Skip to content

Commit ca779e8

Browse files
illikainengitster
illikainen
authored and
gitster
committed
merge: add config option for verifySignatures
git merge --verify-signatures can be used to verify that the tip commit of the branch being merged in is properly signed, but it's cumbersome to have to specify that every time. Add a configuration option that enables this behaviour by default, which can be overridden by --no-verify-signatures. Signed-off-by: Hans Jerry Illikainen <[email protected]> Signed-off-by: Junio C Hamano <[email protected]>
1 parent 95ec6b1 commit ca779e8

File tree

3 files changed

+45
-0
lines changed

3 files changed

+45
-0
lines changed

Documentation/merge-config.txt

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,10 @@ merge.ff::
2626
allowed (equivalent to giving the `--ff-only` option from the
2727
command line).
2828

29+
merge.verifySignatures::
30+
If true, this is equivalent to the --verify-signatures command
31+
line option. See linkgit:git-merge[1] for details.
32+
2933
include::fmt-merge-msg-config.txt[]
3034

3135
merge.renameLimit::

builtin/merge.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -567,6 +567,8 @@ static int git_merge_config(const char *k, const char *v, void *cb)
567567

568568
if (!strcmp(k, "merge.diffstat") || !strcmp(k, "merge.stat"))
569569
show_diffstat = git_config_bool(k, v);
570+
else if (!strcmp(k, "merge.verifysignatures"))
571+
verify_signatures = git_config_bool(k, v);
570572
else if (!strcmp(k, "pull.twohead"))
571573
return git_config_string(&pull_twohead, k, v);
572574
else if (!strcmp(k, "pull.octopus"))

t/t7612-merge-verify-signatures.sh

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,23 +39,62 @@ test_expect_success GPG 'merge unsigned commit with verification' '
3939
test_i18ngrep "does not have a GPG signature" mergeerror
4040
'
4141

42+
test_expect_success GPG 'merge unsigned commit with merge.verifySignatures=true' '
43+
test_config merge.verifySignatures true &&
44+
test_must_fail git merge --ff-only side-unsigned 2>mergeerror &&
45+
test_i18ngrep "does not have a GPG signature" mergeerror
46+
'
47+
4248
test_expect_success GPG 'merge commit with bad signature with verification' '
4349
test_must_fail git merge --ff-only --verify-signatures $(cat forged.commit) 2>mergeerror &&
4450
test_i18ngrep "has a bad GPG signature" mergeerror
4551
'
4652

53+
test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true' '
54+
test_config merge.verifySignatures true &&
55+
test_must_fail git merge --ff-only $(cat forged.commit) 2>mergeerror &&
56+
test_i18ngrep "has a bad GPG signature" mergeerror
57+
'
58+
4759
test_expect_success GPG 'merge commit with untrusted signature with verification' '
4860
test_must_fail git merge --ff-only --verify-signatures side-untrusted 2>mergeerror &&
4961
test_i18ngrep "has an untrusted GPG signature" mergeerror
5062
'
5163

64+
test_expect_success GPG 'merge commit with untrusted signature with merge.verifySignatures=true' '
65+
test_config merge.verifySignatures true &&
66+
test_must_fail git merge --ff-only side-untrusted 2>mergeerror &&
67+
test_i18ngrep "has an untrusted GPG signature" mergeerror
68+
'
69+
5270
test_expect_success GPG 'merge signed commit with verification' '
71+
test_when_finished "git checkout initial" &&
5372
git merge --verbose --ff-only --verify-signatures side-signed >mergeoutput &&
5473
test_i18ngrep "has a good GPG signature" mergeoutput
5574
'
5675

76+
test_expect_success GPG 'merge signed commit with merge.verifySignatures=true' '
77+
test_when_finished "git checkout initial" &&
78+
test_config merge.verifySignatures true &&
79+
git merge --verbose --ff-only side-signed >mergeoutput &&
80+
test_i18ngrep "has a good GPG signature" mergeoutput
81+
'
82+
5783
test_expect_success GPG 'merge commit with bad signature without verification' '
84+
test_when_finished "git checkout initial" &&
85+
git merge $(cat forged.commit)
86+
'
87+
88+
test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=false' '
89+
test_when_finished "git checkout initial" &&
90+
test_config merge.verifySignatures false &&
5891
git merge $(cat forged.commit)
5992
'
6093

94+
test_expect_success GPG 'merge commit with bad signature with merge.verifySignatures=true and --no-verify-signatures' '
95+
test_when_finished "git checkout initial" &&
96+
test_config merge.verifySignatures true &&
97+
git merge --no-verify-signatures $(cat forged.commit)
98+
'
99+
61100
test_done

0 commit comments

Comments
 (0)