(command.CommandList children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:test_description) op: assign_op.Equal rhs: {(SQ <'signed tag tests'>)} spids: [4] ) ] ) (C {<.>} {<'./test-lib.sh'>}) (C {<.>} {(DQ ($ Id.VSub_DollarName '$TEST_DIRECTORY') <'/lib-gpg.sh'>)}) (C {<test_expect_success>} {<GPG>} {(SQ <'create signed tags'>)} { (SQ <'\n'> <'\techo 1 >file && git add file &&\n'> <'\ttest_tick && git commit -m initial &&\n'> <'\tgit tag -s -m initial initial &&\n'> <'\tgit branch side &&\n'> <'\n'> <'\techo 2 >file && test_tick && git commit -a -m second &&\n'> <'\tgit tag -s -m second second &&\n'> <'\n'> <'\tgit checkout side &&\n'> <'\techo 3 >elif && git add elif &&\n'> <'\ttest_tick && git commit -m "third on side" &&\n'> <'\n'> <'\tgit checkout master &&\n'> <'\ttest_tick && git merge -S side &&\n'> <'\tgit tag -s -m merge merge &&\n'> <'\n'> <'\techo 4 >file && test_tick && git commit -a -S -m "fourth unsigned" &&\n'> <'\tgit tag -a -m fourth-unsigned fourth-unsigned &&\n'> <'\n'> <'\ttest_tick && git commit --amend -S -m "fourth signed" &&\n'> <'\tgit tag -s -m fourth fourth-signed &&\n'> <'\n'> <'\techo 5 >file && test_tick && git commit -a -m "fifth" &&\n'> <'\tgit tag fifth-unsigned &&\n'> <'\n'> <'\tgit config commit.gpgsign true &&\n'> <'\techo 6 >file && test_tick && git commit -a -m "sixth" &&\n'> <'\tgit tag -a -m sixth sixth-unsigned &&\n'> <'\n'> <'\ttest_tick && git rebase -f HEAD^^ && git tag -s -m 6th sixth-signed HEAD^ &&\n'> <'\tgit tag -m seventh -s seventh-signed &&\n'> <'\n'> <'\techo 8 >file && test_tick && git commit -a -m eighth &&\n'> <'\tgit tag -uB7227189 -m eighth eighth-signed-alt\n'> ) } ) (C {<test_expect_success>} {<GPG>} {(SQ <'verify and show signatures'>)} { (SQ <'\n'> <'\t(\n'> <'\t\tfor tag in initial second merge fourth-signed sixth-signed seventh-signed\n'> <'\t\tdo\n'> <'\t\t\tgit verify-tag $tag 2>actual &&\n'> <'\t\t\tgrep "Good signature from" actual &&\n'> <'\t\t\t! grep "BAD signature from" actual &&\n'> <'\t\t\techo $tag OK || exit 1\n'> <'\t\tdone\n'> <'\t) &&\n'> <'\t(\n'> <'\t\tfor tag in fourth-unsigned fifth-unsigned sixth-unsigned\n'> <'\t\tdo\n'> <'\t\t\ttest_must_fail git verify-tag $tag 2>actual &&\n'> <'\t\t\t! grep "Good signature from" actual &&\n'> <'\t\t\t! grep "BAD signature from" actual &&\n'> <'\t\t\techo $tag OK || exit 1\n'> <'\t\tdone\n'> <'\t) &&\n'> <'\t(\n'> <'\t\tfor tag in eighth-signed-alt\n'> <'\t\tdo\n'> <'\t\t\tgit verify-tag $tag 2>actual &&\n'> <'\t\t\tgrep "Good signature from" actual &&\n'> <'\t\t\t! grep "BAD signature from" actual &&\n'> <'\t\t\tgrep "not certified" actual &&\n'> <'\t\t\techo $tag OK || exit 1\n'> <'\t\tdone\n'> <'\t)\n'> ) } ) (C {<test_expect_success>} {<GPG>} {(SQ <'detect fudged signature'>)} { (SQ <'\n'> <'\tgit cat-file tag seventh-signed >raw &&\n'> <'\tsed -e "s/seventh/7th forged/" raw >forged1 &&\n'> <'\tgit hash-object -w -t tag forged1 >forged1.tag &&\n'> <'\ttest_must_fail git verify-tag $(cat forged1.tag) 2>actual1 &&\n'> <'\tgrep "BAD signature from" actual1 &&\n'> <'\t! grep "Good signature from" actual1\n'> ) } ) (C {<test_expect_success>} {<GPG>} {(SQ <'verify signatures with --raw'>)} { (SQ <'\n'> <'\t(\n'> <'\t\tfor tag in initial second merge fourth-signed sixth-signed seventh-signed\n'> <'\t\tdo\n'> <'\t\t\tgit verify-tag --raw $tag 2>actual &&\n'> <'\t\t\tgrep "GOODSIG" actual &&\n'> <'\t\t\t! grep "BADSIG" actual &&\n'> <'\t\t\techo $tag OK || exit 1\n'> <'\t\tdone\n'> <'\t) &&\n'> <'\t(\n'> <'\t\tfor tag in fourth-unsigned fifth-unsigned sixth-unsigned\n'> <'\t\tdo\n'> <'\t\t\ttest_must_fail git verify-tag --raw $tag 2>actual &&\n'> <'\t\t\t! grep "GOODSIG" actual &&\n'> <'\t\t\t! grep "BADSIG" actual &&\n'> <'\t\t\techo $tag OK || exit 1\n'> <'\t\tdone\n'> <'\t) &&\n'> <'\t(\n'> <'\t\tfor tag in eighth-signed-alt\n'> <'\t\tdo\n'> <'\t\t\tgit verify-tag --raw $tag 2>actual &&\n'> <'\t\t\tgrep "GOODSIG" actual &&\n'> <'\t\t\t! grep "BADSIG" actual &&\n'> <'\t\t\tgrep "TRUST_UNDEFINED" actual &&\n'> <'\t\t\techo $tag OK || exit 1\n'> <'\t\tdone\n'> <'\t)\n'> ) } ) (C {<test_expect_success>} {<GPG>} {(SQ <'verify multiple tags'>)} { (SQ <'\n'> <'\ttags="fourth-signed sixth-signed seventh-signed" &&\n'> <'\tfor i in $tags\n'> <'\tdo\n'> <'\t\tgit verify-tag -v --raw $i || return 1\n'> <'\tdone >expect.stdout 2>expect.stderr.1 &&\n'> <'\tgrep "^.GNUPG:." <expect.stderr.1 >expect.stderr &&\n'> <'\tgit verify-tag -v --raw $tags >actual.stdout 2>actual.stderr.1 &&\n'> <'\tgrep "^.GNUPG:." <actual.stderr.1 >actual.stderr &&\n'> <'\ttest_cmp expect.stdout actual.stdout &&\n'> <'\ttest_cmp expect.stderr actual.stderr\n'> ) } ) (C {<test_done>}) ] )