Andrew's git / gitweb.git /
632bc53440404fca768736fd57108e5c9737446e
   1#!/bin/sh
   2
   3test_description='signed tag tests'
   4. ./test-lib.sh
   5. "$TEST_DIRECTORY/lib-gpg.sh"
   6
   7test_expect_success GPG 'create signed tags' '
   8        echo 1 >file && git add file &&
   9        test_tick && git commit -m initial &&
  10        git tag -s -m initial initial &&
  11        git branch side &&
  12
  13        echo 2 >file && test_tick && git commit -a -m second &&
  14        git tag -s -m second second &&
  15
  16        git checkout side &&
  17        echo 3 >elif && git add elif &&
  18        test_tick && git commit -m "third on side" &&
  19
  20        git checkout master &&
  21        test_tick && git merge -S side &&
  22        git tag -s -m merge merge &&
  23
  24        echo 4 >file && test_tick && git commit -a -S -m "fourth unsigned" &&
  25        git tag -a -m fourth-unsigned fourth-unsigned &&
  26
  27        test_tick && git commit --amend -S -m "fourth signed" &&
  28        git tag -s -m fourth fourth-signed &&
  29
  30        echo 5 >file && test_tick && git commit -a -m "fifth" &&
  31        git tag fifth-unsigned &&
  32
  33        git config commit.gpgsign true &&
  34        echo 6 >file && test_tick && git commit -a -m "sixth" &&
  35        git tag -a -m sixth sixth-unsigned &&
  36
  37        test_tick && git rebase -f HEAD^^ && git tag -s -m 6th sixth-signed HEAD^ &&
  38        git tag -m seventh -s seventh-signed &&
  39
  40        echo 8 >file && test_tick && git commit -a -m eighth &&
  41        git tag -uB7227189 -m eighth eighth-signed-alt
  42'
  43
  44test_expect_success GPG 'verify and show signatures' '
  45        (
  46                for tag in initial second merge fourth-signed sixth-signed seventh-signed
  47                do
  48                        git verify-tag $tag 2>actual &&
  49                        grep "Good signature from" actual &&
  50                        ! grep "BAD signature from" actual &&
  51                        echo $tag OK || exit 1
  52                done
  53        ) &&
  54        (
  55                for tag in fourth-unsigned fifth-unsigned sixth-unsigned
  56                do
  57                        test_must_fail git verify-tag $tag 2>actual &&
  58                        ! grep "Good signature from" actual &&
  59                        ! grep "BAD signature from" actual &&
  60                        echo $tag OK || exit 1
  61                done
  62        ) &&
  63        (
  64                for tag in eighth-signed-alt
  65                do
  66                        git verify-tag $tag 2>actual &&
  67                        grep "Good signature from" actual &&
  68                        ! grep "BAD signature from" actual &&
  69                        grep "not certified" actual &&
  70                        echo $tag OK || exit 1
  71                done
  72        )
  73'
  74
  75test_expect_success GPG 'detect fudged signature' '
  76        git cat-file tag seventh-signed >raw &&
  77        sed -e "s/seventh/7th forged/" raw >forged1 &&
  78        git hash-object -w -t tag forged1 >forged1.tag &&
  79        test_must_fail git verify-tag $(cat forged1.tag) 2>actual1 &&
  80        grep "BAD signature from" actual1 &&
  81        ! grep "Good signature from" actual1
  82'
  83
  84test_done