verify-tag exits successfully if the signature is good but the key is untrusted. verify-commit exits unsuccessfully. This divergence in behavior is unexpected and unwanted. Since verify-tag existed earlier, add a failing test to have verify-commit share verify-tag's behavior. Signed-off-by: brian m. carlson <sandals@xxxxxxxxxxxxxxxxxxxx> --- t/t7510-signed-commit.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh index 13331e5..4fc376e 100755 --- a/t/t7510-signed-commit.sh +++ b/t/t7510-signed-commit.sh @@ -81,6 +81,13 @@ test_expect_success GPG 'verify and show signatures' ' ) ' +test_expect_failure GPG 'verify-commit exits success on untrusted signature' ' + git verify-commit eighth-signed-alt 2>actual && + grep "Good signature from" actual && + ! grep "BAD signature from" actual && + grep "not certified" actual +' + test_expect_success GPG 'show signed commit with signature' ' git show -s initial >commit && git show -s --show-signature initial >show && -- 2.4.0 -- To unsubscribe from this list: send the line "unsubscribe git" in