(command.CommandList children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:test_description) op: assign_op.Equal rhs: {(SQ <'merge signature verification tests'>)} spids: [4] ) ] ) (C {<.>} {<'./test-lib.sh'>}) (C {<.>} {(DQ ($ Id.VSub_DollarName '$TEST_DIRECTORY') <'/lib-gpg.sh'>)}) (C {<test_expect_success>} {<GPG>} {(SQ <'create signed commits'>)} { (SQ <'\n'> <'\techo 1 >file && git add file &&\n'> <'\ttest_tick && git commit -m initial &&\n'> <'\tgit tag initial &&\n'> <'\n'> <'\tgit checkout -b side-signed &&\n'> <'\techo 3 >elif && git add elif &&\n'> <'\ttest_tick && git commit -S -m "signed on side" &&\n'> <'\tgit checkout initial &&\n'> <'\n'> <'\tgit checkout -b side-unsigned &&\n'> <'\techo 3 >foo && git add foo &&\n'> <'\ttest_tick && git commit -m "unsigned on side" &&\n'> <'\tgit checkout initial &&\n'> <'\n'> <'\tgit checkout -b side-bad &&\n'> <'\techo 3 >bar && git add bar &&\n'> <'\ttest_tick && git commit -S -m "bad on side" &&\n'> <'\tgit cat-file commit side-bad >raw &&\n'> <'\tsed -e "s/bad/forged bad/" raw >forged &&\n'> <'\tgit hash-object -w -t commit forged >forged.commit &&\n'> <'\tgit checkout initial &&\n'> <'\n'> <'\tgit checkout -b side-untrusted &&\n'> <'\techo 3 >baz && git add baz &&\n'> <'\ttest_tick && git commit -SB7227189 -m "untrusted on side" &&\n'> <'\n'> <'\tgit checkout master\n'> ) } ) (C {<test_expect_success>} {<GPG>} {(SQ <'merge unsigned commit with verification'>)} { (SQ <'\n'> < '\ttest_must_fail git merge --ff-only --verify-signatures side-unsigned 2>mergeerror &&\n' > <'\ttest_i18ngrep "does not have a GPG signature" mergeerror\n'> ) } ) (C {<test_expect_success>} {<GPG>} {(SQ <'merge commit with bad signature with verification'>)} { (SQ <'\n'> < '\ttest_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror &&\n' > <'\ttest_i18ngrep "has a bad GPG signature" mergeerror\n'> ) } ) (C {<test_expect_success>} {<GPG>} {(SQ <'merge commit with untrusted signature with verification'>)} { (SQ <'\n'> < '\ttest_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&\n' > <'\ttest_i18ngrep "has an untrusted GPG signature" mergeerror\n'> ) } ) (C {<test_expect_success>} {<GPG>} {(SQ <'merge signed commit with verification'>)} { (SQ <'\n'> <'\tgit merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&\n'> <'\ttest_i18ngrep "has a good GPG signature" mergeoutput\n'> ) } ) (C {<test_expect_success>} {<GPG>} {(SQ <'merge commit with bad signature without verification'>)} {(SQ <'\n'> <'\tgit merge $(cat forged.commit)\n'>)} ) (C {<test_done>}) ] )