Skip to content

Commit 01a31f3

Browse files
peffgitster
peff
authored and
gitster
committed
pull: handle --verify-signatures for unborn branch
We usually just forward the --verify-signatures option along to git-merge, and trust it to do the right thing. However, when we are on an unborn branch (i.e., there is no HEAD yet), we handle this case ourselves without even calling git-merge. And in this code path, we do not respect the verification option at all. It may be more maintainable in the long run to call git-merge for the unborn case. That would fix this bug, as well as prevent similar ones in the future. But unfortunately it's not easy to do. As t5520.3 demonstrates, there are some special cases that git-merge does not handle, like "git pull .. master:master" (by the time git-merge is invoked, we've overwritten the unborn HEAD). So for now let's just teach git-pull to handle this feature. Reported-by: Felix Eckhofer <felix@eckhofer.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 parent 7488ba3 commit 01a31f3

File tree

2 files changed

+18
-0
lines changed

2 files changed

+18
-0
lines changed

builtin/pull.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -556,6 +556,17 @@ static int run_fetch(const char *repo, const char **refspecs)
556556
static int pull_into_void(const struct object_id *merge_head,
557557
const struct object_id *curr_head)
558558
{
559+
if (opt_verify_signatures) {
560+
struct commit *commit;
561+
562+
commit = lookup_commit(the_repository, merge_head);
563+
if (!commit)
564+
die(_("unable to access commit %s"),
565+
oid_to_hex(merge_head));
566+
567+
verify_merge_signature(commit, opt_verbosity);
568+
}
569+
559570
/*
560571
* Two-way merge: we treat the index as based on an empty tree,
561572
* and try to fast-forward to HEAD. This ensures we will not lose

t/t5573-pull-verify-signatures.sh

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,4 +78,11 @@ test_expect_success GPG 'pull commit with bad signature with --no-verify-signatu
7878
git pull --ff-only --no-verify-signatures bad 2>pullerror
7979
'
8080

81+
test_expect_success GPG 'pull unsigned commit into unborn branch' '
82+
git init empty-repo &&
83+
test_must_fail \
84+
git -C empty-repo pull --verify-signatures .. 2>pullerror &&
85+
test_i18ngrep "does not have a GPG signature" pullerror
86+
'
87+
8188
test_done

0 commit comments

Comments
 (0)