(command.CommandList children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:test_description) op: assign_op.Equal rhs: {(SQ (Token id:Id.Lit_Chars val:'signed commit tests' span_id:6))} spids: [4] ) ] ) (C {(.)} {(./test-lib.sh)}) (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:GNUPGHOME_NOT_USED) op: assign_op.Equal rhs: {($ Id.VSub_DollarName '$GNUPGHOME')} spids: [13] ) ] ) (C {(.)} {(DQ ($ Id.VSub_DollarName '$TEST_DIRECTORY') (/lib-gpg.sh))}) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'create signed commits' span_id:29))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:33) (Token id: Id.Lit_Chars val: '\ttest_when_finished "test_unconfig commit.gpgsign" &&\n' span_id: 34 ) (Token id:Id.Lit_Chars val:'\n' span_id:35) (Token id:Id.Lit_Chars val:'\techo 1 >file && git add file &&\n' span_id:36) (Token id:Id.Lit_Chars val:'\ttest_tick && git commit -S -m initial &&\n' span_id:37) (Token id:Id.Lit_Chars val:'\tgit tag initial &&\n' span_id:38) (Token id:Id.Lit_Chars val:'\tgit branch side &&\n' span_id:39) (Token id:Id.Lit_Chars val:'\n' span_id:40) (Token id: Id.Lit_Chars val: '\techo 2 >file && test_tick && git commit -a -S -m second &&\n' span_id: 41 ) (Token id:Id.Lit_Chars val:'\tgit tag second &&\n' span_id:42) (Token id:Id.Lit_Chars val:'\n' span_id:43) (Token id:Id.Lit_Chars val:'\tgit checkout side &&\n' span_id:44) (Token id:Id.Lit_Chars val:'\techo 3 >elif && git add elif &&\n' span_id:45) (Token id:Id.Lit_Chars val:'\ttest_tick && git commit -m "third on side" &&\n' span_id:46) (Token id:Id.Lit_Chars val:'\n' span_id:47) (Token id:Id.Lit_Chars val:'\tgit checkout master &&\n' span_id:48) (Token id:Id.Lit_Chars val:'\ttest_tick && git merge -S side &&\n' span_id:49) (Token id:Id.Lit_Chars val:'\tgit tag merge &&\n' span_id:50) (Token id:Id.Lit_Chars val:'\n' span_id:51) (Token id: Id.Lit_Chars val: '\techo 4 >file && test_tick && git commit -a -m "fourth unsigned" &&\n' span_id: 52 ) (Token id:Id.Lit_Chars val:'\tgit tag fourth-unsigned &&\n' span_id:53) (Token id:Id.Lit_Chars val:'\n' span_id:54) (Token id:Id.Lit_Chars val:'\ttest_tick && git commit --amend -S -m "fourth signed" &&\n' span_id:55) (Token id:Id.Lit_Chars val:'\tgit tag fourth-signed &&\n' span_id:56) (Token id:Id.Lit_Chars val:'\n' span_id:57) (Token id:Id.Lit_Chars val:'\tgit config commit.gpgsign true &&\n' span_id:58) (Token id: Id.Lit_Chars val: '\techo 5 >file && test_tick && git commit -a -m "fifth signed" &&\n' span_id: 59 ) (Token id:Id.Lit_Chars val:'\tgit tag fifth-signed &&\n' span_id:60) (Token id:Id.Lit_Chars val:'\n' span_id:61) (Token id:Id.Lit_Chars val:'\tgit config commit.gpgsign false &&\n' span_id:62) (Token id: Id.Lit_Chars val: '\techo 6 >file && test_tick && git commit -a -m "sixth" &&\n' span_id: 63 ) (Token id:Id.Lit_Chars val:'\tgit tag sixth-unsigned &&\n' span_id:64) (Token id:Id.Lit_Chars val:'\n' span_id:65) (Token id:Id.Lit_Chars val:'\tgit config commit.gpgsign true &&\n' span_id:66) (Token id: Id.Lit_Chars val: '\techo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&\n' span_id: 67 ) (Token id:Id.Lit_Chars val:'\tgit tag seventh-unsigned &&\n' span_id:68) (Token id:Id.Lit_Chars val:'\n' span_id:69) (Token id: Id.Lit_Chars val: '\ttest_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&\n' span_id: 70 ) (Token id:Id.Lit_Chars val:'\tgit tag seventh-signed &&\n' span_id:71) (Token id:Id.Lit_Chars val:'\n' span_id:72) (Token id: Id.Lit_Chars val: '\techo 8 >file && test_tick && git commit -a -m eighth -SB7227189 &&\n' span_id: 73 ) (Token id:Id.Lit_Chars val:'\tgit tag eighth-signed-alt &&\n' span_id:74) (Token id:Id.Lit_Chars val:'\n' span_id:75) (Token id:Id.Lit_Chars val:'\t# commit.gpgsign is still on but this must not be signed\n' span_id:76) (Token id: Id.Lit_Chars val: '\tgit tag ninth-unsigned $(echo 9 | git commit-tree HEAD^{tree}) &&\n' span_id: 77 ) (Token id:Id.Lit_Chars val:'\t# explicit -S of course must sign.\n' span_id:78) (Token id: Id.Lit_Chars val: '\tgit tag tenth-signed $(echo 9 | git commit-tree -S HEAD^{tree})\n' span_id: 79 ) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'verify and show signatures' span_id:88))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:92) (Token id:Id.Lit_Chars val:'\t(\n' span_id:93) (Token id: Id.Lit_Chars val: '\t\tfor commit in initial second merge fourth-signed \\\n' span_id: 94 ) (Token id: Id.Lit_Chars val: '\t\t\tfifth-signed sixth-signed seventh-signed tenth-signed\n' span_id: 95 ) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:96) (Token id:Id.Lit_Chars val:'\t\t\tgit verify-commit $commit &&\n' span_id:97) (Token id: Id.Lit_Chars val: '\t\t\tgit show --pretty=short --show-signature $commit >actual &&\n' span_id: 98 ) (Token id:Id.Lit_Chars val:'\t\t\tgrep "Good signature from" actual &&\n' span_id:99) (Token id: Id.Lit_Chars val: '\t\t\t! grep "BAD signature from" actual &&\n' span_id: 100 ) (Token id:Id.Lit_Chars val:'\t\t\techo $commit OK || exit 1\n' span_id:101) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:102) (Token id:Id.Lit_Chars val:'\t) &&\n' span_id:103) (Token id:Id.Lit_Chars val:'\t(\n' span_id:104) (Token id: Id.Lit_Chars val: '\t\tfor commit in merge^2 fourth-unsigned sixth-unsigned \\\n' span_id: 105 ) (Token id:Id.Lit_Chars val:'\t\t\tseventh-unsigned ninth-unsigned\n' span_id:106) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:107) (Token id:Id.Lit_Chars val:'\t\t\ttest_must_fail git verify-commit $commit &&\n' span_id:108) (Token id: Id.Lit_Chars val: '\t\t\tgit show --pretty=short --show-signature $commit >actual &&\n' span_id: 109 ) (Token id:Id.Lit_Chars val:'\t\t\t! grep "Good signature from" actual &&\n' span_id:110) (Token id: Id.Lit_Chars val: '\t\t\t! grep "BAD signature from" actual &&\n' span_id: 111 ) (Token id:Id.Lit_Chars val:'\t\t\techo $commit OK || exit 1\n' span_id:112) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:113) (Token id:Id.Lit_Chars val:'\t) &&\n' span_id:114) (Token id:Id.Lit_Chars val:'\t(\n' span_id:115) (Token id:Id.Lit_Chars val:'\t\tfor commit in eighth-signed-alt\n' span_id:116) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:117) (Token id: Id.Lit_Chars val: '\t\t\tgit show --pretty=short --show-signature $commit >actual &&\n' span_id: 118 ) (Token id:Id.Lit_Chars val:'\t\t\tgrep "Good signature from" actual &&\n' span_id:119) (Token id: Id.Lit_Chars val: '\t\t\t! grep "BAD signature from" actual &&\n' span_id: 120 ) (Token id:Id.Lit_Chars val:'\t\t\tgrep "not certified" actual &&\n' span_id:121) (Token id:Id.Lit_Chars val:'\t\t\techo $commit OK || exit 1\n' span_id:122) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:123) (Token id:Id.Lit_Chars val:'\t)\n' span_id:124) ) } ) (C {(test_expect_success)} {(GPG)} { (SQ (Token id: Id.Lit_Chars val: 'verify-commit exits success on untrusted signature' span_id: 133 ) ) } { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:137) (Token id: Id.Lit_Chars val: '\tgit verify-commit eighth-signed-alt 2>actual &&\n' span_id: 138 ) (Token id:Id.Lit_Chars val:'\tgrep "Good signature from" actual &&\n' span_id:139) (Token id: Id.Lit_Chars val: '\t! grep "BAD signature from" actual &&\n' span_id: 140 ) (Token id:Id.Lit_Chars val:'\tgrep "not certified" actual\n' span_id:141) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'verify signatures with --raw' span_id:150))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:154) (Token id:Id.Lit_Chars val:'\t(\n' span_id:155) (Token id: Id.Lit_Chars val: '\t\tfor commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed\n' span_id: 156 ) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:157) (Token id: Id.Lit_Chars val: '\t\t\tgit verify-commit --raw $commit 2>actual &&\n' span_id: 158 ) (Token id:Id.Lit_Chars val:'\t\t\tgrep "GOODSIG" actual &&\n' span_id:159) (Token id:Id.Lit_Chars val:'\t\t\t! grep "BADSIG" actual &&\n' span_id:160) (Token id:Id.Lit_Chars val:'\t\t\techo $commit OK || exit 1\n' span_id:161) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:162) (Token id:Id.Lit_Chars val:'\t) &&\n' span_id:163) (Token id:Id.Lit_Chars val:'\t(\n' span_id:164) (Token id: Id.Lit_Chars val: '\t\tfor commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned\n' span_id: 165 ) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:166) (Token id: Id.Lit_Chars val: '\t\t\ttest_must_fail git verify-commit --raw $commit 2>actual &&\n' span_id: 167 ) (Token id:Id.Lit_Chars val:'\t\t\t! grep "GOODSIG" actual &&\n' span_id:168) (Token id:Id.Lit_Chars val:'\t\t\t! grep "BADSIG" actual &&\n' span_id:169) (Token id:Id.Lit_Chars val:'\t\t\techo $commit OK || exit 1\n' span_id:170) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:171) (Token id:Id.Lit_Chars val:'\t) &&\n' span_id:172) (Token id:Id.Lit_Chars val:'\t(\n' span_id:173) (Token id:Id.Lit_Chars val:'\t\tfor commit in eighth-signed-alt\n' span_id:174) (Token id:Id.Lit_Chars val:'\t\tdo\n' span_id:175) (Token id: Id.Lit_Chars val: '\t\t\tgit verify-commit --raw $commit 2>actual &&\n' span_id: 176 ) (Token id:Id.Lit_Chars val:'\t\t\tgrep "GOODSIG" actual &&\n' span_id:177) (Token id:Id.Lit_Chars val:'\t\t\t! grep "BADSIG" actual &&\n' span_id:178) (Token id:Id.Lit_Chars val:'\t\t\tgrep "TRUST_UNDEFINED" actual &&\n' span_id:179) (Token id:Id.Lit_Chars val:'\t\t\techo $commit OK || exit 1\n' span_id:180) (Token id:Id.Lit_Chars val:'\t\tdone\n' span_id:181) (Token id:Id.Lit_Chars val:'\t)\n' span_id:182) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'show signed commit with signature' span_id:191))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:195) (Token id:Id.Lit_Chars val:'\tgit show -s initial >commit &&\n' span_id:196) (Token id:Id.Lit_Chars val:'\tgit show -s --show-signature initial >show &&\n' span_id:197) (Token id: Id.Lit_Chars val: '\tgit verify-commit -v initial >verify.1 2>verify.2 &&\n' span_id: 198 ) (Token id:Id.Lit_Chars val:'\tgit cat-file commit initial >cat &&\n' span_id:199) (Token id: Id.Lit_Chars val: '\tgrep -v -e "gpg: " -e "Warning: " show >show.commit &&\n' span_id: 200 ) (Token id:Id.Lit_Chars val:'\tgrep -e "gpg: " -e "Warning: " show >show.gpg &&\n' span_id:201) (Token id: Id.Lit_Chars val: '\tgrep -v "^ " cat | grep -v "^gpgsig " >cat.commit &&\n' span_id: 202 ) (Token id:Id.Lit_Chars val:'\ttest_cmp show.commit commit &&\n' span_id:203) (Token id:Id.Lit_Chars val:'\ttest_cmp show.gpg verify.2 &&\n' span_id:204) (Token id:Id.Lit_Chars val:'\ttest_cmp cat.commit verify.1\n' span_id:205) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'detect fudged signature' span_id:214))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:218) (Token id: Id.Lit_Chars val: '\tgit cat-file commit seventh-signed >raw &&\n' span_id: 219 ) (Token id:Id.Lit_Chars val:'\n' span_id:220) (Token id: Id.Lit_Chars val: '\tsed -e "s/seventh/7th forged/" raw >forged1 &&\n' span_id: 221 ) (Token id:Id.Lit_Chars val:'\tgit hash-object -w -t commit forged1 >forged1.commit &&\n' span_id:222) (Token id: Id.Lit_Chars val: '\t! git verify-commit $(cat forged1.commit) &&\n' span_id: 223 ) (Token id: Id.Lit_Chars val: '\tgit show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&\n' span_id: 224 ) (Token id:Id.Lit_Chars val:'\tgrep "BAD signature from" actual1 &&\n' span_id:225) (Token id: Id.Lit_Chars val: '\t! grep "Good signature from" actual1\n' span_id: 226 ) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'detect fudged signature with NUL' span_id:235))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:239) (Token id: Id.Lit_Chars val: '\tgit cat-file commit seventh-signed >raw &&\n' span_id: 240 ) (Token id:Id.Lit_Chars val:'\tcat raw >forged2 &&\n' span_id:241) (Token id: Id.Lit_Chars val: '\techo Qwik | tr "Q" "\\000" >>forged2 &&\n' span_id: 242 ) (Token id:Id.Lit_Chars val:'\tgit hash-object -w -t commit forged2 >forged2.commit &&\n' span_id:243) (Token id: Id.Lit_Chars val: '\t! git verify-commit $(cat forged2.commit) &&\n' span_id: 244 ) (Token id: Id.Lit_Chars val: '\tgit show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&\n' span_id: 245 ) (Token id:Id.Lit_Chars val:'\tgrep "BAD signature from" actual2 &&\n' span_id:246) (Token id: Id.Lit_Chars val: '\t! grep "Good signature from" actual2\n' span_id: 247 ) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'amending already signed commit' span_id:256))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:260) (Token id:Id.Lit_Chars val:'\tgit checkout fourth-signed^0 &&\n' span_id:261) (Token id:Id.Lit_Chars val:'\tgit commit --amend -S --no-edit &&\n' span_id:262) (Token id:Id.Lit_Chars val:'\tgit verify-commit HEAD &&\n' span_id:263) (Token id:Id.Lit_Chars val:'\tgit show -s --show-signature HEAD >actual &&\n' span_id:264) (Token id: Id.Lit_Chars val: '\tgrep "Good signature from" actual &&\n' span_id: 265 ) (Token id:Id.Lit_Chars val:'\t! grep "BAD signature from" actual\n' span_id:266) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'show good signature with custom format' span_id:275))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:279) (Token id:Id.Lit_Chars val:'\tcat >expect <<-\\EOF &&\n' span_id:280) (Token id:Id.Lit_Chars val:'\tG\n' span_id:281) (Token id:Id.Lit_Chars val:'\t13B6F51ECDDE430D\n' span_id:282) (Token id:Id.Lit_Chars val:'\tC O Mitter <committer@example.com>\n' span_id:283) (Token id:Id.Lit_Chars val:'\tEOF\n' span_id:284) (Token id: Id.Lit_Chars val: '\tgit log -1 --format="%G?%n%GK%n%GS" sixth-signed >actual &&\n' span_id: 285 ) (Token id:Id.Lit_Chars val:'\ttest_cmp expect actual\n' span_id:286) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'show bad signature with custom format' span_id:295))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:299) (Token id:Id.Lit_Chars val:'\tcat >expect <<-\\EOF &&\n' span_id:300) (Token id:Id.Lit_Chars val:'\tB\n' span_id:301) (Token id:Id.Lit_Chars val:'\t13B6F51ECDDE430D\n' span_id:302) (Token id:Id.Lit_Chars val:'\tC O Mitter <committer@example.com>\n' span_id:303) (Token id:Id.Lit_Chars val:'\tEOF\n' span_id:304) (Token id: Id.Lit_Chars val: '\tgit log -1 --format="%G?%n%GK%n%GS" $(cat forged1.commit) >actual &&\n' span_id: 305 ) (Token id:Id.Lit_Chars val:'\ttest_cmp expect actual\n' span_id:306) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'show untrusted signature with custom format' span_id:315))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:319) (Token id:Id.Lit_Chars val:'\tcat >expect <<-\\EOF &&\n' span_id:320) (Token id:Id.Lit_Chars val:'\tU\n' span_id:321) (Token id:Id.Lit_Chars val:'\t61092E85B7227189\n' span_id:322) (Token id:Id.Lit_Chars val:'\tEris Discordia <discord@example.net>\n' span_id:323) (Token id:Id.Lit_Chars val:'\tEOF\n' span_id:324) (Token id: Id.Lit_Chars val: '\tgit log -1 --format="%G?%n%GK%n%GS" eighth-signed-alt >actual &&\n' span_id: 325 ) (Token id:Id.Lit_Chars val:'\ttest_cmp expect actual\n' span_id:326) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'show unknown signature with custom format' span_id:335))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:339) (Token id:Id.Lit_Chars val:'\tcat >expect <<-\\EOF &&\n' span_id:340) (Token id:Id.Lit_Chars val:'\tE\n' span_id:341) (Token id:Id.Lit_Chars val:'\t61092E85B7227189\n' span_id:342) (Token id:Id.Lit_Chars val:'\n' span_id:343) (Token id:Id.Lit_Chars val:'\tEOF\n' span_id:344) (Token id: Id.Lit_Chars val: '\tGNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GK%n%GS" eighth-signed-alt >actual &&\n' span_id: 345 ) (Token id:Id.Lit_Chars val:'\ttest_cmp expect actual\n' span_id:346) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'show lack of signature with custom format' span_id:355))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:359) (Token id:Id.Lit_Chars val:'\tcat >expect <<-\\EOF &&\n' span_id:360) (Token id:Id.Lit_Chars val:'\tN\n' span_id:361) (Token id:Id.Lit_Chars val:'\n' span_id:362) (Token id:Id.Lit_Chars val:'\n' span_id:363) (Token id:Id.Lit_Chars val:'\tEOF\n' span_id:364) (Token id: Id.Lit_Chars val: '\tgit log -1 --format="%G?%n%GK%n%GS" seventh-unsigned >actual &&\n' span_id: 365 ) (Token id:Id.Lit_Chars val:'\ttest_cmp expect actual\n' span_id:366) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'log.showsignature behaves like --show-signature' span_id:375))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:379) (Token id: Id.Lit_Chars val: '\ttest_config log.showsignature true &&\n' span_id: 380 ) (Token id:Id.Lit_Chars val:'\tgit show initial >actual &&\n' span_id:381) (Token id: Id.Lit_Chars val: '\tgrep "gpg: Signature made" actual &&\n' span_id: 382 ) (Token id:Id.Lit_Chars val:'\tgrep "gpg: Good signature" actual\n' span_id:383) ) } ) (C {(test_done)}) ] )