diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-06-07 23:06:41 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-06-07 23:10:46 +0200 |
commit | e78275608065ef073775fabb9f1a757da65851f2 (patch) | |
tree | 1a732111874006d3c5d9f8f47b0752a538ed3d51 /tests | |
parent | 1fd7de45f218ce572a3fe87764ad15927e3dbdc4 (diff) | |
download | guix-e78275608065ef073775fabb9f1a757da65851f2.tar guix-e78275608065ef073775fabb9f1a757da65851f2.tar.gz |
git-authenticate: Prevent removal of '.guix-authorizations'.
* guix/git-authenticate.scm (commit-authorized-keys)
[parents-have-authorizations-file?, assert-parents-lack-authorizations]:
New procedures.
Use the latter before returning DEFAULT-AUTHORIZATIONS.
* guix/git.scm (false-if-git-not-found): Export.
* guix/tests/git.scm (populate-git-repository): Add 'remove' clause.
* tests/git-authenticate.scm ("signed commits, .guix-authorizations removed"):
New test.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/git-authenticate.scm | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm index 5937c37ee6..84689d628e 100644 --- a/tests/git-authenticate.scm +++ b/tests/git-authenticate.scm @@ -282,5 +282,46 @@ merge master3) #:keyring-reference "master")))))) +(unless (gpg+git-available?) (test-skip 1)) +(test-assert "signed commits, .guix-authorizations removed" + (with-fresh-gnupg-setup (list %ed25519-public-key-file + %ed25519-secret-key-file) + (with-temporary-git-repository directory + `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file + get-string-all)) + (add ".guix-authorizations" + ,(object->string + `(authorizations (version 0) + ((,(key-fingerprint + %ed25519-public-key-file) + (name "Charlie")))))) + (commit "zeroth commit") + (add "a.txt" "A") + (commit "first commit" + (signer ,(key-fingerprint %ed25519-public-key-file))) + (remove ".guix-authorizations") + (commit "second commit" + (signer ,(key-fingerprint %ed25519-public-key-file))) + (add "b.txt" "B") + (commit "third commit" + (signer ,(key-fingerprint %ed25519-public-key-file)))) + (with-repository directory repository + (let ((commit1 (find-commit repository "first")) + (commit2 (find-commit repository "second")) + (commit3 (find-commit repository "third"))) + ;; COMMIT1 and COMMIT2 are fine. + (and (authenticate-commits repository (list commit1 commit2) + #:keyring-reference "master") + + ;; COMMIT3 is rejected because COMMIT2 removes + ;; '.guix-authorizations'. + (guard (c ((unauthorized-commit-error? c) + (oid=? (git-authentication-error-commit c) + (commit-id commit2)))) + (authenticate-commits repository + (list commit1 commit2 commit3) + #:keyring-reference "master") + 'failed))))))) + (test-end "git-authenticate") |