit comments