(command.CommandList children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:test_description) op: assign_op.Equal rhs: {(SQ (Token id:Id.Lit_Chars val:'signed tag tests' span_id:6))} spids: [4] ) ] ) (C {(.)} {(./test-lib.sh)}) (C {(.)} {(DQ ($ Id.VSub_DollarName '$TEST_DIRECTORY') (/lib-gpg.sh))}) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'create signed tags' span_id:26))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:30) (Token id:Id.Lit_Chars val:'\techo 1 >file && git add file &&\n' span_id:31) (Token id:Id.Lit_Chars val:'\ttest_tick && git commit -m initial &&\n' span_id:32) (Token id:Id.Lit_Chars val:'\tgit tag -s -m initial initial &&\n' span_id:33) (Token id:Id.Lit_Chars val:'\tgit branch side &&\n' span_id:34) (Token id:Id.Lit_Chars val:'\n' span_id:35) (Token id:Id.Lit_Chars val:'\techo 2 >file && test_tick && git commit -a -m second &&\n' span_id:36) (Token id:Id.Lit_Chars val:'\tgit tag -s -m second second &&\n' span_id:37) (Token id:Id.Lit_Chars val:'\n' span_id:38) (Token id:Id.Lit_Chars val:'\tgit checkout side &&\n' span_id:39) (Token id:Id.Lit_Chars val:'\techo 3 >elif && git add elif &&\n' span_id:40) (Token id: Id.Lit_Chars val: '\ttest_tick && git commit -m "third on side" &&\n' span_id: 41 ) (Token id:Id.Lit_Chars val:'\n' span_id:42) (Token id:Id.Lit_Chars val:'\tgit checkout master &&\n' span_id:43) (Token id:Id.Lit_Chars val:'\ttest_tick && git merge -S side &&\n' span_id:44) (Token id:Id.Lit_Chars val:'\tgit tag -s -m merge merge &&\n' span_id:45) (Token id:Id.Lit_Chars val:'\n' span_id:46) (Token id: Id.Lit_Chars val: '\techo 4 >file && test_tick && git commit -a -S -m "fourth unsigned" &&\n' span_id: 47 ) (Token id:Id.Lit_Chars val:'\tgit tag -a -m fourth-unsigned fourth-unsigned &&\n' span_id:48) (Token id:Id.Lit_Chars val:'\n' span_id:49) (Token id:Id.Lit_Chars val:'\ttest_tick && git commit --amend -S -m "fourth signed" &&\n' span_id:50) (Token id: Id.Lit_Chars val: '\tgit tag -s -m fourth fourth-signed &&\n' span_id: 51 ) (Token id:Id.Lit_Chars val:'\n' span_id:52) (Token id: Id.Lit_Chars val: '\techo 5 >file && test_tick && git commit -a -m "fifth" &&\n' span_id: 53 ) (Token id:Id.Lit_Chars val:'\tgit tag fifth-unsigned &&\n' span_id:54) (Token id:Id.Lit_Chars val:'\n' span_id:55) (Token id:Id.Lit_Chars val:'\tgit config commit.gpgsign true &&\n' span_id:56) (Token id: Id.Lit_Chars val: '\techo 6 >file && test_tick && git commit -a -m "sixth" &&\n' span_id: 57 ) (Token id:Id.Lit_Chars val:'\tgit tag -a -m sixth sixth-unsigned &&\n' span_id:58) (Token id:Id.Lit_Chars val:'\n' span_id:59) (Token id: Id.Lit_Chars val: '\ttest_tick && git rebase -f HEAD^^ && git tag -s -m 6th sixth-signed HEAD^ &&\n' span_id: 60 ) (Token id:Id.Lit_Chars val:'\tgit tag -m seventh -s seventh-signed &&\n' span_id:61) (Token id:Id.Lit_Chars val:'\n' span_id:62) (Token id:Id.Lit_Chars val:'\techo 8 >file && test_tick && git commit -a -m eighth &&\n' span_id:63) (Token id: Id.Lit_Chars val: '\tgit tag -uB7227189 -m eighth eighth-signed-alt\n' span_id: 64 ) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'verify and show signatures' span_id:73))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:77) (Token id:Id.Lit_Chars val:'\t(\n' span_id:78) (Token id: Id.Lit_Chars val: '\t\tfor tag in initial second merge fourth-signed sixth-signed seventh-signed\n' span_id: 79 ) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:80) (Token id:Id.Lit_Chars val:'\t\t\tgit verify-tag $tag 2>actual &&\n' span_id:81) (Token id:Id.Lit_Chars val:'\t\t\tgrep "Good signature from" actual &&\n' span_id:82) (Token id: Id.Lit_Chars val: '\t\t\t! grep "BAD signature from" actual &&\n' span_id: 83 ) (Token id:Id.Lit_Chars val:'\t\t\techo $tag OK || exit 1\n' span_id:84) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:85) (Token id:Id.Lit_Chars val:'\t) &&\n' span_id:86) (Token id:Id.Lit_Chars val:'\t(\n' span_id:87) (Token id: Id.Lit_Chars val: '\t\tfor tag in fourth-unsigned fifth-unsigned sixth-unsigned\n' span_id: 88 ) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:89) (Token id: Id.Lit_Chars val: '\t\t\ttest_must_fail git verify-tag $tag 2>actual &&\n' span_id: 90 ) (Token id:Id.Lit_Chars val:'\t\t\t! grep "Good signature from" actual &&\n' span_id:91) (Token id: Id.Lit_Chars val: '\t\t\t! grep "BAD signature from" actual &&\n' span_id: 92 ) (Token id:Id.Lit_Chars val:'\t\t\techo $tag OK || exit 1\n' span_id:93) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:94) (Token id:Id.Lit_Chars val:'\t) &&\n' span_id:95) (Token id:Id.Lit_Chars val:'\t(\n' span_id:96) (Token id:Id.Lit_Chars val:'\t\tfor tag in eighth-signed-alt\n' span_id:97) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:98) (Token id:Id.Lit_Chars val:'\t\t\tgit verify-tag $tag 2>actual &&\n' span_id:99) (Token id:Id.Lit_Chars val:'\t\t\tgrep "Good signature from" actual &&\n' span_id:100) (Token id: Id.Lit_Chars val: '\t\t\t! grep "BAD signature from" actual &&\n' span_id: 101 ) (Token id:Id.Lit_Chars val:'\t\t\tgrep "not certified" actual &&\n' span_id:102) (Token id:Id.Lit_Chars val:'\t\t\techo $tag OK || exit 1\n' span_id:103) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:104) (Token id:Id.Lit_Chars val:'\t)\n' span_id:105) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'detect fudged signature' span_id:114))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:118) (Token id: Id.Lit_Chars val: '\tgit cat-file tag seventh-signed >raw &&\n' span_id: 119 ) (Token id:Id.Lit_Chars val:'\tsed -e "s/seventh/7th forged/" raw >forged1 &&\n' span_id:120) (Token id: Id.Lit_Chars val: '\tgit hash-object -w -t tag forged1 >forged1.tag &&\n' span_id: 121 ) (Token id: Id.Lit_Chars val: '\ttest_must_fail git verify-tag $(cat forged1.tag) 2>actual1 &&\n' span_id: 122 ) (Token id:Id.Lit_Chars val:'\tgrep "BAD signature from" actual1 &&\n' span_id:123) (Token id: Id.Lit_Chars val: '\t! grep "Good signature from" actual1\n' span_id: 124 ) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'verify signatures with --raw' span_id:133))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:137) (Token id:Id.Lit_Chars val:'\t(\n' span_id:138) (Token id: Id.Lit_Chars val: '\t\tfor tag in initial second merge fourth-signed sixth-signed seventh-signed\n' span_id: 139 ) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:140) (Token id: Id.Lit_Chars val: '\t\t\tgit verify-tag --raw $tag 2>actual &&\n' span_id: 141 ) (Token id:Id.Lit_Chars val:'\t\t\tgrep "GOODSIG" actual &&\n' span_id:142) (Token id:Id.Lit_Chars val:'\t\t\t! grep "BADSIG" actual &&\n' span_id:143) (Token id:Id.Lit_Chars val:'\t\t\techo $tag OK || exit 1\n' span_id:144) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:145) (Token id:Id.Lit_Chars val:'\t) &&\n' span_id:146) (Token id:Id.Lit_Chars val:'\t(\n' span_id:147) (Token id: Id.Lit_Chars val: '\t\tfor tag in fourth-unsigned fifth-unsigned sixth-unsigned\n' span_id: 148 ) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:149) (Token id: Id.Lit_Chars val: '\t\t\ttest_must_fail git verify-tag --raw $tag 2>actual &&\n' span_id: 150 ) (Token id:Id.Lit_Chars val:'\t\t\t! grep "GOODSIG" actual &&\n' span_id:151) (Token id:Id.Lit_Chars val:'\t\t\t! grep "BADSIG" actual &&\n' span_id:152) (Token id:Id.Lit_Chars val:'\t\t\techo $tag OK || exit 1\n' span_id:153) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:154) (Token id:Id.Lit_Chars val:'\t) &&\n' span_id:155) (Token id:Id.Lit_Chars val:'\t(\n' span_id:156) (Token id:Id.Lit_Chars val:'\t\tfor tag in eighth-signed-alt\n' span_id:157) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:158) (Token id: Id.Lit_Chars val: '\t\t\tgit verify-tag --raw $tag 2>actual &&\n' span_id: 159 ) (Token id:Id.Lit_Chars val:'\t\t\tgrep "GOODSIG" actual &&\n' span_id:160) (Token id:Id.Lit_Chars val:'\t\t\t! grep "BADSIG" actual &&\n' span_id:161) (Token id:Id.Lit_Chars val:'\t\t\tgrep "TRUST_UNDEFINED" actual &&\n' span_id:162) (Token id:Id.Lit_Chars val:'\t\t\techo $tag OK || exit 1\n' span_id:163) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:164) (Token id:Id.Lit_Chars val:'\t)\n' span_id:165) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'verify multiple tags' span_id:174))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:178) (Token id: Id.Lit_Chars val: '\ttags="fourth-signed sixth-signed seventh-signed" &&\n' span_id: 179 ) (Token id:Id.Lit_Chars val:'\tfor i in $tags\n' span_id:180) (Token id:Id.Lit_Chars val:'\tdo\n' span_id:181) (Token id:Id.Lit_Chars val:'\t\tgit verify-tag -v --raw $i || return 1\n' span_id:182) (Token id: Id.Lit_Chars val: '\tdone >expect.stdout 2>expect.stderr.1 &&\n' span_id: 183 ) (Token id:Id.Lit_Chars val:'\tgrep "^.GNUPG:." <expect.stderr.1 >expect.stderr &&\n' span_id:184) (Token id: Id.Lit_Chars val: '\tgit verify-tag -v --raw $tags >actual.stdout 2>actual.stderr.1 &&\n' span_id: 185 ) (Token id:Id.Lit_Chars val:'\tgrep "^.GNUPG:." <actual.stderr.1 >actual.stderr &&\n' span_id:186) (Token id: Id.Lit_Chars val: '\ttest_cmp expect.stdout actual.stdout &&\n' span_id: 187 ) (Token id:Id.Lit_Chars val:'\ttest_cmp expect.stderr actual.stderr\n' span_id:188) ) } ) (C {(test_done)}) ] )