mirror of
https://github.com/git/git.git
synced 2024-12-03 23:14:23 +08:00
7488ba3eea
When git-merge sees that we are on an unborn branch (i.e., there is no
HEAD), it follows a totally separate code path than the usual merge
logic. This code path does not know about verify_signatures, and so we
fail to notice bad or missing signatures.
This has been broken since --verify-signatures was added in efed002249
(merge/pull: verify GPG signatures of commits being merged, 2013-03-31).
In an ideal world, we'd unify the flow for this case with the regular
merge logic, which would fix this bug and avoid introducing similar
ones. But because the unborn case is so different, it would be a burden
on the rest of the function to continually handle the missing HEAD. So
let's just port the verification check to this special case.
Reported-by: Felix Eckhofer <felix@eckhofer.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
114 lines
4.3 KiB
Bash
Executable File
114 lines
4.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
test_description='merge signature verification tests'
|
|
. ./test-lib.sh
|
|
. "$TEST_DIRECTORY/lib-gpg.sh"
|
|
|
|
test_expect_success GPG 'create signed commits' '
|
|
echo 1 >file && git add file &&
|
|
test_tick && git commit -m initial &&
|
|
git tag initial &&
|
|
|
|
git checkout -b side-signed &&
|
|
echo 3 >elif && git add elif &&
|
|
test_tick && git commit -S -m "signed on side" &&
|
|
git checkout initial &&
|
|
|
|
git checkout -b side-unsigned &&
|
|
echo 3 >foo && git add foo &&
|
|
test_tick && git commit -m "unsigned on side" &&
|
|
git checkout initial &&
|
|
|
|
git checkout -b side-bad &&
|
|
echo 3 >bar && git add bar &&
|
|
test_tick && git commit -S -m "bad on side" &&
|
|
git cat-file commit side-bad >raw &&
|
|
sed -e "s/^bad/forged bad/" raw >forged &&
|
|
git hash-object -w -t commit forged >forged.commit &&
|
|
git checkout initial &&
|
|
|
|
git checkout -b side-untrusted &&
|
|
echo 3 >baz && git add baz &&
|
|
test_tick && git commit -SB7227189 -m "untrusted on side" &&
|
|
|
|
git checkout master
|
|
'
|
|
|
|
test_expect_success GPG 'merge unsigned commit with verification' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror &&
|
|
test_i18ngrep "does not have a GPG signature" mergeerror
|
|
'
|
|
|
|
test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_config merge.verifySignatures true &&
|
|
test_must_fail git merge --ff-only side-unsigned 2>mergeerror &&
|
|
test_i18ngrep "does not have a GPG signature" mergeerror
|
|
'
|
|
|
|
test_expect_success GPG 'merge commit with bad signature with verification' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror &&
|
|
test_i18ngrep "has a bad GPG signature" mergeerror
|
|
'
|
|
|
|
test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_config merge.verifySignatures true &&
|
|
test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror &&
|
|
test_i18ngrep "has a bad GPG signature" mergeerror
|
|
'
|
|
|
|
test_expect_success GPG 'merge commit with untrusted signature with verification' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
|
|
test_i18ngrep "has an untrusted GPG signature" mergeerror
|
|
'
|
|
|
|
test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_config merge.verifySignatures true &&
|
|
test_must_fail git merge --ff-only side-untrusted 2>mergeerror &&
|
|
test_i18ngrep "has an untrusted GPG signature" mergeerror
|
|
'
|
|
|
|
test_expect_success GPG 'merge signed commit with verification' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&
|
|
test_i18ngrep "has a good GPG signature" mergeoutput
|
|
'
|
|
|
|
test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_config merge.verifySignatures true &&
|
|
git merge --verbose --ff-only side-signed >mergeoutput &&
|
|
test_i18ngrep "has a good GPG signature" mergeoutput
|
|
'
|
|
|
|
test_expect_success GPG 'merge commit with bad signature without verification' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
git merge $(cat forged.commit)
|
|
'
|
|
|
|
test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_config merge.verifySignatures false &&
|
|
git merge $(cat forged.commit)
|
|
'
|
|
|
|
test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' '
|
|
test_when_finished "git reset --hard && git checkout initial" &&
|
|
test_config merge.verifySignatures true &&
|
|
git merge --no-verify-signatures $(cat forged.commit)
|
|
'
|
|
|
|
test_expect_success GPG 'merge unsigned commit into unborn branch' '
|
|
test_when_finished "git checkout initial" &&
|
|
git checkout --orphan unborn &&
|
|
test_must_fail git merge --verify-signatures side-unsigned 2>mergeerror &&
|
|
test_i18ngrep "does not have a GPG signature" mergeerror
|
|
'
|
|
|
|
test_done
|