| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | |
| 3 | test_description='merge signature verification tests' |
| 4 | . ./test-lib.sh |
| 5 | . "$TEST_DIRECTORY/lib-gpg.sh" |
| 6 | |
| 7 | test_expect_success GPG 'create signed commits' ' |
| 8 | echo 1 >file && git add file && |
| 9 | test_tick && git commit -m initial && |
| 10 | git tag initial && |
| 11 | |
| 12 | git checkout -b side-signed && |
| 13 | echo 3 >elif && git add elif && |
| 14 | test_tick && git commit -S -m "signed on side" && |
| 15 | git checkout initial && |
| 16 | |
| 17 | git checkout -b side-unsigned && |
| 18 | echo 3 >foo && git add foo && |
| 19 | test_tick && git commit -m "unsigned on side" && |
| 20 | git checkout initial && |
| 21 | |
| 22 | git checkout -b side-bad && |
| 23 | echo 3 >bar && git add bar && |
| 24 | test_tick && git commit -S -m "bad on side" && |
| 25 | git cat-file commit side-bad >raw && |
| SZEDER Gábor | 2f3cbcd | 2018-06-04 15:39:26 +0200 | [diff] [blame] | 26 | sed -e "s/^bad/forged bad/" raw >forged && |
| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 27 | git hash-object -w -t commit forged >forged.commit && |
| 28 | git checkout initial && |
| 29 | |
| Sebastian Götte | eb307ae | 2013-03-31 18:02:46 +0200 | [diff] [blame] | 30 | git checkout -b side-untrusted && |
| 31 | echo 3 >baz && git add baz && |
| Jeff King | 99094a7 | 2015-03-20 06:07:15 -0400 | [diff] [blame] | 32 | test_tick && git commit -SB7227189 -m "untrusted on side" && |
| Sebastian Götte | eb307ae | 2013-03-31 18:02:46 +0200 | [diff] [blame] | 33 | |
| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 34 | git checkout master |
| 35 | ' |
| 36 | |
| 37 | test_expect_success GPG 'merge unsigned commit with verification' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 38 | test_when_finished "git reset --hard && git checkout initial" && |
| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 39 | test_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror && |
| 40 | test_i18ngrep "does not have a GPG signature" mergeerror |
| 41 | ' |
| 42 | |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 43 | test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 44 | test_when_finished "git reset --hard && git checkout initial" && |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 45 | test_config merge.verifySignatures true && |
| 46 | test_must_fail git merge --ff-only side-unsigned 2>mergeerror && |
| 47 | test_i18ngrep "does not have a GPG signature" mergeerror |
| 48 | ' |
| 49 | |
| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 50 | test_expect_success GPG 'merge commit with bad signature with verification' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 51 | test_when_finished "git reset --hard && git checkout initial" && |
| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 52 | test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror && |
| 53 | test_i18ngrep "has a bad GPG signature" mergeerror |
| 54 | ' |
| 55 | |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 56 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 57 | test_when_finished "git reset --hard && git checkout initial" && |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 58 | test_config merge.verifySignatures true && |
| 59 | test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror && |
| 60 | test_i18ngrep "has a bad GPG signature" mergeerror |
| 61 | ' |
| 62 | |
| Sebastian Götte | eb307ae | 2013-03-31 18:02:46 +0200 | [diff] [blame] | 63 | test_expect_success GPG 'merge commit with untrusted signature with verification' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 64 | test_when_finished "git reset --hard && git checkout initial" && |
| Sebastian Götte | eb307ae | 2013-03-31 18:02:46 +0200 | [diff] [blame] | 65 | test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror && |
| 66 | test_i18ngrep "has an untrusted GPG signature" mergeerror |
| 67 | ' |
| 68 | |
| Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 69 | test_expect_success GPG 'merge commit with untrusted signature with verification and high minTrustLevel' ' |
| 70 | test_when_finished "git reset --hard && git checkout initial" && |
| 71 | test_config gpg.minTrustLevel marginal && |
| 72 | test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror && |
| 73 | test_i18ngrep "has an untrusted GPG signature" mergeerror |
| 74 | ' |
| 75 | |
| 76 | test_expect_success GPG 'merge commit with untrusted signature with verification and low minTrustLevel' ' |
| 77 | test_when_finished "git reset --hard && git checkout initial" && |
| 78 | test_config gpg.minTrustLevel undefined && |
| 79 | git merge --ff-only --verify-signatures side-untrusted >mergeoutput && |
| 80 | test_i18ngrep "has a good GPG signature" mergeoutput |
| 81 | ' |
| 82 | |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 83 | test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 84 | test_when_finished "git reset --hard && git checkout initial" && |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 85 | test_config merge.verifySignatures true && |
| 86 | test_must_fail git merge --ff-only side-untrusted 2>mergeerror && |
| 87 | test_i18ngrep "has an untrusted GPG signature" mergeerror |
| 88 | ' |
| 89 | |
| Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 90 | test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true and minTrustLevel' ' |
| 91 | test_when_finished "git reset --hard && git checkout initial" && |
| 92 | test_config merge.verifySignatures true && |
| 93 | test_config gpg.minTrustLevel marginal && |
| 94 | test_must_fail git merge --ff-only side-untrusted 2>mergeerror && |
| 95 | test_i18ngrep "has an untrusted GPG signature" mergeerror |
| 96 | ' |
| 97 | |
| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 98 | test_expect_success GPG 'merge signed commit with verification' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 99 | test_when_finished "git reset --hard && git checkout initial" && |
| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 100 | git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput && |
| 101 | test_i18ngrep "has a good GPG signature" mergeoutput |
| 102 | ' |
| 103 | |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 104 | test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 105 | test_when_finished "git reset --hard && git checkout initial" && |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 106 | test_config merge.verifySignatures true && |
| 107 | git merge --verbose --ff-only side-signed >mergeoutput && |
| 108 | test_i18ngrep "has a good GPG signature" mergeoutput |
| 109 | ' |
| 110 | |
| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 111 | test_expect_success GPG 'merge commit with bad signature without verification' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 112 | test_when_finished "git reset --hard && git checkout initial" && |
| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 113 | git merge $(cat forged.commit) |
| 114 | ' |
| 115 | |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 116 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 117 | test_when_finished "git reset --hard && git checkout initial" && |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 118 | test_config merge.verifySignatures false && |
| 119 | git merge $(cat forged.commit) |
| 120 | ' |
| 121 | |
| 122 | test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' ' |
| Junio C Hamano | fb2afea | 2017-12-15 11:42:36 -0800 | [diff] [blame] | 123 | test_when_finished "git reset --hard && git checkout initial" && |
| Hans Jerry Illikainen | ca779e8 | 2017-12-10 06:53:57 +0000 | [diff] [blame] | 124 | test_config merge.verifySignatures true && |
| 125 | git merge --no-verify-signatures $(cat forged.commit) |
| 126 | ' |
| 127 | |
| Jeff King | 7488ba3 | 2018-11-06 02:51:15 -0500 | [diff] [blame] | 128 | test_expect_success GPG 'merge unsigned commit into unborn branch' ' |
| 129 | test_when_finished "git checkout initial" && |
| 130 | git checkout --orphan unborn && |
| 131 | test_must_fail git merge --verify-signatures side-unsigned 2>mergeerror && |
| 132 | test_i18ngrep "does not have a GPG signature" mergeerror |
| 133 | ' |
| 134 | |
| Sebastian Götte | efed002 | 2013-03-31 18:02:24 +0200 | [diff] [blame] | 135 | test_done |
