]>
Commit | Line | Data |
---|---|---|
7f8ca20a HJI |
1 | #!/bin/sh |
2 | ||
3 | test_description='pull signature verification tests' | |
4 | . ./test-lib.sh | |
5 | . "$TEST_DIRECTORY/lib-gpg.sh" | |
6 | ||
7 | test_expect_success GPG 'create repositories with signed commits' ' | |
8 | echo 1 >a && git add a && | |
9 | test_tick && git commit -m initial && | |
10 | git tag initial && | |
11 | ||
12 | git clone . signed && | |
13 | ( | |
14 | cd signed && | |
15 | echo 2 >b && git add b && | |
16 | test_tick && git commit -S -m "signed" | |
17 | ) && | |
18 | ||
19 | git clone . unsigned && | |
20 | ( | |
21 | cd unsigned && | |
22 | echo 3 >c && git add c && | |
23 | test_tick && git commit -m "unsigned" | |
24 | ) && | |
25 | ||
26 | git clone . bad && | |
27 | ( | |
28 | cd bad && | |
29 | echo 4 >d && git add d && | |
30 | test_tick && git commit -S -m "bad" && | |
31 | git cat-file commit HEAD >raw && | |
2f3cbcd8 | 32 | sed -e "s/^bad/forged bad/" raw >forged && |
7f8ca20a HJI |
33 | git hash-object -w -t commit forged >forged.commit && |
34 | git checkout $(cat forged.commit) | |
35 | ) && | |
36 | ||
37 | git clone . untrusted && | |
38 | ( | |
39 | cd untrusted && | |
40 | echo 5 >e && git add e && | |
41 | test_tick && git commit -SB7227189 -m "untrusted" | |
42 | ) | |
43 | ' | |
44 | ||
45 | test_expect_success GPG 'pull unsigned commit with --verify-signatures' ' | |
fb2afea3 | 46 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a HJI |
47 | test_must_fail git pull --ff-only --verify-signatures unsigned 2>pullerror && |
48 | test_i18ngrep "does not have a GPG signature" pullerror | |
49 | ' | |
50 | ||
51 | test_expect_success GPG 'pull commit with bad signature with --verify-signatures' ' | |
fb2afea3 | 52 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a HJI |
53 | test_must_fail git pull --ff-only --verify-signatures bad 2>pullerror && |
54 | test_i18ngrep "has a bad GPG signature" pullerror | |
55 | ' | |
56 | ||
57 | test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures' ' | |
fb2afea3 | 58 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a HJI |
59 | test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror && |
60 | test_i18ngrep "has an untrusted GPG signature" pullerror | |
61 | ' | |
62 | ||
54887b46 HJI |
63 | test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures and minTrustLevel=ultimate' ' |
64 | test_when_finished "git reset --hard && git checkout initial" && | |
65 | test_config gpg.minTrustLevel ultimate && | |
66 | test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror && | |
67 | test_i18ngrep "has an untrusted GPG signature" pullerror | |
68 | ' | |
69 | ||
70 | test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures and minTrustLevel=marginal' ' | |
71 | test_when_finished "git reset --hard && git checkout initial" && | |
72 | test_config gpg.minTrustLevel marginal && | |
73 | test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror && | |
74 | test_i18ngrep "has an untrusted GPG signature" pullerror | |
75 | ' | |
76 | ||
77 | test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures and minTrustLevel=undefined' ' | |
78 | test_when_finished "git reset --hard && git checkout initial" && | |
79 | test_config gpg.minTrustLevel undefined && | |
80 | git pull --ff-only --verify-signatures untrusted >pulloutput && | |
81 | test_i18ngrep "has a good GPG signature" pulloutput | |
82 | ' | |
83 | ||
7f8ca20a | 84 | test_expect_success GPG 'pull signed commit with --verify-signatures' ' |
fb2afea3 | 85 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a HJI |
86 | git pull --verify-signatures signed >pulloutput && |
87 | test_i18ngrep "has a good GPG signature" pulloutput | |
88 | ' | |
89 | ||
90 | test_expect_success GPG 'pull commit with bad signature without verification' ' | |
fb2afea3 | 91 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a HJI |
92 | git pull --ff-only bad 2>pullerror |
93 | ' | |
94 | ||
95 | test_expect_success GPG 'pull commit with bad signature with --no-verify-signatures' ' | |
fb2afea3 | 96 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a HJI |
97 | test_config merge.verifySignatures true && |
98 | test_config pull.verifySignatures true && | |
99 | git pull --ff-only --no-verify-signatures bad 2>pullerror | |
100 | ' | |
101 | ||
01a31f3b | 102 | test_expect_success GPG 'pull unsigned commit into unborn branch' ' |
54887b46 | 103 | test_when_finished "rm -rf empty-repo" && |
01a31f3b JK |
104 | git init empty-repo && |
105 | test_must_fail \ | |
106 | git -C empty-repo pull --verify-signatures .. 2>pullerror && | |
107 | test_i18ngrep "does not have a GPG signature" pullerror | |
108 | ' | |
109 | ||
54887b46 HJI |
110 | test_expect_success GPG 'pull commit into unborn branch with bad signature and --verify-signatures' ' |
111 | test_when_finished "rm -rf empty-repo" && | |
112 | git init empty-repo && | |
113 | test_must_fail \ | |
114 | git -C empty-repo pull --ff-only --verify-signatures ../bad 2>pullerror && | |
115 | test_i18ngrep "has a bad GPG signature" pullerror | |
116 | ' | |
117 | ||
118 | test_expect_success GPG 'pull commit into unborn branch with untrusted signature and --verify-signatures' ' | |
119 | test_when_finished "rm -rf empty-repo" && | |
120 | git init empty-repo && | |
121 | test_must_fail \ | |
122 | git -C empty-repo pull --ff-only --verify-signatures ../untrusted 2>pullerror && | |
123 | test_i18ngrep "has an untrusted GPG signature" pullerror | |
124 | ' | |
125 | ||
126 | test_expect_success GPG 'pull commit into unborn branch with untrusted signature and --verify-signatures and minTrustLevel=ultimate' ' | |
127 | test_when_finished "rm -rf empty-repo" && | |
128 | git init empty-repo && | |
129 | test_config_global gpg.minTrustLevel ultimate && | |
130 | test_must_fail \ | |
131 | git -C empty-repo pull --ff-only --verify-signatures ../untrusted 2>pullerror && | |
132 | test_i18ngrep "has an untrusted GPG signature" pullerror | |
133 | ' | |
134 | ||
135 | test_expect_success GPG 'pull commit into unborn branch with untrusted signature and --verify-signatures and minTrustLevel=marginal' ' | |
136 | test_when_finished "rm -rf empty-repo" && | |
137 | git init empty-repo && | |
138 | test_config_global gpg.minTrustLevel marginal && | |
139 | test_must_fail \ | |
140 | git -C empty-repo pull --ff-only --verify-signatures ../untrusted 2>pullerror && | |
141 | test_i18ngrep "has an untrusted GPG signature" pullerror | |
142 | ' | |
143 | ||
144 | test_expect_success GPG 'pull commit into unborn branch with untrusted signature and --verify-signatures and minTrustLevel=undefined' ' | |
145 | test_when_finished "rm -rf empty-repo" && | |
146 | git init empty-repo && | |
147 | test_config_global gpg.minTrustLevel undefined && | |
148 | git -C empty-repo pull --ff-only --verify-signatures ../untrusted >pulloutput && | |
149 | test_i18ngrep "has a good GPG signature" pulloutput | |
150 | ' | |
151 | ||
7f8ca20a | 152 | test_done |