01a31f3bca
We usually just forward the --verify-signatures option along to git-merge, and trust it to do the right thing. However, when we are on an unborn branch (i.e., there is no HEAD yet), we handle this case ourselves without even calling git-merge. And in this code path, we do not respect the verification option at all. It may be more maintainable in the long run to call git-merge for the unborn case. That would fix this bug, as well as prevent similar ones in the future. But unfortunately it's not easy to do. As t5520.3 demonstrates, there are some special cases that git-merge does not handle, like "git pull .. master:master" (by the time git-merge is invoked, we've overwritten the unborn HEAD). So for now let's just teach git-pull to handle this feature. Reported-by: Felix Eckhofer <felix@eckhofer.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
89 lines
2.7 KiB
Bash
Executable File
89 lines
2.7 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
test_description='pull signature verification tests'
|
|
. ./test-lib.sh
|
|
. "$TEST_DIRECTORY/lib-gpg.sh"
|
|
|
|
test_expect_success GPG 'create repositories with signed commits' '
|
|
echo 1 >a && git add a &&
|
|
test_tick && git commit -m initial &&
|
|
git tag initial &&
|
|
|
|
git clone . signed &&
|
|
(
|
|
cd signed &&
|
|
echo 2 >b && git add b &&
|
|
test_tick && git commit -S -m "signed"
|
|
) &&
|
|
|
|
git clone . unsigned &&
|
|
(
|
|
cd unsigned &&
|
|
echo 3 >c && git add c &&
|
|
test_tick && git commit -m "unsigned"
|
|
) &&
|
|
|
|
git clone . bad &&
|
|
(
|
|
cd bad &&
|
|
echo 4 >d && git add d &&
|
|
test_tick && git commit -S -m "bad" &&
|
|
git cat-file commit HEAD >raw &&
|
|
sed -e "s/^bad/forged bad/" raw >forged &&
|
|
git hash-object -w -t commit forged >forged.commit &&
|
|
git checkout $(cat forged.commit)
|
|
) &&
|
|
|
|
git clone . untrusted &&
|
|
(
|
|
cd untrusted &&
|
|
echo 5 >e && git add e &&
|
|
test_tick && git commit -SB7227189 -m "untrusted"
|
|
)
|
|
'
|
|
|
|
test_expect_success GPG 'pull unsigned commit with --verify-signatures' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_must_fail git pull --ff-only --verify-signatures unsigned 2>pullerror &&
|
|
test_i18ngrep "does not have a GPG signature" pullerror
|
|
'
|
|
|
|
test_expect_success GPG 'pull commit with bad signature with --verify-signatures' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_must_fail git pull --ff-only --verify-signatures bad 2>pullerror &&
|
|
test_i18ngrep "has a bad GPG signature" pullerror
|
|
'
|
|
|
|
test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror &&
|
|
test_i18ngrep "has an untrusted GPG signature" pullerror
|
|
'
|
|
|
|
test_expect_success GPG 'pull signed commit with --verify-signatures' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
git pull --verify-signatures signed >pulloutput &&
|
|
test_i18ngrep "has a good GPG signature" pulloutput
|
|
'
|
|
|
|
test_expect_success GPG 'pull commit with bad signature without verification' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
git pull --ff-only bad 2>pullerror
|
|
'
|
|
|
|
test_expect_success GPG 'pull commit with bad signature with --no-verify-signatures' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_config merge.verifySignatures true &&
|
|
test_config pull.verifySignatures true &&
|
|
git pull --ff-only --no-verify-signatures bad 2>pullerror
|
|
'
|
|
|
|
test_expect_success GPG 'pull unsigned commit into unborn branch' '
|
|
git init empty-repo &&
|
|
test_must_fail \
|
|
git -C empty-repo pull --verify-signatures .. 2>pullerror &&
|
|
test_i18ngrep "does not have a GPG signature" pullerror
|
|
'
|
|
|
|
test_done
|