dd4b94823e182811b0ddf2a1e997e50ba7c815ad
1#!/bin/sh
2
3test_description='signed commit tests'
4. ./test-lib.sh
5. "$TEST_DIRECTORY/lib-gpg.sh"
6
7test_expect_success GPG 'create signed commits' '
8 test_when_finished "test_unconfig commit.gpgsign" &&
9
10 echo 1 >file && git add file &&
11 test_tick && git commit -S -m initial &&
12 git tag initial &&
13 git branch side &&
14
15 echo 2 >file && test_tick && git commit -a -S -m second &&
16 git tag second &&
17
18 git checkout side &&
19 echo 3 >elif && git add elif &&
20 test_tick && git commit -m "third on side" &&
21
22 git checkout master &&
23 test_tick && git merge -S side &&
24 git tag merge &&
25
26 echo 4 >file && test_tick && git commit -a -m "fourth unsigned" &&
27 git tag fourth-unsigned &&
28
29 test_tick && git commit --amend -S -m "fourth signed" &&
30 git tag fourth-signed &&
31
32 git config commit.gpgsign true &&
33 echo 5 >file && test_tick && git commit -a -m "fifth signed" &&
34 git tag fifth-signed &&
35
36 git config commit.gpgsign false &&
37 echo 6 >file && test_tick && git commit -a -m "sixth" &&
38 git tag sixth-unsigned &&
39
40 git config commit.gpgsign true &&
41 echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&
42 git tag seventh-unsigned &&
43
44 test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
45 git tag seventh-signed
46'
47
48test_expect_success GPG 'verify and show signatures' '
49 (
50 for commit in initial second merge fourth-signed fifth-signed sixth-signed master
51 do
52 git verify-commit $commit &&
53 git show --pretty=short --show-signature $commit >actual &&
54 grep "Good signature from" actual &&
55 ! grep "BAD signature from" actual || exit 1
56 echo $commit OK
57 done
58 ) &&
59 (
60 for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
61 do
62 test_must_fail git verify-commit $commit &&
63 git show --pretty=short --show-signature $commit >actual &&
64 ! grep "Good signature from" actual &&
65 ! grep "BAD signature from" actual || exit 1
66 echo $commit OK
67 done
68 )
69'
70
71test_expect_success GPG 'show signed commit with signature' '
72 git show -s initial >commit &&
73 git show -s --show-signature initial >show &&
74 git verify-commit -v initial >verify.1 2>verify.2 &&
75 git cat-file commit initial >cat &&
76 grep -v "gpg: " show >show.commit &&
77 grep "gpg: " show >show.gpg &&
78 grep -v "^ " cat | grep -v "^gpgsig " >cat.commit &&
79 test_cmp show.commit commit &&
80 test_cmp show.gpg verify.2 &&
81 test_cmp cat.commit verify.1
82'
83
84test_expect_success GPG 'detect fudged signature' '
85 git cat-file commit master >raw &&
86
87 sed -e "s/seventh/7th forged/" raw >forged1 &&
88 git hash-object -w -t commit forged1 >forged1.commit &&
89 ! git verify-commit $(cat forged1.commit) &&
90 git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
91 grep "BAD signature from" actual1 &&
92 ! grep "Good signature from" actual1
93'
94
95test_expect_success GPG 'detect fudged signature with NUL' '
96 git cat-file commit master >raw &&
97 cat raw >forged2 &&
98 echo Qwik | tr "Q" "\000" >>forged2 &&
99 git hash-object -w -t commit forged2 >forged2.commit &&
100 ! git verify-commit $(cat forged2.commit) &&
101 git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
102 grep "BAD signature from" actual2 &&
103 ! grep "Good signature from" actual2
104'
105
106test_expect_success GPG 'amending already signed commit' '
107 git checkout fourth-signed^0 &&
108 git commit --amend -S --no-edit &&
109 git verify-commit HEAD &&
110 git show -s --show-signature HEAD >actual &&
111 grep "Good signature from" actual &&
112 ! grep "BAD signature from" actual
113'
114
115test_done