3 test_description='merge signature verification tests'
4 GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main
5 export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
8 . "$TEST_DIRECTORY/lib-gpg.sh"
10 test_expect_success GPG 'create signed commits' '
11 echo 1 >file && git add file &&
12 test_tick && git commit -m initial &&
15 git checkout -b side-signed &&
16 echo 3 >elif && git add elif &&
17 test_tick && git commit -S -m "signed on side" &&
18 git checkout initial &&
20 git checkout -b side-unsigned &&
21 echo 3 >foo && git add foo &&
22 test_tick && git commit -m "unsigned on side" &&
23 git checkout initial &&
25 git checkout -b side-bad &&
26 echo 3 >bar && git add bar &&
27 test_tick && git commit -S -m "bad on side" &&
28 git cat-file commit side-bad >raw &&
29 sed -e "s/^bad/forged bad/" raw >forged &&
30 git hash-object -w -t commit forged >forged.commit &&
31 git checkout initial &&
33 git checkout -b side-untrusted &&
34 echo 3 >baz && git add baz &&
35 test_tick && git commit -SB7227189 -m "untrusted on side" &&
40 test_expect_success GPG 'merge unsigned commit with verification' '
41 test_when_finished "git reset --hard && git checkout initial" &&
42 test_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror &&
43 test_i18ngrep "does not have a GPG signature" mergeerror
46 test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' '
47 test_when_finished "git reset --hard && git checkout initial" &&
48 test_config merge.verifySignatures true &&
49 test_must_fail git merge --ff-only side-unsigned 2>mergeerror &&
50 test_i18ngrep "does not have a GPG signature" mergeerror
53 test_expect_success GPG 'merge commit with bad signature with verification' '
54 test_when_finished "git reset --hard && git checkout initial" &&
55 test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror &&
56 test_i18ngrep "has a bad GPG signature" mergeerror
59 test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' '
60 test_when_finished "git reset --hard && git checkout initial" &&
61 test_config merge.verifySignatures true &&
62 test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror &&
63 test_i18ngrep "has a bad GPG signature" mergeerror
66 test_expect_success GPG 'merge commit with untrusted signature with verification' '
67 test_when_finished "git reset --hard && git checkout initial" &&
68 test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
69 test_i18ngrep "has an untrusted GPG signature" mergeerror
72 test_expect_success GPG 'merge commit with untrusted signature with verification and high minTrustLevel' '
73 test_when_finished "git reset --hard && git checkout initial" &&
74 test_config gpg.minTrustLevel marginal &&
75 test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
76 test_i18ngrep "has an untrusted GPG signature" mergeerror
79 test_expect_success GPG 'merge commit with untrusted signature with verification and low minTrustLevel' '
80 test_when_finished "git reset --hard && git checkout initial" &&
81 test_config gpg.minTrustLevel undefined &&
82 git merge --ff-only --verify-signatures side-untrusted >mergeoutput &&
83 test_i18ngrep "has a good GPG signature" mergeoutput
86 test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' '
87 test_when_finished "git reset --hard && git checkout initial" &&
88 test_config merge.verifySignatures true &&
89 test_must_fail git merge --ff-only side-untrusted 2>mergeerror &&
90 test_i18ngrep "has an untrusted GPG signature" mergeerror
93 test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true and minTrustLevel' '
94 test_when_finished "git reset --hard && git checkout initial" &&
95 test_config merge.verifySignatures true &&
96 test_config gpg.minTrustLevel marginal &&
97 test_must_fail git merge --ff-only side-untrusted 2>mergeerror &&
98 test_i18ngrep "has an untrusted GPG signature" mergeerror
101 test_expect_success GPG 'merge signed commit with verification' '
102 test_when_finished "git reset --hard && git checkout initial" &&
103 git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&
104 test_i18ngrep "has a good GPG signature" mergeoutput
107 test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' '
108 test_when_finished "git reset --hard && git checkout initial" &&
109 test_config merge.verifySignatures true &&
110 git merge --verbose --ff-only side-signed >mergeoutput &&
111 test_i18ngrep "has a good GPG signature" mergeoutput
114 test_expect_success GPG 'merge commit with bad signature without verification' '
115 test_when_finished "git reset --hard && git checkout initial" &&
116 git merge $(cat forged.commit)
119 test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' '
120 test_when_finished "git reset --hard && git checkout initial" &&
121 test_config merge.verifySignatures false &&
122 git merge $(cat forged.commit)
125 test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' '
126 test_when_finished "git reset --hard && git checkout initial" &&
127 test_config merge.verifySignatures true &&
128 git merge --no-verify-signatures $(cat forged.commit)
131 test_expect_success GPG 'merge unsigned commit into unborn branch' '
132 test_when_finished "git checkout initial" &&
133 git checkout --orphan unborn &&
134 test_must_fail git merge --verify-signatures side-unsigned 2>mergeerror &&
135 test_i18ngrep "does not have a GPG signature" mergeerror