]>
Commit | Line | Data |
---|---|---|
efed0022 SG |
1 | #!/bin/sh |
2 | ||
3 | test_description='merge signature verification tests' | |
1e2ae142 | 4 | GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main |
334afbc7 JS |
5 | export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME |
6 | ||
efed0022 SG |
7 | . ./test-lib.sh |
8 | . "$TEST_DIRECTORY/lib-gpg.sh" | |
9 | ||
10 | test_expect_success GPG 'create signed commits' ' | |
11 | echo 1 >file && git add file && | |
12 | test_tick && git commit -m initial && | |
13 | git tag initial && | |
14 | ||
15 | git checkout -b side-signed && | |
16 | echo 3 >elif && git add elif && | |
17 | test_tick && git commit -S -m "signed on side" && | |
18 | git checkout initial && | |
19 | ||
20 | git checkout -b side-unsigned && | |
21 | echo 3 >foo && git add foo && | |
22 | test_tick && git commit -m "unsigned on side" && | |
23 | git checkout initial && | |
24 | ||
25 | git checkout -b side-bad && | |
26 | echo 3 >bar && git add bar && | |
27 | test_tick && git commit -S -m "bad on side" && | |
28 | git cat-file commit side-bad >raw && | |
2f3cbcd8 | 29 | sed -e "s/^bad/forged bad/" raw >forged && |
efed0022 SG |
30 | git hash-object -w -t commit forged >forged.commit && |
31 | git checkout initial && | |
32 | ||
eb307ae7 SG |
33 | git checkout -b side-untrusted && |
34 | echo 3 >baz && git add baz && | |
99094a7a | 35 | test_tick && git commit -SB7227189 -m "untrusted on side" && |
eb307ae7 | 36 | |
1e2ae142 | 37 | git checkout main |
efed0022 SG |
38 | ' |
39 | ||
40 | test_expect_success GPG 'merge unsigned commit with verification' ' | |
fb2afea3 | 41 | test_when_finished "git reset --hard && git checkout initial" && |
efed0022 SG |
42 | test_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror && |
43 | test_i18ngrep "does not have a GPG signature" mergeerror | |
44 | ' | |
45 | ||
ca779e82 | 46 | test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' ' |
fb2afea3 | 47 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
48 | test_config merge.verifySignatures true && |
49 | test_must_fail git merge --ff-only side-unsigned 2>mergeerror && | |
50 | test_i18ngrep "does not have a GPG signature" mergeerror | |
51 | ' | |
52 | ||
efed0022 | 53 | test_expect_success GPG 'merge commit with bad signature with verification' ' |
fb2afea3 | 54 | test_when_finished "git reset --hard && git checkout initial" && |
efed0022 SG |
55 | test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror && |
56 | test_i18ngrep "has a bad GPG signature" mergeerror | |
57 | ' | |
58 | ||
ca779e82 | 59 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' ' |
fb2afea3 | 60 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
61 | test_config merge.verifySignatures true && |
62 | test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror && | |
63 | test_i18ngrep "has a bad GPG signature" mergeerror | |
64 | ' | |
65 | ||
eb307ae7 | 66 | test_expect_success GPG 'merge commit with untrusted signature with verification' ' |
fb2afea3 | 67 | test_when_finished "git reset --hard && git checkout initial" && |
eb307ae7 SG |
68 | test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror && |
69 | test_i18ngrep "has an untrusted GPG signature" mergeerror | |
70 | ' | |
71 | ||
54887b46 HJI |
72 | test_expect_success GPG 'merge commit with untrusted signature with verification and high minTrustLevel' ' |
73 | test_when_finished "git reset --hard && git checkout initial" && | |
74 | test_config gpg.minTrustLevel marginal && | |
75 | test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror && | |
76 | test_i18ngrep "has an untrusted GPG signature" mergeerror | |
77 | ' | |
78 | ||
79 | test_expect_success GPG 'merge commit with untrusted signature with verification and low minTrustLevel' ' | |
80 | test_when_finished "git reset --hard && git checkout initial" && | |
81 | test_config gpg.minTrustLevel undefined && | |
82 | git merge --ff-only --verify-signatures side-untrusted >mergeoutput && | |
83 | test_i18ngrep "has a good GPG signature" mergeoutput | |
84 | ' | |
85 | ||
ca779e82 | 86 | test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' ' |
fb2afea3 | 87 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
88 | test_config merge.verifySignatures true && |
89 | test_must_fail git merge --ff-only side-untrusted 2>mergeerror && | |
90 | test_i18ngrep "has an untrusted GPG signature" mergeerror | |
91 | ' | |
92 | ||
54887b46 HJI |
93 | test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true and minTrustLevel' ' |
94 | test_when_finished "git reset --hard && git checkout initial" && | |
95 | test_config merge.verifySignatures true && | |
96 | test_config gpg.minTrustLevel marginal && | |
97 | test_must_fail git merge --ff-only side-untrusted 2>mergeerror && | |
98 | test_i18ngrep "has an untrusted GPG signature" mergeerror | |
99 | ' | |
100 | ||
efed0022 | 101 | test_expect_success GPG 'merge signed commit with verification' ' |
fb2afea3 | 102 | test_when_finished "git reset --hard && git checkout initial" && |
efed0022 SG |
103 | git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput && |
104 | test_i18ngrep "has a good GPG signature" mergeoutput | |
105 | ' | |
106 | ||
ca779e82 | 107 | test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' ' |
fb2afea3 | 108 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
109 | test_config merge.verifySignatures true && |
110 | git merge --verbose --ff-only side-signed >mergeoutput && | |
111 | test_i18ngrep "has a good GPG signature" mergeoutput | |
112 | ' | |
113 | ||
efed0022 | 114 | test_expect_success GPG 'merge commit with bad signature without verification' ' |
fb2afea3 | 115 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
116 | git merge $(cat forged.commit) |
117 | ' | |
118 | ||
119 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' ' | |
fb2afea3 | 120 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 | 121 | test_config merge.verifySignatures false && |
efed0022 SG |
122 | git merge $(cat forged.commit) |
123 | ' | |
124 | ||
ca779e82 | 125 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' ' |
fb2afea3 | 126 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
127 | test_config merge.verifySignatures true && |
128 | git merge --no-verify-signatures $(cat forged.commit) | |
129 | ' | |
130 | ||
7488ba3e JK |
131 | test_expect_success GPG 'merge unsigned commit into unborn branch' ' |
132 | test_when_finished "git checkout initial" && | |
133 | git checkout --orphan unborn && | |
134 | test_must_fail git merge --verify-signatures side-unsigned 2>mergeerror && | |
135 | test_i18ngrep "does not have a GPG signature" mergeerror | |
136 | ' | |
137 | ||
efed0022 | 138 | test_done |