Skip to content

Commit 1bfb57f

Browse files
FStelzergitster
FStelzer
authored and
gitster
committed
ssh signing: test that gpg fails for unknown keys
Test that verify-commit/tag will fail when a gpg key is completely unknown. To do this we have to generate a key, use it for a signature and delete it from our keyring aferwards completely. Signed-off-by: Fabian Stelzer <[email protected]> Signed-off-by: Junio C Hamano <[email protected]>
1 parent f265f2d commit 1bfb57f

File tree

1 file changed

+28
-1
lines changed

1 file changed

+28
-1
lines changed

t/t7510-signed-commit.sh

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,25 @@ test_expect_success GPG 'create signed commits' '
7171
git tag eleventh-signed $(cat oid) &&
7272
echo 12 | git commit-tree --gpg-sign=B7227189 HEAD^{tree} >oid &&
7373
test_line_count = 1 oid &&
74-
git tag twelfth-signed-alt $(cat oid)
74+
git tag twelfth-signed-alt $(cat oid) &&
75+
76+
cat >keydetails <<-\EOF &&
77+
Key-Type: RSA
78+
Key-Length: 2048
79+
Subkey-Type: RSA
80+
Subkey-Length: 2048
81+
Name-Real: Unknown User
82+
Name-Email: [email protected]
83+
Expire-Date: 0
84+
%no-ask-passphrase
85+
%no-protection
86+
EOF
87+
gpg --batch --gen-key keydetails &&
88+
echo 13 >file && git commit -a -S"[email protected]" -m thirteenth &&
89+
git tag thirteenth-signed &&
90+
DELETE_FINGERPRINT=$(gpg -K --with-colons --fingerprint --batch [email protected] | grep "^fpr" | head -n 1 | awk -F ":" "{print \$10;}") &&
91+
gpg --batch --yes --delete-secret-keys $DELETE_FINGERPRINT &&
92+
gpg --batch --yes --delete-keys [email protected]
7593
'
7694

7795
test_expect_success GPG 'verify and show signatures' '
@@ -110,6 +128,13 @@ test_expect_success GPG 'verify and show signatures' '
110128
)
111129
'
112130

131+
test_expect_success GPG 'verify-commit exits failure on unknown signature' '
132+
test_must_fail git verify-commit thirteenth-signed 2>actual &&
133+
! grep "Good signature from" actual &&
134+
! grep "BAD signature from" actual &&
135+
grep -q -F -e "No public key" -e "public key not found" actual
136+
'
137+
113138
test_expect_success GPG 'verify-commit exits success on untrusted signature' '
114139
git verify-commit eighth-signed-alt 2>actual &&
115140
grep "Good signature from" actual &&
@@ -338,6 +363,8 @@ test_expect_success GPG 'show double signature with custom format' '
338363
'
339364

340365

366+
# NEEDSWORK: This test relies on the test_tick commit/author dates from the first
367+
# 'create signed commits' test even though it creates its own
341368
test_expect_success GPG 'verify-commit verifies multiply signed commits' '
342369
git init multiply-signed &&
343370
cd multiply-signed &&

0 commit comments

Comments
 (0)