[thirdparty/git.git] / t / t7510-signed-commit.sh

#!/bin/sh

test_description='signed commit tests'
. ./test-lib.sh
GNUPGHOME_NOT_USED=$GNUPGHOME
. "$TEST_DIRECTORY/lib-gpg.sh"

test_expect_success GPG 'create signed commits' '
	test_when_finished "test_unconfig commit.gpgsign" &&

	echo 1 >file && git add file &&
	test_tick && git commit -S -m initial &&
	git tag initial &&
	git branch side &&

	echo 2 >file && test_tick && git commit -a -S -m second &&
	git tag second &&

	git checkout side &&
	echo 3 >elif && git add elif &&
	test_tick && git commit -m "third on side" &&

	git checkout master &&
	test_tick && git merge -S side &&
	git tag merge &&

	echo 4 >file && test_tick && git commit -a -m "fourth unsigned" &&
	git tag fourth-unsigned &&

	test_tick && git commit --amend -S -m "fourth signed" &&
	git tag fourth-signed &&

	git config commit.gpgsign true &&
	echo 5 >file && test_tick && git commit -a -m "fifth signed" &&
	git tag fifth-signed &&

	git config commit.gpgsign false &&
	echo 6 >file && test_tick && git commit -a -m "sixth" &&
	git tag sixth-unsigned &&

	git config commit.gpgsign true &&
	echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&
	git tag seventh-unsigned &&

	test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
	git tag seventh-signed &&

	echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 &&
	git tag eighth-signed-alt &&

	# commit.gpgsign is still on but this must not be signed
	git tag ninth-unsigned $(echo 9 | git commit-tree HEAD^{tree}) &&
	# explicit -S of course must sign.
	git tag tenth-signed $(echo 9 | git commit-tree -S HEAD^{tree})
'

test_expect_success GPG 'verify and show signatures' '
	(
		for commit in initial second merge fourth-signed \
			fifth-signed sixth-signed seventh-signed tenth-signed
		do
			git verify-commit $commit &&
			git show --pretty=short --show-signature $commit >actual &&
			grep "Good signature from" actual &&
			! grep "BAD signature from" actual &&
			echo $commit OK || exit 1
		done
	) &&
	(
		for commit in merge^2 fourth-unsigned sixth-unsigned \
			seventh-unsigned ninth-unsigned
		do
			test_must_fail git verify-commit $commit &&
			git show --pretty=short --show-signature $commit >actual &&
			! grep "Good signature from" actual &&
			! grep "BAD signature from" actual &&
			echo $commit OK || exit 1
		done
	) &&
	(
		for commit in eighth-signed-alt
		do
			git show --pretty=short --show-signature $commit >actual &&
			grep "Good signature from" actual &&
			! grep "BAD signature from" actual &&
			grep "not certified" actual &&
			echo $commit OK || exit 1
		done
	)
'

test_expect_success GPG 'verify-commit exits success on untrusted signature' '
	git verify-commit eighth-signed-alt 2>actual &&
	grep "Good signature from" actual &&
	! grep "BAD signature from" actual &&
	grep "not certified" actual
'

test_expect_success GPG 'verify signatures with --raw' '
	(
		for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
		do
			git verify-commit --raw $commit 2>actual &&
			grep "GOODSIG" actual &&
			! grep "BADSIG" actual &&
			echo $commit OK || exit 1
		done
	) &&
	(
		for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
		do
			test_must_fail git verify-commit --raw $commit 2>actual &&
			! grep "GOODSIG" actual &&
			! grep "BADSIG" actual &&
			echo $commit OK || exit 1
		done
	) &&
	(
		for commit in eighth-signed-alt
		do
			git verify-commit --raw $commit 2>actual &&
			grep "GOODSIG" actual &&
			! grep "BADSIG" actual &&
			grep "TRUST_UNDEFINED" actual &&
			echo $commit OK || exit 1
		done
	)
'

test_expect_success GPG 'show signed commit with signature' '
	git show -s initial >commit &&
	git show -s --show-signature initial >show &&
	git verify-commit -v initial >verify.1 2>verify.2 &&
	git cat-file commit initial >cat &&
	grep -v -e "gpg: " -e "Warning: " show >show.commit &&
	grep -e "gpg: " -e "Warning: " show >show.gpg &&
	grep -v "^ " cat | grep -v "^gpgsig " >cat.commit &&
	test_cmp show.commit commit &&
	test_cmp show.gpg verify.2 &&
	test_cmp cat.commit verify.1
'

test_expect_success GPG 'detect fudged signature' '
	git cat-file commit seventh-signed >raw &&
	sed -e "s/^seventh/7th forged/" raw >forged1 &&
	git hash-object -w -t commit forged1 >forged1.commit &&
	test_must_fail git verify-commit $(cat forged1.commit) &&
	git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
	grep "BAD signature from" actual1 &&
	! grep "Good signature from" actual1
'

test_expect_success GPG 'detect fudged signature with NUL' '
	git cat-file commit seventh-signed >raw &&
	cat raw >forged2 &&
	echo Qwik | tr "Q" "\000" >>forged2 &&
	git hash-object -w -t commit forged2 >forged2.commit &&
	test_must_fail git verify-commit $(cat forged2.commit) &&
	git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
	grep "BAD signature from" actual2 &&
	! grep "Good signature from" actual2
'

test_expect_success GPG 'amending already signed commit' '
	git checkout fourth-signed^0 &&
	git commit --amend -S --no-edit &&
	git verify-commit HEAD &&
	git show -s --show-signature HEAD >actual &&
	grep "Good signature from" actual &&
	! grep "BAD signature from" actual
'

test_expect_success GPG 'show good signature with custom format' '
	cat >expect <<-\EOF &&
	G
	13B6F51ECDDE430D
	C O Mitter <committer@example.com>
	73D758744BE721698EC54E8713B6F51ECDDE430D
	EOF
	git log -1 --format="%G?%n%GK%n%GS%n%GF" sixth-signed >actual &&
	test_cmp expect actual
'

test_expect_success GPG 'show bad signature with custom format' '
	cat >expect <<-\EOF &&
	B
	13B6F51ECDDE430D
	C O Mitter <committer@example.com>

	EOF
	git log -1 --format="%G?%n%GK%n%GS%n%GF" $(cat forged1.commit) >actual &&
	test_cmp expect actual
'

test_expect_success GPG 'show untrusted signature with custom format' '
	cat >expect <<-\EOF &&
	U
	61092E85B7227189
	Eris Discordia <discord@example.net>
	D4BE22311AD3131E5EDA29A461092E85B7227189
	EOF
	git log -1 --format="%G?%n%GK%n%GS%n%GF" eighth-signed-alt >actual &&
	test_cmp expect actual
'

test_expect_success GPG 'show unknown signature with custom format' '
	cat >expect <<-\EOF &&
	E
	61092E85B7227189


	EOF
	GNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GK%n%GS%n%GF" eighth-signed-alt >actual &&
	test_cmp expect actual
'

test_expect_success GPG 'show lack of signature with custom format' '
	cat >expect <<-\EOF &&
	N


	EOF
	git log -1 --format="%G?%n%GK%n%GS%n%GF" seventh-unsigned >actual &&
	test_cmp expect actual
'

test_expect_success GPG 'log.showsignature behaves like --show-signature' '
	test_config log.showsignature true &&
	git show initial >actual &&
	grep "gpg: Signature made" actual &&
	grep "gpg: Good signature" actual
'

test_expect_success GPG 'check config gpg.format values' '
	test_config gpg.format openpgp &&
	git commit -S --amend -m "success" &&
	test_config gpg.format OpEnPgP &&
	test_must_fail git commit -S --amend -m "fail"
'

test_expect_success GPG 'detect fudged commit with double signature' '
	sed -e "/gpgsig/,/END PGP/d" forged1 >double-base &&
	sed -n -e "/gpgsig/,/END PGP/p" forged1 | \
		sed -e "s/^gpgsig//;s/^ //" | gpg --dearmor >double-sig1.sig &&
	gpg -o double-sig2.sig -u 29472784 --detach-sign double-base &&
	cat double-sig1.sig double-sig2.sig | gpg --enarmor >double-combined.asc &&
	sed -e "s/^\(-.*\)ARMORED FILE/\1SIGNATURE/;1s/^/gpgsig /;2,\$s/^/ /" \
		double-combined.asc > double-gpgsig &&
	sed -e "/committer/r double-gpgsig" double-base >double-commit &&
	git hash-object -w -t commit double-commit >double-commit.commit &&
	test_must_fail git verify-commit $(cat double-commit.commit) &&
	git show --pretty=short --show-signature $(cat double-commit.commit) >double-actual &&
	grep "BAD signature from" double-actual &&
	grep "Good signature from" double-actual
'

test_expect_success GPG 'show double signature with custom format' '
	cat >expect <<-\EOF &&
	E


	EOF
	git log -1 --format="%G?%n%GK%n%GS%n%GF" $(cat double-commit.commit) >actual &&
	test_cmp expect actual
'

test_done
Commit	Line	Data
247503f2 JH	1	#!/bin/sh
	2
	3	test_description='signed commit tests'
	4	. ./test-lib.sh
661a1806	5	GNUPGHOME_NOT_USED=$GNUPGHOME
247503f2 JH	6	. "$TEST_DIRECTORY/lib-gpg.sh"
	7
	8	test_expect_success GPG 'create signed commits' '
4b8d14b4 NV	9	test_when_finished "test_unconfig commit.gpgsign" &&
4b8d14b4 NV	10
247503f2 JH	11	echo 1 >file && git add file &&
	12	test_tick && git commit -S -m initial &&
	13	git tag initial &&
	14	git branch side &&
	15
	16	echo 2 >file && test_tick && git commit -a -S -m second &&
	17	git tag second &&
	18
	19	git checkout side &&
	20	echo 3 >elif && git add elif &&
	21	test_tick && git commit -m "third on side" &&
	22
	23	git checkout master &&
	24	test_tick && git merge -S side &&
	25	git tag merge &&
	26
	27	echo 4 >file && test_tick && git commit -a -m "fourth unsigned" &&
	28	git tag fourth-unsigned &&
	29
c871a1d1	30	test_tick && git commit --amend -S -m "fourth signed" &&
4b8d14b4 NV	31	git tag fourth-signed &&
	32
	33	git config commit.gpgsign true &&
	34	echo 5 >file && test_tick && git commit -a -m "fifth signed" &&
	35	git tag fifth-signed &&
	36
	37	git config commit.gpgsign false &&
	38	echo 6 >file && test_tick && git commit -a -m "sixth" &&
	39	git tag sixth-unsigned &&
	40
	41	git config commit.gpgsign true &&
	42	echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&
	43	git tag seventh-unsigned &&
	44
	45	test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
99094a7a	46	git tag seventh-signed &&
4baf839f JK	47
4baf839f JK	48	echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 &&
66948561 JH	49	git tag eighth-signed-alt &&
	50
	51	# commit.gpgsign is still on but this must not be signed
	52	git tag ninth-unsigned $(echo 9 \| git commit-tree HEAD^{tree}) &&
	53	# explicit -S of course must sign.
	54	git tag tenth-signed $(echo 9 \| git commit-tree -S HEAD^{tree})
247503f2 JH	55	'
247503f2 JH	56
8e92c2cf	57	test_expect_success GPG 'verify and show signatures' '
247503f2	58	(
66948561 JH	59	for commit in initial second merge fourth-signed \
66948561 JH	60	fifth-signed sixth-signed seventh-signed tenth-signed
247503f2	61	do
8e92c2cf	62	git verify-commit $commit &&
247503f2	63	git show --pretty=short --show-signature $commit >actual &&
7b1732c1 MG	64	grep "Good signature from" actual &&
	65	! grep "BAD signature from" actual &&
	66	echo $commit OK \|\| exit 1
247503f2 JH	67	done
	68	) &&
	69	(
66948561 JH	70	for commit in merge^2 fourth-unsigned sixth-unsigned \
66948561 JH	71	seventh-unsigned ninth-unsigned
247503f2	72	do
8e92c2cf	73	test_must_fail git verify-commit $commit &&
247503f2	74	git show --pretty=short --show-signature $commit >actual &&
7b1732c1 MG	75	! grep "Good signature from" actual &&
	76	! grep "BAD signature from" actual &&
	77	echo $commit OK \|\| exit 1
4baf839f JK	78	done
	79	) &&
	80	(
	81	for commit in eighth-signed-alt
	82	do
	83	git show --pretty=short --show-signature $commit >actual &&
	84	grep "Good signature from" actual &&
	85	! grep "BAD signature from" actual &&
	86	grep "not certified" actual &&
	87	echo $commit OK \|\| exit 1
247503f2 JH	88	done
	89	)
	90	'
	91
434060ec	92	test_expect_success GPG 'verify-commit exits success on untrusted signature' '
8e98e5f2	93	git verify-commit eighth-signed-alt 2>actual &&
	94	grep "Good signature from" actual &&
	95	! grep "BAD signature from" actual &&
	96	grep "not certified" actual
	97	'
	98
aeff29dd	99	test_expect_success GPG 'verify signatures with --raw' '
	100	(
	101	for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
	102	do
	103	git verify-commit --raw $commit 2>actual &&
	104	grep "GOODSIG" actual &&
	105	! grep "BADSIG" actual &&
	106	echo $commit OK \|\| exit 1
	107	done
	108	) &&
	109	(
	110	for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
	111	do
	112	test_must_fail git verify-commit --raw $commit 2>actual &&
	113	! grep "GOODSIG" actual &&
	114	! grep "BADSIG" actual &&
	115	echo $commit OK \|\| exit 1
	116	done
	117	) &&
	118	(
	119	for commit in eighth-signed-alt
	120	do
	121	git verify-commit --raw $commit 2>actual &&
	122	grep "GOODSIG" actual &&
	123	! grep "BADSIG" actual &&
	124	grep "TRUST_UNDEFINED" actual &&
	125	echo $commit OK \|\| exit 1
	126	done
	127	)
	128	'
	129
8e92c2cf MG	130	test_expect_success GPG 'show signed commit with signature' '
	131	git show -s initial >commit &&
	132	git show -s --show-signature initial >show &&
	133	git verify-commit -v initial >verify.1 2>verify.2 &&
	134	git cat-file commit initial >cat &&
3f88c1b5 KM	135	grep -v -e "gpg: " -e "Warning: " show >show.commit &&
3f88c1b5 KM	136	grep -e "gpg: " -e "Warning: " show >show.gpg &&
8e92c2cf MG	137	grep -v "^ " cat \| grep -v "^gpgsig " >cat.commit &&
	138	test_cmp show.commit commit &&
	139	test_cmp show.gpg verify.2 &&
	140	test_cmp cat.commit verify.1
	141	'
	142
247503f2	143	test_expect_success GPG 'detect fudged signature' '
526d56e0	144	git cat-file commit seventh-signed >raw &&
2f3cbcd8	145	sed -e "s/^seventh/7th forged/" raw >forged1 &&
247503f2	146	git hash-object -w -t commit forged1 >forged1.commit &&
9dd39821	147	test_must_fail git verify-commit $(cat forged1.commit) &&
247503f2 JH	148	git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
	149	grep "BAD signature from" actual1 &&
	150	! grep "Good signature from" actual1
	151	'
	152
	153	test_expect_success GPG 'detect fudged signature with NUL' '
526d56e0	154	git cat-file commit seventh-signed >raw &&
247503f2 JH	155	cat raw >forged2 &&
	156	echo Qwik \| tr "Q" "\000" >>forged2 &&
	157	git hash-object -w -t commit forged2 >forged2.commit &&
9dd39821	158	test_must_fail git verify-commit $(cat forged2.commit) &&
247503f2 JH	159	git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
	160	grep "BAD signature from" actual2 &&
	161	! grep "Good signature from" actual2
	162	'
	163
c871a1d1 JH	164	test_expect_success GPG 'amending already signed commit' '
	165	git checkout fourth-signed^0 &&
	166	git commit --amend -S --no-edit &&
8e92c2cf	167	git verify-commit HEAD &&
c871a1d1 JH	168	git show -s --show-signature HEAD >actual &&
	169	grep "Good signature from" actual &&
	170	! grep "BAD signature from" actual
	171	'
	172
06ca0f45 JK	173	test_expect_success GPG 'show good signature with custom format' '
	174	cat >expect <<-\EOF &&
	175	G
	176	13B6F51ECDDE430D
	177	C O Mitter <committer@example.com>
3daaaabe	178	73D758744BE721698EC54E8713B6F51ECDDE430D
06ca0f45	179	EOF
3daaaabe	180	git log -1 --format="%G?%n%GK%n%GS%n%GF" sixth-signed >actual &&
06ca0f45 JK	181	test_cmp expect actual
	182	'
	183
	184	test_expect_success GPG 'show bad signature with custom format' '
	185	cat >expect <<-\EOF &&
	186	B
	187	13B6F51ECDDE430D
	188	C O Mitter <committer@example.com>
3daaaabe	189
06ca0f45	190	EOF
3daaaabe	191	git log -1 --format="%G?%n%GK%n%GS%n%GF" $(cat forged1.commit) >actual &&
06ca0f45 JK	192	test_cmp expect actual
	193	'
	194
661a1806	195	test_expect_success GPG 'show untrusted signature with custom format' '
06ca0f45 JK	196	cat >expect <<-\EOF &&
	197	U
	198	61092E85B7227189
	199	Eris Discordia <discord@example.net>
3daaaabe	200	D4BE22311AD3131E5EDA29A461092E85B7227189
06ca0f45	201	EOF
3daaaabe	202	git log -1 --format="%G?%n%GK%n%GS%n%GF" eighth-signed-alt >actual &&
06ca0f45 JK	203	test_cmp expect actual
	204	'
	205
661a1806 MG	206	test_expect_success GPG 'show unknown signature with custom format' '
	207	cat >expect <<-\EOF &&
	208	E
	209	61092E85B7227189
	210
3daaaabe	211
661a1806	212	EOF
3daaaabe	213	GNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GK%n%GS%n%GF" eighth-signed-alt >actual &&
661a1806 MG	214	test_cmp expect actual
	215	'
	216
06ca0f45 JK	217	test_expect_success GPG 'show lack of signature with custom format' '
	218	cat >expect <<-\EOF &&
	219	N
	220
	221
3daaaabe	222
06ca0f45	223	EOF
3daaaabe	224	git log -1 --format="%G?%n%GK%n%GS%n%GF" seventh-unsigned >actual &&
06ca0f45 JK	225	test_cmp expect actual
	226	'
	227
fce04c3c MJ	228	test_expect_success GPG 'log.showsignature behaves like --show-signature' '
	229	test_config log.showsignature true &&
	230	git show initial >actual &&
	231	grep "gpg: Signature made" actual &&
	232	grep "gpg: Good signature" actual
	233	'
	234
1865a647 HS	235	test_expect_success GPG 'check config gpg.format values' '
	236	test_config gpg.format openpgp &&
	237	git commit -S --amend -m "success" &&
	238	test_config gpg.format OpEnPgP &&
	239	test_must_fail git commit -S --amend -m "fail"
	240	'
	241
da6cf1b3 MG	242	test_expect_success GPG 'detect fudged commit with double signature' '
	243	sed -e "/gpgsig/,/END PGP/d" forged1 >double-base &&
	244	sed -n -e "/gpgsig/,/END PGP/p" forged1 \| \
	245	sed -e "s/^gpgsig//;s/^ //" \| gpg --dearmor >double-sig1.sig &&
	246	gpg -o double-sig2.sig -u 29472784 --detach-sign double-base &&
	247	cat double-sig1.sig double-sig2.sig \| gpg --enarmor >double-combined.asc &&
	248	sed -e "s/^\(-.*\)ARMORED FILE/\1SIGNATURE/;1s/^/gpgsig /;2,\$s/^/ /" \
	249	double-combined.asc > double-gpgsig &&
	250	sed -e "/committer/r double-gpgsig" double-base >double-commit &&
	251	git hash-object -w -t commit double-commit >double-commit.commit &&
	252	test_must_fail git verify-commit $(cat double-commit.commit) &&
	253	git show --pretty=short --show-signature $(cat double-commit.commit) >double-actual &&
	254	grep "BAD signature from" double-actual &&
	255	grep "Good signature from" double-actual
	256	'
	257
	258	test_expect_success GPG 'show double signature with custom format' '
	259	cat >expect <<-\EOF &&
	260	E
	261
	262
3daaaabe	263
da6cf1b3	264	EOF
3daaaabe	265	git log -1 --format="%G?%n%GK%n%GS%n%GF" $(cat double-commit.commit) >actual &&
da6cf1b3 MG	266	test_cmp expect actual
	267	'
	268
247503f2	269	test_done