dd4b94823e182811b0ddf2a1e997e50ba7c815ad
   1#!/bin/sh
   2
   3test_description='signed commit tests'
   4. ./test-lib.sh
   5. "$TEST_DIRECTORY/lib-gpg.sh"
   6
   7test_expect_success GPG 'create signed commits' '
   8        test_when_finished "test_unconfig commit.gpgsign" &&
   9
  10        echo 1 >file && git add file &&
  11        test_tick && git commit -S -m initial &&
  12        git tag initial &&
  13        git branch side &&
  14
  15        echo 2 >file && test_tick && git commit -a -S -m second &&
  16        git tag second &&
  17
  18        git checkout side &&
  19        echo 3 >elif && git add elif &&
  20        test_tick && git commit -m "third on side" &&
  21
  22        git checkout master &&
  23        test_tick && git merge -S side &&
  24        git tag merge &&
  25
  26        echo 4 >file && test_tick && git commit -a -m "fourth unsigned" &&
  27        git tag fourth-unsigned &&
  28
  29        test_tick && git commit --amend -S -m "fourth signed" &&
  30        git tag fourth-signed &&
  31
  32        git config commit.gpgsign true &&
  33        echo 5 >file && test_tick && git commit -a -m "fifth signed" &&
  34        git tag fifth-signed &&
  35
  36        git config commit.gpgsign false &&
  37        echo 6 >file && test_tick && git commit -a -m "sixth" &&
  38        git tag sixth-unsigned &&
  39
  40        git config commit.gpgsign true &&
  41        echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&
  42        git tag seventh-unsigned &&
  43
  44        test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
  45        git tag seventh-signed
  46'
  47
  48test_expect_success GPG 'verify and show signatures' '
  49        (
  50                for commit in initial second merge fourth-signed fifth-signed sixth-signed master
  51                do
  52                        git verify-commit $commit &&
  53                        git show --pretty=short --show-signature $commit >actual &&
  54                        grep "Good signature from" actual &&
  55                        ! grep "BAD signature from" actual || exit 1
  56                        echo $commit OK
  57                done
  58        ) &&
  59        (
  60                for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
  61                do
  62                        test_must_fail git verify-commit $commit &&
  63                        git show --pretty=short --show-signature $commit >actual &&
  64                        ! grep "Good signature from" actual &&
  65                        ! grep "BAD signature from" actual || exit 1
  66                        echo $commit OK
  67                done
  68        )
  69'
  70
  71test_expect_success GPG 'show signed commit with signature' '
  72        git show -s initial >commit &&
  73        git show -s --show-signature initial >show &&
  74        git verify-commit -v initial >verify.1 2>verify.2 &&
  75        git cat-file commit initial >cat &&
  76        grep -v "gpg: " show >show.commit &&
  77        grep "gpg: " show >show.gpg &&
  78        grep -v "^ " cat | grep -v "^gpgsig " >cat.commit &&
  79        test_cmp show.commit commit &&
  80        test_cmp show.gpg verify.2 &&
  81        test_cmp cat.commit verify.1
  82'
  83
  84test_expect_success GPG 'detect fudged signature' '
  85        git cat-file commit master >raw &&
  86
  87        sed -e "s/seventh/7th forged/" raw >forged1 &&
  88        git hash-object -w -t commit forged1 >forged1.commit &&
  89        ! git verify-commit $(cat forged1.commit) &&
  90        git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
  91        grep "BAD signature from" actual1 &&
  92        ! grep "Good signature from" actual1
  93'
  94
  95test_expect_success GPG 'detect fudged signature with NUL' '
  96        git cat-file commit master >raw &&
  97        cat raw >forged2 &&
  98        echo Qwik | tr "Q" "\000" >>forged2 &&
  99        git hash-object -w -t commit forged2 >forged2.commit &&
 100        ! git verify-commit $(cat forged2.commit) &&
 101        git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
 102        grep "BAD signature from" actual2 &&
 103        ! grep "Good signature from" actual2
 104'
 105
 106test_expect_success GPG 'amending already signed commit' '
 107        git checkout fourth-signed^0 &&
 108        git commit --amend -S --no-edit &&
 109        git verify-commit HEAD &&
 110        git show -s --show-signature HEAD >actual &&
 111        grep "Good signature from" actual &&
 112        ! grep "BAD signature from" actual
 113'
 114
 115test_done