git-hardening/test/interactive/test-signing-skip.sh

#!/usr/bin/env bash
# Interactive test: skip signing wizard
# Verifies: no signing key configured, commit.gpgsign not set

set -o errexit
set -o nounset
set -o pipefail
IFS=$'\n\t'

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
# shellcheck source=helpers.sh
source "${SCRIPT_DIR}/helpers.sh"

main() {
    trap cleanup EXIT

    printf 'Test: Signing wizard - skip\n' >&2

    # Remove any keys from prior tests so wizard shows key generation options
    rm -f "${HOME}/.ssh/id_ed25519_signing" "${HOME}/.ssh/id_ed25519_signing.pub"
    rm -f "${HOME}/.ssh/id_ed25519_sk_signing" "${HOME}/.ssh/id_ed25519_sk_signing.pub"
    rm -f "${HOME}/.ssh/id_ecdsa_sk_signing" "${HOME}/.ssh/id_ecdsa_sk_signing.pub"
    rm -f "${HOME}/.ssh/id_ed25519" "${HOME}/.ssh/id_ed25519.pub"
    rm -f "${HOME}/.ssh/id_ed25519_sk" "${HOME}/.ssh/id_ed25519_sk.pub"
    git config --global --unset user.signingkey 2>/dev/null || true
    git config --global --unset commit.gpgsign 2>/dev/null || true

    start_session

    # Safety review gate
    wait_for "reviewed this script"
    send "y" Enter

    # Proceed with hardening
    wait_for "Proceed with hardening"
    send "y" Enter

    # Accept all [Y/n] prompts until signing wizard
    accept_until "Signing key options"

    # Signing wizard — skip
    wait_for "Signing key options" 20
    send "s" Enter

    # Wait for completion
    sleep 2
    capture_output >/dev/null 2>&1 || true

    # Verify: no signing key
    local signing_key
    signing_key="$(git config --global --get user.signingkey 2>/dev/null || true)"
    if [ -z "$signing_key" ]; then
        pass "Signing skip: user.signingkey not set"
    else
        fail "Signing skip: user.signingkey was set unexpectedly: ${signing_key}"
        exit 1
    fi

    # Verify: commit.gpgsign not set
    local gpgsign
    gpgsign="$(git config --global --get commit.gpgsign 2>/dev/null || true)"
    if [ -z "$gpgsign" ]; then
        pass "Signing skip: commit.gpgsign not set"
    else
        fail "Signing skip: commit.gpgsign was set unexpectedly: ${gpgsign}"
        exit 1
    fi
}

main