Hello There was a discussion in the mailing list with subject 'verify-tag/verify-commit should exit unsuccessfully when signature is not trusted' which leads to handling exit code of untrusted signatures in 4e5dc9ca1. git verify-commit and verify-tag should exit unsuccessfully when processing a signature by a gpg key with trust level set to 'never'. This commit introduce verify checks with trust-model set to direct in gpg.conf (to force trust level of the second key in the keychain to never). In these tests, 'git verify-tag/verify-commit eighth-signed-alt' must exit unsuccessfully and includes 'We do NOT trust this key!' on the stderr (gpg output). Formatted patch is attached. Vojtech Myslivec
From 013678ac78ef42ef424a46da3b463ad96c2eb58d Mon Sep 17 00:00:00 2001 From: Vojtech Myslivec <vojtech.myslivec@xxxxxx> Date: Sat, 11 Aug 2018 22:59:49 +0200 Subject: [PATCH] test verify-commit/tag to exit unsuccessfully git verify-commit and verify-tag should exit unsuccessfully when processing a signature by a gpg key with trust level set to 'never'. This commit introduce verify checks with trust-model set to direct in gpg.conf (to force trust level of the second key in the keychain to never). In these tests, 'git verify-tag/verify-commit eighth-signed-alt' must exit unsuccessfully and includes 'We do NOT trust this key!' on the stderr (gpg output). Helped-by: Karel Koci <karel.koci@xxxxxx> --- t/t7030-verify-tag.sh | 34 ++++++++++++++++++++++++++++++++++ t/t7510-signed-commit.sh | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/t/t7030-verify-tag.sh b/t/t7030-verify-tag.sh index 041e319e7..6bde65c9e 100755 --- a/t/t7030-verify-tag.sh +++ b/t/t7030-verify-tag.sh @@ -172,4 +172,38 @@ test_expect_success GPG 'verifying a forged tag with --format should fail silent test_must_be_empty actual-forged ' +test_expect_success GPG 'verify signatures with direct trust-model' ' + ( + echo "trust-model:0:\"direct" | gpgconf --change-options gpg + ) && + ( + for tag in initial second merge fourth-signed sixth-signed seventh-signed + do + git verify-tag $tag 2>actual && + grep "Good signature from" actual && + ! grep "BAD signature from" actual && + echo $tag OK || exit 1 + done + ) && + ( + for tag in fourth-unsigned fifth-unsigned sixth-unsigned + do + test_must_fail git verify-tag $tag 2>actual && + ! grep "Good signature from" actual && + ! grep "BAD signature from" actual && + echo $tag OK || exit 1 + done + ) && + ( + for tag in eighth-signed-alt + do + test_must_fail git verify-tag $tag 2>actual && + grep "Good signature from" actual && + ! grep "BAD signature from" actual && + grep "do NOT trust" actual && + echo $tag OK || exit 1 + done + ) +' + test_done diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh index 4e37ff8f1..6e34f98a6 100755 --- a/t/t7510-signed-commit.sh +++ b/t/t7510-signed-commit.sh @@ -234,4 +234,40 @@ test_expect_success GPG 'check config gpg.format values' ' test_must_fail git commit -S --amend -m "fail" ' +test_expect_success GPG 'verify signatures with direct trust-model' ' + ( + echo "trust-model:0:\"direct" | gpgconf --change-options gpg + ) && + ( + for commit in initial second merge fourth-signed \ + fifth-signed sixth-signed seventh-signed tenth-signed + do + git verify-commit $commit 2>actual && + grep "Good signature from" actual && + ! grep "BAD signature from" actual && + echo $commit OK || exit 1 + done + ) && + ( + for commit in merge^2 fourth-unsigned sixth-unsigned \ + seventh-unsigned ninth-unsigned + do + test_must_fail git verify-commit $commit 2>actual && + ! grep "Good signature from" actual && + ! grep "BAD signature from" actual && + echo $commit OK || exit 1 + done + ) && + ( + for commit in eighth-signed-alt + do + test_must_fail git verify-commit $commit 2>actual && + grep "Good signature from" actual && + ! grep "BAD signature from" actual && + grep "do NOT trust" actual && + echo $commit OK || exit 1 + done + ) +' + test_done -- 2.18.0
