guix/tests/git-authenticate.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020, 2022 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-git-authenticate)
  #:use-module (git)
  #:use-module (guix git)
  #:use-module (guix git-authenticate)
  #:use-module ((guix channels) #:select (openpgp-fingerprint))
  #:use-module ((guix diagnostics)
                #:select (formatted-message? formatted-message-arguments))
  #:use-module (guix openpgp)
  #:use-module ((guix tests) #:select (random-text))
  #:use-module (guix tests git)
  #:use-module (guix tests gnupg)
  #:use-module (guix build utils)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-34)
  #:use-module (srfi srfi-35)
  #:use-module (srfi srfi-64)
  #:use-module (rnrs bytevectors)
  #:use-module (rnrs io ports))

;; Test the (guix git-authenticate) tools.

(define (gpg+git-available?)
  (and (which (git-command))
       (which (gpg-command)) (which (gpgconf-command))))


(test-begin "git-authenticate")

(test-assert "unsigned commits"
  (with-temporary-git-repository directory
      '((add "a.txt" "A")
        (commit "first commit")
        (add "b.txt" "B")
        (commit "second commit"))
    (with-repository directory repository
      (let ((commit1 (find-commit repository "first"))
            (commit2 (find-commit repository "second")))
        (guard (c ((unsigned-commit-error? c)
                   (oid=? (git-authentication-error-commit c)
                          (commit-id commit1))))
          (authenticate-commits repository (list commit1 commit2)
                                #:keyring-reference "master")
          'failed)))))

(unless (gpg+git-available?) (test-skip 1))
(test-assert "signed commits, SHA1 signature"
  (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                %ed25519-secret-key-file)
    ;; Force use of SHA1 for signatures.
    (call-with-output-file (string-append (getenv "GNUPGHOME") "/gpg.conf")
      (lambda (port)
        (display "digest-algo sha1" port)))

    (with-temporary-git-repository directory
        `((add "a.txt" "A")
          (add "signer.key" ,(call-with-input-file %ed25519-public-key-file
                               get-string-all))
          (add ".guix-authorizations"
               ,(object->string
                 `(authorizations (version 0)
                                  ((,(key-fingerprint %ed25519-public-key-file)
                                    (name "Charlie"))))))
          (commit "first commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file))))
      (with-repository directory repository
        (let ((commit (find-commit repository "first")))
          (guard (c ((unsigned-commit-error? c)
                     (oid=? (git-authentication-error-commit c)
                            (commit-id commit))))
            (authenticate-commits repository (list commit)
                                  #:keyring-reference "master")
            'failed))))))

(unless (gpg+git-available?) (test-skip 1))
(test-assert "signed commits, default authorizations"
  (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                %ed25519-secret-key-file)
    (with-temporary-git-repository directory
        `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
                               get-string-all))
          (commit "zeroth commit")
          (add "a.txt" "A")
          (commit "first commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file)))
          (add "b.txt" "B")
          (commit "second commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file))))
      (with-repository directory repository
        (let ((commit1 (find-commit repository "first"))
              (commit2 (find-commit repository "second")))
          (authenticate-commits repository (list commit1 commit2)
                                #:default-authorizations
                                (list (openpgp-public-key-fingerprint
                                       (read-openpgp-packet
                                        %ed25519-public-key-file)))
                                #:keyring-reference "master"))))))

(unless (gpg+git-available?) (test-skip 1))
(test-assert "signed commits, .guix-authorizations"
  (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                %ed25519-secret-key-file)
    (with-temporary-git-repository directory
        `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
                               get-string-all))
          (add ".guix-authorizations"
               ,(object->string
                 `(authorizations (version 0)
                                  ((,(key-fingerprint
                                      %ed25519-public-key-file)
                                    (name "Charlie"))))))
          (commit "zeroth commit")
          (add "a.txt" "A")
          (commit "first commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file)))
          (add ".guix-authorizations"
               ,(object->string `(authorizations (version 0) ()))) ;empty
          (commit "second commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file)))
          (add "b.txt" "B")
          (commit "third commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file))))
      (with-repository directory repository
        (let ((commit1 (find-commit repository "first"))
              (commit2 (find-commit repository "second"))
              (commit3 (find-commit repository "third")))
          ;; COMMIT1 and COMMIT2 are fine.
          (and (authenticate-commits repository (list commit1 commit2)
                                     #:keyring-reference "master")

               ;; COMMIT3 is signed by an unauthorized key according to its
               ;; parent's '.guix-authorizations' file.
               (guard (c ((unauthorized-commit-error? c)
                          (and (oid=? (git-authentication-error-commit c)
                                      (commit-id commit3))
                               (bytevector=?
                                (openpgp-public-key-fingerprint
                                 (unauthorized-commit-error-signing-key c))
                                (openpgp-public-key-fingerprint
                                 (read-openpgp-packet
                                  %ed25519-public-key-file))))))
                 (authenticate-commits repository
                                       (list commit1 commit2 commit3)
                                       #:keyring-reference "master")
                 'failed)))))))

(unless (gpg+git-available?) (test-skip 1))
(test-assert "signed commits, .guix-authorizations, unauthorized merge"
  (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                %ed25519-secret-key-file
                                %ed25519-2-public-key-file
                                %ed25519-2-secret-key-file)
    (with-temporary-git-repository directory
        `((add "signer1.key"
               ,(call-with-input-file %ed25519-public-key-file
                  get-string-all))
          (add "signer2.key"
               ,(call-with-input-file %ed25519-2-public-key-file
                  get-string-all))
          (add ".guix-authorizations"
               ,(object->string
                 `(authorizations (version 0)
                                  ((,(key-fingerprint
                                      %ed25519-public-key-file)
                                    (name "Alice"))))))
          (commit "zeroth commit")
          (add "a.txt" "A")
          (commit "first commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file)))
          (branch "devel")
          (checkout "devel")
          (add "devel/1.txt" "1")
          (commit "first devel commit"
                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
          (checkout "master")
          (add "b.txt" "B")
          (commit "second commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file)))
          (merge "devel" "merge"
                 (signer ,(key-fingerprint %ed25519-public-key-file))))
      (with-repository directory repository
        (let ((master1 (find-commit repository "first commit"))
              (master2 (find-commit repository "second commit"))
              (devel1  (find-commit repository "first devel commit"))
              (merge   (find-commit repository "merge")))
          (define (correct? c commit)
            (and (oid=? (git-authentication-error-commit c)
                        (commit-id commit))
                 (bytevector=?
                  (openpgp-public-key-fingerprint
                   (unauthorized-commit-error-signing-key c))
                  (openpgp-public-key-fingerprint
                   (read-openpgp-packet %ed25519-2-public-key-file)))))

          (and (authenticate-commits repository (list master1 master2)
                                     #:keyring-reference "master")

               ;; DEVEL1 is signed by an unauthorized key according to its
               ;; parent's '.guix-authorizations' file.
               (guard (c ((unauthorized-commit-error? c)
                          (correct? c devel1)))
                 (authenticate-commits repository
                                       (list master1 devel1)
                                       #:keyring-reference "master")
                 #f)

               ;; MERGE is authorized but one of its ancestors is not.
               (guard (c ((unauthorized-commit-error? c)
                          (correct? c devel1)))
                 (authenticate-commits repository
                                       (list master1 master2
                                             devel1 merge)
                                       #:keyring-reference "master")
                 #f)))))))

(unless (gpg+git-available?) (test-skip 1))
(test-assert "signed commits, .guix-authorizations, authorized merge"
  (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                %ed25519-secret-key-file
                                %ed25519-2-public-key-file
                                %ed25519-2-secret-key-file)
    (with-temporary-git-repository directory
        `((add "signer1.key"
               ,(call-with-input-file %ed25519-public-key-file
                  get-string-all))
          (add "signer2.key"
               ,(call-with-input-file %ed25519-2-public-key-file
                  get-string-all))
          (add ".guix-authorizations"
               ,(object->string
                 `(authorizations (version 0)
                                  ((,(key-fingerprint
                                      %ed25519-public-key-file)
                                    (name "Alice"))))))
          (commit "zeroth commit")
          (add "a.txt" "A")
          (commit "first commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file)))
          (branch "devel")
          (checkout "devel")
          (add ".guix-authorizations"
               ,(object->string                   ;add the second signer
                 `(authorizations (version 0)
                                  ((,(key-fingerprint
                                      %ed25519-public-key-file)
                                    (name "Alice"))
                                   (,(key-fingerprint
                                      %ed25519-2-public-key-file))))))
          (commit "first devel commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file)))
          (add "devel/2.txt" "2")
          (commit "second devel commit"
                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
          (checkout "master")
          (add "b.txt" "B")
          (commit "second commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file)))
          (merge "devel" "merge"
                 (signer ,(key-fingerprint %ed25519-public-key-file)))
          ;; After the merge, the second signer is authorized.
          (add "c.txt" "C")
          (commit "third commit"
                  (signer ,(key-fingerprint %ed25519-2-public-key-file))))
      (with-repository directory repository
        (let ((master1 (find-commit repository "first commit"))
              (master2 (find-commit repository "second commit"))
              (devel1  (find-commit repository "first devel commit"))
              (devel2  (find-commit repository "second devel commit"))
              (merge   (find-commit repository "merge"))
              (master3 (find-commit repository "third commit")))
          (authenticate-commits repository
                                (list master1 master2 devel1 devel2
                                      merge master3)
                                #:keyring-reference "master"))))))

(unless (gpg+git-available?) (test-skip 1))
(test-assert "signed commits, .guix-authorizations removed"
  (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                %ed25519-secret-key-file)
    (with-temporary-git-repository directory
        `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
                               get-string-all))
          (add ".guix-authorizations"
               ,(object->string
                 `(authorizations (version 0)
                                  ((,(key-fingerprint
                                      %ed25519-public-key-file)
                                    (name "Charlie"))))))
          (commit "zeroth commit")
          (add "a.txt" "A")
          (commit "first commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file)))
          (remove ".guix-authorizations")
          (commit "second commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file)))
          (add "b.txt" "B")
          (commit "third commit"
                  (signer ,(key-fingerprint %ed25519-public-key-file))))
      (with-repository directory repository
        (let ((commit1 (find-commit repository "first"))
              (commit2 (find-commit repository "second"))
              (commit3 (find-commit repository "third")))
          ;; COMMIT1 and COMMIT2 are fine.
          (and (authenticate-commits repository (list commit1 commit2)
                                     #:keyring-reference "master")

               ;; COMMIT3 is rejected because COMMIT2 removes
               ;; '.guix-authorizations'.
               (guard (c ((unauthorized-commit-error? c)
                          (oid=? (git-authentication-error-commit c)
                                 (commit-id commit2))))
                 (authenticate-commits repository
                                       (list commit1 commit2 commit3)
                                       #:keyring-reference "master")
                 'failed)))))))

(unless (gpg+git-available?) (test-skip 1))
(test-assert "introductory commit, valid signature"
  (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                %ed25519-secret-key-file)
    (let ((fingerprint (key-fingerprint %ed25519-public-key-file)))
      (with-temporary-git-repository directory
          `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
                                 get-string-all))
            (add ".guix-authorizations"
                 ,(object->string
                   `(authorizations (version 0)
                                    ((,(key-fingerprint
                                        %ed25519-public-key-file)
                                      (name "Charlie"))))))
            (commit "zeroth commit" (signer ,fingerprint))
            (add "a.txt" "A")
            (commit "first commit" (signer ,fingerprint)))
        (with-repository directory repository
          (let ((commit0 (find-commit repository "zero"))
                (commit1 (find-commit repository "first")))
            ;; COMMIT0 is signed with the right key, and COMMIT1 is fine.
            (authenticate-repository repository
                                     (commit-id commit0)
                                     (openpgp-fingerprint fingerprint)
                                     #:keyring-reference "master"
                                     #:cache-key (random-text))))))))

(unless (gpg+git-available?) (test-skip 1))
(test-equal "introductory commit, missing signature"
  'intro-lacks-signature
  (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                %ed25519-secret-key-file)
    (let ((fingerprint (key-fingerprint %ed25519-public-key-file)))
      (with-temporary-git-repository directory
          `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
                                 get-string-all))
            (add ".guix-authorizations"
                 ,(object->string
                   `(authorizations (version 0)
                                    ((,(key-fingerprint
                                        %ed25519-public-key-file)
                                      (name "Charlie"))))))
            (commit "zeroth commit")              ;unsigned!
            (add "a.txt" "A")
            (commit "first commit" (signer ,fingerprint)))
        (with-repository directory repository
          (let ((commit0 (find-commit repository "zero")))
            ;; COMMIT0 is not signed.
            (guard (c ((formatted-message? c)
                       ;; Message like "commit ~a lacks a signature".
                       (and (equal? (formatted-message-arguments c)
                                    (list (oid->string (commit-id commit0))))
                            'intro-lacks-signature)))
              (authenticate-repository repository
                                       (commit-id commit0)
                                       (openpgp-fingerprint fingerprint)
                                       #:keyring-reference "master"
                                       #:cache-key (random-text)))))))))

(unless (gpg+git-available?) (test-skip 1))
(test-equal "introductory commit, wrong signature"
  'wrong-intro-signing-key
  (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                %ed25519-secret-key-file
                                %ed25519-2-public-key-file
                                %ed25519-2-secret-key-file)
    (let ((fingerprint (key-fingerprint %ed25519-public-key-file))
          (wrong-fingerprint (key-fingerprint %ed25519-2-public-key-file)))
      (with-temporary-git-repository directory
          `((add "signer1.key" ,(call-with-input-file %ed25519-public-key-file
                                  get-string-all))
            (add "signer2.key" ,(call-with-input-file %ed25519-2-public-key-file
                                  get-string-all))
            (add ".guix-authorizations"
                 ,(object->string
                   `(authorizations (version 0)
                                    ((,(key-fingerprint
                                        %ed25519-public-key-file)
                                      (name "Charlie"))))))
            (commit "zeroth commit" (signer ,wrong-fingerprint))
            (add "a.txt" "A")
            (commit "first commit" (signer ,fingerprint)))
        (with-repository directory repository
          (let ((commit0 (find-commit repository "zero"))
                (commit1 (find-commit repository "first")))
            ;; COMMIT0 is signed with the wrong key--not the one passed as the
            ;; SIGNER argument to 'authenticate-repository'.
            (guard (c ((formatted-message? c)
                       ;; Message like "commit ~a signed by ~a instead of ~a".
                       (and (equal? (formatted-message-arguments c)
                                    (list (oid->string (commit-id commit0))
                                          wrong-fingerprint fingerprint))
                            'wrong-intro-signing-key)))
             (authenticate-repository repository
                                      (commit-id commit0)
                                      (openpgp-fingerprint fingerprint)
                                      #:keyring-reference "master"
                                      #:cache-key (random-text)))))))))

(unless (gpg+git-available?) (test-skip 1))
(test-equal "authenticate-repository, target not a descendant of intro"
  'target-commit-not-a-descendant-of-intro
  (with-fresh-gnupg-setup (list %ed25519-public-key-file
                                %ed25519-secret-key-file)
    (let ((fingerprint (key-fingerprint %ed25519-public-key-file)))
      (with-temporary-git-repository directory
          `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
                                 get-string-all))
            (add ".guix-authorizations"
                 ,(object->string
                   `(authorizations (version 0)
                                    ((,(key-fingerprint
                                        %ed25519-public-key-file)
                                      (name "Charlie"))))))
            (commit "zeroth commit" (signer ,fingerprint))
            (branch "pre-intro-branch")
            (checkout "pre-intro-branch")
            (add "b.txt" "B")
            (commit "alternate commit" (signer ,fingerprint))
            (checkout "master")
            (add "a.txt" "A")
            (commit "first commit" (signer ,fingerprint))
            (add "c.txt" "C")
            (commit "second commit" (signer ,fingerprint)))
        (with-repository directory repository
          (let ((commit1 (find-commit repository "first"))
                (commit-alt
                 (commit-lookup repository
                                (reference-target
                                 (branch-lookup repository
                                                "pre-intro-branch")))))
            (guard (c ((formatted-message? c)
                       (and (equal? (formatted-message-arguments c)
                                    (list (oid->string (commit-id commit-alt))
                                          (oid->string (commit-id commit1))))
                            'target-commit-not-a-descendant-of-intro)))
              (authenticate-repository repository
                                       (commit-id commit1)
                                       (openpgp-fingerprint fingerprint)
                                       #:end (commit-id commit-alt)
                                       #:keyring-reference "master"
                                       #:cache-key (random-text)))))))))

(test-end "git-authenticate")
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								;;; GNU Guix --- Functional package management for GNU
-												git-authenticate: Test introductory commit signature verification.

These tests mimic similar tests already in 'tests/channels.scm', but
without using the higher-level 'authenticate-channel'.

* tests/git-authenticate.scm ("introductory commit, valid signature")
("introductory commit, missing signature")
("introductory commit, wrong signature"): New tests.

											
										
										
											2022-01-28 11:01:12 +00:00
+								;;; Copyright © 2020, 2022 Ludovic Courtès <ludo@gnu.org>
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								;;;
 								;;; This file is part of GNU Guix.
 								;;;
 								;;; GNU Guix is free software; you can redistribute it and/or modify it
 								;;; under the terms of the GNU General Public License as published by
 								;;; the Free Software Foundation; either version 3 of the License, or (at
 								;;; your option) any later version.
 								;;;
 								;;; GNU Guix is distributed in the hope that it will be useful, but
 								;;; WITHOUT ANY WARRANTY; without even the implied warranty of
 								;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 								;;; GNU General Public License for more details.
 								;;;
 								;;; You should have received a copy of the GNU General Public License
 								;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 								(define-module (test-git-authenticate)
 								  #:use-module (git)
 								  #:use-module (guix git)
 								  #:use-module (guix git-authenticate)
-												git-authenticate: Test introductory commit signature verification.

These tests mimic similar tests already in 'tests/channels.scm', but
without using the higher-level 'authenticate-channel'.

* tests/git-authenticate.scm ("introductory commit, valid signature")
("introductory commit, missing signature")
("introductory commit, wrong signature"): New tests.

											
										
										
											2022-01-28 11:01:12 +00:00
+								  #:use-module ((guix channels) #:select (openpgp-fingerprint))
 								  #:use-module ((guix diagnostics)
 								                #:select (formatted-message? formatted-message-arguments))
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								  #:use-module (guix openpgp)
-												git-authenticate: Test introductory commit signature verification.

These tests mimic similar tests already in 'tests/channels.scm', but
without using the higher-level 'authenticate-channel'.

* tests/git-authenticate.scm ("introductory commit, valid signature")
("introductory commit, missing signature")
("introductory commit, wrong signature"): New tests.

											
										
										
											2022-01-28 11:01:12 +00:00
+								  #:use-module ((guix tests) #:select (random-text))
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								  #:use-module (guix tests git)
 								  #:use-module (guix tests gnupg)
 								  #:use-module (guix build utils)
 								  #:use-module (srfi srfi-1)
 								  #:use-module (srfi srfi-34)
-												git-authenticate: Test introductory commit signature verification.

These tests mimic similar tests already in 'tests/channels.scm', but
without using the higher-level 'authenticate-channel'.

* tests/git-authenticate.scm ("introductory commit, valid signature")
("introductory commit, missing signature")
("introductory commit, wrong signature"): New tests.

											
										
										
											2022-01-28 11:01:12 +00:00
+								  #:use-module (srfi srfi-35)
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								  #:use-module (srfi srfi-64)
 								  #:use-module (rnrs bytevectors)
 								  #:use-module (rnrs io ports))
 								;; Test the (guix git-authenticate) tools.
 								(define (gpg+git-available?)
 								  (and (which (git-command))
 								       (which (gpg-command)) (which (gpgconf-command))))
 								(test-begin "git-authenticate")
 								(test-assert "unsigned commits"
 								  (with-temporary-git-repository directory
 								      '((add "a.txt" "A")
 								        (commit "first commit")
 								        (add "b.txt" "B")
 								        (commit "second commit"))
 								    (with-repository directory repository
 								      (let ((commit1 (find-commit repository "first"))
 								            (commit2 (find-commit repository "second")))
 								        (guard (c ((unsigned-commit-error? c)
 								                   (oid=? (git-authentication-error-commit c)
 								                          (commit-id commit1))))
 								          (authenticate-commits repository (list commit1 commit2)
 								                                #:keyring-reference "master")
 								          'failed)))))
-												tests: Allow 'tests/git-authenticate.scm' to run when git/gpg is missing.

Fixes <https://bugs.gnu.org/42077>.
Reported by Jan Nieuwenhuizen <janneke@gnu.org>.

The typo was introduced in 7b06781a58326f251c4af6340379d68e3cb98adb.

* tests/git-authenticate.scm <top level>: Remove call to 'which'
around (gpg+git-available?).

											
										
										
											2020-06-28 20:55:51 +00:00
+								(unless (gpg+git-available?) (test-skip 1))
-												git-authenticate: Disallow SHA1 (and MD5) signatures.

* guix/git-authenticate.scm (commit-signing-key): Add
 #:disallowed-hash-algorithms and honor it.
(authenticate-commit)[recent-commit?]: New variable.
Pass #:disallowed-hash-algorithms to 'commit-signing-key'.
* tests/git-authenticate.scm ("signed commits, SHA1 signature"): New test.

											
										
										
											2020-06-10 12:54:13 +00:00
+								(test-assert "signed commits, SHA1 signature"
 								  (with-fresh-gnupg-setup (list %ed25519-public-key-file
 								                                %ed25519-secret-key-file)
 								    ;; Force use of SHA1 for signatures.
 								    (call-with-output-file (string-append (getenv "GNUPGHOME") "/gpg.conf")
 								      (lambda (port)
 								        (display "digest-algo sha1" port)))
 								    (with-temporary-git-repository directory
 								        `((add "a.txt" "A")
 								          (add "signer.key" ,(call-with-input-file %ed25519-public-key-file
 								                               get-string-all))
 								          (add ".guix-authorizations"
 								               ,(object->string
 								                 `(authorizations (version 0)
 								                                  ((,(key-fingerprint %ed25519-public-key-file)
 								                                    (name "Charlie"))))))
 								          (commit "first commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file))))
 								      (with-repository directory repository
 								        (let ((commit (find-commit repository "first")))
 								          (guard (c ((unsigned-commit-error? c)
 								                     (oid=? (git-authentication-error-commit c)
 								                            (commit-id commit))))
 								            (authenticate-commits repository (list commit)
 								                                  #:keyring-reference "master")
 								            'failed))))))
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								(unless (gpg+git-available?) (test-skip 1))
 								(test-assert "signed commits, default authorizations"
 								  (with-fresh-gnupg-setup (list %ed25519-public-key-file
 								                                %ed25519-secret-key-file)
 								    (with-temporary-git-repository directory
 								        `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
 								                               get-string-all))
 								          (commit "zeroth commit")
 								          (add "a.txt" "A")
 								          (commit "first commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          (add "b.txt" "B")
 								          (commit "second commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file))))
 								      (with-repository directory repository
 								        (let ((commit1 (find-commit repository "first"))
 								              (commit2 (find-commit repository "second")))
 								          (authenticate-commits repository (list commit1 commit2)
 								                                #:default-authorizations
 								                                (list (openpgp-public-key-fingerprint
 								                                       (read-openpgp-packet
 								                                        %ed25519-public-key-file)))
 								                                #:keyring-reference "master"))))))
 								(unless (gpg+git-available?) (test-skip 1))
 								(test-assert "signed commits, .guix-authorizations"
 								  (with-fresh-gnupg-setup (list %ed25519-public-key-file
 								                                %ed25519-secret-key-file)
 								    (with-temporary-git-repository directory
 								        `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
 								                               get-string-all))
 								          (add ".guix-authorizations"
 								               ,(object->string
 								                 `(authorizations (version 0)
 								                                  ((,(key-fingerprint
 								                                      %ed25519-public-key-file)
 								                                    (name "Charlie"))))))
 								          (commit "zeroth commit")
 								          (add "a.txt" "A")
 								          (commit "first commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          (add ".guix-authorizations"
 								               ,(object->string `(authorizations (version 0) ()))) ;empty
 								          (commit "second commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          (add "b.txt" "B")
 								          (commit "third commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file))))
 								      (with-repository directory repository
 								        (let ((commit1 (find-commit repository "first"))
 								              (commit2 (find-commit repository "second"))
 								              (commit3 (find-commit repository "third")))
 								          ;; COMMIT1 and COMMIT2 are fine.
 								          (and (authenticate-commits repository (list commit1 commit2)
 								                                     #:keyring-reference "master")
 								               ;; COMMIT3 is signed by an unauthorized key according to its
 								               ;; parent's '.guix-authorizations' file.
 								               (guard (c ((unauthorized-commit-error? c)
 								                          (and (oid=? (git-authentication-error-commit c)
 								                                      (commit-id commit3))
 								                               (bytevector=?
 								                                (openpgp-public-key-fingerprint
 								                                 (unauthorized-commit-error-signing-key c))
 								                                (openpgp-public-key-fingerprint
 								                                 (read-openpgp-packet
 								                                  %ed25519-public-key-file))))))
 								                 (authenticate-commits repository
 								                                       (list commit1 commit2 commit3)
 								                                       #:keyring-reference "master")
 								                 'failed)))))))
 								(unless (gpg+git-available?) (test-skip 1))
 								(test-assert "signed commits, .guix-authorizations, unauthorized merge"
 								  (with-fresh-gnupg-setup (list %ed25519-public-key-file
 								                                %ed25519-secret-key-file
-												tests: Move keys into ./tests/keys/ and add a third ed25519 key.

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

											
										
										
											2021-12-21 21:56:10 +00:00
+								                                %ed25519-2-public-key-file
 								                                %ed25519-2-secret-key-file)
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								    (with-temporary-git-repository directory
 								        `((add "signer1.key"
 								               ,(call-with-input-file %ed25519-public-key-file
 								                  get-string-all))
 								          (add "signer2.key"
-												tests: Move keys into ./tests/keys/ and add a third ed25519 key.

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

											
										
										
											2021-12-21 21:56:10 +00:00
+								               ,(call-with-input-file %ed25519-2-public-key-file
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								                  get-string-all))
 								          (add ".guix-authorizations"
 								               ,(object->string
 								                 `(authorizations (version 0)
 								                                  ((,(key-fingerprint
 								                                      %ed25519-public-key-file)
 								                                    (name "Alice"))))))
 								          (commit "zeroth commit")
 								          (add "a.txt" "A")
 								          (commit "first commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          (branch "devel")
 								          (checkout "devel")
 								          (add "devel/1.txt" "1")
 								          (commit "first devel commit"
-												tests: Move keys into ./tests/keys/ and add a third ed25519 key.

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

											
										
										
											2021-12-21 21:56:10 +00:00
+								                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								          (checkout "master")
 								          (add "b.txt" "B")
 								          (commit "second commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          (merge "devel" "merge"
 								                 (signer ,(key-fingerprint %ed25519-public-key-file))))
 								      (with-repository directory repository
 								        (let ((master1 (find-commit repository "first commit"))
 								              (master2 (find-commit repository "second commit"))
 								              (devel1  (find-commit repository "first devel commit"))
 								              (merge   (find-commit repository "merge")))
 								          (define (correct? c commit)
 								            (and (oid=? (git-authentication-error-commit c)
 								                        (commit-id commit))
 								                 (bytevector=?
 								                  (openpgp-public-key-fingerprint
 								                   (unauthorized-commit-error-signing-key c))
 								                  (openpgp-public-key-fingerprint
-												tests: Move keys into ./tests/keys/ and add a third ed25519 key.

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

											
										
										
											2021-12-21 21:56:10 +00:00
+								                   (read-openpgp-packet %ed25519-2-public-key-file)))))
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
 								          (and (authenticate-commits repository (list master1 master2)
 								                                     #:keyring-reference "master")
 								               ;; DEVEL1 is signed by an unauthorized key according to its
 								               ;; parent's '.guix-authorizations' file.
 								               (guard (c ((unauthorized-commit-error? c)
 								                          (correct? c devel1)))
 								                 (authenticate-commits repository
 								                                       (list master1 devel1)
 								                                       #:keyring-reference "master")
 								                 #f)
 								               ;; MERGE is authorized but one of its ancestors is not.
 								               (guard (c ((unauthorized-commit-error? c)
 								                          (correct? c devel1)))
 								                 (authenticate-commits repository
 								                                       (list master1 master2
 								                                             devel1 merge)
 								                                       #:keyring-reference "master")
 								                 #f)))))))
 								(unless (gpg+git-available?) (test-skip 1))
 								(test-assert "signed commits, .guix-authorizations, authorized merge"
 								  (with-fresh-gnupg-setup (list %ed25519-public-key-file
 								                                %ed25519-secret-key-file
-												tests: Move keys into ./tests/keys/ and add a third ed25519 key.

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

											
										
										
											2021-12-21 21:56:10 +00:00
+								                                %ed25519-2-public-key-file
 								                                %ed25519-2-secret-key-file)
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								    (with-temporary-git-repository directory
 								        `((add "signer1.key"
 								               ,(call-with-input-file %ed25519-public-key-file
 								                  get-string-all))
 								          (add "signer2.key"
-												tests: Move keys into ./tests/keys/ and add a third ed25519 key.

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

											
										
										
											2021-12-21 21:56:10 +00:00
+								               ,(call-with-input-file %ed25519-2-public-key-file
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								                  get-string-all))
 								          (add ".guix-authorizations"
 								               ,(object->string
 								                 `(authorizations (version 0)
 								                                  ((,(key-fingerprint
 								                                      %ed25519-public-key-file)
 								                                    (name "Alice"))))))
 								          (commit "zeroth commit")
 								          (add "a.txt" "A")
 								          (commit "first commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          (branch "devel")
 								          (checkout "devel")
 								          (add ".guix-authorizations"
 								               ,(object->string                   ;add the second signer
 								                 `(authorizations (version 0)
 								                                  ((,(key-fingerprint
 								                                      %ed25519-public-key-file)
 								                                    (name "Alice"))
 								                                   (,(key-fingerprint
-												tests: Move keys into ./tests/keys/ and add a third ed25519 key.

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

											
										
										
											2021-12-21 21:56:10 +00:00
+								                                      %ed25519-2-public-key-file))))))
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								          (commit "first devel commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          (add "devel/2.txt" "2")
 								          (commit "second devel commit"
-												tests: Move keys into ./tests/keys/ and add a third ed25519 key.

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

											
										
										
											2021-12-21 21:56:10 +00:00
+								                  (signer ,(key-fingerprint %ed25519-2-public-key-file)))
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								          (checkout "master")
 								          (add "b.txt" "B")
 								          (commit "second commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          (merge "devel" "merge"
 								                 (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          ;; After the merge, the second signer is authorized.
 								          (add "c.txt" "C")
 								          (commit "third commit"
-												tests: Move keys into ./tests/keys/ and add a third ed25519 key.

The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>

											
										
										
											2021-12-21 21:56:10 +00:00
+								                  (signer ,(key-fingerprint %ed25519-2-public-key-file))))
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								      (with-repository directory repository
 								        (let ((master1 (find-commit repository "first commit"))
 								              (master2 (find-commit repository "second commit"))
 								              (devel1  (find-commit repository "first devel commit"))
 								              (devel2  (find-commit repository "second devel commit"))
 								              (merge   (find-commit repository "merge"))
 								              (master3 (find-commit repository "third commit")))
 								          (authenticate-commits repository
 								                                (list master1 master2 devel1 devel2
 								                                      merge master3)
 								                                #:keyring-reference "master"))))))
-												git-authenticate: Prevent removal of '.guix-authorizations'.

* guix/git-authenticate.scm (commit-authorized-keys)
[parents-have-authorizations-file?, assert-parents-lack-authorizations]:
New procedures.
Use the latter before returning DEFAULT-AUTHORIZATIONS.
* guix/git.scm (false-if-git-not-found): Export.
* guix/tests/git.scm (populate-git-repository): Add 'remove' clause.
* tests/git-authenticate.scm ("signed commits, .guix-authorizations removed"):
New test.

											
										
										
											2020-06-07 21:06:41 +00:00
+								(unless (gpg+git-available?) (test-skip 1))
 								(test-assert "signed commits, .guix-authorizations removed"
 								  (with-fresh-gnupg-setup (list %ed25519-public-key-file
 								                                %ed25519-secret-key-file)
 								    (with-temporary-git-repository directory
 								        `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
 								                               get-string-all))
 								          (add ".guix-authorizations"
 								               ,(object->string
 								                 `(authorizations (version 0)
 								                                  ((,(key-fingerprint
 								                                      %ed25519-public-key-file)
 								                                    (name "Charlie"))))))
 								          (commit "zeroth commit")
 								          (add "a.txt" "A")
 								          (commit "first commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          (remove ".guix-authorizations")
 								          (commit "second commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file)))
 								          (add "b.txt" "B")
 								          (commit "third commit"
 								                  (signer ,(key-fingerprint %ed25519-public-key-file))))
 								      (with-repository directory repository
 								        (let ((commit1 (find-commit repository "first"))
 								              (commit2 (find-commit repository "second"))
 								              (commit3 (find-commit repository "third")))
 								          ;; COMMIT1 and COMMIT2 are fine.
 								          (and (authenticate-commits repository (list commit1 commit2)
 								                                     #:keyring-reference "master")
 								               ;; COMMIT3 is rejected because COMMIT2 removes
 								               ;; '.guix-authorizations'.
 								               (guard (c ((unauthorized-commit-error? c)
 								                          (oid=? (git-authentication-error-commit c)
 								                                 (commit-id commit2))))
 								                 (authenticate-commits repository
 								                                       (list commit1 commit2 commit3)
 								                                       #:keyring-reference "master")
 								                 'failed)))))))
-												git-authenticate: Test introductory commit signature verification.

These tests mimic similar tests already in 'tests/channels.scm', but
without using the higher-level 'authenticate-channel'.

* tests/git-authenticate.scm ("introductory commit, valid signature")
("introductory commit, missing signature")
("introductory commit, wrong signature"): New tests.

											
										
										
											2022-01-28 11:01:12 +00:00
+								(unless (gpg+git-available?) (test-skip 1))
 								(test-assert "introductory commit, valid signature"
 								  (with-fresh-gnupg-setup (list %ed25519-public-key-file
 								                                %ed25519-secret-key-file)
 								    (let ((fingerprint (key-fingerprint %ed25519-public-key-file)))
 								      (with-temporary-git-repository directory
 								          `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
 								                                 get-string-all))
 								            (add ".guix-authorizations"
 								                 ,(object->string
 								                   `(authorizations (version 0)
 								                                    ((,(key-fingerprint
 								                                        %ed25519-public-key-file)
 								                                      (name "Charlie"))))))
 								            (commit "zeroth commit" (signer ,fingerprint))
 								            (add "a.txt" "A")
 								            (commit "first commit" (signer ,fingerprint)))
 								        (with-repository directory repository
 								          (let ((commit0 (find-commit repository "zero"))
 								                (commit1 (find-commit repository "first")))
 								            ;; COMMIT0 is signed with the right key, and COMMIT1 is fine.
 								            (authenticate-repository repository
 								                                     (commit-id commit0)
 								                                     (openpgp-fingerprint fingerprint)
 								                                     #:keyring-reference "master"
 								                                     #:cache-key (random-text))))))))
 								(unless (gpg+git-available?) (test-skip 1))
 								(test-equal "introductory commit, missing signature"
 								  'intro-lacks-signature
 								  (with-fresh-gnupg-setup (list %ed25519-public-key-file
 								                                %ed25519-secret-key-file)
 								    (let ((fingerprint (key-fingerprint %ed25519-public-key-file)))
 								      (with-temporary-git-repository directory
 								          `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
 								                                 get-string-all))
 								            (add ".guix-authorizations"
 								                 ,(object->string
 								                   `(authorizations (version 0)
 								                                    ((,(key-fingerprint
 								                                        %ed25519-public-key-file)
 								                                      (name "Charlie"))))))
 								            (commit "zeroth commit")              ;unsigned!
 								            (add "a.txt" "A")
 								            (commit "first commit" (signer ,fingerprint)))
 								        (with-repository directory repository
 								          (let ((commit0 (find-commit repository "zero")))
 								            ;; COMMIT0 is not signed.
 								            (guard (c ((formatted-message? c)
 								                       ;; Message like "commit ~a lacks a signature".
 								                       (and (equal? (formatted-message-arguments c)
 								                                    (list (oid->string (commit-id commit0))))
 								                            'intro-lacks-signature)))
 								              (authenticate-repository repository
 								                                       (commit-id commit0)
 								                                       (openpgp-fingerprint fingerprint)
 								                                       #:keyring-reference "master"
 								                                       #:cache-key (random-text)))))))))
 								(unless (gpg+git-available?) (test-skip 1))
 								(test-equal "introductory commit, wrong signature"
 								  'wrong-intro-signing-key
 								  (with-fresh-gnupg-setup (list %ed25519-public-key-file
 								                                %ed25519-secret-key-file
 								                                %ed25519-2-public-key-file
 								                                %ed25519-2-secret-key-file)
 								    (let ((fingerprint (key-fingerprint %ed25519-public-key-file))
 								          (wrong-fingerprint (key-fingerprint %ed25519-2-public-key-file)))
 								      (with-temporary-git-repository directory
 								          `((add "signer1.key" ,(call-with-input-file %ed25519-public-key-file
 								                                  get-string-all))
 								            (add "signer2.key" ,(call-with-input-file %ed25519-2-public-key-file
 								                                  get-string-all))
 								            (add ".guix-authorizations"
 								                 ,(object->string
 								                   `(authorizations (version 0)
 								                                    ((,(key-fingerprint
 								                                        %ed25519-public-key-file)
 								                                      (name "Charlie"))))))
 								            (commit "zeroth commit" (signer ,wrong-fingerprint))
 								            (add "a.txt" "A")
 								            (commit "first commit" (signer ,fingerprint)))
 								        (with-repository directory repository
 								          (let ((commit0 (find-commit repository "zero"))
 								                (commit1 (find-commit repository "first")))
 								            ;; COMMIT0 is signed with the wrong key--not the one passed as the
 								            ;; SIGNER argument to 'authenticate-repository'.
 								            (guard (c ((formatted-message? c)
 								                       ;; Message like "commit ~a signed by ~a instead of ~a".
 								                       (and (equal? (formatted-message-arguments c)
 								                                    (list (oid->string (commit-id commit0))
 								                                          wrong-fingerprint fingerprint))
 								                            'wrong-intro-signing-key)))
 								             (authenticate-repository repository
 								                                      (commit-id commit0)
 								                                      (openpgp-fingerprint fingerprint)
 								                                      #:keyring-reference "master"
 								                                      #:cache-key (random-text)))))))))
-												git-authenticate: Ensure the target is a descendant of the introductory commit.

Fixes a bug whereby authentication of a commit *not* descending from the
introductory commit could succeed, provided the commit verifies the
authorization invariant.

In the example below, A is a common ancestor of the introductory commit
I and of commit X.  Authentication of X would succeed, even though it is
not a descendant of I, as long as X is authorized according to the
'.guix-authorizations' in A:

   X   	 I
    \   /
      A

This is because, 'authenticate-repository' would not check whether X
descends from I, and the call (commit-difference X I) would return X.

In practice that only affects forks because it means that ancestors of
the introductory commit already contain a '.guix-authorizations' file.

* guix/git-authenticate.scm (authenticate-repository): Add call to
'commit-descendant?'.
* tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"):
New test.
* tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"):
New test.
* tests/guix-git-authenticate.sh: Expect earlier test to fail since
9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of
$intro_commit.  Add new test targeting an ancestor of the introductory
commit, and another test targeting the v1.2.0 commit.
* doc/guix.texi (Specifying Channel Authorizations): Add a sentence.

											
										
										
											2022-01-28 16:20:43 +00:00
+								(unless (gpg+git-available?) (test-skip 1))
 								(test-equal "authenticate-repository, target not a descendant of intro"
 								  'target-commit-not-a-descendant-of-intro
 								  (with-fresh-gnupg-setup (list %ed25519-public-key-file
 								                                %ed25519-secret-key-file)
 								    (let ((fingerprint (key-fingerprint %ed25519-public-key-file)))
 								      (with-temporary-git-repository directory
 								          `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file
 								                                 get-string-all))
 								            (add ".guix-authorizations"
 								                 ,(object->string
 								                   `(authorizations (version 0)
 								                                    ((,(key-fingerprint
 								                                        %ed25519-public-key-file)
 								                                      (name "Charlie"))))))
 								            (commit "zeroth commit" (signer ,fingerprint))
 								            (branch "pre-intro-branch")
 								            (checkout "pre-intro-branch")
 								            (add "b.txt" "B")
 								            (commit "alternate commit" (signer ,fingerprint))
 								            (checkout "master")
 								            (add "a.txt" "A")
 								            (commit "first commit" (signer ,fingerprint))
 								            (add "c.txt" "C")
 								            (commit "second commit" (signer ,fingerprint)))
 								        (with-repository directory repository
 								          (let ((commit1 (find-commit repository "first"))
 								                (commit-alt
 								                 (commit-lookup repository
 								                                (reference-target
 								                                 (branch-lookup repository
 								                                                "pre-intro-branch")))))
 								            (guard (c ((formatted-message? c)
 								                       (and (equal? (formatted-message-arguments c)
 								                                    (list (oid->string (commit-id commit-alt))
 								                                          (oid->string (commit-id commit1))))
 								                            'target-commit-not-a-descendant-of-intro)))
 								              (authenticate-repository repository
 								                                       (commit-id commit1)
 								                                       (openpgp-fingerprint fingerprint)
 								                                       #:end (commit-id commit-alt)
 								                                       #:keyring-reference "master"
 								                                       #:cache-key (random-text)))))))))
-												git-authenticate: Add tests.

* guix/tests/git.scm (call-with-environment-variables)
(with-environment-variables): Remove.
* guix/tests/git.scm (populate-git-repository): Add clauses for signed
commits and signed merges.
* guix/tests/gnupg.scm: New file.
* tests/git-authenticate.scm: New file.
* tests/ed25519bis.key, tests/ed25519bis.sec: New files.
* Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'.
(SCM_TESTS): Add 'tests/git-authenticate.scm'.
(EXTRA_DIST): Add tests/ed25519bis.{key,sec}.

											
										
										
											2020-06-01 21:20:06 +00:00
+								(test-end "git-authenticate")