git/t/t5573-pull-verify-signatures.sh
Junio C Hamano fb2afea366 t5573, t7612: clean up after unexpected success of 'pull' and 'merge'
The previous steps added test_when_finished to tests that run 'git
pull' or 'git merge' with expectation of success, so that the test
after them can start from a known state even when their 'git pull'
invocation unexpectedly fails.  However, tests that run 'git pull'
or 'git merge' expecting it not to succeed forgot to protect later
tests the same way---if they unexpectedly succeed, the test after
them would start from an unexpected state.

Reset and checkout the initial commit after all these tests, whether
they expect their invocations to succeed or fail.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-12-19 12:58:57 -08:00

81 lines
2.5 KiB
Bash
Executable file

#!/bin/sh
test_description='pull signature verification tests'
. ./test-lib.sh
. "$TEST_DIRECTORY/lib-gpg.sh"
test_expect_success GPG 'create repositories with signed commits' '
echo 1 >a && git add a &&
test_tick && git commit -m initial &&
git tag initial &&
git clone . signed &&
(
cd signed &&
echo 2 >b && git add b &&
test_tick && git commit -S -m "signed"
) &&
git clone . unsigned &&
(
cd unsigned &&
echo 3 >c && git add c &&
test_tick && git commit -m "unsigned"
) &&
git clone . bad &&
(
cd bad &&
echo 4 >d && git add d &&
test_tick && git commit -S -m "bad" &&
git cat-file commit HEAD >raw &&
sed -e "s/bad/forged bad/" raw >forged &&
git hash-object -w -t commit forged >forged.commit &&
git checkout $(cat forged.commit)
) &&
git clone . untrusted &&
(
cd untrusted &&
echo 5 >e && git add e &&
test_tick && git commit -SB7227189 -m "untrusted"
)
'
test_expect_success GPG 'pull unsigned commit with --verify-signatures' '
test_when_finished "git reset --hard && git checkout initial" &&
test_must_fail git pull --ff-only --verify-signatures unsigned 2>pullerror &&
test_i18ngrep "does not have a GPG signature" pullerror
'
test_expect_success GPG 'pull commit with bad signature with --verify-signatures' '
test_when_finished "git reset --hard && git checkout initial" &&
test_must_fail git pull --ff-only --verify-signatures bad 2>pullerror &&
test_i18ngrep "has a bad GPG signature" pullerror
'
test_expect_success GPG 'pull commit with untrusted signature with --verify-signatures' '
test_when_finished "git reset --hard && git checkout initial" &&
test_must_fail git pull --ff-only --verify-signatures untrusted 2>pullerror &&
test_i18ngrep "has an untrusted GPG signature" pullerror
'
test_expect_success GPG 'pull signed commit with --verify-signatures' '
test_when_finished "git reset --hard && git checkout initial" &&
git pull --verify-signatures signed >pulloutput &&
test_i18ngrep "has a good GPG signature" pulloutput
'
test_expect_success GPG 'pull commit with bad signature without verification' '
test_when_finished "git reset --hard && git checkout initial" &&
git pull --ff-only bad 2>pullerror
'
test_expect_success GPG 'pull commit with bad signature with --no-verify-signatures' '
test_when_finished "git reset --hard && git checkout initial" &&
test_config merge.verifySignatures true &&
test_config pull.verifySignatures true &&
git pull --ff-only --no-verify-signatures bad 2>pullerror
'
test_done