summaryrefslogtreecommitdiff
path: root/t/t4202-log.sh
diff options
context:
space:
mode:
authorHans Jerry Illikainen <hji@dyntopia.com>2020-03-04 11:48:03 (GMT)
committerJunio C Hamano <gitster@pobox.com>2020-03-15 16:45:58 (GMT)
commitf1e3df316992d32b17ee27385e4c644ef7b66cc1 (patch)
tree10db19138ba169fe822db9ab49dd2943bd2e4b2e /t/t4202-log.sh
parente63cefb024895fcff4b692cad84cb33ac4c81dcc (diff)
downloadgit-f1e3df316992d32b17ee27385e4c644ef7b66cc1.zip
git-f1e3df316992d32b17ee27385e4c644ef7b66cc1.tar.gz
git-f1e3df316992d32b17ee27385e4c644ef7b66cc1.tar.bz2
t: increase test coverage of signature verification output
There weren't any tests for unsuccessful signature verification of signed merge tags shown in 'git log'. There also weren't any tests for the GPG output from 'git fmt-merge-msg'. This was noticed while investigating a buggy refactor that slipped through the test suite; see commit 72b006f4bfd30b7c5037c163efaf279ab65bea9c. This commit adds signature verification tests to the 'log' and 'fmt-merge-msg' builtins. Thanks to Linus Torvalds for reporting and finding the (now reverted) commit that introduced the regression. Note that the "log --show-signature for merged tag with GPG failure" test case is really hacky. It relies on an implementation detail of verify_signed_buffer() -- namely, it assumes that the signature is written to a temporary file whose path is under TMPDIR. The rationale for that test case is to check whether the code path that yields the "No signature" message is reachable on failure. The functionality in log-tree.c that may show this message does some pre-parsing of a possible signature that prevents the GPG interface from being invoked if a signature is actually missing. And I haven't been able to construct a signature that both 1. satisfies that pre-processing, and 2. causes GPG to fail without any sort of output on stderr along the lines of "this is a bogus/corrupt/... signature" (the "No signature" message should only be shown if GPG produce no output). Signed-off-by: Hans Jerry Illikainen <hji@dyntopia.com> [jc: fixed missing test title noticed by Dscho] Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t4202-log.sh')
-rwxr-xr-xt/t4202-log.sh105
1 files changed, 105 insertions, 0 deletions
diff --git a/t/t4202-log.sh b/t/t4202-log.sh
index 4694b6d..28145fe 100755
--- a/t/t4202-log.sh
+++ b/t/t4202-log.sh
@@ -1607,6 +1607,66 @@ test_expect_success GPG 'log --graph --show-signature for merged tag' '
grep "^| | gpg: Good signature" actual
'
+test_expect_success GPG 'log --graph --show-signature for merged tag with missing key' '
+ test_when_finished "git reset --hard && git checkout master" &&
+ git checkout -b plain-nokey master &&
+ echo aaa >bar &&
+ git add bar &&
+ git commit -m bar_commit &&
+ git checkout -b tagged-nokey master &&
+ echo bbb >baz &&
+ git add baz &&
+ git commit -m baz_commit &&
+ git tag -s -m signed_tag_msg signed_tag_nokey &&
+ git checkout plain-nokey &&
+ git merge --no-ff -m msg signed_tag_nokey &&
+ GNUPGHOME=. git log --graph --show-signature -n1 plain-nokey >actual &&
+ grep "^|\\\ merged tag" actual &&
+ grep "^| | gpg: Signature made" actual &&
+ grep "^| | gpg: Can'"'"'t check signature: \(public key not found\|No public key\)" actual
+'
+
+test_expect_success GPG 'log --graph --show-signature for merged tag with bad signature' '
+ test_when_finished "git reset --hard && git checkout master" &&
+ git checkout -b plain-bad master &&
+ echo aaa >bar &&
+ git add bar &&
+ git commit -m bar_commit &&
+ git checkout -b tagged-bad master &&
+ echo bbb >baz &&
+ git add baz &&
+ git commit -m baz_commit &&
+ git tag -s -m signed_tag_msg signed_tag_bad &&
+ git cat-file tag signed_tag_bad >raw &&
+ sed -e "s/signed_tag_msg/forged/" raw >forged &&
+ git hash-object -w -t tag forged >forged.tag &&
+ git checkout plain-bad &&
+ git merge --no-ff -m msg "$(cat forged.tag)" &&
+ git log --graph --show-signature -n1 plain-bad >actual &&
+ grep "^|\\\ merged tag" actual &&
+ grep "^| | gpg: Signature made" actual &&
+ grep "^| | gpg: BAD signature from" actual
+'
+
+test_expect_success GPG 'log --show-signature for merged tag with GPG failure' '
+ test_when_finished "git reset --hard && git checkout master" &&
+ git checkout -b plain-fail master &&
+ echo aaa >bar &&
+ git add bar &&
+ git commit -m bar_commit &&
+ git checkout -b tagged-fail master &&
+ echo bbb >baz &&
+ git add baz &&
+ git commit -m baz_commit &&
+ git tag -s -m signed_tag_msg signed_tag_fail &&
+ git checkout plain-fail &&
+ git merge --no-ff -m msg signed_tag_fail &&
+ TMPDIR="$(pwd)/bogus" git log --show-signature -n1 plain-fail >actual &&
+ grep "^merged tag" actual &&
+ grep "^No signature" actual &&
+ ! grep "^gpg: Signature made" actual
+'
+
test_expect_success GPGSM 'log --graph --show-signature for merged tag x509' '
test_when_finished "git reset --hard && git checkout master" &&
test_config gpg.format x509 &&
@@ -1628,6 +1688,51 @@ test_expect_success GPGSM 'log --graph --show-signature for merged tag x509' '
grep "^| | gpgsm: Good signature" actual
'
+test_expect_success GPGSM 'log --graph --show-signature for merged tag x509 missing key' '
+ test_when_finished "git reset --hard && git checkout master" &&
+ test_config gpg.format x509 &&
+ test_config user.signingkey $GIT_COMMITTER_EMAIL &&
+ git checkout -b plain-x509-nokey master &&
+ echo aaa >bar &&
+ git add bar &&
+ git commit -m bar_commit &&
+ git checkout -b tagged-x509-nokey master &&
+ echo bbb >baz &&
+ git add baz &&
+ git commit -m baz_commit &&
+ git tag -s -m signed_tag_msg signed_tag_x509_nokey &&
+ git checkout plain-x509-nokey &&
+ git merge --no-ff -m msg signed_tag_x509_nokey &&
+ GNUPGHOME=. git log --graph --show-signature -n1 plain-x509-nokey >actual &&
+ grep "^|\\\ merged tag" actual &&
+ grep "^| | gpgsm: certificate not found" actual
+'
+
+test_expect_success GPGSM 'log --graph --show-signature for merged tag x509 bad signature' '
+ test_when_finished "git reset --hard && git checkout master" &&
+ test_config gpg.format x509 &&
+ test_config user.signingkey $GIT_COMMITTER_EMAIL &&
+ git checkout -b plain-x509-bad master &&
+ echo aaa >bar &&
+ git add bar &&
+ git commit -m bar_commit &&
+ git checkout -b tagged-x509-bad master &&
+ echo bbb >baz &&
+ git add baz &&
+ git commit -m baz_commit &&
+ git tag -s -m signed_tag_msg signed_tag_x509_bad &&
+ git cat-file tag signed_tag_x509_bad >raw &&
+ sed -e "s/signed_tag_msg/forged/" raw >forged &&
+ git hash-object -w -t tag forged >forged.tag &&
+ git checkout plain-x509-bad &&
+ git merge --no-ff -m msg "$(cat forged.tag)" &&
+ git log --graph --show-signature -n1 plain-x509-bad >actual &&
+ grep "^|\\\ merged tag" actual &&
+ grep "^| | gpgsm: Signature made" actual &&
+ grep "^| | gpgsm: invalid signature" actual
+'
+
+
test_expect_success GPG '--no-show-signature overrides --show-signature' '
git log -1 --show-signature --no-show-signature signed >actual &&
! grep "^gpg:" actual