t/t7510-signed-commit.sh

   1 #!/bin/sh
   2
   3 test_description='signed commit tests'
   4 . ./test-lib.sh
   5 GNUPGHOME_NOT_USED=$GNUPGHOME
   6 . "$TEST_DIRECTORY/lib-gpg.sh"
   7
   8 test_expect_success GPG 'create signed commits' '
   9         test_when_finished "test_unconfig commit.gpgsign" &&
  10
  11         echo 1 >file && git add file &&
  12         test_tick && git commit -S -m initial &&
  13         git tag initial &&
  14         git branch side &&
  15
  16         echo 2 >file && test_tick && git commit -a -S -m second &&
  17         git tag second &&
  18
  19         git checkout side &&
  20         echo 3 >elif && git add elif &&
  21         test_tick && git commit -m "third on side" &&
  22
  23         git checkout master &&
  24         test_tick && git merge -S side &&
  25         git tag merge &&
  26
  27         echo 4 >file && test_tick && git commit -a -m "fourth unsigned" &&
  28         git tag fourth-unsigned &&
  29
  30         test_tick && git commit --amend -S -m "fourth signed" &&
  31         git tag fourth-signed &&
  32
  33         git config commit.gpgsign true &&
  34         echo 5 >file && test_tick && git commit -a -m "fifth signed" &&
  35         git tag fifth-signed &&
  36
  37         git config commit.gpgsign false &&
  38         echo 6 >file && test_tick && git commit -a -m "sixth" &&
  39         git tag sixth-unsigned &&
  40
  41         git config commit.gpgsign true &&
  42         echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&
  43         git tag seventh-unsigned &&
  44
  45         test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
  46         git tag seventh-signed &&
  47
  48         echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 &&
  49         git tag eighth-signed-alt &&
  50
  51         # commit.gpgsign is still on but this must not be signed
  52         echo 9 | git commit-tree HEAD^{tree} >oid &&
  53         test_line_count = 1 oid &&
  54         git tag ninth-unsigned $(cat oid) &&
  55         # explicit -S of course must sign.
  56         echo 10 | git commit-tree -S HEAD^{tree} >oid &&
  57         test_line_count = 1 oid &&
  58         git tag tenth-signed $(cat oid) &&
  59
  60         # --gpg-sign[=<key-id>] must sign.
  61         echo 11 | git commit-tree --gpg-sign HEAD^{tree} >oid &&
  62         test_line_count = 1 oid &&
  63         git tag eleventh-signed $(cat oid) &&
  64         echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
  65         test_line_count = 1 oid &&
  66         git tag twelfth-signed-alt $(cat oid)
  67 '
  68
  69 test_expect_success GPG 'verify and show signatures' '
  70         (
  71                 for commit in initial second merge fourth-signed \
  72                         fifth-signed sixth-signed seventh-signed tenth-signed \
  73                         eleventh-signed
  74                 do
  75                         git verify-commit $commit &&
  76                         git show --pretty=short --show-signature $commit >actual &&
  77                         grep "Good signature from" actual &&
  78                         ! grep "BAD signature from" actual &&
  79                         echo $commit OK || exit 1
  80                 done
  81         ) &&
  82         (
  83                 for commit in merge^2 fourth-unsigned sixth-unsigned \
  84                         seventh-unsigned ninth-unsigned
  85                 do
  86                         test_must_fail git verify-commit $commit &&
  87                         git show --pretty=short --show-signature $commit >actual &&
  88                         ! grep "Good signature from" actual &&
  89                         ! grep "BAD signature from" actual &&
  90                         echo $commit OK || exit 1
  91                 done
  92         ) &&
  93         (
  94                 for commit in eighth-signed-alt twelfth-signed-alt
  95                 do
  96                         git show --pretty=short --show-signature $commit >actual &&
  97                         grep "Good signature from" actual &&
  98                         ! grep "BAD signature from" actual &&
  99                         grep "not certified" actual &&
 100                         echo $commit OK || exit 1
 101                 done
 102         )
 103 '
 104
 105 test_expect_success GPG 'verify-commit exits success on untrusted signature' '
 106         git verify-commit eighth-signed-alt 2>actual &&
 107         grep "Good signature from" actual &&
 108         ! grep "BAD signature from" actual &&
 109         grep "not certified" actual
 110 '
 111
 112 test_expect_success GPG 'verify-commit exits success with matching minTrustLevel' '
 113         test_config gpg.minTrustLevel ultimate &&
 114         git verify-commit sixth-signed
 115 '
 116
 117 test_expect_success GPG 'verify-commit exits success with low minTrustLevel' '
 118         test_config gpg.minTrustLevel fully &&
 119         git verify-commit sixth-signed
 120 '
 121
 122 test_expect_success GPG 'verify-commit exits failure with high minTrustLevel' '
 123         test_config gpg.minTrustLevel ultimate &&
 124         test_must_fail git verify-commit eighth-signed-alt
 125 '
 126
 127 test_expect_success GPG 'verify signatures with --raw' '
 128         (
 129                 for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
 130                 do
 131                         git verify-commit --raw $commit 2>actual &&
 132                         grep "GOODSIG" actual &&
 133                         ! grep "BADSIG" actual &&
 134                         echo $commit OK || exit 1
 135                 done
 136         ) &&
 137         (
 138                 for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
 139                 do
 140                         test_must_fail git verify-commit --raw $commit 2>actual &&
 141                         ! grep "GOODSIG" actual &&
 142                         ! grep "BADSIG" actual &&
 143                         echo $commit OK || exit 1
 144                 done
 145         ) &&
 146         (
 147                 for commit in eighth-signed-alt
 148                 do
 149                         git verify-commit --raw $commit 2>actual &&
 150                         grep "GOODSIG" actual &&
 151                         ! grep "BADSIG" actual &&
 152                         grep "TRUST_UNDEFINED" actual &&
 153                         echo $commit OK || exit 1
 154                 done
 155         )
 156 '
 157
 158 test_expect_success GPG 'show signed commit with signature' '
 159         git show -s initial >commit &&
 160         git show -s --show-signature initial >show &&
 161         git verify-commit -v initial >verify.1 2>verify.2 &&
 162         git cat-file commit initial >cat &&
 163         grep -v -e "gpg: " -e "Warning: " show >show.commit &&
 164         grep -e "gpg: " -e "Warning: " show >show.gpg &&
 165         grep -v "^ " cat | grep -v "^gpgsig " >cat.commit &&
 166         test_cmp show.commit commit &&
 167         test_cmp show.gpg verify.2 &&
 168         test_cmp cat.commit verify.1
 169 '
 170
 171 test_expect_success GPG 'detect fudged signature' '
 172         git cat-file commit seventh-signed >raw &&
 173         sed -e "s/^seventh/7th forged/" raw >forged1 &&
 174         git hash-object -w -t commit forged1 >forged1.commit &&
 175         test_must_fail git verify-commit $(cat forged1.commit) &&
 176         git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
 177         grep "BAD signature from" actual1 &&
 178         ! grep "Good signature from" actual1
 179 '
 180
 181 test_expect_success GPG 'detect fudged signature with NUL' '
 182         git cat-file commit seventh-signed >raw &&
 183         cat raw >forged2 &&
 184         echo Qwik | tr "Q" "\000" >>forged2 &&
 185         git hash-object -w -t commit forged2 >forged2.commit &&
 186         test_must_fail git verify-commit $(cat forged2.commit) &&
 187         git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
 188         grep "BAD signature from" actual2 &&
 189         ! grep "Good signature from" actual2
 190 '
 191
 192 test_expect_success GPG 'amending already signed commit' '
 193         git checkout fourth-signed^0 &&
 194         git commit --amend -S --no-edit &&
 195         git verify-commit HEAD &&
 196         git show -s --show-signature HEAD >actual &&
 197         grep "Good signature from" actual &&
 198         ! grep "BAD signature from" actual
 199 '
 200
 201 test_expect_success GPG 'show good signature with custom format' '
 202         cat >expect <<-\EOF &&
 203         G
 204         13B6F51ECDDE430D
 205         C O Mitter <committer@example.com>
 206         73D758744BE721698EC54E8713B6F51ECDDE430D
 207         73D758744BE721698EC54E8713B6F51ECDDE430D
 208         EOF
 209         git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual &&
 210         test_cmp expect actual
 211 '
 212
 213 test_expect_success GPG 'show bad signature with custom format' '
 214         cat >expect <<-\EOF &&
 215         B
 216         13B6F51ECDDE430D
 217         C O Mitter <committer@example.com>
 218
 219
 220         EOF
 221         git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat forged1.commit) >actual &&
 222         test_cmp expect actual
 223 '
 224
 225 test_expect_success GPG 'show untrusted signature with custom format' '
 226         cat >expect <<-\EOF &&
 227         U
 228         65A0EEA02E30CAD7
 229         Eris Discordia <discord@example.net>
 230         F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
 231         D4BE22311AD3131E5EDA29A461092E85B7227189
 232         EOF
 233         git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
 234         test_cmp expect actual
 235 '
 236
 237 test_expect_success GPG 'show untrusted signature with undefined trust level' '
 238         cat >expect <<-\EOF &&
 239         undefined
 240         65A0EEA02E30CAD7
 241         Eris Discordia <discord@example.net>
 242         F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
 243         D4BE22311AD3131E5EDA29A461092E85B7227189
 244         EOF
 245         git log -1 --format="%GT%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
 246         test_cmp expect actual
 247 '
 248
 249 test_expect_success GPG 'show untrusted signature with ultimate trust level' '
 250         cat >expect <<-\EOF &&
 251         ultimate
 252         13B6F51ECDDE430D
 253         C O Mitter <committer@example.com>
 254         73D758744BE721698EC54E8713B6F51ECDDE430D
 255         73D758744BE721698EC54E8713B6F51ECDDE430D
 256         EOF
 257         git log -1 --format="%GT%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual &&
 258         test_cmp expect actual
 259 '
 260
 261 test_expect_success GPG 'show unknown signature with custom format' '
 262         cat >expect <<-\EOF &&
 263         E
 264         65A0EEA02E30CAD7
 265
 266
 267
 268         EOF
 269         GNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
 270         test_cmp expect actual
 271 '
 272
 273 test_expect_success GPG 'show lack of signature with custom format' '
 274         cat >expect <<-\EOF &&
 275         N
 276
 277
 278
 279
 280         EOF
 281         git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" seventh-unsigned >actual &&
 282         test_cmp expect actual
 283 '
 284
 285 test_expect_success GPG 'log.showsignature behaves like --show-signature' '
 286         test_config log.showsignature true &&
 287         git show initial >actual &&
 288         grep "gpg: Signature made" actual &&
 289         grep "gpg: Good signature" actual
 290 '
 291
 292 test_expect_success GPG 'check config gpg.format values' '
 293         test_config gpg.format openpgp &&
 294         git commit -S --amend -m "success" &&
 295         test_config gpg.format OpEnPgP &&
 296         test_must_fail git commit -S --amend -m "fail"
 297 '
 298
 299 test_expect_success GPG 'detect fudged commit with double signature' '
 300         sed -e "/gpgsig/,/END PGP/d" forged1 >double-base &&
 301         sed -n -e "/gpgsig/,/END PGP/p" forged1 | \
 302                 sed -e "s/^gpgsig//;s/^ //" | gpg --dearmor >double-sig1.sig &&
 303         gpg -o double-sig2.sig -u 29472784 --detach-sign double-base &&
 304         cat double-sig1.sig double-sig2.sig | gpg --enarmor >double-combined.asc &&
 305         sed -e "s/^\(-.*\)ARMORED FILE/\1SIGNATURE/;1s/^/gpgsig /;2,\$s/^/ /" \
 306                 double-combined.asc > double-gpgsig &&
 307         sed -e "/committer/r double-gpgsig" double-base >double-commit &&
 308         git hash-object -w -t commit double-commit >double-commit.commit &&
 309         test_must_fail git verify-commit $(cat double-commit.commit) &&
 310         git show --pretty=short --show-signature $(cat double-commit.commit) >double-actual &&
 311         grep "BAD signature from" double-actual &&
 312         grep "Good signature from" double-actual
 313 '
 314
 315 test_expect_success GPG 'show double signature with custom format' '
 316         cat >expect <<-\EOF &&
 317         E
 318
 319
 320
 321
 322         EOF
 323         git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat double-commit.commit) >actual &&
 324         test_cmp expect actual
 325 '
 326
 327 test_done