oil AST

(CommandList
  children: [
    (Assignment
      keyword: Assign_None
      pairs: [
        (assign_pair
          lhs: (LhsName name:test_description)
          op: Equal
          rhs: {(SQ <"signed tag tests">)}
          spids: [4]
        )
      ]
      spids: [4]
    )
    (C {(.)} {(./test-lib.sh)})
    (C {(.)} {(DQ ($ VSub_Name "$TEST_DIRECTORY") (/lib-gpg.sh))})
    (C {(test_expect_success)} {(GPG)} {(SQ <"create signed tags">)} 
      {
        (SQ <"\n"> <"\techo 1 >file && git add file &&\n"> 
          <"\ttest_tick && git commit -m initial &&\n"> <"\tgit tag -s -m initial initial &&\n"> <"\tgit branch side &&\n"> <"\n"> 
          <"\techo 2 >file && test_tick && git commit -a -m second &&\n"> <"\tgit tag -s -m second second &&\n"> <"\n"> <"\tgit checkout side &&\n"> 
          <"\techo 3 >elif && git add elif &&\n"> <"\ttest_tick && git commit -m \"third on side\" &&\n"> <"\n"> <"\tgit checkout master &&\n"> 
          <"\ttest_tick && git merge -S side &&\n"> <"\tgit tag -s -m merge merge &&\n"> <"\n"> 
          <"\techo 4 >file && test_tick && git commit -a -S -m \"fourth unsigned\" &&\n"> <"\tgit tag -a -m fourth-unsigned fourth-unsigned &&\n"> <"\n"> 
          <"\ttest_tick && git commit --amend -S -m \"fourth signed\" &&\n"> <"\tgit tag -s -m fourth fourth-signed &&\n"> <"\n"> 
          <"\techo 5 >file && test_tick && git commit -a -m \"fifth\" &&\n"> <"\tgit tag fifth-unsigned &&\n"> <"\n"> <"\tgit config commit.gpgsign true &&\n"> 
          <"\techo 6 >file && test_tick && git commit -a -m \"sixth\" &&\n"> <"\tgit tag -a -m sixth sixth-unsigned &&\n"> <"\n"> 
          <"\ttest_tick && git rebase -f HEAD^^ && git tag -s -m 6th sixth-signed HEAD^ &&\n"> <"\tgit tag -m seventh -s seventh-signed &&\n"> <"\n"> 
          <"\techo 8 >file && test_tick && git commit -a -m eighth &&\n"> <"\tgit tag -uB7227189 -m eighth eighth-signed-alt\n">
        )
      }
    )
    (C {(test_expect_success)} {(GPG)} {(SQ <"verify and show signatures">)} 
      {
        (SQ <"\n"> <"\t(\n"> 
          <"\t\tfor tag in initial second merge fourth-signed sixth-signed seventh-signed\n"> <"\t\tdo\n"> <"\t\t\tgit verify-tag $tag 2>actual &&\n"> 
          <"\t\t\tgrep \"Good signature from\" actual &&\n"> <"\t\t\t! grep \"BAD signature from\" actual &&\n"> <"\t\t\techo $tag OK || exit 1\n"> <"\t\tdone\n"> 
          <"\t) &&\n"> <"\t(\n"> <"\t\tfor tag in fourth-unsigned fifth-unsigned sixth-unsigned\n"> <"\t\tdo\n"> 
          <"\t\t\ttest_must_fail git verify-tag $tag 2>actual &&\n"> <"\t\t\t! grep \"Good signature from\" actual &&\n"> 
          <"\t\t\t! grep \"BAD signature from\" actual &&\n"> <"\t\t\techo $tag OK || exit 1\n"> <"\t\tdone\n"> <"\t) &&\n"> <"\t(\n"> 
          <"\t\tfor tag in eighth-signed-alt\n"> <"\t\tdo\n"> <"\t\t\tgit verify-tag $tag 2>actual &&\n"> 
          <"\t\t\tgrep \"Good signature from\" actual &&\n"> <"\t\t\t! grep \"BAD signature from\" actual &&\n"> <"\t\t\tgrep \"not certified\" actual &&\n"> 
          <"\t\t\techo $tag OK || exit 1\n"> <"\t\tdone\n"> <"\t)\n">
        )
      }
    )
    (C {(test_expect_success)} {(GPG)} {(SQ <"detect fudged signature">)} 
      {
        (SQ <"\n"> <"\tgit cat-file tag seventh-signed >raw &&\n"> 
          <"\tsed -e \"s/seventh/7th forged/\" raw >forged1 &&\n"> <"\tgit hash-object -w -t tag forged1 >forged1.tag &&\n"> 
          <"\ttest_must_fail git verify-tag $(cat forged1.tag) 2>actual1 &&\n"> <"\tgrep \"BAD signature from\" actual1 &&\n"> <"\t! grep \"Good signature from\" actual1\n">
        )
      }
    )
    (C {(test_expect_success)} {(GPG)} {(SQ <"verify signatures with --raw">)} 
      {
        (SQ <"\n"> <"\t(\n"> 
          <"\t\tfor tag in initial second merge fourth-signed sixth-signed seventh-signed\n"> <"\t\tdo\n"> <"\t\t\tgit verify-tag --raw $tag 2>actual &&\n"> <"\t\t\tgrep \"GOODSIG\" actual &&\n"> 
          <"\t\t\t! grep \"BADSIG\" actual &&\n"> <"\t\t\techo $tag OK || exit 1\n"> <"\t\tdone\n"> <"\t) &&\n"> <"\t(\n"> 
          <"\t\tfor tag in fourth-unsigned fifth-unsigned sixth-unsigned\n"> <"\t\tdo\n"> <"\t\t\ttest_must_fail git verify-tag --raw $tag 2>actual &&\n"> 
          <"\t\t\t! grep \"GOODSIG\" actual &&\n"> <"\t\t\t! grep \"BADSIG\" actual &&\n"> <"\t\t\techo $tag OK || exit 1\n"> <"\t\tdone\n"> <"\t) &&\n"> 
          <"\t(\n"> <"\t\tfor tag in eighth-signed-alt\n"> <"\t\tdo\n"> <"\t\t\tgit verify-tag --raw $tag 2>actual &&\n"> 
          <"\t\t\tgrep \"GOODSIG\" actual &&\n"> <"\t\t\t! grep \"BADSIG\" actual &&\n"> <"\t\t\tgrep \"TRUST_UNDEFINED\" actual &&\n"> 
          <"\t\t\techo $tag OK || exit 1\n"> <"\t\tdone\n"> <"\t)\n">
        )
      }
    )
    (C {(test_expect_success)} {(GPG)} {(SQ <"verify multiple tags">)} 
      {
        (SQ <"\n"> <"\ttags=\"fourth-signed sixth-signed seventh-signed\" &&\n"> <"\tfor i in $tags\n"> 
          <"\tdo\n"> <"\t\tgit verify-tag -v --raw $i || return 1\n"> <"\tdone >expect.stdout 2>expect.stderr.1 &&\n"> 
          <"\tgrep \"^.GNUPG:.\" <expect.stderr.1 >expect.stderr &&\n"> <"\tgit verify-tag -v --raw $tags >actual.stdout 2>actual.stderr.1 &&\n"> 
          <"\tgrep \"^.GNUPG:.\" <actual.stderr.1 >actual.stderr &&\n"> <"\ttest_cmp expect.stdout actual.stdout &&\n"> <"\ttest_cmp expect.stderr actual.stderr\n">
        )
      }
    )
    (C {(test_done)})
  ]
)