Andrew's git / gitweb.git / blobdiff
?
Merge branch 'pb/commit-verbose-config'
[gitweb.git] / t / t7510-signed-commit.sh
diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
index 13331e533bf520b6f268df16f8a143b8661a1c72..4177a8609acac433cbc3f87d9ddec9c02672963c 100755 (executable)
--- a/t/t7510-signed-commit.sh
+++ b/t/t7510-signed-commit.sh
@@ -45,12 +45,18 @@ test_expect_success GPG 'create signed commits' '
        git tag seventh-signed &&
 
        echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 &&
-       git tag eighth-signed-alt
+       git tag eighth-signed-alt &&
+
+       # commit.gpgsign is still on but this must not be signed
+       git tag ninth-unsigned $(echo 9 | git commit-tree HEAD^{tree}) &&
+       # explicit -S of course must sign.
+       git tag tenth-signed $(echo 9 | git commit-tree -S HEAD^{tree})
 '
 
 test_expect_success GPG 'verify and show signatures' '
        (
-               for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
+               for commit in initial second merge fourth-signed \
+                       fifth-signed sixth-signed seventh-signed tenth-signed
                do
                        git verify-commit $commit &&
                        git show --pretty=short --show-signature $commit >actual &&
@@ -60,7 +66,8 @@ test_expect_success GPG 'verify and show signatures' '
                done
        ) &&
        (
-               for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
+               for commit in merge^2 fourth-unsigned sixth-unsigned \
+                       seventh-unsigned ninth-unsigned
                do
                        test_must_fail git verify-commit $commit &&
                        git show --pretty=short --show-signature $commit >actual &&
@@ -81,6 +88,44 @@ test_expect_success GPG 'verify and show signatures' '
        )
 '
 
+test_expect_success GPG 'verify-commit exits success on untrusted signature' '
+       git verify-commit eighth-signed-alt 2>actual &&
+       grep "Good signature from" actual &&
+       ! grep "BAD signature from" actual &&
+       grep "not certified" actual
+'
+
+test_expect_success GPG 'verify signatures with --raw' '
+       (
+               for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
+               do
+                       git verify-commit --raw $commit 2>actual &&
+                       grep "GOODSIG" actual &&
+                       ! grep "BADSIG" actual &&
+                       echo $commit OK || exit 1
+               done
+       ) &&
+       (
+               for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
+               do
+                       test_must_fail git verify-commit --raw $commit 2>actual &&
+                       ! grep "GOODSIG" actual &&
+                       ! grep "BADSIG" actual &&
+                       echo $commit OK || exit 1
+               done
+       ) &&
+       (
+               for commit in eighth-signed-alt
+               do
+                       git verify-commit --raw $commit 2>actual &&
+                       grep "GOODSIG" actual &&
+                       ! grep "BADSIG" actual &&
+                       grep "TRUST_UNDEFINED" actual &&
+                       echo $commit OK || exit 1
+               done
+       )
+'
+
 test_expect_success GPG 'show signed commit with signature' '
        git show -s initial >commit &&
        git show -s --show-signature initial >show &&