Martin Ågren <martin.ag...@gmail.com> writes:
>> + echo 11 | git commit-tree --gpg-sign HEAD^{tree} >oid &&
>> + test_line_count = 1 oid &&
>> + git tag eleventh-signed $(cat oid) &&
>> +...
> Let's see if there any opinions from others about this more verbose
> construction, vs placing the oid in a variable and quoting it. We
> obviously went several years without realizing that using $(...) as an
> object id risked falling back to HEAD and that a completely broken `git
> commit-tree -S` would pass the test. So being over-careful and extra
> obvious might very well be the right thing.
Sorry, but I am not sure what issue you are worried about. If the
"commit-tree" command failed in this construct:
oid=$(echo 11 | git commit-tree ...) &&
git tag eleventh-signed "$oid"
wouldn't the &&-chain break after the assignment of an empty string
to oid, skip "git tag" and make the whole test fail, with or without
'$oid" fed to "git tag" quoted? It is wrong not to quote "$oid" for
the "git tag" command (the test should not rely on the fact that the
object names given by "git commit-tree" have no $IFS in them), but
that is a separate issue.
