Merge branch 'hi/merge-verify-sig-config'
"git merge" learned to pay attention to merge.verifySignatures configuration variable and pretend as if '--verify-signatures' option was given from the command line. * hi/merge-verify-sig-config: t5573, t7612: clean up after unexpected success of 'pull' and 'merge' t: add tests for pull --verify-signatures merge: add config option for verifySignatures
This commit is contained in:
commit
0433d533f1
@ -26,6 +26,10 @@ merge.ff::
|
|||||||
allowed (equivalent to giving the `--ff-only` option from the
|
allowed (equivalent to giving the `--ff-only` option from the
|
||||||
command line).
|
command line).
|
||||||
|
|
||||||
|
merge.verifySignatures::
|
||||||
|
If true, this is equivalent to the --verify-signatures command
|
||||||
|
line option. See linkgit:git-merge[1] for details.
|
||||||
|
|
||||||
include::fmt-merge-msg-config.txt[]
|
include::fmt-merge-msg-config.txt[]
|
||||||
|
|
||||||
merge.renameLimit::
|
merge.renameLimit::
|
||||||
|
@ -567,6 +567,8 @@ static int git_merge_config(const char *k, const char *v, void *cb)
|
|||||||
|
|
||||||
if (!strcmp(k, "merge.diffstat") || !strcmp(k, "merge.stat"))
|
if (!strcmp(k, "merge.diffstat") || !strcmp(k, "merge.stat"))
|
||||||
show_diffstat = git_config_bool(k, v);
|
show_diffstat = git_config_bool(k, v);
|
||||||
|
else if (!strcmp(k, "merge.verifysignatures"))
|
||||||
|
verify_signatures = git_config_bool(k, v);
|
||||||
else if (!strcmp(k, "pull.twohead"))
|
else if (!strcmp(k, "pull.twohead"))
|
||||||
return git_config_string(&pull_twohead, k, v);
|
return git_config_string(&pull_twohead, k, v);
|
||||||
else if (!strcmp(k, "pull.octopus"))
|
else if (!strcmp(k, "pull.octopus"))
|
||||||
|
81
t/t5573-pull-verify-signatures.sh
Executable file
81
t/t5573-pull-verify-signatures.sh
Executable file
@ -0,0 +1,81 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
test_description='pull signature verification tests'
|
||||||
|
. ./test-lib.sh
|
||||||
|
. "$TEST_DIRECTORY/lib-gpg.sh"
|
||||||
|
|
||||||
|
test_expect_success GPG 'create repositories with signed commits' '
|
||||||
|
echo 1 >a && git add a &&
|
||||||
|
test_tick && git commit -m initial &&
|
||||||
|
git tag initial &&
|
||||||
|
|
||||||
|
git clone . signed &&
|
||||||
|
(
|
||||||
|
cd signed &&
|
||||||
|
echo 2 >b && git add b &&
|
||||||
|
test_tick && git commit -S -m "signed"
|
||||||
|
) &&
|
||||||
|
|
||||||
|
git clone . unsigned &&
|
||||||
|
(
|
||||||
|
cd unsigned &&
|
||||||
|
echo 3 >c && git add c &&
|
||||||
|
test_tick && git commit -m "unsigned"
|
||||||
|
) &&
|
||||||
|
|
||||||
|
git clone . bad &&
|
||||||
|
(
|
||||||
|
cd bad &&
|
||||||
|
echo 4 >d && git add d &&
|
||||||
|
test_tick && git commit -S -m "bad" &&
|
||||||
|
git cat-file commit HEAD >raw &&
|
||||||
|
sed -e "s/bad/forged bad/" raw >forged &&
|
||||||
|
git hash-object -w -t commit forged >forged.commit &&
|
||||||
|
git checkout $(cat forged.commit)
|
||||||
|
) &&
|
||||||
|
|
||||||
|
git clone . untrusted &&
|
||||||
|
(
|
||||||
|
cd untrusted &&
|
||||||
|
echo 5 >e && git add e &&
|
||||||
|
test_tick && git commit -SB7227189 -m "untrusted"
|
||||||
|
)
|
||||||
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'pull unsigned commit with --verify-signatures' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
test_must_fail git pull --ff-only --verify-signatures unsigned 2>pullerror &&
|
||||||
|
test_i18ngrep "does not have a GPG signature" pullerror
|
||||||
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'pull commit with bad signature with --verify-signatures' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
test_must_fail git pull --ff-only --verify-signatures bad 2>pullerror &&
|
||||||
|
test_i18ngrep "has a bad GPG signature" pullerror
|
||||||
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror &&
|
||||||
|
test_i18ngrep "has an untrusted GPG signature" pullerror
|
||||||
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'pull signed commit with --verify-signatures' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
git pull --verify-signatures signed >pulloutput &&
|
||||||
|
test_i18ngrep "has a good GPG signature" pulloutput
|
||||||
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'pull commit with bad signature without verification' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
git pull --ff-only bad 2>pullerror
|
||||||
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'pull commit with bad signature with --no-verify-signatures' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
test_config merge.verifySignatures true &&
|
||||||
|
test_config pull.verifySignatures true &&
|
||||||
|
git pull --ff-only --no-verify-signatures bad 2>pullerror
|
||||||
|
'
|
||||||
|
|
||||||
|
test_done
|
@ -35,27 +35,72 @@ test_expect_success GPG 'create signed commits' '
|
|||||||
'
|
'
|
||||||
|
|
||||||
test_expect_success GPG 'merge unsigned commit with verification' '
|
test_expect_success GPG 'merge unsigned commit with verification' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
test_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror &&
|
test_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror &&
|
||||||
test_i18ngrep "does not have a GPG signature" mergeerror
|
test_i18ngrep "does not have a GPG signature" mergeerror
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
test_config merge.verifySignatures true &&
|
||||||
|
test_must_fail git merge --ff-only side-unsigned 2>mergeerror &&
|
||||||
|
test_i18ngrep "does not have a GPG signature" mergeerror
|
||||||
|
'
|
||||||
|
|
||||||
test_expect_success GPG 'merge commit with bad signature with verification' '
|
test_expect_success GPG 'merge commit with bad signature with verification' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror &&
|
test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror &&
|
||||||
test_i18ngrep "has a bad GPG signature" mergeerror
|
test_i18ngrep "has a bad GPG signature" mergeerror
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
test_config merge.verifySignatures true &&
|
||||||
|
test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror &&
|
||||||
|
test_i18ngrep "has a bad GPG signature" mergeerror
|
||||||
|
'
|
||||||
|
|
||||||
test_expect_success GPG 'merge commit with untrusted signature with verification' '
|
test_expect_success GPG 'merge commit with untrusted signature with verification' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
|
test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
|
||||||
test_i18ngrep "has an untrusted GPG signature" mergeerror
|
test_i18ngrep "has an untrusted GPG signature" mergeerror
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
test_config merge.verifySignatures true &&
|
||||||
|
test_must_fail git merge --ff-only side-untrusted 2>mergeerror &&
|
||||||
|
test_i18ngrep "has an untrusted GPG signature" mergeerror
|
||||||
|
'
|
||||||
|
|
||||||
test_expect_success GPG 'merge signed commit with verification' '
|
test_expect_success GPG 'merge signed commit with verification' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&
|
git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&
|
||||||
test_i18ngrep "has a good GPG signature" mergeoutput
|
test_i18ngrep "has a good GPG signature" mergeoutput
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
test_config merge.verifySignatures true &&
|
||||||
|
git merge --verbose --ff-only side-signed >mergeoutput &&
|
||||||
|
test_i18ngrep "has a good GPG signature" mergeoutput
|
||||||
|
'
|
||||||
|
|
||||||
test_expect_success GPG 'merge commit with bad signature without verification' '
|
test_expect_success GPG 'merge commit with bad signature without verification' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
git merge $(cat forged.commit)
|
git merge $(cat forged.commit)
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
test_config merge.verifySignatures false &&
|
||||||
|
git merge $(cat forged.commit)
|
||||||
|
'
|
||||||
|
|
||||||
|
test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' '
|
||||||
|
test_when_finished "git reset --hard && git checkout initial" &&
|
||||||
|
test_config merge.verifySignatures true &&
|
||||||
|
git merge --no-verify-signatures $(cat forged.commit)
|
||||||
|
'
|
||||||
|
|
||||||
test_done
|
test_done
|
||||||
|
Loading…
Reference in New Issue
Block a user