3 test_description
='merge signature verification tests'
4 GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
=main
5 export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
7 TEST_PASSES_SANITIZE_LEAK
=true
9 .
"$TEST_DIRECTORY/lib-gpg.sh"
11 test_expect_success GPG
'create signed commits' '
12 echo 1 >file && git add file &&
13 test_tick && git commit -m initial &&
16 git checkout -b side-signed &&
17 echo 3 >elif && git add elif &&
18 test_tick && git commit -S -m "signed on side" &&
19 git checkout initial &&
21 git checkout -b side-unsigned &&
22 echo 3 >foo && git add foo &&
23 test_tick && git commit -m "unsigned on side" &&
24 git checkout initial &&
26 git checkout -b side-bad &&
27 echo 3 >bar && git add bar &&
28 test_tick && git commit -S -m "bad on side" &&
29 git cat-file commit side-bad >raw &&
30 sed -e "s/^bad/forged bad/" raw >forged &&
31 git hash-object -w -t commit forged >forged.commit &&
32 git checkout initial &&
34 git checkout -b side-untrusted &&
35 echo 3 >baz && git add baz &&
36 test_tick && git commit -SB7227189 -m "untrusted on side" &&
41 test_expect_success GPG
'merge unsigned commit with verification' '
42 test_when_finished "git reset --hard && git checkout initial" &&
43 test_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror &&
44 test_grep "does not have a GPG signature" mergeerror
47 test_expect_success GPG
'merge unsigned commit with merge.verifySignatures=true' '
48 test_when_finished "git reset --hard && git checkout initial" &&
49 test_config merge.verifySignatures true &&
50 test_must_fail git merge --ff-only side-unsigned 2>mergeerror &&
51 test_grep "does not have a GPG signature" mergeerror
54 test_expect_success GPG
'merge commit with bad signature with verification' '
55 test_when_finished "git reset --hard && git checkout initial" &&
56 test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror &&
57 test_grep "has a bad GPG signature" mergeerror
60 test_expect_success GPG
'merge commit with bad signature with merge.verifySignatures=true' '
61 test_when_finished "git reset --hard && git checkout initial" &&
62 test_config merge.verifySignatures true &&
63 test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror &&
64 test_grep "has a bad GPG signature" mergeerror
67 test_expect_success GPG
'merge commit with untrusted signature with verification' '
68 test_when_finished "git reset --hard && git checkout initial" &&
69 test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
70 test_grep "has an untrusted GPG signature" mergeerror
73 test_expect_success GPG
'merge commit with untrusted signature with verification and high minTrustLevel' '
74 test_when_finished "git reset --hard && git checkout initial" &&
75 test_config gpg.minTrustLevel marginal &&
76 test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
77 test_grep "has an untrusted GPG signature" mergeerror
80 test_expect_success GPG
'merge commit with untrusted signature with verification and low minTrustLevel' '
81 test_when_finished "git reset --hard && git checkout initial" &&
82 test_config gpg.minTrustLevel undefined &&
83 git merge --ff-only --verify-signatures side-untrusted >mergeoutput &&
84 test_grep "has a good GPG signature" mergeoutput
87 test_expect_success GPG
'merge commit with untrusted signature with merge.verifySignatures=true' '
88 test_when_finished "git reset --hard && git checkout initial" &&
89 test_config merge.verifySignatures true &&
90 test_must_fail git merge --ff-only side-untrusted 2>mergeerror &&
91 test_grep "has an untrusted GPG signature" mergeerror
94 test_expect_success GPG
'merge commit with untrusted signature with merge.verifySignatures=true and minTrustLevel' '
95 test_when_finished "git reset --hard && git checkout initial" &&
96 test_config merge.verifySignatures true &&
97 test_config gpg.minTrustLevel marginal &&
98 test_must_fail git merge --ff-only side-untrusted 2>mergeerror &&
99 test_grep "has an untrusted GPG signature" mergeerror
102 test_expect_success GPG
'merge signed commit with verification' '
103 test_when_finished "git reset --hard && git checkout initial" &&
104 git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&
105 test_grep "has a good GPG signature" mergeoutput
108 test_expect_success GPG
'merge signed commit with merge.verifySignatures=true' '
109 test_when_finished "git reset --hard && git checkout initial" &&
110 test_config merge.verifySignatures true &&
111 git merge --verbose --ff-only side-signed >mergeoutput &&
112 test_grep "has a good GPG signature" mergeoutput
115 test_expect_success GPG
'merge commit with bad signature without verification' '
116 test_when_finished "git reset --hard && git checkout initial" &&
117 git merge $(cat forged.commit)
120 test_expect_success GPG
'merge commit with bad signature with merge.verifySignatures=false' '
121 test_when_finished "git reset --hard && git checkout initial" &&
122 test_config merge.verifySignatures false &&
123 git merge $(cat forged.commit)
126 test_expect_success GPG
'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' '
127 test_when_finished "git reset --hard && git checkout initial" &&
128 test_config merge.verifySignatures true &&
129 git merge --no-verify-signatures $(cat forged.commit)
132 test_expect_success GPG
'merge unsigned commit into unborn branch' '
133 test_when_finished "git checkout initial" &&
134 git checkout --orphan unborn &&
135 test_must_fail git merge --verify-signatures side-unsigned 2>mergeerror &&
136 test_grep "does not have a GPG signature" mergeerror
projects / thirdparty / git.git / blob