commit ebc58f124450a45aa84172f009cdf14d9974e1ed from: Stefan Sperling via: Thomas Adam date: Mon Jul 04 11:47:47 2022 UTC in tests, verify that tag -V behaves like tag -l plus signature verification commit - 6304661828605dbefa07fb027fdbb8fd5225c7e6 commit + ebc58f124450a45aa84172f009cdf14d9974e1ed blob - 71fb43e0fd8fa1f6b55870329e26e84a6b1d52aa blob + 9c5092424f626fb5400194dd364dc0ce76e82897 --- regress/cmdline/tag.sh +++ regress/cmdline/tag.sh @@ -322,7 +322,7 @@ test_tag_create_ssh_signed() { return 1 fi - GOOD_SIG='Good "git" signature for flan_hacker@openbsd.org with ED25519 key SHA256:' + GOOD_SIG='Good "git" signature for flan_hacker@openbsd.org with ED25519 key ' # Validate the signature with the key allowed echo -n 'flan_hacker@openbsd.org ' > $testroot/allowed_signers @@ -333,9 +333,66 @@ test_tag_create_ssh_signed() { echo "got tag command failed unexpectedly" diff -u $testroot/stdout.expected $testroot/stdout test_done "$testroot" "$ret" + return 1 + fi + + if ! echo "$GOT_STDOUT" | grep -q "^signature: $GOOD_SIG"; then + echo "got tag command failed to validate signature" + test_done "$testroot" "1" return 1 fi + # Ensure that Git recognizes and verifies the tag Got has created + (cd $testroot/repo && git checkout -q $tag) + ret=$? + if [ $ret -ne 0 ]; then + echo "git checkout command failed unexpectedly" + test_done "$testroot" "$ret" + return 1 + fi + (cd $testroot/repo && git config --local gpg.ssh.allowedSignersFile \ + $testroot/allowed_signers) + GIT_STDERR=$(cd $testroot/repo && git tag -v $tag 2>&1 1>/dev/null) + if ! echo "$GIT_STDERR" | grep -q "^$GOOD_SIG"; then + echo "git tag command failed to validate signature" + test_done "$testroot" "1" + return 1 + fi + + # Ensure Got recognizes the new tag + got checkout -c $tag $testroot/repo $testroot/wt >/dev/null + ret=$? + if [ $ret -ne 0 ]; then + echo "got checkout command failed unexpectedly" + test_done "$testroot" "$ret" + return 1 + fi + + # Create another signed tag with a SHA1 commit ID + got tag -s $testroot/id_ed25519 -m 'test' -r $testroot/repo \ + -c $commit_id $tag2 > $testroot/stdout + + # got tag -V behaves like got tag -l, but with verification enabled. + got tag -l -r $testroot/repo > $testroot/stdout.list + got tag -V -r $testroot/repo > $testroot/stdout.verify + diff -U0 $testroot/stdout.list $testroot/stdout.verify | + sed -e '/^--- /d' -e '/^+++ /d' > $testroot/stdout + echo "@@ -5,0 +6 @@" > $testroot/stdout.expected + echo -n "+signature: $GOOD_SIG" >> $testroot/stdout.expected + ssh-keygen -l -f $testroot/id_ed25519.pub | cut -d' ' -f 2 \ + >> $testroot/stdout.expected + echo "@@ -19,0 +21 @@" >> $testroot/stdout.expected + echo -n "+signature: $GOOD_SIG" >> $testroot/stdout.expected + ssh-keygen -l -f $testroot/id_ed25519.pub | cut -d' ' -f 2 \ + >> $testroot/stdout.expected + cmp -s $testroot/stdout $testroot/stdout.expected + ret=$? + if [ $ret -ne 0 ]; then + diff -u $testroot/stdout.expected $testroot/stdout + fi + test_done "$testroot" "$ret" +} + test_tag_create_ssh_signed_missing_key() { local testroot=`test_init tag_create` local commit_id=`git_show_head $testroot/repo`