(command.CommandList
  children: [
    (command.ShAssignment
      pairs: [
        (assign_pair
          lhs: (sh_lhs_expr.Name name:test_description)
          op: assign_op.Equal
          rhs: {(SQ <'merge signature verification tests'>)}
          spids: [4]
        )
      ]
    )
    (C {<.>} {<'./test-lib.sh'>})
    (C {<.>} {(DQ ($ Id.VSub_DollarName '$TEST_DIRECTORY') <'/lib-gpg.sh'>)})
    (C {<test_expect_success>} {<GPG>} {(SQ <'create signed commits'>)} 
      {
        (SQ <'\n'> <'\techo 1 >file && git add file &&\n'> 
          <'\ttest_tick && git commit -m initial &&\n'> <'\tgit tag initial &&\n'> <'\n'> <'\tgit checkout -b side-signed &&\n'> 
          <'\techo 3 >elif && git add elif &&\n'> <'\ttest_tick && git commit -S -m "signed on side" &&\n'> <'\tgit checkout initial &&\n'> <'\n'> 
          <'\tgit checkout -b side-unsigned &&\n'> <'\techo 3 >foo && git add foo &&\n'> <'\ttest_tick && git commit -m "unsigned on side" &&\n'> 
          <'\tgit checkout initial &&\n'> <'\n'> <'\tgit checkout -b side-bad &&\n'> <'\techo 3 >bar && git add bar &&\n'> 
          <'\ttest_tick && git commit -S -m "bad on side" &&\n'> <'\tgit cat-file commit side-bad >raw &&\n'> <'\tsed -e "s/bad/forged bad/" raw >forged &&\n'> 
          <'\tgit hash-object -w -t commit forged >forged.commit &&\n'> <'\tgit checkout initial &&\n'> <'\n'> <'\tgit checkout -b side-untrusted &&\n'> 
          <'\techo 3 >baz && git add baz &&\n'> <'\ttest_tick && git commit -SB7227189 -m "untrusted on side" &&\n'> <'\n'> <'\tgit checkout master\n'>
        )
      }
    )
    (C {<test_expect_success>} {<GPG>} {(SQ <'merge unsigned commit with verification'>)} 
      {
        (SQ <'\n'> 
          <
'\ttest_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror &&\n'
          > <'\ttest_i18ngrep "does not have a GPG signature" mergeerror\n'>
        )
      }
    )
    (C {<test_expect_success>} {<GPG>} {(SQ <'merge commit with bad signature with verification'>)} 
      {
        (SQ <'\n'> 
          <
'\ttest_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror &&\n'
          > <'\ttest_i18ngrep "has a bad GPG signature" mergeerror\n'>
        )
      }
    )
    (C {<test_expect_success>} {<GPG>} {(SQ <'merge commit with untrusted signature with verification'>)} 
      {
        (SQ <'\n'> 
          <
'\ttest_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&\n'
          > <'\ttest_i18ngrep "has an untrusted GPG signature" mergeerror\n'>
        )
      }
    )
    (C {<test_expect_success>} {<GPG>} {(SQ <'merge signed commit with verification'>)} 
      {
        (SQ <'\n'> 
          <'\tgit merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&\n'> <'\ttest_i18ngrep "has a good GPG signature" mergeoutput\n'>
        )
      }
    )
    (C {<test_expect_success>} {<GPG>} {(SQ <'merge commit with bad signature without verification'>)} 
      {(SQ <'\n'> <'\tgit merge $(cat forged.commit)\n'>)}
    )
    (C {<test_done>})
  ]
)