diff options
| author | Junio C Hamano <gitster@pobox.com> | 2014-07-10 11:27:33 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-07-10 11:27:34 -0700 |
| commit | 39177c7f184b4c07a1f53f99f59c920c3fb6222d (patch) | |
| tree | 1a536ab74526d6aaa089b4e72742b4b3686c89fe /t/t7510-signed-commit.sh | |
| parent | 3d77f72efe79eb90f67aec9ecf6d4bd11fc9a78c (diff) | |
| parent | 8e92c2cf37038a3b3bb82724f018e4d0ab1180ff (diff) | |
| download | git-39177c7f184b4c07a1f53f99f59c920c3fb6222d.tar.gz git-39177c7f184b4c07a1f53f99f59c920c3fb6222d.tar.xz | |
Merge branch 'mg/verify-commit'
Add 'verify-commit' to be used in a way similar to 'verify-tag' is
used. Further work on verifying the mergetags might be needed.
* mg/verify-commit:
t7510: test verify-commit
t7510: exit for loop with test result
verify-commit: scriptable commit signature verification
gpg-interface: provide access to the payload
gpg-interface: provide clear helper for struct signature_check
Diffstat (limited to 't/t7510-signed-commit.sh')
| -rwxr-xr-x | t/t7510-signed-commit.sh | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh index e97477a3b..474dab381 100755 --- a/t/t7510-signed-commit.sh +++ b/t/t7510-signed-commit.sh @@ -48,10 +48,11 @@ test_expect_success GPG 'create signed commits' ' git tag eighth-signed-alt ' -test_expect_success GPG 'show signatures' ' +test_expect_success GPG 'verify and show signatures' ' ( for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed do + git verify-commit $commit && git show --pretty=short --show-signature $commit >actual && grep "Good signature from" actual && ! grep "BAD signature from" actual && @@ -61,6 +62,7 @@ test_expect_success GPG 'show signatures' ' ( for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned do + test_must_fail git verify-commit $commit && git show --pretty=short --show-signature $commit >actual && ! grep "Good signature from" actual && ! grep "BAD signature from" actual && @@ -79,11 +81,25 @@ test_expect_success GPG 'show signatures' ' ) ' +test_expect_success GPG 'show signed commit with signature' ' + git show -s initial >commit && + git show -s --show-signature initial >show && + git verify-commit -v initial >verify.1 2>verify.2 && + git cat-file commit initial >cat && + grep -v "gpg: " show >show.commit && + grep "gpg: " show >show.gpg && + grep -v "^ " cat | grep -v "^gpgsig " >cat.commit && + test_cmp show.commit commit && + test_cmp show.gpg verify.2 && + test_cmp cat.commit verify.1 +' + test_expect_success GPG 'detect fudged signature' ' git cat-file commit seventh-signed >raw && sed -e "s/seventh/7th forged/" raw >forged1 && git hash-object -w -t commit forged1 >forged1.commit && + ! git verify-commit $(cat forged1.commit) && git show --pretty=short --show-signature $(cat forged1.commit) >actual1 && grep "BAD signature from" actual1 && ! grep "Good signature from" actual1 @@ -94,6 +110,7 @@ test_expect_success GPG 'detect fudged signature with NUL' ' cat raw >forged2 && echo Qwik | tr "Q" "\000" >>forged2 && git hash-object -w -t commit forged2 >forged2.commit && + ! git verify-commit $(cat forged2.commit) && git show --pretty=short --show-signature $(cat forged2.commit) >actual2 && grep "BAD signature from" actual2 && ! grep "Good signature from" actual2 @@ -102,6 +119,7 @@ test_expect_success GPG 'detect fudged signature with NUL' ' test_expect_success GPG 'amending already signed commit' ' git checkout fourth-signed^0 && git commit --amend -S --no-edit && + git verify-commit HEAD && git show -s --show-signature HEAD >actual && grep "Good signature from" actual && ! grep "BAD signature from" actual |