[PATCH v2 1/2] merge: add config option for verifySignatures

Sat, 09 Dec 2017 22:54:27 -0800 

git merge --verify-signatures can be used to verify that the tip commit
of the branch being merged in is properly signed, but it's cumbersome to
have to specify that every time.

Add a configuration option that enables this behaviour by default, which
can be overridden by --no-verify-signatures.

Signed-off-by: Hans Jerry Illikainen <[email protected]>
---
 Documentation/merge-config.txt     |  4 ++++
 builtin/merge.c                    |  2 ++
 t/t7612-merge-verify-signatures.sh | 39 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+)

diff --git a/Documentation/merge-config.txt b/Documentation/merge-config.txt
index df3ea3779..12b6bbf59 100644
--- a/Documentation/merge-config.txt
+++ b/Documentation/merge-config.txt
@@ -26,6 +26,10 @@ merge.ff::
        allowed (equivalent to giving the `--ff-only` option from the
        command line).
 
+merge.verifySignatures::
+       If true, this is equivalent to the --verify-signatures command
+       line option. See linkgit:git-merge[1] for details.
+
 include::fmt-merge-msg-config.txt[]
 
 merge.renameLimit::
diff --git a/builtin/merge.c b/builtin/merge.c
index 612dd7bfb..30264cfd7 100644
--- a/builtin/merge.c
+++ b/builtin/merge.c
@@ -567,6 +567,8 @@ static int git_merge_config(const char *k, const char *v, 
void *cb)
 
        if (!strcmp(k, "merge.diffstat") || !strcmp(k, "merge.stat"))
                show_diffstat = git_config_bool(k, v);
+       else if (!strcmp(k, "merge.verifysignatures"))
+               verify_signatures = git_config_bool(k, v);
        else if (!strcmp(k, "pull.twohead"))
                return git_config_string(&pull_twohead, k, v);
        else if (!strcmp(k, "pull.octopus"))
diff --git a/t/t7612-merge-verify-signatures.sh 
b/t/t7612-merge-verify-signatures.sh
index 8ae69a61c..2344995a1 100755
--- a/t/t7612-merge-verify-signatures.sh
+++ b/t/t7612-merge-verify-signatures.sh
@@ -39,23 +39,62 @@ test_expect_success GPG 'merge unsigned commit with 
verification' '
        test_i18ngrep "does not have a GPG signature" mergeerror
 '
 
+test_expect_success GPG 'merge unsigned commit with 
merge.verifySignatures=true' '
+       test_config merge.verifySignatures true &&
+       test_must_fail git merge --ff-only side-unsigned 2>mergeerror &&
+       test_i18ngrep "does not have a GPG signature" mergeerror
+'
+
 test_expect_success GPG 'merge commit with bad signature with verification' '
        test_must_fail git merge --ff-only --verify-signatures $(cat 
forged.commit) 2>mergeerror &&
        test_i18ngrep "has a bad GPG signature" mergeerror
 '
 
+test_expect_success GPG 'merge commit with bad signature with 
merge.verifySignatures=true' '
+       test_config merge.verifySignatures true &&
+       test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror &&
+       test_i18ngrep "has a bad GPG signature" mergeerror
+'
+
 test_expect_success GPG 'merge commit with untrusted signature with 
verification' '
        test_must_fail git merge --ff-only --verify-signatures side-untrusted 
2>mergeerror &&
        test_i18ngrep "has an untrusted GPG signature" mergeerror
 '
 
+test_expect_success GPG 'merge commit with untrusted signature with 
merge.verifySignatures=true' '
+       test_config merge.verifySignatures true &&
+       test_must_fail git merge --ff-only side-untrusted 2>mergeerror &&
+       test_i18ngrep "has an untrusted GPG signature" mergeerror
+'
+
 test_expect_success GPG 'merge signed commit with verification' '
+       test_when_finished "git checkout initial" &&
        git merge --verbose --ff-only --verify-signatures side-signed 
>mergeoutput &&
        test_i18ngrep "has a good GPG signature" mergeoutput
 '
 
+test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' 
'
+       test_when_finished "git checkout initial" &&
+       test_config merge.verifySignatures true &&
+       git merge --verbose --ff-only side-signed >mergeoutput &&
+       test_i18ngrep "has a good GPG signature" mergeoutput
+'
+
 test_expect_success GPG 'merge commit with bad signature without verification' 
'
+       test_when_finished "git checkout initial" &&
+       git merge $(cat forged.commit)
+'
+
+test_expect_success GPG 'merge commit with bad signature with 
merge.verifySignatures=false' '
+       test_when_finished "git checkout initial" &&
+       test_config merge.verifySignatures false &&
        git merge $(cat forged.commit)
 '
 
+test_expect_success GPG 'merge commit with bad signature with 
merge.verifySignatures=true and --no-verify-signatures' '
+       test_when_finished "git checkout initial" &&
+       test_config merge.verifySignatures true &&
+       git merge --no-verify-signatures $(cat forged.commit)
+'
+
 test_done
-- 
2.15.1.356.g13e4cf275

Reply via email to