From 36cb04df96623ffe8f1074172a4ed9e51bcf6e3a Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 28 Jan 2022 12:01:12 +0100 Subject: git-authenticate: Test introductory commit signature verification. These tests mimic similar tests already in 'tests/channels.scm', but without using the higher-level 'authenticate-channel'. * tests/git-authenticate.scm ("introductory commit, valid signature") ("introductory commit, missing signature") ("introductory commit, wrong signature"): New tests. --- tests/git-authenticate.scm | 106 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 105 insertions(+), 1 deletion(-) diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm index f66ef191b0..6ec55fb2e5 100644 --- a/tests/git-authenticate.scm +++ b/tests/git-authenticate.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020 Ludovic Courtès +;;; Copyright © 2020, 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -20,12 +20,17 @@ #:use-module (git) #:use-module (guix git) #:use-module (guix git-authenticate) + #:use-module ((guix channels) #:select (openpgp-fingerprint)) + #:use-module ((guix diagnostics) + #:select (formatted-message? formatted-message-arguments)) #:use-module (guix openpgp) + #:use-module ((guix tests) #:select (random-text)) #:use-module (guix tests git) #:use-module (guix tests gnupg) #:use-module (guix build utils) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) #:use-module (srfi srfi-64) #:use-module (rnrs bytevectors) #:use-module (rnrs io ports)) @@ -327,4 +332,103 @@ #:keyring-reference "master") 'failed))))))) +(unless (gpg+git-available?) (test-skip 1)) +(test-assert "introductory commit, valid signature" + (with-fresh-gnupg-setup (list %ed25519-public-key-file + %ed25519-secret-key-file) + (let ((fingerprint (key-fingerprint %ed25519-public-key-file))) + (with-temporary-git-repository directory + `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file + get-string-all)) + (add ".guix-authorizations" + ,(object->string + `(authorizations (version 0) + ((,(key-fingerprint + %ed25519-public-key-file) + (name "Charlie")))))) + (commit "zeroth commit" (signer ,fingerprint)) + (add "a.txt" "A") + (commit "first commit" (signer ,fingerprint))) + (with-repository directory repository + (let ((commit0 (find-commit repository "zero")) + (commit1 (find-commit repository "first"))) + ;; COMMIT0 is signed with the right key, and COMMIT1 is fine. + (authenticate-repository repository + (commit-id commit0) + (openpgp-fingerprint fingerprint) + #:keyring-reference "master" + #:cache-key (random-text)))))))) + +(unless (gpg+git-available?) (test-skip 1)) +(test-equal "introductory commit, missing signature" + 'intro-lacks-signature + (with-fresh-gnupg-setup (list %ed25519-public-key-file + %ed25519-secret-key-file) + (let ((fingerprint (key-fingerprint %ed25519-public-key-file))) + (with-temporary-git-repository directory + `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file + get-string-all)) + (add ".guix-authorizations" + ,(object->string + `(authorizations (version 0) + ((,(key-fingerprint + %ed25519-public-key-file) + (name "Charlie")))))) + (commit "zeroth commit") ;unsigned! + (add "a.txt" "A") + (commit "first commit" (signer ,fingerprint))) + (with-repository directory repository + (let ((commit0 (find-commit repository "zero"))) + ;; COMMIT0 is not signed. + (guard (c ((formatted-message? c) + ;; Message like "commit ~a lacks a signature". + (and (equal? (formatted-message-arguments c) + (list (oid->string (commit-id commit0)))) + 'intro-lacks-signature))) + (authenticate-repository repository + (commit-id commit0) + (openpgp-fingerprint fingerprint) + #:keyring-reference "master" + #:cache-key (random-text))))))))) + +(unless (gpg+git-available?) (test-skip 1)) +(test-equal "introductory commit, wrong signature" + 'wrong-intro-signing-key + (with-fresh-gnupg-setup (list %ed25519-public-key-file + %ed25519-secret-key-file + %ed25519-2-public-key-file + %ed25519-2-secret-key-file) + (let ((fingerprint (key-fingerprint %ed25519-public-key-file)) + (wrong-fingerprint (key-fingerprint %ed25519-2-public-key-file))) + (with-temporary-git-repository directory + `((add "signer1.key" ,(call-with-input-file %ed25519-public-key-file + get-string-all)) + (add "signer2.key" ,(call-with-input-file %ed25519-2-public-key-file + get-string-all)) + (add ".guix-authorizations" + ,(object->string + `(authorizations (version 0) + ((,(key-fingerprint + %ed25519-public-key-file) + (name "Charlie")))))) + (commit "zeroth commit" (signer ,wrong-fingerprint)) + (add "a.txt" "A") + (commit "first commit" (signer ,fingerprint))) + (with-repository directory repository + (let ((commit0 (find-commit repository "zero")) + (commit1 (find-commit repository "first"))) + ;; COMMIT0 is signed with the wrong key--not the one passed as the + ;; SIGNER argument to 'authenticate-repository'. + (guard (c ((formatted-message? c) + ;; Message like "commit ~a signed by ~a instead of ~a". + (and (equal? (formatted-message-arguments c) + (list (oid->string (commit-id commit0)) + wrong-fingerprint fingerprint)) + 'wrong-intro-signing-key))) + (authenticate-repository repository + (commit-id commit0) + (openpgp-fingerprint fingerprint) + #:keyring-reference "master" + #:cache-key (random-text))))))))) + (test-end "git-authenticate") -- cgit v1.2.3