t: add tests for pull --verify-signatures

Add tests for pull --verify-signatures with untrusted, bad and no
signatures.  Previously the only test for --verify-signatures was to
make sure that pull --rebase --verify-signatures result in a warning
(t5520-pull.sh).

Signed-off-by: Hans Jerry Illikainen <hji@dyntopia.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/t/t5573-pull-verify-signatures.sh b/t/t5573-pull-verify-signatures.sh
new file mode 100755 (executable)
index 0000000..8ae331f
--- /dev/null
+++ b/t/t5573-pull-verify-signatures.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+test_description='pull signature verification tests'
+. ./test-lib.sh
+. "$TEST_DIRECTORY/lib-gpg.sh"
+
+test_expect_success GPG 'create repositories with signed commits' '
+       echo 1 >a && git add a &&
+       test_tick && git commit -m initial &&
+       git tag initial &&
+
+       git clone . signed &&
+       (
+               cd signed &&
+               echo 2 >b && git add b &&
+               test_tick && git commit -S -m "signed"
+       ) &&
+
+       git clone . unsigned &&
+       (
+               cd unsigned &&
+               echo 3 >c && git add c &&
+               test_tick && git commit -m "unsigned"
+       ) &&
+
+       git clone . bad &&
+       (
+               cd bad &&
+               echo 4 >d && git add d &&
+               test_tick && git commit -S -m "bad" &&
+               git cat-file commit HEAD >raw &&
+               sed -e "s/bad/forged bad/" raw >forged &&
+               git hash-object -w -t commit forged >forged.commit &&
+               git checkout $(cat forged.commit)
+       ) &&
+
+       git clone . untrusted &&
+       (
+               cd untrusted &&
+               echo 5 >e && git add e &&
+               test_tick && git commit -SB7227189 -m "untrusted"
+       )
+'
+
+test_expect_success GPG 'pull unsigned commit with --verify-signatures' '
+       test_must_fail git pull --ff-only --verify-signatures unsigned 2>pullerror &&
+       test_i18ngrep "does not have a GPG signature" pullerror
+'
+
+test_expect_success GPG 'pull commit with bad signature with --verify-signatures' '
+       test_must_fail git pull --ff-only --verify-signatures bad 2>pullerror &&
+       test_i18ngrep "has a bad GPG signature" pullerror
+'
+
+test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures' '
+       test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror &&
+       test_i18ngrep "has an untrusted GPG signature" pullerror
+'
+
+test_expect_success GPG 'pull signed commit with --verify-signatures' '
+       test_when_finished "git checkout initial" &&
+       git pull --verify-signatures signed >pulloutput &&
+       test_i18ngrep "has a good GPG signature" pulloutput
+'
+
+test_expect_success GPG 'pull commit with bad signature without verification' '
+       test_when_finished "git checkout initial" &&
+       git pull --ff-only bad 2>pullerror
+'
+
+test_expect_success GPG 'pull commit with bad signature with --no-verify-signatures' '
+       test_when_finished "git checkout initial" &&
+       test_config merge.verifySignatures true &&
+       test_config pull.verifySignatures true &&
+       git pull --ff-only --no-verify-signatures bad 2>pullerror
+'
+
+test_done