summary refs log tree commit diff
path: root/tests/git-authenticate.scm
diff options
context:
space:
mode:
Diffstat (limited to 'tests/git-authenticate.scm')
-rw-r--r--tests/git-authenticate.scm286
1 files changed, 286 insertions, 0 deletions
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
new file mode 100644
index 0000000000..5937c37ee6
--- /dev/null
+++ b/tests/git-authenticate.scm
@@ -0,0 +1,286 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (test-git-authenticate)
+  #:use-module (git)
+  #:use-module (guix git)
+  #:use-module (guix git-authenticate)
+  #:use-module (guix openpgp)
+  #:use-module (guix tests git)
+  #:use-module (guix tests gnupg)
+  #:use-module (guix build utils)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-34)
+  #:use-module (srfi srfi-64)
+  #:use-module (rnrs bytevectors)
+  #:use-module (rnrs io ports))
+
+;; Test the (guix git-authenticate) tools.
+
+(define %ed25519-public-key-file
+  (search-path %load-path "tests/ed25519.key"))
+(define %ed25519-secret-key-file
+  (search-path %load-path "tests/ed25519.sec"))
+(define %ed25519bis-public-key-file
+  (search-path %load-path "tests/ed25519bis.key"))
+(define %ed25519bis-secret-key-file
+  (search-path %load-path "tests/ed25519bis.sec"))
+
+(define (read-openpgp-packet file)
+  (get-openpgp-packet
+   (open-bytevector-input-port
+    (call-with-input-file file read-radix-64))))
+
+(define key-fingerprint
+  (compose openpgp-format-fingerprint
+           openpgp-public-key-fingerprint
+           read-openpgp-packet))
+
+(define (key-id file)
+  (define id
+    (openpgp-public-key-id (read-openpgp-packet)))
+
+  (string-pad (number->string id 16) 16 #\0))
+
+(define (gpg+git-available?)
+  (and (which (git-command))
+       (which (gpg-command)) (which (gpgconf-command))))
+
+
+(test-begin "git-authenticate")
+
+(unless (which (git-command)) (test-skip 1))
+(test-assert "unsigned commits"
+  (with-temporary-git-repository directory
+      '((add "a.txt" "A")
+        (commit "first commit")
+        (add "b.txt" "B")
+        (commit "second commit"))
+    (with-repository directory repository
+      (let ((commit1 (find-commit repository "first"))
+            (commit2 (find-commit repository "second")))
+        (guard (c ((unsigned-commit-error? c)
+                   (oid=? (git-authentication-error-commit c)
+                          (commit-id commit1))))
+          (authenticate-commits repository (list commit1 commit2)
+                                #:keyring-reference "master")
+          'failed)))))
+
+(unless (gpg+git-available?) (test-skip 1))
+(test-assert "signed commits, default authorizations"
+  (with-fresh-gnupg-setup (list %ed25519-public-key-file
+                                %ed25519-secret-key-file)
+    (with-temporary-git-repository directory
+        `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
+                               get-string-all))
+          (commit "zeroth commit")
+          (add "a.txt" "A")
+          (commit "first commit"
+                  (signer ,(key-fingerprint %ed25519-public-key-file)))
+          (add "b.txt" "B")
+          (commit "second commit"
+                  (signer ,(key-fingerprint %ed25519-public-key-file))))
+      (with-repository directory repository
+        (let ((commit1 (find-commit repository "first"))
+              (commit2 (find-commit repository "second")))
+          (authenticate-commits repository (list commit1 commit2)
+                                #:default-authorizations
+                                (list (openpgp-public-key-fingerprint
+                                       (read-openpgp-packet
+                                        %ed25519-public-key-file)))
+                                #:keyring-reference "master"))))))
+
+(unless (gpg+git-available?) (test-skip 1))
+(test-assert "signed commits, .guix-authorizations"
+  (with-fresh-gnupg-setup (list %ed25519-public-key-file
+                                %ed25519-secret-key-file)
+    (with-temporary-git-repository directory
+        `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
+                               get-string-all))
+          (add ".guix-authorizations"
+               ,(object->string
+                 `(authorizations (version 0)
+                                  ((,(key-fingerprint
+                                      %ed25519-public-key-file)
+                                    (name "Charlie"))))))
+          (commit "zeroth commit")
+          (add "a.txt" "A")
+          (commit "first commit"
+                  (signer ,(key-fingerprint %ed25519-public-key-file)))
+          (add ".guix-authorizations"
+               ,(object->string `(authorizations (version 0) ()))) ;empty
+          (commit "second commit"
+                  (signer ,(key-fingerprint %ed25519-public-key-file)))
+          (add "b.txt" "B")
+          (commit "third commit"
+                  (signer ,(key-fingerprint %ed25519-public-key-file))))
+      (with-repository directory repository
+        (let ((commit1 (find-commit repository "first"))
+              (commit2 (find-commit repository "second"))
+              (commit3 (find-commit repository "third")))
+          ;; COMMIT1 and COMMIT2 are fine.
+          (and (authenticate-commits repository (list commit1 commit2)
+                                     #:keyring-reference "master")
+
+               ;; COMMIT3 is signed by an unauthorized key according to its
+               ;; parent's '.guix-authorizations' file.
+               (guard (c ((unauthorized-commit-error? c)
+                          (and (oid=? (git-authentication-error-commit c)
+                                      (commit-id commit3))
+                               (bytevector=?
+                                (openpgp-public-key-fingerprint
+                                 (unauthorized-commit-error-signing-key c))
+                                (openpgp-public-key-fingerprint
+                                 (read-openpgp-packet
+                                  %ed25519-public-key-file))))))
+                 (authenticate-commits repository
+                                       (list commit1 commit2 commit3)
+                                       #:keyring-reference "master")
+                 'failed)))))))
+
+(unless (gpg+git-available?) (test-skip 1))
+(test-assert "signed commits, .guix-authorizations, unauthorized merge"
+  (with-fresh-gnupg-setup (list %ed25519-public-key-file
+                                %ed25519-secret-key-file
+                                %ed25519bis-public-key-file
+                                %ed25519bis-secret-key-file)
+    (with-temporary-git-repository directory
+        `((add "signer1.key"
+               ,(call-with-input-file %ed25519-public-key-file
+                  get-string-all))
+          (add "signer2.key"
+               ,(call-with-input-file %ed25519bis-public-key-file
+                  get-string-all))
+          (add ".guix-authorizations"
+               ,(object->string
+                 `(authorizations (version 0)
+                                  ((,(key-fingerprint
+                                      %ed25519-public-key-file)
+                                    (name "Alice"))))))
+          (commit "zeroth commit")
+          (add "a.txt" "A")
+          (commit "first commit"
+                  (signer ,(key-fingerprint %ed25519-public-key-file)))
+          (branch "devel")
+          (checkout "devel")
+          (add "devel/1.txt" "1")
+          (commit "first devel commit"
+                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+          (checkout "master")
+          (add "b.txt" "B")
+          (commit "second commit"
+                  (signer ,(key-fingerprint %ed25519-public-key-file)))
+          (merge "devel" "merge"
+                 (signer ,(key-fingerprint %ed25519-public-key-file))))
+      (with-repository directory repository
+        (let ((master1 (find-commit repository "first commit"))
+              (master2 (find-commit repository "second commit"))
+              (devel1  (find-commit repository "first devel commit"))
+              (merge   (find-commit repository "merge")))
+          (define (correct? c commit)
+            (and (oid=? (git-authentication-error-commit c)
+                        (commit-id commit))
+                 (bytevector=?
+                  (openpgp-public-key-fingerprint
+                   (unauthorized-commit-error-signing-key c))
+                  (openpgp-public-key-fingerprint
+                   (read-openpgp-packet %ed25519bis-public-key-file)))))
+
+          (and (authenticate-commits repository (list master1 master2)
+                                     #:keyring-reference "master")
+
+               ;; DEVEL1 is signed by an unauthorized key according to its
+               ;; parent's '.guix-authorizations' file.
+               (guard (c ((unauthorized-commit-error? c)
+                          (correct? c devel1)))
+                 (authenticate-commits repository
+                                       (list master1 devel1)
+                                       #:keyring-reference "master")
+                 #f)
+
+               ;; MERGE is authorized but one of its ancestors is not.
+               (guard (c ((unauthorized-commit-error? c)
+                          (correct? c devel1)))
+                 (authenticate-commits repository
+                                       (list master1 master2
+                                             devel1 merge)
+                                       #:keyring-reference "master")
+                 #f)))))))
+
+(unless (gpg+git-available?) (test-skip 1))
+(test-assert "signed commits, .guix-authorizations, authorized merge"
+  (with-fresh-gnupg-setup (list %ed25519-public-key-file
+                                %ed25519-secret-key-file
+                                %ed25519bis-public-key-file
+                                %ed25519bis-secret-key-file)
+    (with-temporary-git-repository directory
+        `((add "signer1.key"
+               ,(call-with-input-file %ed25519-public-key-file
+                  get-string-all))
+          (add "signer2.key"
+               ,(call-with-input-file %ed25519bis-public-key-file
+                  get-string-all))
+          (add ".guix-authorizations"
+               ,(object->string
+                 `(authorizations (version 0)
+                                  ((,(key-fingerprint
+                                      %ed25519-public-key-file)
+                                    (name "Alice"))))))
+          (commit "zeroth commit")
+          (add "a.txt" "A")
+          (commit "first commit"
+                  (signer ,(key-fingerprint %ed25519-public-key-file)))
+          (branch "devel")
+          (checkout "devel")
+          (add ".guix-authorizations"
+               ,(object->string                   ;add the second signer
+                 `(authorizations (version 0)
+                                  ((,(key-fingerprint
+                                      %ed25519-public-key-file)
+                                    (name "Alice"))
+                                   (,(key-fingerprint
+                                      %ed25519bis-public-key-file))))))
+          (commit "first devel commit"
+                  (signer ,(key-fingerprint %ed25519-public-key-file)))
+          (add "devel/2.txt" "2")
+          (commit "second devel commit"
+                  (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+          (checkout "master")
+          (add "b.txt" "B")
+          (commit "second commit"
+                  (signer ,(key-fingerprint %ed25519-public-key-file)))
+          (merge "devel" "merge"
+                 (signer ,(key-fingerprint %ed25519-public-key-file)))
+          ;; After the merge, the second signer is authorized.
+          (add "c.txt" "C")
+          (commit "third commit"
+                  (signer ,(key-fingerprint %ed25519bis-public-key-file))))
+      (with-repository directory repository
+        (let ((master1 (find-commit repository "first commit"))
+              (master2 (find-commit repository "second commit"))
+              (devel1  (find-commit repository "first devel commit"))
+              (devel2  (find-commit repository "second devel commit"))
+              (merge   (find-commit repository "merge"))
+              (master3 (find-commit repository "third commit")))
+          (authenticate-commits repository
+                                (list master1 master2 devel1 devel2
+                                      merge master3)
+                                #:keyring-reference "master"))))))
+
+(test-end "git-authenticate")
+