mirror of
https://github.com/git/git.git
synced 2024-05-26 00:06:16 +02:00
334afbc76f
In addition to the manual adjustment to let the `linux-gcc` CI job run the test suite with `master` and then with `main`, this patch makes sure that GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME is set in all test scripts that currently rely on the initial branch name being `master by default. To determine which test scripts to mark up, the first step was to force-set the default branch name to `master` in - all test scripts that contain the keyword `master`, - t4211, which expects `t/t4211/history.export` with a hard-coded ref to initialize the default branch, - t5560 because it sources `t/t556x_common` which uses `master`, - t8002 and t8012 because both source `t/annotate-tests.sh` which also uses `master`) This trick was performed by this command: $ sed -i '/^ *\. \.\/\(test-lib\|lib-\(bash\|cvs\|git-svn\)\|gitweb-lib\)\.sh$/i\ GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=master\ export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME\ ' $(git grep -l master t/t[0-9]*.sh) \ t/t4211*.sh t/t5560*.sh t/t8002*.sh t/t8012*.sh After that, careful, manual inspection revealed that some of the test scripts containing the needle `master` do not actually rely on a specific default branch name: either they mention `master` only in a comment, or they initialize that branch specificially, or they do not actually refer to the current default branch. Therefore, the aforementioned modification was undone in those test scripts thusly: $ git checkout HEAD -- \ t/t0027-auto-crlf.sh t/t0060-path-utils.sh \ t/t1011-read-tree-sparse-checkout.sh \ t/t1305-config-include.sh t/t1309-early-config.sh \ t/t1402-check-ref-format.sh t/t1450-fsck.sh \ t/t2024-checkout-dwim.sh \ t/t2106-update-index-assume-unchanged.sh \ t/t3040-subprojects-basic.sh t/t3301-notes.sh \ t/t3308-notes-merge.sh t/t3423-rebase-reword.sh \ t/t3436-rebase-more-options.sh \ t/t4015-diff-whitespace.sh t/t4257-am-interactive.sh \ t/t5323-pack-redundant.sh t/t5401-update-hooks.sh \ t/t5511-refspec.sh t/t5526-fetch-submodules.sh \ t/t5529-push-errors.sh t/t5530-upload-pack-error.sh \ t/t5548-push-porcelain.sh \ t/t5552-skipping-fetch-negotiator.sh \ t/t5572-pull-submodule.sh t/t5608-clone-2gb.sh \ t/t5614-clone-submodules-shallow.sh \ t/t7508-status.sh t/t7606-merge-custom.sh \ t/t9302-fast-import-unpack-limit.sh We excluded one set of test scripts in these commands, though: the range of `git p4` tests. The reason? `git p4` stores the (foreign) remote branch in the branch called `p4/master`, which is obviously not the default branch. Manual analysis revealed that only five of these tests actually require a specific default branch name to pass; They were modified thusly: $ sed -i '/^ *\. \.\/lib-git-p4\.sh$/i\ GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=master\ export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME\ ' t/t980[0167]*.sh t/t9811*.sh Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
341 lines
10 KiB
Bash
Executable File
341 lines
10 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
test_description='signed commit tests'
|
|
GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=master
|
|
export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
|
|
|
|
. ./test-lib.sh
|
|
GNUPGHOME_NOT_USED=$GNUPGHOME
|
|
. "$TEST_DIRECTORY/lib-gpg.sh"
|
|
|
|
test_expect_success GPG 'create signed commits' '
|
|
test_oid_cache <<-\EOF &&
|
|
header sha1:gpgsig
|
|
header sha256:gpgsig-sha256
|
|
EOF
|
|
|
|
test_when_finished "test_unconfig commit.gpgsign" &&
|
|
|
|
echo 1 >file && git add file &&
|
|
test_tick && git commit -S -m initial &&
|
|
git tag initial &&
|
|
git branch side &&
|
|
|
|
echo 2 >file && test_tick && git commit -a -S -m second &&
|
|
git tag second &&
|
|
|
|
git checkout side &&
|
|
echo 3 >elif && git add elif &&
|
|
test_tick && git commit -m "third on side" &&
|
|
|
|
git checkout master &&
|
|
test_tick && git merge -S side &&
|
|
git tag merge &&
|
|
|
|
echo 4 >file && test_tick && git commit -a -m "fourth unsigned" &&
|
|
git tag fourth-unsigned &&
|
|
|
|
test_tick && git commit --amend -S -m "fourth signed" &&
|
|
git tag fourth-signed &&
|
|
|
|
git config commit.gpgsign true &&
|
|
echo 5 >file && test_tick && git commit -a -m "fifth signed" &&
|
|
git tag fifth-signed &&
|
|
|
|
git config commit.gpgsign false &&
|
|
echo 6 >file && test_tick && git commit -a -m "sixth" &&
|
|
git tag sixth-unsigned &&
|
|
|
|
git config commit.gpgsign true &&
|
|
echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&
|
|
git tag seventh-unsigned &&
|
|
|
|
test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
|
|
git tag seventh-signed &&
|
|
|
|
echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 &&
|
|
git tag eighth-signed-alt &&
|
|
|
|
# commit.gpgsign is still on but this must not be signed
|
|
echo 9 | git commit-tree HEAD^{tree} >oid &&
|
|
test_line_count = 1 oid &&
|
|
git tag ninth-unsigned $(cat oid) &&
|
|
# explicit -S of course must sign.
|
|
echo 10 | git commit-tree -S HEAD^{tree} >oid &&
|
|
test_line_count = 1 oid &&
|
|
git tag tenth-signed $(cat oid) &&
|
|
|
|
# --gpg-sign[=<key-id>] must sign.
|
|
echo 11 | git commit-tree --gpg-sign HEAD^{tree} >oid &&
|
|
test_line_count = 1 oid &&
|
|
git tag eleventh-signed $(cat oid) &&
|
|
echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
|
|
test_line_count = 1 oid &&
|
|
git tag twelfth-signed-alt $(cat oid)
|
|
'
|
|
|
|
test_expect_success GPG 'verify and show signatures' '
|
|
(
|
|
for commit in initial second merge fourth-signed \
|
|
fifth-signed sixth-signed seventh-signed tenth-signed \
|
|
eleventh-signed
|
|
do
|
|
git verify-commit $commit &&
|
|
git show --pretty=short --show-signature $commit >actual &&
|
|
grep "Good signature from" actual &&
|
|
! grep "BAD signature from" actual &&
|
|
echo $commit OK || exit 1
|
|
done
|
|
) &&
|
|
(
|
|
for commit in merge^2 fourth-unsigned sixth-unsigned \
|
|
seventh-unsigned ninth-unsigned
|
|
do
|
|
test_must_fail git verify-commit $commit &&
|
|
git show --pretty=short --show-signature $commit >actual &&
|
|
! grep "Good signature from" actual &&
|
|
! grep "BAD signature from" actual &&
|
|
echo $commit OK || exit 1
|
|
done
|
|
) &&
|
|
(
|
|
for commit in eighth-signed-alt twelfth-signed-alt
|
|
do
|
|
git show --pretty=short --show-signature $commit >actual &&
|
|
grep "Good signature from" actual &&
|
|
! grep "BAD signature from" actual &&
|
|
grep "not certified" actual &&
|
|
echo $commit OK || exit 1
|
|
done
|
|
)
|
|
'
|
|
|
|
test_expect_success GPG 'verify-commit exits success on untrusted signature' '
|
|
git verify-commit eighth-signed-alt 2>actual &&
|
|
grep "Good signature from" actual &&
|
|
! grep "BAD signature from" actual &&
|
|
grep "not certified" actual
|
|
'
|
|
|
|
test_expect_success GPG 'verify-commit exits success with matching minTrustLevel' '
|
|
test_config gpg.minTrustLevel ultimate &&
|
|
git verify-commit sixth-signed
|
|
'
|
|
|
|
test_expect_success GPG 'verify-commit exits success with low minTrustLevel' '
|
|
test_config gpg.minTrustLevel fully &&
|
|
git verify-commit sixth-signed
|
|
'
|
|
|
|
test_expect_success GPG 'verify-commit exits failure with high minTrustLevel' '
|
|
test_config gpg.minTrustLevel ultimate &&
|
|
test_must_fail git verify-commit eighth-signed-alt
|
|
'
|
|
|
|
test_expect_success GPG 'verify signatures with --raw' '
|
|
(
|
|
for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
|
|
do
|
|
git verify-commit --raw $commit 2>actual &&
|
|
grep "GOODSIG" actual &&
|
|
! grep "BADSIG" actual &&
|
|
echo $commit OK || exit 1
|
|
done
|
|
) &&
|
|
(
|
|
for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
|
|
do
|
|
test_must_fail git verify-commit --raw $commit 2>actual &&
|
|
! grep "GOODSIG" actual &&
|
|
! grep "BADSIG" actual &&
|
|
echo $commit OK || exit 1
|
|
done
|
|
) &&
|
|
(
|
|
for commit in eighth-signed-alt
|
|
do
|
|
git verify-commit --raw $commit 2>actual &&
|
|
grep "GOODSIG" actual &&
|
|
! grep "BADSIG" actual &&
|
|
grep "TRUST_UNDEFINED" actual &&
|
|
echo $commit OK || exit 1
|
|
done
|
|
)
|
|
'
|
|
|
|
test_expect_success GPG 'proper header is used for hash algorithm' '
|
|
git cat-file commit fourth-signed >output &&
|
|
grep "^$(test_oid header) -----BEGIN PGP SIGNATURE-----" output
|
|
'
|
|
|
|
test_expect_success GPG 'show signed commit with signature' '
|
|
git show -s initial >commit &&
|
|
git show -s --show-signature initial >show &&
|
|
git verify-commit -v initial >verify.1 2>verify.2 &&
|
|
git cat-file commit initial >cat &&
|
|
grep -v -e "gpg: " -e "Warning: " show >show.commit &&
|
|
grep -e "gpg: " -e "Warning: " show >show.gpg &&
|
|
grep -v "^ " cat | grep -v "^$(test_oid header) " >cat.commit &&
|
|
test_cmp show.commit commit &&
|
|
test_cmp show.gpg verify.2 &&
|
|
test_cmp cat.commit verify.1
|
|
'
|
|
|
|
test_expect_success GPG 'detect fudged signature' '
|
|
git cat-file commit seventh-signed >raw &&
|
|
sed -e "s/^seventh/7th forged/" raw >forged1 &&
|
|
git hash-object -w -t commit forged1 >forged1.commit &&
|
|
test_must_fail git verify-commit $(cat forged1.commit) &&
|
|
git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
|
|
grep "BAD signature from" actual1 &&
|
|
! grep "Good signature from" actual1
|
|
'
|
|
|
|
test_expect_success GPG 'detect fudged signature with NUL' '
|
|
git cat-file commit seventh-signed >raw &&
|
|
cat raw >forged2 &&
|
|
echo Qwik | tr "Q" "\000" >>forged2 &&
|
|
git hash-object -w -t commit forged2 >forged2.commit &&
|
|
test_must_fail git verify-commit $(cat forged2.commit) &&
|
|
git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
|
|
grep "BAD signature from" actual2 &&
|
|
! grep "Good signature from" actual2
|
|
'
|
|
|
|
test_expect_success GPG 'amending already signed commit' '
|
|
git checkout fourth-signed^0 &&
|
|
git commit --amend -S --no-edit &&
|
|
git verify-commit HEAD &&
|
|
git show -s --show-signature HEAD >actual &&
|
|
grep "Good signature from" actual &&
|
|
! grep "BAD signature from" actual
|
|
'
|
|
|
|
test_expect_success GPG 'show good signature with custom format' '
|
|
cat >expect <<-\EOF &&
|
|
G
|
|
13B6F51ECDDE430D
|
|
C O Mitter <committer@example.com>
|
|
73D758744BE721698EC54E8713B6F51ECDDE430D
|
|
73D758744BE721698EC54E8713B6F51ECDDE430D
|
|
EOF
|
|
git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_expect_success GPG 'show bad signature with custom format' '
|
|
cat >expect <<-\EOF &&
|
|
B
|
|
13B6F51ECDDE430D
|
|
C O Mitter <committer@example.com>
|
|
|
|
|
|
EOF
|
|
git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat forged1.commit) >actual &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_expect_success GPG 'show untrusted signature with custom format' '
|
|
cat >expect <<-\EOF &&
|
|
U
|
|
65A0EEA02E30CAD7
|
|
Eris Discordia <discord@example.net>
|
|
F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
|
|
D4BE22311AD3131E5EDA29A461092E85B7227189
|
|
EOF
|
|
git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_expect_success GPG 'show untrusted signature with undefined trust level' '
|
|
cat >expect <<-\EOF &&
|
|
undefined
|
|
65A0EEA02E30CAD7
|
|
Eris Discordia <discord@example.net>
|
|
F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7
|
|
D4BE22311AD3131E5EDA29A461092E85B7227189
|
|
EOF
|
|
git log -1 --format="%GT%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_expect_success GPG 'show untrusted signature with ultimate trust level' '
|
|
cat >expect <<-\EOF &&
|
|
ultimate
|
|
13B6F51ECDDE430D
|
|
C O Mitter <committer@example.com>
|
|
73D758744BE721698EC54E8713B6F51ECDDE430D
|
|
73D758744BE721698EC54E8713B6F51ECDDE430D
|
|
EOF
|
|
git log -1 --format="%GT%n%GK%n%GS%n%GF%n%GP" sixth-signed >actual &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_expect_success GPG 'show unknown signature with custom format' '
|
|
cat >expect <<-\EOF &&
|
|
E
|
|
65A0EEA02E30CAD7
|
|
|
|
|
|
|
|
EOF
|
|
GNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_expect_success GPG 'show lack of signature with custom format' '
|
|
cat >expect <<-\EOF &&
|
|
N
|
|
|
|
|
|
|
|
|
|
EOF
|
|
git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" seventh-unsigned >actual &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_expect_success GPG 'log.showsignature behaves like --show-signature' '
|
|
test_config log.showsignature true &&
|
|
git show initial >actual &&
|
|
grep "gpg: Signature made" actual &&
|
|
grep "gpg: Good signature" actual
|
|
'
|
|
|
|
test_expect_success GPG 'check config gpg.format values' '
|
|
test_config gpg.format openpgp &&
|
|
git commit -S --amend -m "success" &&
|
|
test_config gpg.format OpEnPgP &&
|
|
test_must_fail git commit -S --amend -m "fail"
|
|
'
|
|
|
|
test_expect_success GPG 'detect fudged commit with double signature' '
|
|
sed -e "/gpgsig/,/END PGP/d" forged1 >double-base &&
|
|
sed -n -e "/gpgsig/,/END PGP/p" forged1 | \
|
|
sed -e "s/^$(test_oid header)//;s/^ //" | gpg --dearmor >double-sig1.sig &&
|
|
gpg -o double-sig2.sig -u 29472784 --detach-sign double-base &&
|
|
cat double-sig1.sig double-sig2.sig | gpg --enarmor >double-combined.asc &&
|
|
sed -e "s/^\(-.*\)ARMORED FILE/\1SIGNATURE/;1s/^/$(test_oid header) /;2,\$s/^/ /" \
|
|
double-combined.asc > double-gpgsig &&
|
|
sed -e "/committer/r double-gpgsig" double-base >double-commit &&
|
|
git hash-object -w -t commit double-commit >double-commit.commit &&
|
|
test_must_fail git verify-commit $(cat double-commit.commit) &&
|
|
git show --pretty=short --show-signature $(cat double-commit.commit) >double-actual &&
|
|
grep "BAD signature from" double-actual &&
|
|
grep "Good signature from" double-actual
|
|
'
|
|
|
|
test_expect_success GPG 'show double signature with custom format' '
|
|
cat >expect <<-\EOF &&
|
|
E
|
|
|
|
|
|
|
|
|
|
EOF
|
|
git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" $(cat double-commit.commit) >actual &&
|
|
test_cmp expect actual
|
|
'
|
|
|
|
test_done
|