1#!/bin/sh
   2test_description='pull signature verification tests'
   4. ./test-lib.sh
   5. "$TEST_DIRECTORY/lib-gpg.sh"
   6test_expect_success GPG 'create repositories with signed commits' '
   8        echo 1 >a && git add a &&
   9        test_tick && git commit -m initial &&
  10        git tag initial &&
  11        git clone . signed &&
  13        (
  14                cd signed &&
  15                echo 2 >b && git add b &&
  16                test_tick && git commit -S -m "signed"
  17        ) &&
  18        git clone . unsigned &&
  20        (
  21                cd unsigned &&
  22                echo 3 >c && git add c &&
  23                test_tick && git commit -m "unsigned"
  24        ) &&
  25        git clone . bad &&
  27        (
  28                cd bad &&
  29                echo 4 >d && git add d &&
  30                test_tick && git commit -S -m "bad" &&
  31                git cat-file commit HEAD >raw &&
  32                sed -e "s/bad/forged bad/" raw >forged &&
  33                git hash-object -w -t commit forged >forged.commit &&
  34                git checkout $(cat forged.commit)
  35        ) &&
  36        git clone . untrusted &&
  38        (
  39                cd untrusted &&
  40                echo 5 >e && git add e &&
  41                test_tick && git commit -SB7227189 -m "untrusted"
  42        )
  43'
  44test_expect_success GPG 'pull unsigned commit with --verify-signatures' '
  46        test_when_finished "git reset --hard && git checkout initial" &&
  47        test_must_fail git pull --ff-only --verify-signatures unsigned 2>pullerror &&
  48        test_i18ngrep "does not have a GPG signature" pullerror
  49'
  50test_expect_success GPG 'pull commit with bad signature with --verify-signatures' '
  52        test_when_finished "git reset --hard && git checkout initial" &&
  53        test_must_fail git pull --ff-only --verify-signatures bad 2>pullerror &&
  54        test_i18ngrep "has a bad GPG signature" pullerror
  55'
  56test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures' '
  58        test_when_finished "git reset --hard && git checkout initial" &&
  59        test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror &&
  60        test_i18ngrep "has an untrusted GPG signature" pullerror
  61'
  62test_expect_success GPG 'pull signed commit with --verify-signatures' '
  64        test_when_finished "git reset --hard && git checkout initial" &&
  65        git pull --verify-signatures signed >pulloutput &&
  66        test_i18ngrep "has a good GPG signature" pulloutput
  67'
  68test_expect_success GPG 'pull commit with bad signature without verification' '
  70        test_when_finished "git reset --hard && git checkout initial" &&
  71        git pull --ff-only bad 2>pullerror
  72'
  73test_expect_success GPG 'pull commit with bad signature with --no-verify-signatures' '
  75        test_when_finished "git reset --hard && git checkout initial" &&
  76        test_config merge.verifySignatures true &&
  77        test_config pull.verifySignatures true &&
  78        git pull --ff-only --no-verify-signatures bad 2>pullerror
  79'
  80test_done