mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ssh signing: test that gpg fails for unknown keys

Browse Source 
Test that verify-commit/tag will fail when a gpg key is completely
unknown. To do this we have to generate a key, use it for a signature
and delete it from our keyring aferwards completely.

Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Fabian Stelzer 2021-09-10 20:07:42 +00:00 committed by Junio C Hamano
parent f265f2d630
commit 1bfb57f642
1 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
t/t7510-signed-commit.sh
View File

@ -71,7 +71,25 @@ test_expect_success GPG 'create signed commits' '
git tag eleventh-signed $(cat oid) && git tag eleventh-signed $(cat oid) &&
echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid && echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
test_line_count = 1 oid && test_line_count = 1 oid &&
git tag twelfth-signed-alt $(cat oid) git tag twelfth-signed-alt $(cat oid) &&
cat >keydetails <<-\EOF &&
Key-Type: RSA
Key-Length: 2048
Subkey-Type: RSA
Subkey-Length: 2048
Name-Real: Unknown User
Name-Email: unknown@git.com
Expire-Date: 0
%no-ask-passphrase
%no-protection
EOF
gpg --batch --gen-key keydetails &&
echo 13 >file && git commit -a -S"unknown@git.com" -m thirteenth &&
git tag thirteenth-signed &&
DELETE_FINGERPRINT=$(gpg -K --with-colons --fingerprint --batch unknown@git.com | grep "^fpr" | head -n 1 | awk -F ":" "{print \$10;}") &&
gpg --batch --yes --delete-secret-keys $DELETE_FINGERPRINT &&
gpg --batch --yes --delete-keys unknown@git.com
' '
test_expect_success GPG 'verify and show signatures' ' test_expect_success GPG 'verify and show signatures' '
@ -110,6 +128,13 @@ test_expect_success GPG 'verify and show signatures' '
) )
' '
test_expect_success GPG 'verify-commit exits failure on unknown signature' '
test_must_fail git verify-commit thirteenth-signed 2>actual &&
! grep "Good signature from" actual &&
! grep "BAD signature from" actual &&
grep -q -F -e "No public key" -e "public key not found" actual
'
test_expect_success GPG 'verify-commit exits success on untrusted signature' ' test_expect_success GPG 'verify-commit exits success on untrusted signature' '
git verify-commit eighth-signed-alt 2>actual && git verify-commit eighth-signed-alt 2>actual &&
grep "Good signature from" actual && grep "Good signature from" actual &&
@ -338,6 +363,8 @@ test_expect_success GPG 'show double signature with custom format' '
' '
# NEEDSWORK: This test relies on the test_tick commit/author dates from the first
# 'create signed commits' test even though it creates its own
test_expect_success GPG 'verify-commit verifies multiply signed commits' ' test_expect_success GPG 'verify-commit verifies multiply signed commits' '
git init multiply-signed && git init multiply-signed &&
cd multiply-signed && cd multiply-signed &&