Commit Graph

14 Commits

Author SHA1 Message Date
Junio C Hamano
4c24385e80 Merge branch 'mg/verify-commit'
Workarounds for certain build of GPG that triggered false breakage
in a test.

* mg/verify-commit:
  t7510: do not fail when gpg warns about insecure memory
2015-03-20 13:11:51 -07:00
Kyle J. McKay
3f88c1b524 t7510: do not fail when gpg warns about insecure memory
Depending on how gpg was built, it may issue the following
message to stderr when run:

  Warning: using insecure memory!

When the test is collecting gpg output it is therefore not
enough to just match on a "gpg: " prefix it must also match
on a "Warning: " prefix wherever it needs to match lines
that have been produced by gpg.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
Acked-by: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-03-10 15:25:22 -07:00
Junio C Hamano
39177c7f18 Merge branch 'mg/verify-commit'
Add 'verify-commit' to be used in a way similar to 'verify-tag' is
used.  Further work on verifying the mergetags might be needed.

* mg/verify-commit:
  t7510: test verify-commit
  t7510: exit for loop with test result
  verify-commit: scriptable commit signature verification
  gpg-interface: provide access to the payload
  gpg-interface: provide clear helper for struct signature_check
2014-07-10 11:27:34 -07:00
Jeff King
958b2eb26c move "%G" format test from t7510 to t6006
The final test in t7510 checks that "--format" placeholders
that look similar to GPG placeholders (but that we don't
actually understand) are passed through. That test was
placed in t7510, since the other GPG placeholder tests are
there. However, it does not have a GPG prerequisite, because
it is not actually checking any signed commits.

This causes the test to erroneously fail when gpg is not
installed on a system, however. Not because we need signed
commits, but because we need _any_ commit to run "git log".
If we don't have gpg installed, t7510 doesn't create any
commits at all.

We can fix this by moving the test into t6006. This is
arguably a better place anyway, because it is where we test
most of the other placeholders (we do not test GPG
placeholders there because of the infrastructure needed to
make signed commits).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-25 15:01:06 -07:00
Michael J Gruber
8e92c2cf37 t7510: test verify-commit
This mixes the "git verify-commit" tests in with the "git show
--show-signature" tests, to keep the tests more readable.

The tests already mix in the "call show" tests with the "verify" tests.
So in case of a test beakage, a '-v' run would be needed to reveal the
exact point of breakage anyway.

Additionally, test the actual output of "git verify-commit" and "git
show --show-signature" and compare to "git cat-file".

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-23 15:50:31 -07:00
Michael J Gruber
0f109c92b0 t7510: exit for loop with test result
t7510 uses for loops in a subshell, which need to make sure that the test
returns with the appropriate error code from within the loop.

Restructure the loops as the usual && chains with a single point of
"exit 1" at the end of the loop to make this clearer.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-23 15:50:31 -07:00
Jeff King
aa4b78d483 pretty: avoid reading past end-of-string with "%G"
If the user asks for --format=%G with nothing else, we
correctly realize that "%G" is not a valid placeholder (it
should be "%G?", "%GK", etc). But we still tell the
strbuf_expand code that we consumed 2 characters, causing it
to jump over the trailing NUL and output garbage.

This also fixes the case where "%GX" would be consumed (and
produce no output). In other cases, we pass unrecognized
placeholders through to the final string.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-17 13:41:41 -07:00
Jeff King
06ca0f45a0 t7510: check %G* pretty-format output
We do not check these along with the other pretty-format
placeholders in t6006, because we need signed commits to
make them interesting. t7510 has such commits, and can
easily exercise them in addition to the regular
--show-signature code path.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-17 13:41:39 -07:00
Jeff King
4baf839fe0 t7510: test a commit signed by an unknown key
We tested both good and bad signatures, but not ones made
correctly but with a key for which we have no trust.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-17 13:41:28 -07:00
Michael J Gruber
7b1732c116 t7510: use consistent &&-chains in loop
We check multiple commits in a loop. Because we want to
break out of the loop if any single iteration fails, we use
a subshell/exit like:

  (
	for i in $stuff
	do
		do-something $i || exit 1
	done
  )

However, we are inconsistent in our loop body. Some commands
get their own "|| exit 1", and others try to chain to the
next command with "&&", like:

  X &&
  Y || exit 1
  Z || exit 1

This is a little hard to read and follow, because X and Y
are treated differently for no good reason. But much worse,
the second loop follows a similar pattern and gets it wrong.
"Y" is expected to fail, so we use "&& exit 1", giving us:

  X &&
  Y && exit 1
  Z || exit 1

That gets the test for X wrong (we do not exit unless both X
fails and Y unexpectedly succeeds, but we would want to exit
if _either_ is wrong). We can write this clearly and
correctly by consistently using "&&", followed by a single
"|| exit 1", and negating Y with "!" (as we would in a
normal &&-chain). Like:

  X &&
  ! Y &&
  Z || exit 1

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-17 13:39:52 -07:00
Jeff King
526d56e072 t7510: stop referring to master in later tests
Our setup creates a sequence of commits, each with its own
tag. However, we sometimes refer to "seventh-signed" as
"master". This works, since it is at the tip of the created
branch, but is brittle if new tests need to add more
commits. Let's use its tag name to be unambiguous.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-06-17 13:39:12 -07:00
Nicolas Vigier
4b8d14b4c5 test the commit.gpgsign config option
The tests are checking that :

- when commit.gpgsign is true, "git commit" creates signed commits

- when commit.gpgsign is false, "git commit" creates unsigned commits

- when commit.gpgsign is true, "git commit --no-gpg-sign" creates
  unsigned commits

- when commit.gpgsign is true, "git rebase -f" creates signed commits

Signed-off-by: Nicolas Vigier <boklm@mars-attacks.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-02-24 14:51:35 -08:00
Junio C Hamano
c871a1d17b commit --amend -S: strip existing gpgsig headers
Any existing commit signature was made against the contents of the old
commit, including its committer date that is about to change, and will
become invalid by amending it.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2012-01-05 13:02:26 -08:00
Junio C Hamano
247503f28f test "commit -S" and "log --show-signature"
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2011-11-12 22:27:38 -08:00