summaryrefslogtreecommitdiffstats
path: root/t/t5534-push-signed.sh
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2014-08-15 00:59:21 +0200
committerJunio C Hamano <gitster@pobox.com>2014-09-15 22:23:28 +0200
commitd05b9618ce42e85936176537f939a4eb85d4d65e (patch)
tree729f418364ffd20640fe5da3159e6c673c0c2769 /t/t5534-push-signed.sh
parentpush: the beginning of "git push --signed" (diff)
downloadgit-d05b9618ce42e85936176537f939a4eb85d4d65e.tar.xz
git-d05b9618ce42e85936176537f939a4eb85d4d65e.zip
receive-pack: GPG-validate push certificates
Reusing the GPG signature check helpers we already have, verify the signature in receive-pack and give the results to the hooks via GIT_PUSH_CERT_{SIGNER,KEY,STATUS} environment variables. Policy decisions, such as accepting or rejecting a good signature by a key that is not fully trusted, is left to the hook and kept outside of the core. Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t5534-push-signed.sh')
-rwxr-xr-xt/t5534-push-signed.sh18
1 files changed, 16 insertions, 2 deletions
diff --git a/t/t5534-push-signed.sh b/t/t5534-push-signed.sh
index 019ac71506..4198b6a2fb 100755
--- a/t/t5534-push-signed.sh
+++ b/t/t5534-push-signed.sh
@@ -83,12 +83,26 @@ test_expect_success GPG 'signed push sends push certificate' '
if test -n "${GIT_PUSH_CERT-}"
then
git cat-file blob $GIT_PUSH_CERT >../push-cert
- fi
+ fi &&
+
+ cat >../push-cert-status <<E_O_F
+ SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
+ KEY=${GIT_PUSH_CERT_KEY-nokey}
+ STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
+ E_O_F
+
+ EOF
+
+ cat >expect <<-\EOF &&
+ SIGNER=C O Mitter <committer@example.com>
+ KEY=13B6F51ECDDE430D
+ STATUS=G
EOF
git push --signed dst noop ff +noff &&
grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
- grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert
+ grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
+ test_cmp expect dst/push-cert-status
'
test_done