t / t7510-signed-commit.shon commit Merge branch 'mc/doc-submodule-sync-recurse' (b47761d)
   1#!/bin/sh
   2
   3test_description='signed commit tests'
   4. ./test-lib.sh
   5. "$TEST_DIRECTORY/lib-gpg.sh"
   6
   7test_expect_success GPG 'create signed commits' '
   8        test_when_finished "test_unconfig commit.gpgsign" &&
   9
  10        echo 1 >file && git add file &&
  11        test_tick && git commit -S -m initial &&
  12        git tag initial &&
  13        git branch side &&
  14
  15        echo 2 >file && test_tick && git commit -a -S -m second &&
  16        git tag second &&
  17
  18        git checkout side &&
  19        echo 3 >elif && git add elif &&
  20        test_tick && git commit -m "third on side" &&
  21
  22        git checkout master &&
  23        test_tick && git merge -S side &&
  24        git tag merge &&
  25
  26        echo 4 >file && test_tick && git commit -a -m "fourth unsigned" &&
  27        git tag fourth-unsigned &&
  28
  29        test_tick && git commit --amend -S -m "fourth signed" &&
  30        git tag fourth-signed &&
  31
  32        git config commit.gpgsign true &&
  33        echo 5 >file && test_tick && git commit -a -m "fifth signed" &&
  34        git tag fifth-signed &&
  35
  36        git config commit.gpgsign false &&
  37        echo 6 >file && test_tick && git commit -a -m "sixth" &&
  38        git tag sixth-unsigned &&
  39
  40        git config commit.gpgsign true &&
  41        echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&
  42        git tag seventh-unsigned &&
  43
  44        test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
  45        git tag seventh-signed
  46'
  47
  48test_expect_success GPG 'show signatures' '
  49        (
  50                for commit in initial second merge fourth-signed fifth-signed sixth-signed master
  51                do
  52                        git show --pretty=short --show-signature $commit >actual &&
  53                        grep "Good signature from" actual || exit 1
  54                        ! grep "BAD signature from" actual || exit 1
  55                        echo $commit OK
  56                done
  57        ) &&
  58        (
  59                for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
  60                do
  61                        git show --pretty=short --show-signature $commit >actual &&
  62                        grep "Good signature from" actual && exit 1
  63                        ! grep "BAD signature from" actual || exit 1
  64                        echo $commit OK
  65                done
  66        )
  67'
  68
  69test_expect_success GPG 'detect fudged signature' '
  70        git cat-file commit master >raw &&
  71
  72        sed -e "s/seventh/7th forged/" raw >forged1 &&
  73        git hash-object -w -t commit forged1 >forged1.commit &&
  74        git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
  75        grep "BAD signature from" actual1 &&
  76        ! grep "Good signature from" actual1
  77'
  78
  79test_expect_success GPG 'detect fudged signature with NUL' '
  80        git cat-file commit master >raw &&
  81        cat raw >forged2 &&
  82        echo Qwik | tr "Q" "\000" >>forged2 &&
  83        git hash-object -w -t commit forged2 >forged2.commit &&
  84        git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
  85        grep "BAD signature from" actual2 &&
  86        ! grep "Good signature from" actual2
  87'
  88
  89test_expect_success GPG 'amending already signed commit' '
  90        git checkout fourth-signed^0 &&
  91        git commit --amend -S --no-edit &&
  92        git show -s --show-signature HEAD >actual &&
  93        grep "Good signature from" actual &&
  94        ! grep "BAD signature from" actual
  95'
  96
  97test_done