summaryrefslogtreecommitdiff
path: root/t/t7004-tag.sh
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2021-02-23 00:12:42 (GMT)
committerJunio C Hamano <gitster@pobox.com>2021-02-23 00:12:42 (GMT)
commit15af6e6fee54632358798bef548d89dd3764805d (patch)
treef4464996780c0c94bd0901bab9e161b9679fe05f /t/t7004-tag.sh
parentb9554c03a0a8147109608b94feb32837a6e6a145 (diff)
parent9b27b49240f6bf760ff58d917491bec0981aaf9f (diff)
downloadgit-15af6e6fee54632358798bef548d89dd3764805d.zip
git-15af6e6fee54632358798bef548d89dd3764805d.tar.gz
git-15af6e6fee54632358798bef548d89dd3764805d.tar.bz2
Merge branch 'bc/signed-objects-with-both-hashes'
Signed commits and tags now allow verification of objects, whose two object names (one in SHA-1, the other in SHA-256) are both signed. * bc/signed-objects-with-both-hashes: gpg-interface: remove other signature headers before verifying ref-filter: hoist signature parsing commit: allow parsing arbitrary buffers with headers gpg-interface: improve interface for parsing tags commit: ignore additional signatures when parsing signed commits ref-filter: switch some uses of unsigned long to size_t
Diffstat (limited to 't/t7004-tag.sh')
-rwxr-xr-xt/t7004-tag.sh25
1 files changed, 25 insertions, 0 deletions
diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index 943a7d5..400b83a 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -20,6 +20,13 @@ tag_exists () {
git show-ref --quiet --verify refs/tags/"$1"
}
+test_expect_success 'setup' '
+ test_oid_cache <<-EOM
+ othersigheader sha1:gpgsig-sha256
+ othersigheader sha256:gpgsig
+ EOM
+'
+
test_expect_success 'listing all tags in an empty tree should succeed' '
git tag -l &&
git tag
@@ -1374,6 +1381,24 @@ test_expect_success GPG \
'test_config gpg.program echo &&
test_must_fail git tag -s -m tail tag-gpg-failure'
+# try to produce invalid signature
+test_expect_success GPG 'git verifies tag is valid with double signature' '
+ git tag -s -m tail tag-gpg-double-sig &&
+ git cat-file tag tag-gpg-double-sig >tag &&
+ othersigheader=$(test_oid othersigheader) &&
+ sed -ne "/^\$/q;p" tag >new-tag &&
+ cat <<-EOM >>new-tag &&
+ $othersigheader -----BEGIN PGP SIGNATURE-----
+ someinvaliddata
+ -----END PGP SIGNATURE-----
+ EOM
+ sed -e "1,/^tagger/d" tag >>new-tag &&
+ new_tag=$(git hash-object -t tag -w new-tag) &&
+ git update-ref refs/tags/tag-gpg-double-sig $new_tag &&
+ git verify-tag tag-gpg-double-sig &&
+ git fsck
+'
+
# try to sign with bad user.signingkey
test_expect_success GPGSM \
'git tag -s fails if gpgsm is misconfigured (bad key)' \