diff options
| author | Junio C Hamano <gitster@pobox.com> | 2014-08-15 02:59:21 +0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-09-16 00:23:28 +0400 |
| commit | d05b9618ce42e85936176537f939a4eb85d4d65e (patch) | |
| tree | 729f418364ffd20640fe5da3159e6c673c0c2769 /t/t5534-push-signed.sh | |
| parent | a85b377d0419a9dfaca8af2320cc33b051cbed04 (diff) | |
receive-pack: GPG-validate push certificates
Reusing the GPG signature check helpers we already have, verify
the signature in receive-pack and give the results to the hooks
via GIT_PUSH_CERT_{SIGNER,KEY,STATUS} environment variables.
Policy decisions, such as accepting or rejecting a good signature by
a key that is not fully trusted, is left to the hook and kept
outside of the core.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t5534-push-signed.sh')
| -rwxr-xr-x | t/t5534-push-signed.sh | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/t/t5534-push-signed.sh b/t/t5534-push-signed.sh index 019ac71506..4198b6a2fb 100755 --- a/t/t5534-push-signed.sh +++ b/t/t5534-push-signed.sh @@ -83,12 +83,26 @@ test_expect_success GPG 'signed push sends push certificate' ' if test -n "${GIT_PUSH_CERT-}" then git cat-file blob $GIT_PUSH_CERT >../push-cert - fi + fi && + + cat >../push-cert-status <<E_O_F + SIGNER=${GIT_PUSH_CERT_SIGNER-nobody} + KEY=${GIT_PUSH_CERT_KEY-nokey} + STATUS=${GIT_PUSH_CERT_STATUS-nostatus} + E_O_F + + EOF + + cat >expect <<-\EOF && + SIGNER=C O Mitter <committer@example.com> + KEY=13B6F51ECDDE430D + STATUS=G EOF git push --signed dst noop ff +noff && grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert && - grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert + grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert && + test_cmp expect dst/push-cert-status ' test_done |