diff options
author | Junio C Hamano <gitster@pobox.com> | 2021-02-23 03:12:42 +0300 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2021-02-23 03:12:42 +0300 |
commit | 15af6e6fee54632358798bef548d89dd3764805d (patch) | |
tree | f4464996780c0c94bd0901bab9e161b9679fe05f /t/t7004-tag.sh | |
parent | b9554c03a0a8147109608b94feb32837a6e6a145 (diff) | |
parent | 9b27b49240f6bf760ff58d917491bec0981aaf9f (diff) |
Merge branch 'bc/signed-objects-with-both-hashes'
Signed commits and tags now allow verification of objects, whose
two object names (one in SHA-1, the other in SHA-256) are both
signed.
* bc/signed-objects-with-both-hashes:
gpg-interface: remove other signature headers before verifying
ref-filter: hoist signature parsing
commit: allow parsing arbitrary buffers with headers
gpg-interface: improve interface for parsing tags
commit: ignore additional signatures when parsing signed commits
ref-filter: switch some uses of unsigned long to size_t
Diffstat (limited to 't/t7004-tag.sh')
-rwxr-xr-x | t/t7004-tag.sh | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh index 943a7d5c1d..400b83a49e 100755 --- a/t/t7004-tag.sh +++ b/t/t7004-tag.sh @@ -20,6 +20,13 @@ tag_exists () { git show-ref --quiet --verify refs/tags/"$1" } +test_expect_success 'setup' ' + test_oid_cache <<-EOM + othersigheader sha1:gpgsig-sha256 + othersigheader sha256:gpgsig + EOM +' + test_expect_success 'listing all tags in an empty tree should succeed' ' git tag -l && git tag @@ -1374,6 +1381,24 @@ test_expect_success GPG \ 'test_config gpg.program echo && test_must_fail git tag -s -m tail tag-gpg-failure' +# try to produce invalid signature +test_expect_success GPG 'git verifies tag is valid with double signature' ' + git tag -s -m tail tag-gpg-double-sig && + git cat-file tag tag-gpg-double-sig >tag && + othersigheader=$(test_oid othersigheader) && + sed -ne "/^\$/q;p" tag >new-tag && + cat <<-EOM >>new-tag && + $othersigheader -----BEGIN PGP SIGNATURE----- + someinvaliddata + -----END PGP SIGNATURE----- + EOM + sed -e "1,/^tagger/d" tag >>new-tag && + new_tag=$(git hash-object -t tag -w new-tag) && + git update-ref refs/tags/tag-gpg-double-sig $new_tag && + git verify-tag tag-gpg-double-sig && + git fsck +' + # try to sign with bad user.signingkey test_expect_success GPGSM \ 'git tag -s fails if gpgsm is misconfigured (bad key)' \ |