]>
Commit | Line | Data |
---|---|---|
247503f2 JH |
1 | #!/bin/sh |
2 | ||
3 | test_description='signed commit tests' | |
1e2ae142 | 4 | GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main |
334afbc7 JS |
5 | export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME |
6 | ||
247503f2 | 7 | . ./test-lib.sh |
661a1806 | 8 | GNUPGHOME_NOT_USED=$GNUPGHOME |
247503f2 JH |
9 | . "$TEST_DIRECTORY/lib-gpg.sh" |
10 | ||
11 | test_expect_success GPG 'create signed commits' ' | |
42d4e1d1 | 12 | test_oid_cache <<-\EOF && |
13 | header sha1:gpgsig | |
14 | header sha256:gpgsig-sha256 | |
15 | EOF | |
16 | ||
4b8d14b4 NV |
17 | test_when_finished "test_unconfig commit.gpgsign" && |
18 | ||
247503f2 JH |
19 | echo 1 >file && git add file && |
20 | test_tick && git commit -S -m initial && | |
21 | git tag initial && | |
22 | git branch side && | |
23 | ||
24 | echo 2 >file && test_tick && git commit -a -S -m second && | |
25 | git tag second && | |
26 | ||
27 | git checkout side && | |
28 | echo 3 >elif && git add elif && | |
29 | test_tick && git commit -m "third on side" && | |
30 | ||
1e2ae142 | 31 | git checkout main && |
247503f2 JH |
32 | test_tick && git merge -S side && |
33 | git tag merge && | |
34 | ||
35 | echo 4 >file && test_tick && git commit -a -m "fourth unsigned" && | |
36 | git tag fourth-unsigned && | |
37 | ||
c871a1d1 | 38 | test_tick && git commit --amend -S -m "fourth signed" && |
4b8d14b4 NV |
39 | git tag fourth-signed && |
40 | ||
41 | git config commit.gpgsign true && | |
42 | echo 5 >file && test_tick && git commit -a -m "fifth signed" && | |
43 | git tag fifth-signed && | |
44 | ||
45 | git config commit.gpgsign false && | |
46 | echo 6 >file && test_tick && git commit -a -m "sixth" && | |
47 | git tag sixth-unsigned && | |
48 | ||
49 | git config commit.gpgsign true && | |
50 | echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign && | |
51 | git tag seventh-unsigned && | |
52 | ||
53 | test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ && | |
99094a7a | 54 | git tag seventh-signed && |
4baf839f JK |
55 | |
56 | echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 && | |
66948561 JH |
57 | git tag eighth-signed-alt && |
58 | ||
59 | # commit.gpgsign is still on but this must not be signed | |
41a74bd0 MÅ |
60 | echo 9 | git commit-tree HEAD^{tree} >oid && |
61 | test_line_count = 1 oid && | |
62 | git tag ninth-unsigned $(cat oid) && | |
66948561 | 63 | # explicit -S of course must sign. |
41a74bd0 MÅ |
64 | echo 10 | git commit-tree -S HEAD^{tree} >oid && |
65 | test_line_count = 1 oid && | |
70ddbd77 BR |
66 | git tag tenth-signed $(cat oid) && |
67 | ||
68 | # --gpg-sign[=<key-id>] must sign. | |
69 | echo 11 | git commit-tree --gpg-sign HEAD^{tree} >oid && | |
70 | test_line_count = 1 oid && | |
71 | git tag eleventh-signed $(cat oid) && | |
72 | echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid && | |
73 | test_line_count = 1 oid && | |
0517f591 | 74 | git tag twelfth-signed-alt $(cat oid) |
247503f2 JH |
75 | ' |
76 | ||
8e92c2cf | 77 | test_expect_success GPG 'verify and show signatures' ' |
247503f2 | 78 | ( |
66948561 | 79 | for commit in initial second merge fourth-signed \ |
70ddbd77 BR |
80 | fifth-signed sixth-signed seventh-signed tenth-signed \ |
81 | eleventh-signed | |
247503f2 | 82 | do |
8e92c2cf | 83 | git verify-commit $commit && |
247503f2 | 84 | git show --pretty=short --show-signature $commit >actual && |
7b1732c1 MG |
85 | grep "Good signature from" actual && |
86 | ! grep "BAD signature from" actual && | |
87 | echo $commit OK || exit 1 | |
247503f2 JH |
88 | done |
89 | ) && | |
90 | ( | |
66948561 JH |
91 | for commit in merge^2 fourth-unsigned sixth-unsigned \ |
92 | seventh-unsigned ninth-unsigned | |
247503f2 | 93 | do |
8e92c2cf | 94 | test_must_fail git verify-commit $commit && |
247503f2 | 95 | git show --pretty=short --show-signature $commit >actual && |
7b1732c1 MG |
96 | ! grep "Good signature from" actual && |
97 | ! grep "BAD signature from" actual && | |
98 | echo $commit OK || exit 1 | |
4baf839f JK |
99 | done |
100 | ) && | |
101 | ( | |
70ddbd77 | 102 | for commit in eighth-signed-alt twelfth-signed-alt |
4baf839f JK |
103 | do |
104 | git show --pretty=short --show-signature $commit >actual && | |
105 | grep "Good signature from" actual && | |
106 | ! grep "BAD signature from" actual && | |
107 | grep "not certified" actual && | |
108 | echo $commit OK || exit 1 | |
247503f2 JH |
109 | done |
110 | ) | |
111 | ' | |
112 | ||
1bfb57f6 | 113 | test_expect_success GPG 'verify-commit exits failure on unknown signature' ' |
0517f591 | 114 | test_must_fail env GNUPGHOME="$GNUPGHOME_NOT_USED" git verify-commit initial 2>actual && |
1bfb57f6 FS |
115 | ! grep "Good signature from" actual && |
116 | ! grep "BAD signature from" actual && | |
117 | grep -q -F -e "No public key" -e "public key not found" actual | |
118 | ' | |
119 | ||
434060ec | 120 | test_expect_success GPG 'verify-commit exits success on untrusted signature' ' |
8e98e5f2 | 121 | git verify-commit eighth-signed-alt 2>actual && |
122 | grep "Good signature from" actual && | |
123 | ! grep "BAD signature from" actual && | |
124 | grep "not certified" actual | |
125 | ' | |
126 | ||
54887b46 HJI |
127 | test_expect_success GPG 'verify-commit exits success with matching minTrustLevel' ' |
128 | test_config gpg.minTrustLevel ultimate && | |
129 | git verify-commit sixth-signed | |
130 | ' | |
131 | ||
132 | test_expect_success GPG 'verify-commit exits success with low minTrustLevel' ' | |
133 | test_config gpg.minTrustLevel fully && | |
134 | git verify-commit sixth-signed | |
135 | ' | |
136 | ||
137 | test_expect_success GPG 'verify-commit exits failure with high minTrustLevel' ' | |
138 | test_config gpg.minTrustLevel ultimate && | |
139 | test_must_fail git verify-commit eighth-signed-alt | |
140 | ' | |
141 | ||
aeff29dd | 142 | test_expect_success GPG 'verify signatures with --raw' ' |
143 | ( | |
144 | for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed | |
145 | do | |
146 | git verify-commit --raw $commit 2>actual && | |
147 | grep "GOODSIG" actual && | |
148 | ! grep "BADSIG" actual && | |
149 | echo $commit OK || exit 1 | |
150 | done | |
151 | ) && | |
152 | ( | |
153 | for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned | |
154 | do | |
155 | test_must_fail git verify-commit --raw $commit 2>actual && | |
156 | ! grep "GOODSIG" actual && | |
157 | ! grep "BADSIG" actual && | |
158 | echo $commit OK || exit 1 | |
159 | done | |
160 | ) && | |
161 | ( | |
162 | for commit in eighth-signed-alt | |
163 | do | |
164 | git verify-commit --raw $commit 2>actual && | |
165 | grep "GOODSIG" actual && | |
166 | ! grep "BADSIG" actual && | |
167 | grep "TRUST_UNDEFINED" actual && | |
168 | echo $commit OK || exit 1 | |
169 | done | |
170 | ) | |
171 | ' | |
172 | ||
42d4e1d1 | 173 | test_expect_success GPG 'proper header is used for hash algorithm' ' |
174 | git cat-file commit fourth-signed >output && | |
175 | grep "^$(test_oid header) -----BEGIN PGP SIGNATURE-----" output | |
176 | ' | |
177 | ||
8e92c2cf MG |
178 | test_expect_success GPG 'show signed commit with signature' ' |
179 | git show -s initial >commit && | |
180 | git show -s --show-signature initial >show && | |
181 | git verify-commit -v initial >verify.1 2>verify.2 && | |
182 | git cat-file commit initial >cat && | |
3f88c1b5 KM |
183 | grep -v -e "gpg: " -e "Warning: " show >show.commit && |
184 | grep -e "gpg: " -e "Warning: " show >show.gpg && | |
1fb5cf0d | 185 | grep -v "^ " cat | grep -v "^gpgsig.* " >cat.commit && |
8e92c2cf MG |
186 | test_cmp show.commit commit && |
187 | test_cmp show.gpg verify.2 && | |
188 | test_cmp cat.commit verify.1 | |
189 | ' | |
190 | ||
247503f2 | 191 | test_expect_success GPG 'detect fudged signature' ' |
526d56e0 | 192 | git cat-file commit seventh-signed >raw && |
2f3cbcd8 | 193 | sed -e "s/^seventh/7th forged/" raw >forged1 && |
247503f2 | 194 | git hash-object -w -t commit forged1 >forged1.commit && |
9dd39821 | 195 | test_must_fail git verify-commit $(cat forged1.commit) && |
247503f2 JH |
196 | git show --pretty=short --show-signature $(cat forged1.commit) >actual1 && |
197 | grep "BAD signature from" actual1 && | |
198 | ! grep "Good signature from" actual1 | |
199 | ' | |
200 | ||
201 | test_expect_success GPG 'detect fudged signature with NUL' ' | |
526d56e0 | 202 | git cat-file commit seventh-signed >raw && |
247503f2 JH |
203 | cat raw >forged2 && |
204 | echo Qwik | tr "Q" "\000" >>forged2 && | |
34959d80 | 205 | git hash-object --literally -w -t commit forged2 >forged2.commit && |
9dd39821 | 206 | test_must_fail git verify-commit $(cat forged2.commit) && |
247503f2 JH |
207 | git show --pretty=short --show-signature $(cat forged2.commit) >actual2 && |
208 | grep "BAD signature from" actual2 && | |
209 | ! grep "Good signature from" actual2 | |
210 | ' | |
211 | ||
c871a1d1 | 212 | test_expect_success GPG 'amending already signed commit' ' |
3b4b5a79 | 213 | git checkout -f fourth-signed^0 && |
c871a1d1 | 214 | git commit --amend -S --no-edit && |
8e92c2cf | 215 | git verify-commit HEAD && |
c871a1d1 JH |
216 | git show -s --show-signature HEAD >actual && |
217 | grep "Good signature from" actual && | |
218 | ! grep "BAD signature from" actual | |
219 | ' | |
220 | ||
2f36339f KS |
221 | test_expect_success GPG2 'bare signature' ' |
222 | git verify-commit fifth-signed 2>expect && | |
223 | echo >>expect && | |
224 | git log -1 --format="%GG" fifth-signed >actual && | |
225 | test_cmp expect actual | |
226 | ' | |
227 | ||
06ca0f45 JK |
228 | test_expect_success GPG 'show good signature with custom format' ' |
229 | cat >expect <<-\EOF && | |
230 | G | |
7891e465 | 231 | ultimate |
06ca0f45 JK |
232 | 13B6F51ECDDE430D |
233 | C O Mitter <committer@example.com> | |
3daaaabe | 234 | 73D758744BE721698EC54E8713B6F51ECDDE430D |
1a550529 | 235 | 73D758744BE721698EC54E8713B6F51ECDDE430D |
06ca0f45 | 236 | EOF |
7891e465 | 237 | git log -1 --format="%G?%n%GT%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual && |
06ca0f45 JK |
238 | test_cmp expect actual |
239 | ' | |
240 | ||
241 | test_expect_success GPG 'show bad signature with custom format' ' | |
242 | cat >expect <<-\EOF && | |
243 | B | |
7891e465 | 244 | undefined |
06ca0f45 JK |
245 | 13B6F51ECDDE430D |
246 | C O Mitter <committer@example.com> | |
3daaaabe | 247 | |
1a550529 | 248 | |
06ca0f45 | 249 | EOF |
7891e465 | 250 | git log -1 --format="%G?%n%GT%n%GK%n%GS%n%GF%n%GP" $(cat forged1.commit) >actual && |
06ca0f45 JK |
251 | test_cmp expect actual |
252 | ' | |
253 | ||
661a1806 | 254 | test_expect_success GPG 'show untrusted signature with custom format' ' |
06ca0f45 JK |
255 | cat >expect <<-\EOF && |
256 | U | |
7891e465 | 257 | undefined |
1e690847 | 258 | 65A0EEA02E30CAD7 |
06ca0f45 | 259 | Eris Discordia <discord@example.net> |
1e690847 | 260 | F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7 |
1a550529 | 261 | D4BE22311AD3131E5EDA29A461092E85B7227189 |
06ca0f45 | 262 | EOF |
7891e465 | 263 | git log -1 --format="%G?%n%GT%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual && |
06ca0f45 JK |
264 | test_cmp expect actual |
265 | ' | |
266 | ||
54887b46 HJI |
267 | test_expect_success GPG 'show untrusted signature with undefined trust level' ' |
268 | cat >expect <<-\EOF && | |
7891e465 | 269 | U |
54887b46 HJI |
270 | undefined |
271 | 65A0EEA02E30CAD7 | |
272 | Eris Discordia <discord@example.net> | |
273 | F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7 | |
274 | D4BE22311AD3131E5EDA29A461092E85B7227189 | |
275 | EOF | |
7891e465 | 276 | git log -1 --format="%G?%n%GT%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual && |
54887b46 HJI |
277 | test_cmp expect actual |
278 | ' | |
279 | ||
280 | test_expect_success GPG 'show untrusted signature with ultimate trust level' ' | |
281 | cat >expect <<-\EOF && | |
7891e465 | 282 | G |
54887b46 HJI |
283 | ultimate |
284 | 13B6F51ECDDE430D | |
285 | C O Mitter <committer@example.com> | |
286 | 73D758744BE721698EC54E8713B6F51ECDDE430D | |
287 | 73D758744BE721698EC54E8713B6F51ECDDE430D | |
288 | EOF | |
7891e465 | 289 | git log -1 --format="%G?%n%GT%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual && |
54887b46 HJI |
290 | test_cmp expect actual |
291 | ' | |
292 | ||
661a1806 MG |
293 | test_expect_success GPG 'show unknown signature with custom format' ' |
294 | cat >expect <<-\EOF && | |
295 | E | |
7891e465 | 296 | undefined |
1e690847 | 297 | 65A0EEA02E30CAD7 |
661a1806 | 298 | |
3daaaabe | 299 | |
1a550529 | 300 | |
661a1806 | 301 | EOF |
7891e465 | 302 | GNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GT%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual && |
661a1806 MG |
303 | test_cmp expect actual |
304 | ' | |
305 | ||
06ca0f45 JK |
306 | test_expect_success GPG 'show lack of signature with custom format' ' |
307 | cat >expect <<-\EOF && | |
308 | N | |
7891e465 | 309 | undefined |
06ca0f45 JK |
310 | |
311 | ||
3daaaabe | 312 | |
1a550529 | 313 | |
06ca0f45 | 314 | EOF |
7891e465 | 315 | git log -1 --format="%G?%n%GT%n%GK%n%GS%n%GF%n%GP" seventh-unsigned >actual && |
06ca0f45 JK |
316 | test_cmp expect actual |
317 | ' | |
318 | ||
fce04c3c MJ |
319 | test_expect_success GPG 'log.showsignature behaves like --show-signature' ' |
320 | test_config log.showsignature true && | |
321 | git show initial >actual && | |
322 | grep "gpg: Signature made" actual && | |
323 | grep "gpg: Good signature" actual | |
324 | ' | |
325 | ||
1865a647 HS |
326 | test_expect_success GPG 'check config gpg.format values' ' |
327 | test_config gpg.format openpgp && | |
328 | git commit -S --amend -m "success" && | |
329 | test_config gpg.format OpEnPgP && | |
330 | test_must_fail git commit -S --amend -m "fail" | |
331 | ' | |
332 | ||
da6cf1b3 MG |
333 | test_expect_success GPG 'detect fudged commit with double signature' ' |
334 | sed -e "/gpgsig/,/END PGP/d" forged1 >double-base && | |
335 | sed -n -e "/gpgsig/,/END PGP/p" forged1 | \ | |
42d4e1d1 | 336 | sed -e "s/^$(test_oid header)//;s/^ //" | gpg --dearmor >double-sig1.sig && |
da6cf1b3 MG |
337 | gpg -o double-sig2.sig -u 29472784 --detach-sign double-base && |
338 | cat double-sig1.sig double-sig2.sig | gpg --enarmor >double-combined.asc && | |
42d4e1d1 | 339 | sed -e "s/^\(-.*\)ARMORED FILE/\1SIGNATURE/;1s/^/$(test_oid header) /;2,\$s/^/ /" \ |
da6cf1b3 MG |
340 | double-combined.asc > double-gpgsig && |
341 | sed -e "/committer/r double-gpgsig" double-base >double-commit && | |
342 | git hash-object -w -t commit double-commit >double-commit.commit && | |
343 | test_must_fail git verify-commit $(cat double-commit.commit) && | |
344 | git show --pretty=short --show-signature $(cat double-commit.commit) >double-actual && | |
345 | grep "BAD signature from" double-actual && | |
346 | grep "Good signature from" double-actual | |
347 | ' | |
348 | ||
349 | test_expect_success GPG 'show double signature with custom format' ' | |
350 | cat >expect <<-\EOF && | |
351 | E | |
352 | ||
353 | ||
3daaaabe | 354 | |
1a550529 | 355 | |
da6cf1b3 | 356 | EOF |
1a550529 | 357 | git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat double-commit.commit) >actual && |
da6cf1b3 MG |
358 | test_cmp expect actual |
359 | ' | |
360 | ||
1fb5cf0d | 361 | |
1bfb57f6 FS |
362 | # NEEDSWORK: This test relies on the test_tick commit/author dates from the first |
363 | # 'create signed commits' test even though it creates its own | |
1fb5cf0d | 364 | test_expect_success GPG 'verify-commit verifies multiply signed commits' ' |
365 | git init multiply-signed && | |
366 | cd multiply-signed && | |
367 | test_commit first && | |
368 | echo 1 >second && | |
369 | git add second && | |
370 | tree=$(git write-tree) && | |
371 | parent=$(git rev-parse HEAD^{commit}) && | |
372 | git commit --gpg-sign -m second && | |
373 | git cat-file commit HEAD && | |
374 | # Avoid trailing whitespace. | |
375 | sed -e "s/^Q//" -e "s/^Z/ /" >commit <<-EOF && | |
376 | Qtree $tree | |
377 | Qparent $parent | |
378 | Qauthor A U Thor <author@example.com> 1112912653 -0700 | |
379 | Qcommitter C O Mitter <committer@example.com> 1112912653 -0700 | |
380 | Qgpgsig -----BEGIN PGP SIGNATURE----- | |
381 | QZ | |
382 | Q iHQEABECADQWIQRz11h0S+chaY7FTocTtvUezd5DDQUCX/uBDRYcY29tbWl0dGVy | |
383 | Q QGV4YW1wbGUuY29tAAoJEBO29R7N3kMNd+8AoK1I8mhLHviPH+q2I5fIVgPsEtYC | |
384 | Q AKCTqBh+VabJceXcGIZuF0Ry+udbBQ== | |
385 | Q =tQ0N | |
386 | Q -----END PGP SIGNATURE----- | |
387 | Qgpgsig-sha256 -----BEGIN PGP SIGNATURE----- | |
388 | QZ | |
389 | Q iHQEABECADQWIQRz11h0S+chaY7FTocTtvUezd5DDQUCX/uBIBYcY29tbWl0dGVy | |
390 | Q QGV4YW1wbGUuY29tAAoJEBO29R7N3kMN/NEAn0XO9RYSBj2dFyozi0JKSbssYMtO | |
391 | Q AJwKCQ1BQOtuwz//IjU8TiS+6S4iUw== | |
392 | Q =pIwP | |
393 | Q -----END PGP SIGNATURE----- | |
394 | Q | |
395 | Qsecond | |
396 | EOF | |
397 | head=$(git hash-object -t commit -w commit) && | |
398 | git reset --hard $head && | |
399 | git verify-commit $head 2>actual && | |
400 | grep "Good signature from" actual && | |
401 | ! grep "BAD signature from" actual | |
402 | ' | |
403 | ||
8300d15d JS |
404 | test_expect_success 'custom `gpg.program`' ' |
405 | write_script fake-gpg <<-\EOF && | |
406 | args="$*" | |
407 | ||
408 | # skip uninteresting options | |
409 | while case "$1" in | |
410 | --status-fd=*|--keyid-format=*) ;; # skip | |
411 | *) break;; | |
412 | esac; do shift; done | |
413 | ||
414 | case "$1" in | |
415 | -bsau) | |
ad6b3207 JS |
416 | test -z "$LET_GPG_PROGRAM_FAIL" || { |
417 | echo "zOMG signing failed!" >&2 | |
418 | exit 1 | |
419 | } | |
8300d15d JS |
420 | cat >sign.file |
421 | echo "[GNUPG:] SIG_CREATED $args" >&2 | |
422 | echo "-----BEGIN PGP MESSAGE-----" | |
423 | echo "$args" | |
424 | echo "-----END PGP MESSAGE-----" | |
425 | ;; | |
426 | --verify) | |
427 | cat "$2" >verify.file | |
428 | exit 0 | |
429 | ;; | |
430 | *) | |
431 | echo "Unhandled args: $*" >&2 | |
432 | exit 1 | |
433 | ;; | |
434 | esac | |
435 | EOF | |
436 | ||
437 | test_config gpg.program "$(pwd)/fake-gpg" && | |
438 | git commit -S --allow-empty -m signed-commit && | |
439 | test_path_exists sign.file && | |
440 | git show --show-signature && | |
ad6b3207 JS |
441 | test_path_exists verify.file && |
442 | ||
443 | test_must_fail env LET_GPG_PROGRAM_FAIL=1 \ | |
444 | git commit -S --allow-empty -m must-fail 2>err && | |
445 | grep zOMG err | |
8300d15d JS |
446 | ' |
447 | ||
247503f2 | 448 | test_done |