brz-git

Merge lp:~jelmer/brz-git/gpg-signatures into lp:brz-git

  1. gpg-signatures
  2. Merge into trunk
Proposed by Jelmer Vernooij
Status: Merged
Approved by: Jelmer Vernooij
Approved revision: 1848
Merge reported by: The Breezy Bot
Merged at revision: not available
Proposed branch: lp:~jelmer/brz-git/gpg-signatures
Merge into: lp:brz-git
Diff against target: 122 lines (+67/-2)
3 files modified
commit.py (+5/-0)
repository.py (+39/-2)
tests/test_repository.py (+23/-0)
To merge this branch: bzr merge lp:~jelmer/brz-git/gpg-signatures
Reviewer Review Type Date Requested Status
Jelmer Vernooij Approve
Review via email: mp+341288@code.launchpad.net

Description of the change

Add support for signing commits.

This depends on lp:~jelmer/brz/gpg-detached-sign

To post a comment you must log in.
lp:~jelmer/brz-git/gpg-signatures updated
1845. By Jelmer Vernooij

Support verifying signatures.

1846. By Jelmer Vernooij

use new API.

Revision history for this message
Jelmer Vernooij (jelmer) :
review: Approve
lp:~jelmer/brz-git/gpg-signatures updated
1847. By Jelmer Vernooij

Merge trunk.

1848. By Jelmer Vernooij

Merge lp:~jelmer/brz-git/gpg-signatures.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'commit.py'
2--- commit.py 2018-03-17 19:20:55 +0000
3+++ commit.py 2018-03-17 23:04:35 +0000
4@@ -29,6 +29,8 @@
5 entry_factory,
6 )
7 from ... import (
8+ config as _mod_config,
9+ gpg,
10 osutils,
11 revision as _mod_revision,
12 )
13@@ -229,6 +231,9 @@
14 c.commit_timezone = self._timezone
15 c.author_timezone = self._timezone
16 c.message = message.encode(c.encoding)
17+ if self._config_stack.get('create_signatures') == _mod_config.SIGN_ALWAYS:
18+ strategy = gpg.GPGStrategy(self._config_stack)
19+ c.gpgsig = strategy.sign(c.as_raw_string(), gpg.MODE_DETACH)
20 self.store.add_object(c)
21 self.repository.commit_write_group()
22 self._new_revision_id = self._mapping.revision_id_foreign_to_bzr(c.id)
23
24=== modified file 'repository.py'
25--- repository.py 2018-03-17 19:20:55 +0000
26+++ repository.py 2018-03-17 23:04:35 +0000
27@@ -408,7 +408,14 @@
28 return _mod_graph.KnownGraph(parent_map)
29
30 def get_signature_text(self, revision_id):
31- raise errors.NoSuchRevision(self, revision_id)
32+ git_commit_id, mapping = self.lookup_bzr_revision_id(revision_id)
33+ try:
34+ commit = self._git.object_store[git_commit_id]
35+ except KeyError:
36+ raise errors.NoSuchRevision(self, revision_id)
37+ if commit.gpgsig is None:
38+ raise errors.NoSuchRevision(self, revision_id)
39+ return commit.gpgsig
40
41 def check(self, revision_ids=None, callback_refs=None, check_repo=True):
42 result = GitCheck(self, check_repo=check_repo)
43@@ -448,7 +455,37 @@
44
45 This is never the case for Git repositories.
46 """
47- return False
48+ try:
49+ self.get_signature_text(revision_id)
50+ except errors.NoSuchRevision:
51+ return False
52+ else:
53+ return True
54+
55+ def verify_revision_signature(self, revision_id, gpg_strategy):
56+ """Verify the signature on a revision.
57+
58+ :param revision_id: the revision to verify
59+ :gpg_strategy: the GPGStrategy object to used
60+
61+ :return: gpg.SIGNATURE_VALID or a failed SIGNATURE_ value
62+ """
63+ from breezy import gpg
64+ with self.lock_read():
65+ git_commit_id, mapping = self.lookup_bzr_revision_id(revision_id)
66+ try:
67+ commit = self._git.object_store[git_commit_id]
68+ except KeyError:
69+ raise errors.NoSuchRevision(self, revision_id)
70+
71+ if commit.gpgsig is None:
72+ return gpg.SIGNATURE_NOT_SIGNED, None
73+
74+ without_sig = Commit.from_string(commit.as_raw_string())
75+ without_sig.gpgsig = None
76+
77+ (result, key, plain_text) = gpg_strategy.verify(without_sig.as_raw_string(), commit.gpgsig)
78+ return (result, key)
79
80 def lookup_bzr_revision_id(self, bzr_revid, mapping=None):
81 """Lookup a bzr revision id in a Git repository.
82
83=== modified file 'tests/test_repository.py'
84--- tests/test_repository.py 2018-03-17 17:34:12 +0000
85+++ tests/test_repository.py 2018-03-17 23:04:35 +0000
86@@ -26,6 +26,7 @@
87 import os
88
89 from .... import (
90+ config,
91 errors,
92 revision,
93 )
94@@ -192,6 +193,28 @@
95 self.git_repo.get_parent_map([revision.NULL_REVISION]))
96
97
98+class SigningGitRepository(tests.TestCaseWithTransport):
99+
100+ def test_signed_commit(self):
101+ import breezy.gpg
102+ oldstrategy = breezy.gpg.GPGStrategy
103+ wt = self.make_branch_and_tree('.', format='git')
104+ branch = wt.branch
105+ revid = wt.commit("base", allow_pointless=True)
106+ self.assertFalse(branch.repository.has_signature_for_revision_id(revid))
107+ try:
108+ breezy.gpg.GPGStrategy = breezy.gpg.LoopbackGPGStrategy
109+ conf = config.MemoryStack('''
110+create_signatures=always
111+''')
112+ revid2 = wt.commit(config=conf, message="base", allow_pointless=True)
113+ def sign(text):
114+ return breezy.gpg.LoopbackGPGStrategy(None).sign(text)
115+ self.assertIsInstance(branch.repository.get_signature_text(revid2), str)
116+ finally:
117+ breezy.gpg.GPGStrategy = oldstrategy
118+
119+
120 class GitRepositoryFormat(tests.TestCase):
121
122 def setUp(self):

Subscribers

People subscribed via source and target branches

to all changes: