]>
Commit | Line | Data |
---|---|---|
7f8ca20a HJI |
1 | #!/bin/sh |
2 | ||
3 | test_description='pull signature verification tests' | |
b2e5d75d ÆAB |
4 | |
5 | TEST_PASSES_SANITIZE_LEAK=true | |
7f8ca20a HJI |
6 | . ./test-lib.sh |
7 | . "$TEST_DIRECTORY/lib-gpg.sh" | |
8 | ||
9 | test_expect_success GPG 'create repositories with signed commits' ' | |
10 | echo 1 >a && git add a && | |
11 | test_tick && git commit -m initial && | |
12 | git tag initial && | |
13 | ||
14 | git clone . signed && | |
15 | ( | |
16 | cd signed && | |
17 | echo 2 >b && git add b && | |
18 | test_tick && git commit -S -m "signed" | |
19 | ) && | |
20 | ||
21 | git clone . unsigned && | |
22 | ( | |
23 | cd unsigned && | |
24 | echo 3 >c && git add c && | |
25 | test_tick && git commit -m "unsigned" | |
26 | ) && | |
27 | ||
28 | git clone . bad && | |
29 | ( | |
30 | cd bad && | |
31 | echo 4 >d && git add d && | |
32 | test_tick && git commit -S -m "bad" && | |
33 | git cat-file commit HEAD >raw && | |
2f3cbcd8 | 34 | sed -e "s/^bad/forged bad/" raw >forged && |
7f8ca20a HJI |
35 | git hash-object -w -t commit forged >forged.commit && |
36 | git checkout $(cat forged.commit) | |
37 | ) && | |
38 | ||
39 | git clone . untrusted && | |
40 | ( | |
41 | cd untrusted && | |
42 | echo 5 >e && git add e && | |
43 | test_tick && git commit -SB7227189 -m "untrusted" | |
44 | ) | |
45 | ' | |
46 | ||
47 | test_expect_success GPG 'pull unsigned commit with --verify-signatures' ' | |
fb2afea3 | 48 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a | 49 | test_must_fail git pull --ff-only --verify-signatures unsigned 2>pullerror && |
6789275d | 50 | test_grep "does not have a GPG signature" pullerror |
7f8ca20a HJI |
51 | ' |
52 | ||
53 | test_expect_success GPG 'pull commit with bad signature with --verify-signatures' ' | |
fb2afea3 | 54 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a | 55 | test_must_fail git pull --ff-only --verify-signatures bad 2>pullerror && |
6789275d | 56 | test_grep "has a bad GPG signature" pullerror |
7f8ca20a HJI |
57 | ' |
58 | ||
59 | test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures' ' | |
fb2afea3 | 60 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a | 61 | test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror && |
6789275d | 62 | test_grep "has an untrusted GPG signature" pullerror |
7f8ca20a HJI |
63 | ' |
64 | ||
54887b46 HJI |
65 | test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures and minTrustLevel=ultimate' ' |
66 | test_when_finished "git reset --hard && git checkout initial" && | |
67 | test_config gpg.minTrustLevel ultimate && | |
68 | test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror && | |
6789275d | 69 | test_grep "has an untrusted GPG signature" pullerror |
54887b46 HJI |
70 | ' |
71 | ||
72 | test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures and minTrustLevel=marginal' ' | |
73 | test_when_finished "git reset --hard && git checkout initial" && | |
74 | test_config gpg.minTrustLevel marginal && | |
75 | test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror && | |
6789275d | 76 | test_grep "has an untrusted GPG signature" pullerror |
54887b46 HJI |
77 | ' |
78 | ||
79 | test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures and minTrustLevel=undefined' ' | |
80 | test_when_finished "git reset --hard && git checkout initial" && | |
81 | test_config gpg.minTrustLevel undefined && | |
82 | git pull --ff-only --verify-signatures untrusted >pulloutput && | |
6789275d | 83 | test_grep "has a good GPG signature" pulloutput |
54887b46 HJI |
84 | ' |
85 | ||
7f8ca20a | 86 | test_expect_success GPG 'pull signed commit with --verify-signatures' ' |
fb2afea3 | 87 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a | 88 | git pull --verify-signatures signed >pulloutput && |
6789275d | 89 | test_grep "has a good GPG signature" pulloutput |
7f8ca20a HJI |
90 | ' |
91 | ||
92 | test_expect_success GPG 'pull commit with bad signature without verification' ' | |
fb2afea3 | 93 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a HJI |
94 | git pull --ff-only bad 2>pullerror |
95 | ' | |
96 | ||
97 | test_expect_success GPG 'pull commit with bad signature with --no-verify-signatures' ' | |
fb2afea3 | 98 | test_when_finished "git reset --hard && git checkout initial" && |
7f8ca20a HJI |
99 | test_config merge.verifySignatures true && |
100 | test_config pull.verifySignatures true && | |
101 | git pull --ff-only --no-verify-signatures bad 2>pullerror | |
102 | ' | |
103 | ||
01a31f3b | 104 | test_expect_success GPG 'pull unsigned commit into unborn branch' ' |
54887b46 | 105 | test_when_finished "rm -rf empty-repo" && |
01a31f3b JK |
106 | git init empty-repo && |
107 | test_must_fail \ | |
108 | git -C empty-repo pull --verify-signatures .. 2>pullerror && | |
6789275d | 109 | test_grep "does not have a GPG signature" pullerror |
01a31f3b JK |
110 | ' |
111 | ||
54887b46 HJI |
112 | test_expect_success GPG 'pull commit into unborn branch with bad signature and --verify-signatures' ' |
113 | test_when_finished "rm -rf empty-repo" && | |
114 | git init empty-repo && | |
115 | test_must_fail \ | |
116 | git -C empty-repo pull --ff-only --verify-signatures ../bad 2>pullerror && | |
6789275d | 117 | test_grep "has a bad GPG signature" pullerror |
54887b46 HJI |
118 | ' |
119 | ||
120 | test_expect_success GPG 'pull commit into unborn branch with untrusted signature and --verify-signatures' ' | |
121 | test_when_finished "rm -rf empty-repo" && | |
122 | git init empty-repo && | |
123 | test_must_fail \ | |
124 | git -C empty-repo pull --ff-only --verify-signatures ../untrusted 2>pullerror && | |
6789275d | 125 | test_grep "has an untrusted GPG signature" pullerror |
54887b46 HJI |
126 | ' |
127 | ||
128 | test_expect_success GPG 'pull commit into unborn branch with untrusted signature and --verify-signatures and minTrustLevel=ultimate' ' | |
129 | test_when_finished "rm -rf empty-repo" && | |
130 | git init empty-repo && | |
131 | test_config_global gpg.minTrustLevel ultimate && | |
132 | test_must_fail \ | |
133 | git -C empty-repo pull --ff-only --verify-signatures ../untrusted 2>pullerror && | |
6789275d | 134 | test_grep "has an untrusted GPG signature" pullerror |
54887b46 HJI |
135 | ' |
136 | ||
137 | test_expect_success GPG 'pull commit into unborn branch with untrusted signature and --verify-signatures and minTrustLevel=marginal' ' | |
138 | test_when_finished "rm -rf empty-repo" && | |
139 | git init empty-repo && | |
140 | test_config_global gpg.minTrustLevel marginal && | |
141 | test_must_fail \ | |
142 | git -C empty-repo pull --ff-only --verify-signatures ../untrusted 2>pullerror && | |
6789275d | 143 | test_grep "has an untrusted GPG signature" pullerror |
54887b46 HJI |
144 | ' |
145 | ||
146 | test_expect_success GPG 'pull commit into unborn branch with untrusted signature and --verify-signatures and minTrustLevel=undefined' ' | |
147 | test_when_finished "rm -rf empty-repo" && | |
148 | git init empty-repo && | |
149 | test_config_global gpg.minTrustLevel undefined && | |
150 | git -C empty-repo pull --ff-only --verify-signatures ../untrusted >pulloutput && | |
6789275d | 151 | test_grep "has a good GPG signature" pulloutput |
54887b46 HJI |
152 | ' |
153 | ||
7f8ca20a | 154 | test_done |