3 test_description='signed commit tests'
5 GNUPGHOME_NOT_USED=$GNUPGHOME
6 . "$TEST_DIRECTORY/lib-gpg.sh"
8 test_expect_success GPG 'create signed commits' '
9 test_oid_cache <<-\EOF &&
11 header sha256:gpgsig-sha256
14 test_when_finished "test_unconfig commit.gpgsign" &&
16 echo 1 >file && git add file &&
17 test_tick && git commit -S -m initial &&
21 echo 2 >file && test_tick && git commit -a -S -m second &&
25 echo 3 >elif && git add elif &&
26 test_tick && git commit -m "third on side" &&
28 git checkout master &&
29 test_tick && git merge -S side &&
32 echo 4 >file && test_tick && git commit -a -m "fourth unsigned" &&
33 git tag fourth-unsigned &&
35 test_tick && git commit --amend -S -m "fourth signed" &&
36 git tag fourth-signed &&
38 git config commit.gpgsign true &&
39 echo 5 >file && test_tick && git commit -a -m "fifth signed" &&
40 git tag fifth-signed &&
42 git config commit.gpgsign false &&
43 echo 6 >file && test_tick && git commit -a -m "sixth" &&
44 git tag sixth-unsigned &&
46 git config commit.gpgsign true &&
47 echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&
48 git tag seventh-unsigned &&
50 test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
51 git tag seventh-signed &&
53 echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 &&
54 git tag eighth-signed-alt &&
56 # commit.gpgsign is still on but this must not be signed
57 echo 9 | git commit-tree HEAD^{tree} >oid &&
58 test_line_count = 1 oid &&
59 git tag ninth-unsigned $(cat oid) &&
60 # explicit -S of course must sign.
61 echo 10 | git commit-tree -S HEAD^{tree} >oid &&
62 test_line_count = 1 oid &&
63 git tag tenth-signed $(cat oid) &&
65 # --gpg-sign[=<key-id>] must sign.
66 echo 11 | git commit-tree --gpg-sign HEAD^{tree} >oid &&
67 test_line_count = 1 oid &&
68 git tag eleventh-signed $(cat oid) &&
69 echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
70 test_line_count = 1 oid &&
71 git tag twelfth-signed-alt $(cat oid)
74 test_expect_success GPG 'verify and show signatures' '
76 for commit in initial second merge fourth-signed \
77 fifth-signed sixth-signed seventh-signed tenth-signed \
80 git verify-commit $commit &&
81 git show --pretty=short --show-signature $commit >actual &&
82 grep "Good signature from" actual &&
83 ! grep "BAD signature from" actual &&
84 echo $commit OK || exit 1
88 for commit in merge^2 fourth-unsigned sixth-unsigned \
89 seventh-unsigned ninth-unsigned
91 test_must_fail git verify-commit $commit &&
92 git show --pretty=short --show-signature $commit >actual &&
93 ! grep "Good signature from" actual &&
94 ! grep "BAD signature from" actual &&
95 echo $commit OK || exit 1
99 for commit in eighth-signed-alt twelfth-signed-alt
101 git show --pretty=short --show-signature $commit >actual &&
102 grep "Good signature from" actual &&
103 ! grep "BAD signature from" actual &&
104 grep "not certified" actual &&
105 echo $commit OK || exit 1
110 test_expect_success GPG 'verify-commit exits success on untrusted signature' '
111 git verify-commit eighth-signed-alt 2>actual &&
112 grep "Good signature from" actual &&
113 ! grep "BAD signature from" actual &&
114 grep "not certified" actual
117 test_expect_success GPG 'verify-commit exits success with matching minTrustLevel' '
118 test_config gpg.minTrustLevel ultimate &&
119 git verify-commit sixth-signed
122 test_expect_success GPG 'verify-commit exits success with low minTrustLevel' '
123 test_config gpg.minTrustLevel fully &&
124 git verify-commit sixth-signed
127 test_expect_success GPG 'verify-commit exits failure with high minTrustLevel' '
128 test_config gpg.minTrustLevel ultimate &&
129 test_must_fail git verify-commit eighth-signed-alt
132 test_expect_success GPG 'verify signatures with --raw' '
134 for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
136 git verify-commit --raw $commit 2>actual &&
137 grep "GOODSIG" actual &&
138 ! grep "BADSIG" actual &&
139 echo $commit OK || exit 1
143 for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
145 test_must_fail git verify-commit --raw $commit 2>actual &&
146 ! grep "GOODSIG" actual &&
147 ! grep "BADSIG" actual &&
148 echo $commit OK || exit 1
152 for commit in eighth-signed-alt
154 git verify-commit --raw $commit 2>actual &&
155 grep "GOODSIG" actual &&
156 ! grep "BADSIG" actual &&
157 grep "TRUST_UNDEFINED" actual &&
158 echo $commit OK || exit 1
163 test_expect_success GPG 'proper header is used for hash algorithm' '
164 git cat-file commit fourth-signed >output &&
165 grep "^$(test_oid header) -----BEGIN PGP SIGNATURE-----" output
168 test_expect_success GPG 'show signed commit with signature' '
169 git show -s initial >commit &&
170 git show -s --show-signature initial >show &&
171 git verify-commit -v initial >verify.1 2>verify.2 &&
172 git cat-file commit initial >cat &&
173 grep -v -e "gpg: " -e "Warning: " show >show.commit &&
174 grep -e "gpg: " -e "Warning: " show >show.gpg &&
175 grep -v "^ " cat | grep -v "^$(test_oid header) " >cat.commit &&
176 test_cmp show.commit commit &&
177 test_cmp show.gpg verify.2 &&
178 test_cmp cat.commit verify.1
181 test_expect_success GPG 'detect fudged signature' '
182 git cat-file commit seventh-signed >raw &&
183 sed -e "s/^seventh/7th forged/" raw >forged1 &&
184 git hash-object -w -t commit forged1 >forged1.commit &&
185 test_must_fail git verify-commit $(cat forged1.commit) &&
186 git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
187 grep "BAD signature from" actual1 &&
188 ! grep "Good signature from" actual1
191 test_expect_success GPG 'detect fudged signature with NUL' '
192 git cat-file commit seventh-signed >raw &&
194 echo Qwik | tr "Q" "\000" >>forged2 &&
195 git hash-object -w -t commit forged2 >forged2.commit &&
196 test_must_fail git verify-commit $(cat forged2.commit) &&
197 git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
198 grep "BAD signature from" actual2 &&
199 ! grep "Good signature from" actual2
202 test_expect_success GPG 'amending already signed commit' '
203 git checkout fourth-signed^0 &&
204 git commit --amend -S --no-edit &&
205 git verify-commit HEAD &&
206 git show -s --show-signature HEAD >actual &&
207 grep "Good signature from" actual &&
208 ! grep "BAD signature from" actual
211 test_expect_success GPG 'show good signature with custom format' '
212 cat >expect <<-\EOF &&
215 C O Mitter <committer@example.com>
216 73D758744BE721698EC54E8713B6F51ECDDE430D
217 73D758744BE721698EC54E8713B6F51ECDDE430D
219 git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual &&
220 test_cmp expect actual
223 test_expect_success GPG 'show bad signature with custom format' '
224 cat >expect <<-\EOF &&
227 C O Mitter <committer@example.com>
231 git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat forged1.commit) >actual &&
232 test_cmp expect actual
235 test_expect_success GPG 'show untrusted signature with custom format' '
236 cat >expect <<-\EOF &&
239 Eris Discordia <discord@example.net>
240 F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
241 D4BE22311AD3131E5EDA29A461092E85B7227189
243 git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
244 test_cmp expect actual
247 test_expect_success GPG 'show untrusted signature with undefined trust level' '
248 cat >expect <<-\EOF &&
251 Eris Discordia <discord@example.net>
252 F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
253 D4BE22311AD3131E5EDA29A461092E85B7227189
255 git log -1 --format="%GT%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
256 test_cmp expect actual
259 test_expect_success GPG 'show untrusted signature with ultimate trust level' '
260 cat >expect <<-\EOF &&
263 C O Mitter <committer@example.com>
264 73D758744BE721698EC54E8713B6F51ECDDE430D
265 73D758744BE721698EC54E8713B6F51ECDDE430D
267 git log -1 --format="%GT%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual &&
268 test_cmp expect actual
271 test_expect_success GPG 'show unknown signature with custom format' '
272 cat >expect <<-\EOF &&
279 GNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
280 test_cmp expect actual
283 test_expect_success GPG 'show lack of signature with custom format' '
284 cat >expect <<-\EOF &&
291 git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" seventh-unsigned >actual &&
292 test_cmp expect actual
295 test_expect_success GPG 'log.showsignature behaves like --show-signature' '
296 test_config log.showsignature true &&
297 git show initial >actual &&
298 grep "gpg: Signature made" actual &&
299 grep "gpg: Good signature" actual
302 test_expect_success GPG 'check config gpg.format values' '
303 test_config gpg.format openpgp &&
304 git commit -S --amend -m "success" &&
305 test_config gpg.format OpEnPgP &&
306 test_must_fail git commit -S --amend -m "fail"
309 test_expect_success GPG 'detect fudged commit with double signature' '
310 sed -e "/gpgsig/,/END PGP/d" forged1 >double-base &&
311 sed -n -e "/gpgsig/,/END PGP/p" forged1 | \
312 sed -e "s/^$(test_oid header)//;s/^ //" | gpg --dearmor >double-sig1.sig &&
313 gpg -o double-sig2.sig -u 29472784 --detach-sign double-base &&
314 cat double-sig1.sig double-sig2.sig | gpg --enarmor >double-combined.asc &&
315 sed -e "s/^\(-.*\)ARMORED FILE/\1SIGNATURE/;1s/^/$(test_oid header) /;2,\$s/^/ /" \
316 double-combined.asc > double-gpgsig &&
317 sed -e "/committer/r double-gpgsig" double-base >double-commit &&
318 git hash-object -w -t commit double-commit >double-commit.commit &&
319 test_must_fail git verify-commit $(cat double-commit.commit) &&
320 git show --pretty=short --show-signature $(cat double-commit.commit) >double-actual &&
321 grep "BAD signature from" double-actual &&
322 grep "Good signature from" double-actual
325 test_expect_success GPG 'show double signature with custom format' '
326 cat >expect <<-\EOF &&
333 git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat double-commit.commit) >actual &&
334 test_cmp expect actual
projects / git / blob