]>
Commit | Line | Data |
---|---|---|
247503f2 JH |
1 | #!/bin/sh |
2 | ||
3 | test_description='signed commit tests' | |
1e2ae142 | 4 | GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main |
334afbc7 JS |
5 | export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME |
6 | ||
247503f2 | 7 | . ./test-lib.sh |
661a1806 | 8 | GNUPGHOME_NOT_USED=$GNUPGHOME |
247503f2 JH |
9 | . "$TEST_DIRECTORY/lib-gpg.sh" |
10 | ||
11 | test_expect_success GPG 'create signed commits' ' | |
42d4e1d1 | 12 | test_oid_cache <<-\EOF && |
13 | header sha1:gpgsig | |
14 | header sha256:gpgsig-sha256 | |
15 | EOF | |
16 | ||
4b8d14b4 NV |
17 | test_when_finished "test_unconfig commit.gpgsign" && |
18 | ||
247503f2 JH |
19 | echo 1 >file && git add file && |
20 | test_tick && git commit -S -m initial && | |
21 | git tag initial && | |
22 | git branch side && | |
23 | ||
24 | echo 2 >file && test_tick && git commit -a -S -m second && | |
25 | git tag second && | |
26 | ||
27 | git checkout side && | |
28 | echo 3 >elif && git add elif && | |
29 | test_tick && git commit -m "third on side" && | |
30 | ||
1e2ae142 | 31 | git checkout main && |
247503f2 JH |
32 | test_tick && git merge -S side && |
33 | git tag merge && | |
34 | ||
35 | echo 4 >file && test_tick && git commit -a -m "fourth unsigned" && | |
36 | git tag fourth-unsigned && | |
37 | ||
c871a1d1 | 38 | test_tick && git commit --amend -S -m "fourth signed" && |
4b8d14b4 NV |
39 | git tag fourth-signed && |
40 | ||
41 | git config commit.gpgsign true && | |
42 | echo 5 >file && test_tick && git commit -a -m "fifth signed" && | |
43 | git tag fifth-signed && | |
44 | ||
45 | git config commit.gpgsign false && | |
46 | echo 6 >file && test_tick && git commit -a -m "sixth" && | |
47 | git tag sixth-unsigned && | |
48 | ||
49 | git config commit.gpgsign true && | |
50 | echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign && | |
51 | git tag seventh-unsigned && | |
52 | ||
53 | test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ && | |
99094a7a | 54 | git tag seventh-signed && |
4baf839f JK |
55 | |
56 | echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 && | |
66948561 JH |
57 | git tag eighth-signed-alt && |
58 | ||
59 | # commit.gpgsign is still on but this must not be signed | |
41a74bd0 MÅ |
60 | echo 9 | git commit-tree HEAD^{tree} >oid && |
61 | test_line_count = 1 oid && | |
62 | git tag ninth-unsigned $(cat oid) && | |
66948561 | 63 | # explicit -S of course must sign. |
41a74bd0 MÅ |
64 | echo 10 | git commit-tree -S HEAD^{tree} >oid && |
65 | test_line_count = 1 oid && | |
70ddbd77 BR |
66 | git tag tenth-signed $(cat oid) && |
67 | ||
68 | # --gpg-sign[=<key-id>] must sign. | |
69 | echo 11 | git commit-tree --gpg-sign HEAD^{tree} >oid && | |
70 | test_line_count = 1 oid && | |
71 | git tag eleventh-signed $(cat oid) && | |
72 | echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid && | |
73 | test_line_count = 1 oid && | |
0517f591 | 74 | git tag twelfth-signed-alt $(cat oid) |
247503f2 JH |
75 | ' |
76 | ||
8e92c2cf | 77 | test_expect_success GPG 'verify and show signatures' ' |
247503f2 | 78 | ( |
66948561 | 79 | for commit in initial second merge fourth-signed \ |
70ddbd77 BR |
80 | fifth-signed sixth-signed seventh-signed tenth-signed \ |
81 | eleventh-signed | |
247503f2 | 82 | do |
8e92c2cf | 83 | git verify-commit $commit && |
247503f2 | 84 | git show --pretty=short --show-signature $commit >actual && |
7b1732c1 MG |
85 | grep "Good signature from" actual && |
86 | ! grep "BAD signature from" actual && | |
87 | echo $commit OK || exit 1 | |
247503f2 JH |
88 | done |
89 | ) && | |
90 | ( | |
66948561 JH |
91 | for commit in merge^2 fourth-unsigned sixth-unsigned \ |
92 | seventh-unsigned ninth-unsigned | |
247503f2 | 93 | do |
8e92c2cf | 94 | test_must_fail git verify-commit $commit && |
247503f2 | 95 | git show --pretty=short --show-signature $commit >actual && |
7b1732c1 MG |
96 | ! grep "Good signature from" actual && |
97 | ! grep "BAD signature from" actual && | |
98 | echo $commit OK || exit 1 | |
4baf839f JK |
99 | done |
100 | ) && | |
101 | ( | |
70ddbd77 | 102 | for commit in eighth-signed-alt twelfth-signed-alt |
4baf839f JK |
103 | do |
104 | git show --pretty=short --show-signature $commit >actual && | |
105 | grep "Good signature from" actual && | |
106 | ! grep "BAD signature from" actual && | |
107 | grep "not certified" actual && | |
108 | echo $commit OK || exit 1 | |
247503f2 JH |
109 | done |
110 | ) | |
111 | ' | |
112 | ||
1bfb57f6 | 113 | test_expect_success GPG 'verify-commit exits failure on unknown signature' ' |
0517f591 | 114 | test_must_fail env GNUPGHOME="$GNUPGHOME_NOT_USED" git verify-commit initial 2>actual && |
1bfb57f6 FS |
115 | ! grep "Good signature from" actual && |
116 | ! grep "BAD signature from" actual && | |
117 | grep -q -F -e "No public key" -e "public key not found" actual | |
118 | ' | |
119 | ||
434060ec | 120 | test_expect_success GPG 'verify-commit exits success on untrusted signature' ' |
8e98e5f2 | 121 | git verify-commit eighth-signed-alt 2>actual && |
122 | grep "Good signature from" actual && | |
123 | ! grep "BAD signature from" actual && | |
124 | grep "not certified" actual | |
125 | ' | |
126 | ||
54887b46 HJI |
127 | test_expect_success GPG 'verify-commit exits success with matching minTrustLevel' ' |
128 | test_config gpg.minTrustLevel ultimate && | |
129 | git verify-commit sixth-signed | |
130 | ' | |
131 | ||
132 | test_expect_success GPG 'verify-commit exits success with low minTrustLevel' ' | |
133 | test_config gpg.minTrustLevel fully && | |
134 | git verify-commit sixth-signed | |
135 | ' | |
136 | ||
137 | test_expect_success GPG 'verify-commit exits failure with high minTrustLevel' ' | |
138 | test_config gpg.minTrustLevel ultimate && | |
139 | test_must_fail git verify-commit eighth-signed-alt | |
140 | ' | |
141 | ||
aeff29dd | 142 | test_expect_success GPG 'verify signatures with --raw' ' |
143 | ( | |
144 | for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed | |
145 | do | |
146 | git verify-commit --raw $commit 2>actual && | |
147 | grep "GOODSIG" actual && | |
148 | ! grep "BADSIG" actual && | |
149 | echo $commit OK || exit 1 | |
150 | done | |
151 | ) && | |
152 | ( | |
153 | for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned | |
154 | do | |
155 | test_must_fail git verify-commit --raw $commit 2>actual && | |
156 | ! grep "GOODSIG" actual && | |
157 | ! grep "BADSIG" actual && | |
158 | echo $commit OK || exit 1 | |
159 | done | |
160 | ) && | |
161 | ( | |
162 | for commit in eighth-signed-alt | |
163 | do | |
164 | git verify-commit --raw $commit 2>actual && | |
165 | grep "GOODSIG" actual && | |
166 | ! grep "BADSIG" actual && | |
167 | grep "TRUST_UNDEFINED" actual && | |
168 | echo $commit OK || exit 1 | |
169 | done | |
170 | ) | |
171 | ' | |
172 | ||
42d4e1d1 | 173 | test_expect_success GPG 'proper header is used for hash algorithm' ' |
174 | git cat-file commit fourth-signed >output && | |
175 | grep "^$(test_oid header) -----BEGIN PGP SIGNATURE-----" output | |
176 | ' | |
177 | ||
8e92c2cf MG |
178 | test_expect_success GPG 'show signed commit with signature' ' |
179 | git show -s initial >commit && | |
180 | git show -s --show-signature initial >show && | |
181 | git verify-commit -v initial >verify.1 2>verify.2 && | |
182 | git cat-file commit initial >cat && | |
3f88c1b5 KM |
183 | grep -v -e "gpg: " -e "Warning: " show >show.commit && |
184 | grep -e "gpg: " -e "Warning: " show >show.gpg && | |
1fb5cf0d | 185 | grep -v "^ " cat | grep -v "^gpgsig.* " >cat.commit && |
8e92c2cf MG |
186 | test_cmp show.commit commit && |
187 | test_cmp show.gpg verify.2 && | |
188 | test_cmp cat.commit verify.1 | |
189 | ' | |
190 | ||
247503f2 | 191 | test_expect_success GPG 'detect fudged signature' ' |
526d56e0 | 192 | git cat-file commit seventh-signed >raw && |
2f3cbcd8 | 193 | sed -e "s/^seventh/7th forged/" raw >forged1 && |
247503f2 | 194 | git hash-object -w -t commit forged1 >forged1.commit && |
9dd39821 | 195 | test_must_fail git verify-commit $(cat forged1.commit) && |
247503f2 JH |
196 | git show --pretty=short --show-signature $(cat forged1.commit) >actual1 && |
197 | grep "BAD signature from" actual1 && | |
198 | ! grep "Good signature from" actual1 | |
199 | ' | |
200 | ||
201 | test_expect_success GPG 'detect fudged signature with NUL' ' | |
526d56e0 | 202 | git cat-file commit seventh-signed >raw && |
247503f2 JH |
203 | cat raw >forged2 && |
204 | echo Qwik | tr "Q" "\000" >>forged2 && | |
205 | git hash-object -w -t commit forged2 >forged2.commit && | |
9dd39821 | 206 | test_must_fail git verify-commit $(cat forged2.commit) && |
247503f2 JH |
207 | git show --pretty=short --show-signature $(cat forged2.commit) >actual2 && |
208 | grep "BAD signature from" actual2 && | |
209 | ! grep "Good signature from" actual2 | |
210 | ' | |
211 | ||
c871a1d1 | 212 | test_expect_success GPG 'amending already signed commit' ' |
3b4b5a79 | 213 | git checkout -f fourth-signed^0 && |
c871a1d1 | 214 | git commit --amend -S --no-edit && |
8e92c2cf | 215 | git verify-commit HEAD && |
c871a1d1 JH |
216 | git show -s --show-signature HEAD >actual && |
217 | grep "Good signature from" actual && | |
218 | ! grep "BAD signature from" actual | |
219 | ' | |
220 | ||
06ca0f45 JK |
221 | test_expect_success GPG 'show good signature with custom format' ' |
222 | cat >expect <<-\EOF && | |
223 | G | |
224 | 13B6F51ECDDE430D | |
225 | C O Mitter <committer@example.com> | |
3daaaabe | 226 | 73D758744BE721698EC54E8713B6F51ECDDE430D |
1a550529 | 227 | 73D758744BE721698EC54E8713B6F51ECDDE430D |
06ca0f45 | 228 | EOF |
1a550529 | 229 | git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual && |
06ca0f45 JK |
230 | test_cmp expect actual |
231 | ' | |
232 | ||
233 | test_expect_success GPG 'show bad signature with custom format' ' | |
234 | cat >expect <<-\EOF && | |
235 | B | |
236 | 13B6F51ECDDE430D | |
237 | C O Mitter <committer@example.com> | |
3daaaabe | 238 | |
1a550529 | 239 | |
06ca0f45 | 240 | EOF |
1a550529 | 241 | git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat forged1.commit) >actual && |
06ca0f45 JK |
242 | test_cmp expect actual |
243 | ' | |
244 | ||
661a1806 | 245 | test_expect_success GPG 'show untrusted signature with custom format' ' |
06ca0f45 JK |
246 | cat >expect <<-\EOF && |
247 | U | |
1e690847 | 248 | 65A0EEA02E30CAD7 |
06ca0f45 | 249 | Eris Discordia <discord@example.net> |
1e690847 | 250 | F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7 |
1a550529 | 251 | D4BE22311AD3131E5EDA29A461092E85B7227189 |
06ca0f45 | 252 | EOF |
1a550529 | 253 | git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual && |
06ca0f45 JK |
254 | test_cmp expect actual |
255 | ' | |
256 | ||
54887b46 HJI |
257 | test_expect_success GPG 'show untrusted signature with undefined trust level' ' |
258 | cat >expect <<-\EOF && | |
259 | undefined | |
260 | 65A0EEA02E30CAD7 | |
261 | Eris Discordia <discord@example.net> | |
262 | F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7 | |
263 | D4BE22311AD3131E5EDA29A461092E85B7227189 | |
264 | EOF | |
265 | git log -1 --format="%GT%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual && | |
266 | test_cmp expect actual | |
267 | ' | |
268 | ||
269 | test_expect_success GPG 'show untrusted signature with ultimate trust level' ' | |
270 | cat >expect <<-\EOF && | |
271 | ultimate | |
272 | 13B6F51ECDDE430D | |
273 | C O Mitter <committer@example.com> | |
274 | 73D758744BE721698EC54E8713B6F51ECDDE430D | |
275 | 73D758744BE721698EC54E8713B6F51ECDDE430D | |
276 | EOF | |
277 | git log -1 --format="%GT%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual && | |
278 | test_cmp expect actual | |
279 | ' | |
280 | ||
661a1806 MG |
281 | test_expect_success GPG 'show unknown signature with custom format' ' |
282 | cat >expect <<-\EOF && | |
283 | E | |
1e690847 | 284 | 65A0EEA02E30CAD7 |
661a1806 | 285 | |
3daaaabe | 286 | |
1a550529 | 287 | |
661a1806 | 288 | EOF |
1a550529 | 289 | GNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual && |
661a1806 MG |
290 | test_cmp expect actual |
291 | ' | |
292 | ||
06ca0f45 JK |
293 | test_expect_success GPG 'show lack of signature with custom format' ' |
294 | cat >expect <<-\EOF && | |
295 | N | |
296 | ||
297 | ||
3daaaabe | 298 | |
1a550529 | 299 | |
06ca0f45 | 300 | EOF |
1a550529 | 301 | git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" seventh-unsigned >actual && |
06ca0f45 JK |
302 | test_cmp expect actual |
303 | ' | |
304 | ||
fce04c3c MJ |
305 | test_expect_success GPG 'log.showsignature behaves like --show-signature' ' |
306 | test_config log.showsignature true && | |
307 | git show initial >actual && | |
308 | grep "gpg: Signature made" actual && | |
309 | grep "gpg: Good signature" actual | |
310 | ' | |
311 | ||
1865a647 HS |
312 | test_expect_success GPG 'check config gpg.format values' ' |
313 | test_config gpg.format openpgp && | |
314 | git commit -S --amend -m "success" && | |
315 | test_config gpg.format OpEnPgP && | |
316 | test_must_fail git commit -S --amend -m "fail" | |
317 | ' | |
318 | ||
da6cf1b3 MG |
319 | test_expect_success GPG 'detect fudged commit with double signature' ' |
320 | sed -e "/gpgsig/,/END PGP/d" forged1 >double-base && | |
321 | sed -n -e "/gpgsig/,/END PGP/p" forged1 | \ | |
42d4e1d1 | 322 | sed -e "s/^$(test_oid header)//;s/^ //" | gpg --dearmor >double-sig1.sig && |
da6cf1b3 MG |
323 | gpg -o double-sig2.sig -u 29472784 --detach-sign double-base && |
324 | cat double-sig1.sig double-sig2.sig | gpg --enarmor >double-combined.asc && | |
42d4e1d1 | 325 | sed -e "s/^\(-.*\)ARMORED FILE/\1SIGNATURE/;1s/^/$(test_oid header) /;2,\$s/^/ /" \ |
da6cf1b3 MG |
326 | double-combined.asc > double-gpgsig && |
327 | sed -e "/committer/r double-gpgsig" double-base >double-commit && | |
328 | git hash-object -w -t commit double-commit >double-commit.commit && | |
329 | test_must_fail git verify-commit $(cat double-commit.commit) && | |
330 | git show --pretty=short --show-signature $(cat double-commit.commit) >double-actual && | |
331 | grep "BAD signature from" double-actual && | |
332 | grep "Good signature from" double-actual | |
333 | ' | |
334 | ||
335 | test_expect_success GPG 'show double signature with custom format' ' | |
336 | cat >expect <<-\EOF && | |
337 | E | |
338 | ||
339 | ||
3daaaabe | 340 | |
1a550529 | 341 | |
da6cf1b3 | 342 | EOF |
1a550529 | 343 | git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat double-commit.commit) >actual && |
da6cf1b3 MG |
344 | test_cmp expect actual |
345 | ' | |
346 | ||
1fb5cf0d | 347 | |
1bfb57f6 FS |
348 | # NEEDSWORK: This test relies on the test_tick commit/author dates from the first |
349 | # 'create signed commits' test even though it creates its own | |
1fb5cf0d | 350 | test_expect_success GPG 'verify-commit verifies multiply signed commits' ' |
351 | git init multiply-signed && | |
352 | cd multiply-signed && | |
353 | test_commit first && | |
354 | echo 1 >second && | |
355 | git add second && | |
356 | tree=$(git write-tree) && | |
357 | parent=$(git rev-parse HEAD^{commit}) && | |
358 | git commit --gpg-sign -m second && | |
359 | git cat-file commit HEAD && | |
360 | # Avoid trailing whitespace. | |
361 | sed -e "s/^Q//" -e "s/^Z/ /" >commit <<-EOF && | |
362 | Qtree $tree | |
363 | Qparent $parent | |
364 | Qauthor A U Thor <author@example.com> 1112912653 -0700 | |
365 | Qcommitter C O Mitter <committer@example.com> 1112912653 -0700 | |
366 | Qgpgsig -----BEGIN PGP SIGNATURE----- | |
367 | QZ | |
368 | Q iHQEABECADQWIQRz11h0S+chaY7FTocTtvUezd5DDQUCX/uBDRYcY29tbWl0dGVy | |
369 | Q QGV4YW1wbGUuY29tAAoJEBO29R7N3kMNd+8AoK1I8mhLHviPH+q2I5fIVgPsEtYC | |
370 | Q AKCTqBh+VabJceXcGIZuF0Ry+udbBQ== | |
371 | Q =tQ0N | |
372 | Q -----END PGP SIGNATURE----- | |
373 | Qgpgsig-sha256 -----BEGIN PGP SIGNATURE----- | |
374 | QZ | |
375 | Q iHQEABECADQWIQRz11h0S+chaY7FTocTtvUezd5DDQUCX/uBIBYcY29tbWl0dGVy | |
376 | Q QGV4YW1wbGUuY29tAAoJEBO29R7N3kMN/NEAn0XO9RYSBj2dFyozi0JKSbssYMtO | |
377 | Q AJwKCQ1BQOtuwz//IjU8TiS+6S4iUw== | |
378 | Q =pIwP | |
379 | Q -----END PGP SIGNATURE----- | |
380 | Q | |
381 | Qsecond | |
382 | EOF | |
383 | head=$(git hash-object -t commit -w commit) && | |
384 | git reset --hard $head && | |
385 | git verify-commit $head 2>actual && | |
386 | grep "Good signature from" actual && | |
387 | ! grep "BAD signature from" actual | |
388 | ' | |
389 | ||
247503f2 | 390 | test_done |