t / t5573-pull-verify-signatures.shon commit commit-graph: verify chains with --shallow mode (3da4b60)
   1#!/bin/sh
   2
   3test_description='pull signature verification tests'
   4. ./test-lib.sh
   5. "$TEST_DIRECTORY/lib-gpg.sh"
   6
   7test_expect_success GPG 'create repositories with signed commits' '
   8        echo 1 >a && git add a &&
   9        test_tick && git commit -m initial &&
  10        git tag initial &&
  11
  12        git clone . signed &&
  13        (
  14                cd signed &&
  15                echo 2 >b && git add b &&
  16                test_tick && git commit -S -m "signed"
  17        ) &&
  18
  19        git clone . unsigned &&
  20        (
  21                cd unsigned &&
  22                echo 3 >c && git add c &&
  23                test_tick && git commit -m "unsigned"
  24        ) &&
  25
  26        git clone . bad &&
  27        (
  28                cd bad &&
  29                echo 4 >d && git add d &&
  30                test_tick && git commit -S -m "bad" &&
  31                git cat-file commit HEAD >raw &&
  32                sed -e "s/^bad/forged bad/" raw >forged &&
  33                git hash-object -w -t commit forged >forged.commit &&
  34                git checkout $(cat forged.commit)
  35        ) &&
  36
  37        git clone . untrusted &&
  38        (
  39                cd untrusted &&
  40                echo 5 >e && git add e &&
  41                test_tick && git commit -SB7227189 -m "untrusted"
  42        )
  43'
  44
  45test_expect_success GPG 'pull unsigned commit with --verify-signatures' '
  46        test_when_finished "git reset --hard && git checkout initial" &&
  47        test_must_fail git pull --ff-only --verify-signatures unsigned 2>pullerror &&
  48        test_i18ngrep "does not have a GPG signature" pullerror
  49'
  50
  51test_expect_success GPG 'pull commit with bad signature with --verify-signatures' '
  52        test_when_finished "git reset --hard && git checkout initial" &&
  53        test_must_fail git pull --ff-only --verify-signatures bad 2>pullerror &&
  54        test_i18ngrep "has a bad GPG signature" pullerror
  55'
  56
  57test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures' '
  58        test_when_finished "git reset --hard && git checkout initial" &&
  59        test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror &&
  60        test_i18ngrep "has an untrusted GPG signature" pullerror
  61'
  62
  63test_expect_success GPG 'pull signed commit with --verify-signatures' '
  64        test_when_finished "git reset --hard && git checkout initial" &&
  65        git pull --verify-signatures signed >pulloutput &&
  66        test_i18ngrep "has a good GPG signature" pulloutput
  67'
  68
  69test_expect_success GPG 'pull commit with bad signature without verification' '
  70        test_when_finished "git reset --hard && git checkout initial" &&
  71        git pull --ff-only bad 2>pullerror
  72'
  73
  74test_expect_success GPG 'pull commit with bad signature with --no-verify-signatures' '
  75        test_when_finished "git reset --hard && git checkout initial" &&
  76        test_config merge.verifySignatures true &&
  77        test_config pull.verifySignatures true &&
  78        git pull --ff-only --no-verify-signatures bad 2>pullerror
  79'
  80
  81test_expect_success GPG 'pull unsigned commit into unborn branch' '
  82        git init empty-repo &&
  83        test_must_fail \
  84                git -C empty-repo pull --verify-signatures ..  2>pullerror &&
  85        test_i18ngrep "does not have a GPG signature" pullerror
  86'
  87
  88test_done