projects / thirdparty / git.git / blame
| Commit | Line | Data |
|---|---|---|
| efed0022 SG |
1 | #!/bin/sh |
| 2 | ||
| 3 | test_description='merge signature verification tests' | |
| 1e2ae142 | 4 | GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main |
| 334afbc7 JS |
5 | export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME |
| 6 | ||
| b2e5d75d | 7 | TEST_PASSES_SANITIZE_LEAK=true |
| efed0022 SG |
8 | . ./test-lib.sh |
| 9 | . "$TEST_DIRECTORY/lib-gpg.sh" | |
| 10 | ||
| 11 | test_expect_success GPG 'create signed commits' ' | |
| 12 | echo 1 >file && git add file && | |
| 13 | test_tick && git commit -m initial && | |
| 14 | git tag initial && | |
| 15 | ||
| 16 | git checkout -b side-signed && | |
| 17 | echo 3 >elif && git add elif && | |
| 18 | test_tick && git commit -S -m "signed on side" && | |
| 19 | git checkout initial && | |
| 20 | ||
| 21 | git checkout -b side-unsigned && | |
| 22 | echo 3 >foo && git add foo && | |
| 23 | test_tick && git commit -m "unsigned on side" && | |
| 24 | git checkout initial && | |
| 25 | ||
| 26 | git checkout -b side-bad && | |
| 27 | echo 3 >bar && git add bar && | |
| 28 | test_tick && git commit -S -m "bad on side" && | |
| 29 | git cat-file commit side-bad >raw && | |
| 2f3cbcd8 | 30 | sed -e "s/^bad/forged bad/" raw >forged && |
| efed0022 SG |
31 | git hash-object -w -t commit forged >forged.commit && |
| 32 | git checkout initial && | |
| 33 | ||
| eb307ae7 SG |
34 | git checkout -b side-untrusted && |
| 35 | echo 3 >baz && git add baz && | |
| 99094a7a | 36 | test_tick && git commit -SB7227189 -m "untrusted on side" && |
| eb307ae7 | 37 | |
| 1e2ae142 | 38 | git checkout main |
| efed0022 SG |
39 | ' |
| 40 | ||
| 41 | test_expect_success GPG 'merge unsigned commit with verification' ' | |
| fb2afea3 | 42 | test_when_finished "git reset --hard && git checkout initial" && |
| efed0022 | 43 | test_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror && |
| 6789275d | 44 | test_grep "does not have a GPG signature" mergeerror |
| efed0022 SG |
45 | ' |
| 46 | ||
| ca779e82 | 47 | test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' ' |
| fb2afea3 | 48 | test_when_finished "git reset --hard && git checkout initial" && |
| ca779e82 HJI |
49 | test_config merge.verifySignatures true && |
| 50 | test_must_fail git merge --ff-only side-unsigned 2>mergeerror && | |
| 6789275d | 51 | test_grep "does not have a GPG signature" mergeerror |
| ca779e82 HJI |
52 | ' |
| 53 | ||
| efed0022 | 54 | test_expect_success GPG 'merge commit with bad signature with verification' ' |
| fb2afea3 | 55 | test_when_finished "git reset --hard && git checkout initial" && |
| efed0022 | 56 | test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror && |
| 6789275d | 57 | test_grep "has a bad GPG signature" mergeerror |
| efed0022 SG |
58 | ' |
| 59 | ||
| ca779e82 | 60 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' ' |
| fb2afea3 | 61 | test_when_finished "git reset --hard && git checkout initial" && |
| ca779e82 HJI |
62 | test_config merge.verifySignatures true && |
| 63 | test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror && | |
| 6789275d | 64 | test_grep "has a bad GPG signature" mergeerror |
| ca779e82 HJI |
65 | ' |
| 66 | ||
| eb307ae7 | 67 | test_expect_success GPG 'merge commit with untrusted signature with verification' ' |
| fb2afea3 | 68 | test_when_finished "git reset --hard && git checkout initial" && |
| eb307ae7 | 69 | test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror && |
| 6789275d | 70 | test_grep "has an untrusted GPG signature" mergeerror |
| eb307ae7 SG |
71 | ' |
| 72 | ||
| 54887b46 HJI |
73 | test_expect_success GPG 'merge commit with untrusted signature with verification and high minTrustLevel' ' |
| 74 | test_when_finished "git reset --hard && git checkout initial" && | |
| 75 | test_config gpg.minTrustLevel marginal && | |
| 76 | test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror && | |
| 6789275d | 77 | test_grep "has an untrusted GPG signature" mergeerror |
| 54887b46 HJI |
78 | ' |
| 79 | ||
| 80 | test_expect_success GPG 'merge commit with untrusted signature with verification and low minTrustLevel' ' | |
| 81 | test_when_finished "git reset --hard && git checkout initial" && | |
| 82 | test_config gpg.minTrustLevel undefined && | |
| 83 | git merge --ff-only --verify-signatures side-untrusted >mergeoutput && | |
| 6789275d | 84 | test_grep "has a good GPG signature" mergeoutput |
| 54887b46 HJI |
85 | ' |
| 86 | ||
| ca779e82 | 87 | test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' ' |
| fb2afea3 | 88 | test_when_finished "git reset --hard && git checkout initial" && |
| ca779e82 HJI |
89 | test_config merge.verifySignatures true && |
| 90 | test_must_fail git merge --ff-only side-untrusted 2>mergeerror && | |
| 6789275d | 91 | test_grep "has an untrusted GPG signature" mergeerror |
| ca779e82 HJI |
92 | ' |
| 93 | ||
| 54887b46 HJI |
94 | test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true and minTrustLevel' ' |
| 95 | test_when_finished "git reset --hard && git checkout initial" && | |
| 96 | test_config merge.verifySignatures true && | |
| 97 | test_config gpg.minTrustLevel marginal && | |
| 98 | test_must_fail git merge --ff-only side-untrusted 2>mergeerror && | |
| 6789275d | 99 | test_grep "has an untrusted GPG signature" mergeerror |
| 54887b46 HJI |
100 | ' |
| 101 | ||
| efed0022 | 102 | test_expect_success GPG 'merge signed commit with verification' ' |
| fb2afea3 | 103 | test_when_finished "git reset --hard && git checkout initial" && |
| efed0022 | 104 | git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput && |
| 6789275d | 105 | test_grep "has a good GPG signature" mergeoutput |
| efed0022 SG |
106 | ' |
| 107 | ||
| ca779e82 | 108 | test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' ' |
| fb2afea3 | 109 | test_when_finished "git reset --hard && git checkout initial" && |
| ca779e82 HJI |
110 | test_config merge.verifySignatures true && |
| 111 | git merge --verbose --ff-only side-signed >mergeoutput && | |
| 6789275d | 112 | test_grep "has a good GPG signature" mergeoutput |
| ca779e82 HJI |
113 | ' |
| 114 | ||
| efed0022 | 115 | test_expect_success GPG 'merge commit with bad signature without verification' ' |
| fb2afea3 | 116 | test_when_finished "git reset --hard && git checkout initial" && |
| ca779e82 HJI |
117 | git merge $(cat forged.commit) |
| 118 | ' | |
| 119 | ||
| 120 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' ' | |
| fb2afea3 | 121 | test_when_finished "git reset --hard && git checkout initial" && |
| ca779e82 | 122 | test_config merge.verifySignatures false && |
| efed0022 SG |
123 | git merge $(cat forged.commit) |
| 124 | ' | |
| 125 | ||
| ca779e82 | 126 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' ' |
| fb2afea3 | 127 | test_when_finished "git reset --hard && git checkout initial" && |
| ca779e82 HJI |
128 | test_config merge.verifySignatures true && |
| 129 | git merge --no-verify-signatures $(cat forged.commit) | |
| 130 | ' | |
| 131 | ||
| 7488ba3e JK |
132 | test_expect_success GPG 'merge unsigned commit into unborn branch' ' |
| 133 | test_when_finished "git checkout initial" && | |
| 134 | git checkout --orphan unborn && | |
| 135 | test_must_fail git merge --verify-signatures side-unsigned 2>mergeerror && | |
| 6789275d | 136 | test_grep "does not have a GPG signature" mergeerror |
| 7488ba3e JK |
137 | ' |
| 138 | ||
| efed0022 | 139 | test_done |