]>
Commit | Line | Data |
---|---|---|
efed0022 SG |
1 | #!/bin/sh |
2 | ||
3 | test_description='merge signature verification tests' | |
1e2ae142 | 4 | GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main |
334afbc7 JS |
5 | export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME |
6 | ||
b2e5d75d | 7 | TEST_PASSES_SANITIZE_LEAK=true |
efed0022 SG |
8 | . ./test-lib.sh |
9 | . "$TEST_DIRECTORY/lib-gpg.sh" | |
10 | ||
11 | test_expect_success GPG 'create signed commits' ' | |
12 | echo 1 >file && git add file && | |
13 | test_tick && git commit -m initial && | |
14 | git tag initial && | |
15 | ||
16 | git checkout -b side-signed && | |
17 | echo 3 >elif && git add elif && | |
18 | test_tick && git commit -S -m "signed on side" && | |
19 | git checkout initial && | |
20 | ||
21 | git checkout -b side-unsigned && | |
22 | echo 3 >foo && git add foo && | |
23 | test_tick && git commit -m "unsigned on side" && | |
24 | git checkout initial && | |
25 | ||
26 | git checkout -b side-bad && | |
27 | echo 3 >bar && git add bar && | |
28 | test_tick && git commit -S -m "bad on side" && | |
29 | git cat-file commit side-bad >raw && | |
2f3cbcd8 | 30 | sed -e "s/^bad/forged bad/" raw >forged && |
efed0022 SG |
31 | git hash-object -w -t commit forged >forged.commit && |
32 | git checkout initial && | |
33 | ||
eb307ae7 SG |
34 | git checkout -b side-untrusted && |
35 | echo 3 >baz && git add baz && | |
99094a7a | 36 | test_tick && git commit -SB7227189 -m "untrusted on side" && |
eb307ae7 | 37 | |
1e2ae142 | 38 | git checkout main |
efed0022 SG |
39 | ' |
40 | ||
41 | test_expect_success GPG 'merge unsigned commit with verification' ' | |
fb2afea3 | 42 | test_when_finished "git reset --hard && git checkout initial" && |
efed0022 | 43 | test_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror && |
6789275d | 44 | test_grep "does not have a GPG signature" mergeerror |
efed0022 SG |
45 | ' |
46 | ||
ca779e82 | 47 | test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' ' |
fb2afea3 | 48 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
49 | test_config merge.verifySignatures true && |
50 | test_must_fail git merge --ff-only side-unsigned 2>mergeerror && | |
6789275d | 51 | test_grep "does not have a GPG signature" mergeerror |
ca779e82 HJI |
52 | ' |
53 | ||
efed0022 | 54 | test_expect_success GPG 'merge commit with bad signature with verification' ' |
fb2afea3 | 55 | test_when_finished "git reset --hard && git checkout initial" && |
efed0022 | 56 | test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror && |
6789275d | 57 | test_grep "has a bad GPG signature" mergeerror |
efed0022 SG |
58 | ' |
59 | ||
ca779e82 | 60 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' ' |
fb2afea3 | 61 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
62 | test_config merge.verifySignatures true && |
63 | test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror && | |
6789275d | 64 | test_grep "has a bad GPG signature" mergeerror |
ca779e82 HJI |
65 | ' |
66 | ||
eb307ae7 | 67 | test_expect_success GPG 'merge commit with untrusted signature with verification' ' |
fb2afea3 | 68 | test_when_finished "git reset --hard && git checkout initial" && |
eb307ae7 | 69 | test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror && |
6789275d | 70 | test_grep "has an untrusted GPG signature" mergeerror |
eb307ae7 SG |
71 | ' |
72 | ||
54887b46 HJI |
73 | test_expect_success GPG 'merge commit with untrusted signature with verification and high minTrustLevel' ' |
74 | test_when_finished "git reset --hard && git checkout initial" && | |
75 | test_config gpg.minTrustLevel marginal && | |
76 | test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror && | |
6789275d | 77 | test_grep "has an untrusted GPG signature" mergeerror |
54887b46 HJI |
78 | ' |
79 | ||
80 | test_expect_success GPG 'merge commit with untrusted signature with verification and low minTrustLevel' ' | |
81 | test_when_finished "git reset --hard && git checkout initial" && | |
82 | test_config gpg.minTrustLevel undefined && | |
83 | git merge --ff-only --verify-signatures side-untrusted >mergeoutput && | |
6789275d | 84 | test_grep "has a good GPG signature" mergeoutput |
54887b46 HJI |
85 | ' |
86 | ||
ca779e82 | 87 | test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' ' |
fb2afea3 | 88 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
89 | test_config merge.verifySignatures true && |
90 | test_must_fail git merge --ff-only side-untrusted 2>mergeerror && | |
6789275d | 91 | test_grep "has an untrusted GPG signature" mergeerror |
ca779e82 HJI |
92 | ' |
93 | ||
54887b46 HJI |
94 | test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true and minTrustLevel' ' |
95 | test_when_finished "git reset --hard && git checkout initial" && | |
96 | test_config merge.verifySignatures true && | |
97 | test_config gpg.minTrustLevel marginal && | |
98 | test_must_fail git merge --ff-only side-untrusted 2>mergeerror && | |
6789275d | 99 | test_grep "has an untrusted GPG signature" mergeerror |
54887b46 HJI |
100 | ' |
101 | ||
efed0022 | 102 | test_expect_success GPG 'merge signed commit with verification' ' |
fb2afea3 | 103 | test_when_finished "git reset --hard && git checkout initial" && |
efed0022 | 104 | git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput && |
6789275d | 105 | test_grep "has a good GPG signature" mergeoutput |
efed0022 SG |
106 | ' |
107 | ||
ca779e82 | 108 | test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' ' |
fb2afea3 | 109 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
110 | test_config merge.verifySignatures true && |
111 | git merge --verbose --ff-only side-signed >mergeoutput && | |
6789275d | 112 | test_grep "has a good GPG signature" mergeoutput |
ca779e82 HJI |
113 | ' |
114 | ||
efed0022 | 115 | test_expect_success GPG 'merge commit with bad signature without verification' ' |
fb2afea3 | 116 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
117 | git merge $(cat forged.commit) |
118 | ' | |
119 | ||
120 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' ' | |
fb2afea3 | 121 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 | 122 | test_config merge.verifySignatures false && |
efed0022 SG |
123 | git merge $(cat forged.commit) |
124 | ' | |
125 | ||
ca779e82 | 126 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' ' |
fb2afea3 | 127 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
128 | test_config merge.verifySignatures true && |
129 | git merge --no-verify-signatures $(cat forged.commit) | |
130 | ' | |
131 | ||
7488ba3e JK |
132 | test_expect_success GPG 'merge unsigned commit into unborn branch' ' |
133 | test_when_finished "git checkout initial" && | |
134 | git checkout --orphan unborn && | |
135 | test_must_fail git merge --verify-signatures side-unsigned 2>mergeerror && | |
6789275d | 136 | test_grep "does not have a GPG signature" mergeerror |
7488ba3e JK |
137 | ' |
138 | ||
efed0022 | 139 | test_done |