]>
Commit | Line | Data |
---|---|---|
efed0022 SG |
1 | #!/bin/sh |
2 | ||
3 | test_description='merge signature verification tests' | |
4 | . ./test-lib.sh | |
5 | . "$TEST_DIRECTORY/lib-gpg.sh" | |
6 | ||
7 | test_expect_success GPG 'create signed commits' ' | |
8 | echo 1 >file && git add file && | |
9 | test_tick && git commit -m initial && | |
10 | git tag initial && | |
11 | ||
12 | git checkout -b side-signed && | |
13 | echo 3 >elif && git add elif && | |
14 | test_tick && git commit -S -m "signed on side" && | |
15 | git checkout initial && | |
16 | ||
17 | git checkout -b side-unsigned && | |
18 | echo 3 >foo && git add foo && | |
19 | test_tick && git commit -m "unsigned on side" && | |
20 | git checkout initial && | |
21 | ||
22 | git checkout -b side-bad && | |
23 | echo 3 >bar && git add bar && | |
24 | test_tick && git commit -S -m "bad on side" && | |
25 | git cat-file commit side-bad >raw && | |
2f3cbcd8 | 26 | sed -e "s/^bad/forged bad/" raw >forged && |
efed0022 SG |
27 | git hash-object -w -t commit forged >forged.commit && |
28 | git checkout initial && | |
29 | ||
eb307ae7 SG |
30 | git checkout -b side-untrusted && |
31 | echo 3 >baz && git add baz && | |
99094a7a | 32 | test_tick && git commit -SB7227189 -m "untrusted on side" && |
eb307ae7 | 33 | |
efed0022 SG |
34 | git checkout master |
35 | ' | |
36 | ||
37 | test_expect_success GPG 'merge unsigned commit with verification' ' | |
fb2afea3 | 38 | test_when_finished "git reset --hard && git checkout initial" && |
efed0022 SG |
39 | test_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror && |
40 | test_i18ngrep "does not have a GPG signature" mergeerror | |
41 | ' | |
42 | ||
ca779e82 | 43 | test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' ' |
fb2afea3 | 44 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
45 | test_config merge.verifySignatures true && |
46 | test_must_fail git merge --ff-only side-unsigned 2>mergeerror && | |
47 | test_i18ngrep "does not have a GPG signature" mergeerror | |
48 | ' | |
49 | ||
efed0022 | 50 | test_expect_success GPG 'merge commit with bad signature with verification' ' |
fb2afea3 | 51 | test_when_finished "git reset --hard && git checkout initial" && |
efed0022 SG |
52 | test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror && |
53 | test_i18ngrep "has a bad GPG signature" mergeerror | |
54 | ' | |
55 | ||
ca779e82 | 56 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' ' |
fb2afea3 | 57 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
58 | test_config merge.verifySignatures true && |
59 | test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror && | |
60 | test_i18ngrep "has a bad GPG signature" mergeerror | |
61 | ' | |
62 | ||
eb307ae7 | 63 | test_expect_success GPG 'merge commit with untrusted signature with verification' ' |
fb2afea3 | 64 | test_when_finished "git reset --hard && git checkout initial" && |
eb307ae7 SG |
65 | test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror && |
66 | test_i18ngrep "has an untrusted GPG signature" mergeerror | |
67 | ' | |
68 | ||
ca779e82 | 69 | test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' ' |
fb2afea3 | 70 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
71 | test_config merge.verifySignatures true && |
72 | test_must_fail git merge --ff-only side-untrusted 2>mergeerror && | |
73 | test_i18ngrep "has an untrusted GPG signature" mergeerror | |
74 | ' | |
75 | ||
efed0022 | 76 | test_expect_success GPG 'merge signed commit with verification' ' |
fb2afea3 | 77 | test_when_finished "git reset --hard && git checkout initial" && |
efed0022 SG |
78 | git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput && |
79 | test_i18ngrep "has a good GPG signature" mergeoutput | |
80 | ' | |
81 | ||
ca779e82 | 82 | test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' ' |
fb2afea3 | 83 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
84 | test_config merge.verifySignatures true && |
85 | git merge --verbose --ff-only side-signed >mergeoutput && | |
86 | test_i18ngrep "has a good GPG signature" mergeoutput | |
87 | ' | |
88 | ||
efed0022 | 89 | test_expect_success GPG 'merge commit with bad signature without verification' ' |
fb2afea3 | 90 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
91 | git merge $(cat forged.commit) |
92 | ' | |
93 | ||
94 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' ' | |
fb2afea3 | 95 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 | 96 | test_config merge.verifySignatures false && |
efed0022 SG |
97 | git merge $(cat forged.commit) |
98 | ' | |
99 | ||
ca779e82 | 100 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' ' |
fb2afea3 | 101 | test_when_finished "git reset --hard && git checkout initial" && |
ca779e82 HJI |
102 | test_config merge.verifySignatures true && |
103 | git merge --no-verify-signatures $(cat forged.commit) | |
104 | ' | |
105 | ||
7488ba3e JK |
106 | test_expect_success GPG 'merge unsigned commit into unborn branch' ' |
107 | test_when_finished "git checkout initial" && | |
108 | git checkout --orphan unborn && | |
109 | test_must_fail git merge --verify-signatures side-unsigned 2>mergeerror && | |
110 | test_i18ngrep "does not have a GPG signature" mergeerror | |
111 | ' | |
112 | ||
efed0022 | 113 | test_done |