Imported Upstream version 2.10.5
[platform/upstream/git.git] / t / t7510-signed-commit.sh
index 3cef18c..6e839f5 100755 (executable)
@@ -42,15 +42,21 @@ test_expect_success GPG 'create signed commits' '
        git tag seventh-unsigned &&
 
        test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
-       git tag seventh-signed
+       git tag seventh-signed &&
 
        echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 &&
-       git tag eighth-signed-alt
+       git tag eighth-signed-alt &&
+
+       # commit.gpgsign is still on but this must not be signed
+       git tag ninth-unsigned $(echo 9 | git commit-tree HEAD^{tree}) &&
+       # explicit -S of course must sign.
+       git tag tenth-signed $(echo 9 | git commit-tree -S HEAD^{tree})
 '
 
 test_expect_success GPG 'verify and show signatures' '
        (
-               for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
+               for commit in initial second merge fourth-signed \
+                       fifth-signed sixth-signed seventh-signed tenth-signed
                do
                        git verify-commit $commit &&
                        git show --pretty=short --show-signature $commit >actual &&
@@ -60,7 +66,8 @@ test_expect_success GPG 'verify and show signatures' '
                done
        ) &&
        (
-               for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
+               for commit in merge^2 fourth-unsigned sixth-unsigned \
+                       seventh-unsigned ninth-unsigned
                do
                        test_must_fail git verify-commit $commit &&
                        git show --pretty=short --show-signature $commit >actual &&
@@ -81,6 +88,44 @@ test_expect_success GPG 'verify and show signatures' '
        )
 '
 
+test_expect_success GPG 'verify-commit exits success on untrusted signature' '
+       git verify-commit eighth-signed-alt 2>actual &&
+       grep "Good signature from" actual &&
+       ! grep "BAD signature from" actual &&
+       grep "not certified" actual
+'
+
+test_expect_success GPG 'verify signatures with --raw' '
+       (
+               for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
+               do
+                       git verify-commit --raw $commit 2>actual &&
+                       grep "GOODSIG" actual &&
+                       ! grep "BADSIG" actual &&
+                       echo $commit OK || exit 1
+               done
+       ) &&
+       (
+               for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
+               do
+                       test_must_fail git verify-commit --raw $commit 2>actual &&
+                       ! grep "GOODSIG" actual &&
+                       ! grep "BADSIG" actual &&
+                       echo $commit OK || exit 1
+               done
+       ) &&
+       (
+               for commit in eighth-signed-alt
+               do
+                       git verify-commit --raw $commit 2>actual &&
+                       grep "GOODSIG" actual &&
+                       ! grep "BADSIG" actual &&
+                       grep "TRUST_UNDEFINED" actual &&
+                       echo $commit OK || exit 1
+               done
+       )
+'
+
 test_expect_success GPG 'show signed commit with signature' '
        git show -s initial >commit &&
        git show -s --show-signature initial >show &&
@@ -165,4 +210,11 @@ test_expect_success GPG 'show lack of signature with custom format' '
        test_cmp expect actual
 '
 
+test_expect_success GPG 'log.showsignature behaves like --show-signature' '
+       test_config log.showsignature true &&
+       git show initial >actual &&
+       grep "gpg: Signature made" actual &&
+       grep "gpg: Good signature" actual
+'
+
 test_done