receive-pack: GPG-validate push certificates
[git/mingw.git] / t / t5534-push-signed.sh
blob4198b6a2fbf2164476ee84c7f4122c5a12b92839
1 #!/bin/sh
3 test_description='signed push'
5 . ./test-lib.sh
6 . "$TEST_DIRECTORY"/lib-gpg.sh
8 prepare_dst () {
9 rm -fr dst &&
10 test_create_repo dst &&
12 git push dst master:noop master:ff master:noff
15 test_expect_success setup '
16 # master, ff and noff branches pointing at the same commit
17 test_tick &&
18 git commit --allow-empty -m initial &&
20 git checkout -b noop &&
21 git checkout -b ff &&
22 git checkout -b noff &&
24 # noop stays the same, ff advances, noff rewrites
25 test_tick &&
26 git commit --allow-empty --amend -m rewritten &&
27 git checkout ff &&
29 test_tick &&
30 git commit --allow-empty -m second
33 test_expect_success 'unsigned push does not send push certificate' '
34 prepare_dst &&
35 mkdir -p dst/.git/hooks &&
36 write_script dst/.git/hooks/post-receive <<-\EOF &&
37 # discard the update list
38 cat >/dev/null
39 # record the push certificate
40 if test -n "${GIT_PUSH_CERT-}"
41 then
42 git cat-file blob $GIT_PUSH_CERT >../push-cert
44 EOF
46 git push dst noop ff +noff &&
47 ! test -f dst/push-cert
50 test_expect_success 'talking with a receiver without push certificate support' '
51 prepare_dst &&
52 mkdir -p dst/.git/hooks &&
53 git -C dst config receive.acceptpushcert no &&
54 write_script dst/.git/hooks/post-receive <<-\EOF &&
55 # discard the update list
56 cat >/dev/null
57 # record the push certificate
58 if test -n "${GIT_PUSH_CERT-}"
59 then
60 git cat-file blob $GIT_PUSH_CERT >../push-cert
62 EOF
64 git push dst noop ff +noff &&
65 ! test -f dst/push-cert
68 test_expect_success 'push --signed fails with a receiver without push certificate support' '
69 prepare_dst &&
70 mkdir -p dst/.git/hooks &&
71 git -C dst config receive.acceptpushcert no &&
72 test_must_fail git push --signed dst noop ff +noff 2>err &&
73 test_i18ngrep "the receiving end does not support" err
76 test_expect_success GPG 'signed push sends push certificate' '
77 prepare_dst &&
78 mkdir -p dst/.git/hooks &&
79 write_script dst/.git/hooks/post-receive <<-\EOF &&
80 # discard the update list
81 cat >/dev/null
82 # record the push certificate
83 if test -n "${GIT_PUSH_CERT-}"
84 then
85 git cat-file blob $GIT_PUSH_CERT >../push-cert
86 fi &&
88 cat >../push-cert-status <<E_O_F
89 SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
90 KEY=${GIT_PUSH_CERT_KEY-nokey}
91 STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
92 E_O_F
94 EOF
96 cat >expect <<-\EOF &&
97 SIGNER=C O Mitter <committer@example.com>
98 KEY=13B6F51ECDDE430D
99 STATUS=G
102 git push --signed dst noop ff +noff &&
103 grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
104 grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
105 test_cmp expect dst/push-cert-status
108 test_done