if (!check_signature(&sigc, signature.buf, signature.len))
goto out;
+ if (signed_tag_mode == SIGN_ABORT_IF_INVALID)
+ die(_("aborting due to invalid signature"));
+
strbuf_setlen(msg, sig_offset);
if (signed_tag_mode == SIGN_SIGN_IF_INVALID) {
/* Truncate the buffer to remove the signature */
strbuf_setlen(msg, sig_offset);
break;
+ case SIGN_ABORT_IF_INVALID:
case SIGN_SIGN_IF_INVALID:
case SIGN_STRIP_IF_INVALID:
handle_tag_signature_if_invalid(buf, msg, sig_offset);
case SIGN_ABORT:
die(_("encountered signed tag; use "
"--signed-tags=<mode> to handle it"));
- case SIGN_ABORT_IF_INVALID:
- die(_("'abort-if-invalid' is not a valid mode for "
- "git fast-import with --signed-tags=<mode>"));
default:
BUG("invalid signed_tag_mode value %d from tag '%s'",
signed_tag_mode, name);
test_grep ! "SSH SIGNATURE" out
'
-for mode in strip-if-invalid sign-if-invalid
+for mode in strip-if-invalid sign-if-invalid abort-if-invalid
do
test_expect_success GPG "import tag with no signature with --signed-tags=$mode" '
test_when_finished rm -rf import &&
# `data <length>` command would have to be changed too.
sed "s/OpenPGP signed tag/OpenPGP forged tag/" output >modified &&
+ if test "$mode" = abort-if-invalid
+ then
+ test_must_fail git -C import fast-import --quiet \
+ --signed-tags=$mode <modified >log 2>&1 &&
+ test_grep "aborting due to invalid signature" log &&
+ return 0
+ fi &&
+
git -C import fast-import --quiet --signed-tags=$mode <modified >log 2>&1 &&
IMPORTED=$(git -C import rev-parse --verify refs/tags/openpgp-signed) &&
projects / thirdparty / git.git / commitdiff
