t/t7510-signed-commit.sh

   1 #!/bin/sh
   2
   3 test_description='signed commit tests'
   4 . ./test-lib.sh
   5 GNUPGHOME_NOT_USED=$GNUPGHOME
   6 . "$TEST_DIRECTORY/lib-gpg.sh"
   7
   8 test_expect_success GPG 'create signed commits' '
   9         test_oid_cache <<-\EOF &&
  10         header sha1:gpgsig
  11         header sha256:gpgsig-sha256
  12         EOF
  13
  14         test_when_finished "test_unconfig commit.gpgsign" &&
  15
  16         echo 1 >file && git add file &&
  17         test_tick && git commit -S -m initial &&
  18         git tag initial &&
  19         git branch side &&
  20
  21         echo 2 >file && test_tick && git commit -a -S -m second &&
  22         git tag second &&
  23
  24         git checkout side &&
  25         echo 3 >elif && git add elif &&
  26         test_tick && git commit -m "third on side" &&
  27
  28         git checkout master &&
  29         test_tick && git merge -S side &&
  30         git tag merge &&
  31
  32         echo 4 >file && test_tick && git commit -a -m "fourth unsigned" &&
  33         git tag fourth-unsigned &&
  34
  35         test_tick && git commit --amend -S -m "fourth signed" &&
  36         git tag fourth-signed &&
  37
  38         git config commit.gpgsign true &&
  39         echo 5 >file && test_tick && git commit -a -m "fifth signed" &&
  40         git tag fifth-signed &&
  41
  42         git config commit.gpgsign false &&
  43         echo 6 >file && test_tick && git commit -a -m "sixth" &&
  44         git tag sixth-unsigned &&
  45
  46         git config commit.gpgsign true &&
  47         echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&
  48         git tag seventh-unsigned &&
  49
  50         test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
  51         git tag seventh-signed &&
  52
  53         echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 &&
  54         git tag eighth-signed-alt &&
  55
  56         # commit.gpgsign is still on but this must not be signed
  57         echo 9 | git commit-tree HEAD^{tree} >oid &&
  58         test_line_count = 1 oid &&
  59         git tag ninth-unsigned $(cat oid) &&
  60         # explicit -S of course must sign.
  61         echo 10 | git commit-tree -S HEAD^{tree} >oid &&
  62         test_line_count = 1 oid &&
  63         git tag tenth-signed $(cat oid) &&
  64
  65         # --gpg-sign[=<key-id>] must sign.
  66         echo 11 | git commit-tree --gpg-sign HEAD^{tree} >oid &&
  67         test_line_count = 1 oid &&
  68         git tag eleventh-signed $(cat oid) &&
  69         echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
  70         test_line_count = 1 oid &&
  71         git tag twelfth-signed-alt $(cat oid)
  72 '
  73
  74 test_expect_success GPG 'verify and show signatures' '
  75         (
  76                 for commit in initial second merge fourth-signed \
  77                         fifth-signed sixth-signed seventh-signed tenth-signed \
  78                         eleventh-signed
  79                 do
  80                         git verify-commit $commit &&
  81                         git show --pretty=short --show-signature $commit >actual &&
  82                         grep "Good signature from" actual &&
  83                         ! grep "BAD signature from" actual &&
  84                         echo $commit OK || exit 1
  85                 done
  86         ) &&
  87         (
  88                 for commit in merge^2 fourth-unsigned sixth-unsigned \
  89                         seventh-unsigned ninth-unsigned
  90                 do
  91                         test_must_fail git verify-commit $commit &&
  92                         git show --pretty=short --show-signature $commit >actual &&
  93                         ! grep "Good signature from" actual &&
  94                         ! grep "BAD signature from" actual &&
  95                         echo $commit OK || exit 1
  96                 done
  97         ) &&
  98         (
  99                 for commit in eighth-signed-alt twelfth-signed-alt
 100                 do
 101                         git show --pretty=short --show-signature $commit >actual &&
 102                         grep "Good signature from" actual &&
 103                         ! grep "BAD signature from" actual &&
 104                         grep "not certified" actual &&
 105                         echo $commit OK || exit 1
 106                 done
 107         )
 108 '
 109
 110 test_expect_success GPG 'verify-commit exits success on untrusted signature' '
 111         git verify-commit eighth-signed-alt 2>actual &&
 112         grep "Good signature from" actual &&
 113         ! grep "BAD signature from" actual &&
 114         grep "not certified" actual
 115 '
 116
 117 test_expect_success GPG 'verify-commit exits success with matching minTrustLevel' '
 118         test_config gpg.minTrustLevel ultimate &&
 119         git verify-commit sixth-signed
 120 '
 121
 122 test_expect_success GPG 'verify-commit exits success with low minTrustLevel' '
 123         test_config gpg.minTrustLevel fully &&
 124         git verify-commit sixth-signed
 125 '
 126
 127 test_expect_success GPG 'verify-commit exits failure with high minTrustLevel' '
 128         test_config gpg.minTrustLevel ultimate &&
 129         test_must_fail git verify-commit eighth-signed-alt
 130 '
 131
 132 test_expect_success GPG 'verify signatures with --raw' '
 133         (
 134                 for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
 135                 do
 136                         git verify-commit --raw $commit 2>actual &&
 137                         grep "GOODSIG" actual &&
 138                         ! grep "BADSIG" actual &&
 139                         echo $commit OK || exit 1
 140                 done
 141         ) &&
 142         (
 143                 for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
 144                 do
 145                         test_must_fail git verify-commit --raw $commit 2>actual &&
 146                         ! grep "GOODSIG" actual &&
 147                         ! grep "BADSIG" actual &&
 148                         echo $commit OK || exit 1
 149                 done
 150         ) &&
 151         (
 152                 for commit in eighth-signed-alt
 153                 do
 154                         git verify-commit --raw $commit 2>actual &&
 155                         grep "GOODSIG" actual &&
 156                         ! grep "BADSIG" actual &&
 157                         grep "TRUST_UNDEFINED" actual &&
 158                         echo $commit OK || exit 1
 159                 done
 160         )
 161 '
 162
 163 test_expect_success GPG 'proper header is used for hash algorithm' '
 164         git cat-file commit fourth-signed >output &&
 165         grep "^$(test_oid header) -----BEGIN PGP SIGNATURE-----" output
 166 '
 167
 168 test_expect_success GPG 'show signed commit with signature' '
 169         git show -s initial >commit &&
 170         git show -s --show-signature initial >show &&
 171         git verify-commit -v initial >verify.1 2>verify.2 &&
 172         git cat-file commit initial >cat &&
 173         grep -v -e "gpg: " -e "Warning: " show >show.commit &&
 174         grep -e "gpg: " -e "Warning: " show >show.gpg &&
 175         grep -v "^ " cat | grep -v "^$(test_oid header) " >cat.commit &&
 176         test_cmp show.commit commit &&
 177         test_cmp show.gpg verify.2 &&
 178         test_cmp cat.commit verify.1
 179 '
 180
 181 test_expect_success GPG 'detect fudged signature' '
 182         git cat-file commit seventh-signed >raw &&
 183         sed -e "s/^seventh/7th forged/" raw >forged1 &&
 184         git hash-object -w -t commit forged1 >forged1.commit &&
 185         test_must_fail git verify-commit $(cat forged1.commit) &&
 186         git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
 187         grep "BAD signature from" actual1 &&
 188         ! grep "Good signature from" actual1
 189 '
 190
 191 test_expect_success GPG 'detect fudged signature with NUL' '
 192         git cat-file commit seventh-signed >raw &&
 193         cat raw >forged2 &&
 194         echo Qwik | tr "Q" "\000" >>forged2 &&
 195         git hash-object -w -t commit forged2 >forged2.commit &&
 196         test_must_fail git verify-commit $(cat forged2.commit) &&
 197         git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
 198         grep "BAD signature from" actual2 &&
 199         ! grep "Good signature from" actual2
 200 '
 201
 202 test_expect_success GPG 'amending already signed commit' '
 203         git checkout fourth-signed^0 &&
 204         git commit --amend -S --no-edit &&
 205         git verify-commit HEAD &&
 206         git show -s --show-signature HEAD >actual &&
 207         grep "Good signature from" actual &&
 208         ! grep "BAD signature from" actual
 209 '
 210
 211 test_expect_success GPG 'show good signature with custom format' '
 212         cat >expect <<-\EOF &&
 213         G
 214         13B6F51ECDDE430D
 215         C O Mitter <committer@example.com>
 216         73D758744BE721698EC54E8713B6F51ECDDE430D
 217         73D758744BE721698EC54E8713B6F51ECDDE430D
 218         EOF
 219         git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual &&
 220         test_cmp expect actual
 221 '
 222
 223 test_expect_success GPG 'show bad signature with custom format' '
 224         cat >expect <<-\EOF &&
 225         B
 226         13B6F51ECDDE430D
 227         C O Mitter <committer@example.com>
 228
 229
 230         EOF
 231         git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat forged1.commit) >actual &&
 232         test_cmp expect actual
 233 '
 234
 235 test_expect_success GPG 'show untrusted signature with custom format' '
 236         cat >expect <<-\EOF &&
 237         U
 238         65A0EEA02E30CAD7
 239         Eris Discordia <discord@example.net>
 240         F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
 241         D4BE22311AD3131E5EDA29A461092E85B7227189
 242         EOF
 243         git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
 244         test_cmp expect actual
 245 '
 246
 247 test_expect_success GPG 'show untrusted signature with undefined trust level' '
 248         cat >expect <<-\EOF &&
 249         undefined
 250         65A0EEA02E30CAD7
 251         Eris Discordia <discord@example.net>
 252         F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
 253         D4BE22311AD3131E5EDA29A461092E85B7227189
 254         EOF
 255         git log -1 --format="%GT%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
 256         test_cmp expect actual
 257 '
 258
 259 test_expect_success GPG 'show untrusted signature with ultimate trust level' '
 260         cat >expect <<-\EOF &&
 261         ultimate
 262         13B6F51ECDDE430D
 263         C O Mitter <committer@example.com>
 264         73D758744BE721698EC54E8713B6F51ECDDE430D
 265         73D758744BE721698EC54E8713B6F51ECDDE430D
 266         EOF
 267         git log -1 --format="%GT%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual &&
 268         test_cmp expect actual
 269 '
 270
 271 test_expect_success GPG 'show unknown signature with custom format' '
 272         cat >expect <<-\EOF &&
 273         E
 274         65A0EEA02E30CAD7
 275
 276
 277
 278         EOF
 279         GNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
 280         test_cmp expect actual
 281 '
 282
 283 test_expect_success GPG 'show lack of signature with custom format' '
 284         cat >expect <<-\EOF &&
 285         N
 286
 287
 288
 289
 290         EOF
 291         git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" seventh-unsigned >actual &&
 292         test_cmp expect actual
 293 '
 294
 295 test_expect_success GPG 'log.showsignature behaves like --show-signature' '
 296         test_config log.showsignature true &&
 297         git show initial >actual &&
 298         grep "gpg: Signature made" actual &&
 299         grep "gpg: Good signature" actual
 300 '
 301
 302 test_expect_success GPG 'check config gpg.format values' '
 303         test_config gpg.format openpgp &&
 304         git commit -S --amend -m "success" &&
 305         test_config gpg.format OpEnPgP &&
 306         test_must_fail git commit -S --amend -m "fail"
 307 '
 308
 309 test_expect_success GPG 'detect fudged commit with double signature' '
 310         sed -e "/gpgsig/,/END PGP/d" forged1 >double-base &&
 311         sed -n -e "/gpgsig/,/END PGP/p" forged1 | \
 312                 sed -e "s/^$(test_oid header)//;s/^ //" | gpg --dearmor >double-sig1.sig &&
 313         gpg -o double-sig2.sig -u 29472784 --detach-sign double-base &&
 314         cat double-sig1.sig double-sig2.sig | gpg --enarmor >double-combined.asc &&
 315         sed -e "s/^\(-.*\)ARMORED FILE/\1SIGNATURE/;1s/^/$(test_oid header) /;2,\$s/^/ /" \
 316                 double-combined.asc > double-gpgsig &&
 317         sed -e "/committer/r double-gpgsig" double-base >double-commit &&
 318         git hash-object -w -t commit double-commit >double-commit.commit &&
 319         test_must_fail git verify-commit $(cat double-commit.commit) &&
 320         git show --pretty=short --show-signature $(cat double-commit.commit) >double-actual &&
 321         grep "BAD signature from" double-actual &&
 322         grep "Good signature from" double-actual
 323 '
 324
 325 test_expect_success GPG 'show double signature with custom format' '
 326         cat >expect <<-\EOF &&
 327         E
 328
 329
 330
 331
 332         EOF
 333         git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat double-commit.commit) >actual &&
 334         test_cmp expect actual
 335 '
 336
 337 test_done