summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Fabian Stelzer <fs@gigacodes.de>2021-09-10 20:07:42 +0000
committerLibravatar Junio C Hamano <gitster@pobox.com>2021-09-10 14:15:53 -0700
commit1bfb57f642d34dc4b65be3602bb429abd9f32b58 (patch)
tree6b329db3308ec30981a2071d7e43e0348806835f
parentssh signing: tests for logs, tags & push certs (diff)
downloadtgif-1bfb57f642d34dc4b65be3602bb429abd9f32b58.tar.xz
ssh signing: test that gpg fails for unknown keys
Test that verify-commit/tag will fail when a gpg key is completely unknown. To do this we have to generate a key, use it for a signature and delete it from our keyring aferwards completely. Signed-off-by: Fabian Stelzer <fs@gigacodes.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rwxr-xr-xt/t7510-signed-commit.sh29
1 files changed, 28 insertions, 1 deletions
diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
index 8df5a74f1d..d65a0171f2 100755
--- a/t/t7510-signed-commit.sh
+++ b/t/t7510-signed-commit.sh
@@ -71,7 +71,25 @@ test_expect_success GPG 'create signed commits' '
git tag eleventh-signed $(cat oid) &&
echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
test_line_count = 1 oid &&
- git tag twelfth-signed-alt $(cat oid)
+ git tag twelfth-signed-alt $(cat oid) &&
+
+ cat >keydetails <<-\EOF &&
+ Key-Type: RSA
+ Key-Length: 2048
+ Subkey-Type: RSA
+ Subkey-Length: 2048
+ Name-Real: Unknown User
+ Name-Email: unknown@git.com
+ Expire-Date: 0
+ %no-ask-passphrase
+ %no-protection
+ EOF
+ gpg --batch --gen-key keydetails &&
+ echo 13 >file && git commit -a -S"unknown@git.com" -m thirteenth &&
+ git tag thirteenth-signed &&
+ DELETE_FINGERPRINT=$(gpg -K --with-colons --fingerprint --batch unknown@git.com | grep "^fpr" | head -n 1 | awk -F ":" "{print \$10;}") &&
+ gpg --batch --yes --delete-secret-keys $DELETE_FINGERPRINT &&
+ gpg --batch --yes --delete-keys unknown@git.com
'
test_expect_success GPG 'verify and show signatures' '
@@ -110,6 +128,13 @@ test_expect_success GPG 'verify and show signatures' '
)
'
+test_expect_success GPG 'verify-commit exits failure on unknown signature' '
+ test_must_fail git verify-commit thirteenth-signed 2>actual &&
+ ! grep "Good signature from" actual &&
+ ! grep "BAD signature from" actual &&
+ grep -q -F -e "No public key" -e "public key not found" actual
+'
+
test_expect_success GPG 'verify-commit exits success on untrusted signature' '
git verify-commit eighth-signed-alt 2>actual &&
grep "Good signature from" actual &&
@@ -338,6 +363,8 @@ test_expect_success GPG 'show double signature with custom format' '
'
+# NEEDSWORK: This test relies on the test_tick commit/author dates from the first
+# 'create signed commits' test even though it creates its own
test_expect_success GPG 'verify-commit verifies multiply signed commits' '
git init multiply-signed &&
cd multiply-signed &&