summaryrefslogtreecommitdiff
path: root/t/t7510-signed-commit.sh
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2014-07-10 11:27:33 -0700
committerJunio C Hamano <gitster@pobox.com>2014-07-10 11:27:34 -0700
commit39177c7f184b4c07a1f53f99f59c920c3fb6222d (patch)
tree1a536ab74526d6aaa089b4e72742b4b3686c89fe /t/t7510-signed-commit.sh
parent3d77f72efe79eb90f67aec9ecf6d4bd11fc9a78c (diff)
parent8e92c2cf37038a3b3bb82724f018e4d0ab1180ff (diff)
downloadgit-39177c7f184b4c07a1f53f99f59c920c3fb6222d.tar.gz
Merge branch 'mg/verify-commit'
Add 'verify-commit' to be used in a way similar to 'verify-tag' is used. Further work on verifying the mergetags might be needed. * mg/verify-commit: t7510: test verify-commit t7510: exit for loop with test result verify-commit: scriptable commit signature verification gpg-interface: provide access to the payload gpg-interface: provide clear helper for struct signature_check
Diffstat (limited to 't/t7510-signed-commit.sh')
-rwxr-xr-xt/t7510-signed-commit.sh20
1 files changed, 19 insertions, 1 deletions
diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
index e97477a3b9..474dab381a 100755
--- a/t/t7510-signed-commit.sh
+++ b/t/t7510-signed-commit.sh
@@ -48,10 +48,11 @@ test_expect_success GPG 'create signed commits' '
git tag eighth-signed-alt
'
-test_expect_success GPG 'show signatures' '
+test_expect_success GPG 'verify and show signatures' '
(
for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
do
+ git verify-commit $commit &&
git show --pretty=short --show-signature $commit >actual &&
grep "Good signature from" actual &&
! grep "BAD signature from" actual &&
@@ -61,6 +62,7 @@ test_expect_success GPG 'show signatures' '
(
for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
do
+ test_must_fail git verify-commit $commit &&
git show --pretty=short --show-signature $commit >actual &&
! grep "Good signature from" actual &&
! grep "BAD signature from" actual &&
@@ -79,11 +81,25 @@ test_expect_success GPG 'show signatures' '
)
'
+test_expect_success GPG 'show signed commit with signature' '
+ git show -s initial >commit &&
+ git show -s --show-signature initial >show &&
+ git verify-commit -v initial >verify.1 2>verify.2 &&
+ git cat-file commit initial >cat &&
+ grep -v "gpg: " show >show.commit &&
+ grep "gpg: " show >show.gpg &&
+ grep -v "^ " cat | grep -v "^gpgsig " >cat.commit &&
+ test_cmp show.commit commit &&
+ test_cmp show.gpg verify.2 &&
+ test_cmp cat.commit verify.1
+'
+
test_expect_success GPG 'detect fudged signature' '
git cat-file commit seventh-signed >raw &&
sed -e "s/seventh/7th forged/" raw >forged1 &&
git hash-object -w -t commit forged1 >forged1.commit &&
+ ! git verify-commit $(cat forged1.commit) &&
git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
grep "BAD signature from" actual1 &&
! grep "Good signature from" actual1
@@ -94,6 +110,7 @@ test_expect_success GPG 'detect fudged signature with NUL' '
cat raw >forged2 &&
echo Qwik | tr "Q" "\000" >>forged2 &&
git hash-object -w -t commit forged2 >forged2.commit &&
+ ! git verify-commit $(cat forged2.commit) &&
git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
grep "BAD signature from" actual2 &&
! grep "Good signature from" actual2
@@ -102,6 +119,7 @@ test_expect_success GPG 'detect fudged signature with NUL' '
test_expect_success GPG 'amending already signed commit' '
git checkout fourth-signed^0 &&
git commit --amend -S --no-edit &&
+ git verify-commit HEAD &&
git show -s --show-signature HEAD >actual &&
grep "Good signature from" actual &&
! grep "BAD signature from" actual