-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fetchGit: add commit signature verification tests
This adds simple tests of the commit signature verification mechanism of fetchGit. OpenSSH is added to the build dependencies since it's needed to create a key when testing the functionality. It is neither a built- nor a runtime dependency.
- Loading branch information
1 parent
60507f6
commit a26e77d
Showing
3 changed files
with
40 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| source common.sh | ||
|
|
||
| requireGit | ||
| [[ $(type -p ssh-keygen) ]] || skipTest "ssh-keygen not installed" # require ssh-keygen as well | ||
|
|
||
| clearStore | ||
|
|
||
| repo="$TEST_ROOT/git" | ||
|
|
||
| # generate signing keys | ||
| keysDir=$TEST_ROOT/.ssh | ||
| mkdir -p "$keysDir" | ||
| ssh-keygen -f "$keysDir/testkey1" -t ed25519 -P "" -C "test key 1" | ||
| key1File="$keysDir/testkey1.pub" | ||
| publicKey1=$(awk '{print $2}' "$key1File") | ||
| ssh-keygen -f "$keysDir/testkey2" -t rsa -P "" -C "test key 2" | ||
| key2File="$keysDir/testkey2.pub" | ||
| publicKey2=$(awk '{print $2}' "$key2File") | ||
|
|
||
| git init $repo | ||
| git -C $repo config user.email "foobar@example.com" | ||
| git -C $repo config user.name "Foobar" | ||
| git -C $repo config gpg.format ssh | ||
|
|
||
| echo 'hello' > $repo/text | ||
| git -C $repo add text | ||
| git -C $repo -c "user.signingkey=$key1File" commit -S -m 'initial commit' | ||
|
|
||
| out=$(nix eval --impure --raw --expr "builtins.fetchGit { url = \"file://$repo\"; keytype = \"ssh-rsa\"; publicKey = \"$publicKey2\"; }" 2>&1) || status=$? | ||
| [[ $status == 1 ]] | ||
| [[ $out =~ 'No principal matched.' ]] | ||
| [[ $(nix eval --impure --raw --expr "builtins.readFile (builtins.fetchGit { url = \"file://$repo\"; publicKey = \"$publicKey1\"; } + \"/text\")") = 'hello' ]] | ||
|
|
||
| echo 'hello world' > $repo/text | ||
| git -C $repo add text | ||
| git -C $repo -c "user.signingkey=$key2File" commit -S -m 'second commit' | ||
|
|
||
| [[ $(nix eval --impure --raw --expr "builtins.readFile (builtins.fetchGit { url = \"file://$repo\"; publicKeys = [{key = \"$publicKey1\";} {type = \"ssh-rsa\"; key = \"$publicKey2\";}]; } + \"/text\")") = 'hello world' ]] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters