[thirdparty/git.git] / t / t5534-push-signed.sh

#!/bin/sh

test_description='signed push'

. ./test-lib.sh
. "$TEST_DIRECTORY"/lib-gpg.sh

prepare_dst () {
	rm -fr dst &&
	test_create_repo dst &&

	git push dst master:noop master:ff master:noff
}

test_expect_success setup '
	# master, ff and noff branches pointing at the same commit
	test_tick &&
	git commit --allow-empty -m initial &&

	git checkout -b noop &&
	git checkout -b ff &&
	git checkout -b noff &&

	# noop stays the same, ff advances, noff rewrites
	test_tick &&
	git commit --allow-empty --amend -m rewritten &&
	git checkout ff &&

	test_tick &&
	git commit --allow-empty -m second
'

test_expect_success 'unsigned push does not send push certificate' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	write_script dst/.git/hooks/post-receive <<-\EOF &&
	# discard the update list
	cat >/dev/null
	# record the push certificate
	if test -n "${GIT_PUSH_CERT-}"
	then
		git cat-file blob $GIT_PUSH_CERT >../push-cert
	fi
	EOF

	git push dst noop ff +noff &&
	! test -f dst/push-cert
'

test_expect_success 'talking with a receiver without push certificate support' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	write_script dst/.git/hooks/post-receive <<-\EOF &&
	# discard the update list
	cat >/dev/null
	# record the push certificate
	if test -n "${GIT_PUSH_CERT-}"
	then
		git cat-file blob $GIT_PUSH_CERT >../push-cert
	fi
	EOF

	git push dst noop ff +noff &&
	! test -f dst/push-cert
'

test_expect_success 'push --signed fails with a receiver without push certificate support' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	test_must_fail git push --signed dst noop ff +noff 2>err &&
	test_i18ngrep "the receiving end does not support" err
'

test_expect_success GPG 'no certificate for a signed push with no update' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	write_script dst/.git/hooks/post-receive <<-\EOF &&
	if test -n "${GIT_PUSH_CERT-}"
	then
		git cat-file blob $GIT_PUSH_CERT >../push-cert
	fi
	EOF
	git push dst noop &&
	! test -f dst/push-cert
'

test_expect_success GPG 'signed push sends push certificate' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	git -C dst config receive.certnonceseed sekrit &&
	write_script dst/.git/hooks/post-receive <<-\EOF &&
	# discard the update list
	cat >/dev/null
	# record the push certificate
	if test -n "${GIT_PUSH_CERT-}"
	then
		git cat-file blob $GIT_PUSH_CERT >../push-cert
	fi &&

	cat >../push-cert-status <<E_O_F
	SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
	KEY=${GIT_PUSH_CERT_KEY-nokey}
	STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
	NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
	NONCE=${GIT_PUSH_CERT_NONCE-nononce}
	E_O_F

	EOF

	git push --signed dst noop ff +noff &&

	(
		cat <<-\EOF &&
		SIGNER=C O Mitter <committer@example.com>
		KEY=13B6F51ECDDE430D
		STATUS=G
		NONCE_STATUS=OK
		EOF
		sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
	) >expect &&

	noop=$(git rev-parse noop) &&
	ff=$(git rev-parse ff) &&
	noff=$(git rev-parse noff) &&
	grep "$noop $ff refs/heads/ff" dst/push-cert &&
	grep "$noop $noff refs/heads/noff" dst/push-cert &&
	test_cmp expect dst/push-cert-status
'

test_expect_success GPG 'inconsistent push options in signed push not allowed' '
	# First, invoke receive-pack with dummy input to obtain its preamble.
	prepare_dst &&
	git -C dst config receive.certnonceseed sekrit &&
	git -C dst config receive.advertisepushoptions 1 &&
	printf xxxx | test_might_fail git receive-pack dst >preamble &&

	# Then, invoke push. Simulate a receive-pack that sends the preamble we
	# obtained, followed by a dummy packet.
	write_script myscript <<-\EOF &&
		cat preamble &&
		printf xxxx &&
		cat >push
	EOF
	test_might_fail git push --push-option="foo" --push-option="bar" \
		--receive-pack="\"$(pwd)/myscript\"" --signed dst --delete ff &&

	# Replay the push output on a fresh dst, checking that ff is truly
	# deleted.
	prepare_dst &&
	git -C dst config receive.certnonceseed sekrit &&
	git -C dst config receive.advertisepushoptions 1 &&
	git receive-pack dst <push &&
	test_must_fail git -C dst rev-parse ff &&

	# Tweak the push output to make the push option outside the cert
	# different, then replay it on a fresh dst, checking that ff is not
	# deleted.
	perl -pe "s/([^ ])bar/\$1baz/" push >push.tweak &&
	prepare_dst &&
	git -C dst config receive.certnonceseed sekrit &&
	git -C dst config receive.advertisepushoptions 1 &&
	git receive-pack dst <push.tweak >out &&
	git -C dst rev-parse ff &&
	grep "inconsistent push options" out
'

test_expect_success GPG 'fail without key and heed user.signingkey' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	git -C dst config receive.certnonceseed sekrit &&
	write_script dst/.git/hooks/post-receive <<-\EOF &&
	# discard the update list
	cat >/dev/null
	# record the push certificate
	if test -n "${GIT_PUSH_CERT-}"
	then
		git cat-file blob $GIT_PUSH_CERT >../push-cert
	fi &&

	cat >../push-cert-status <<E_O_F
	SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
	KEY=${GIT_PUSH_CERT_KEY-nokey}
	STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
	NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
	NONCE=${GIT_PUSH_CERT_NONCE-nononce}
	E_O_F

	EOF

	unset GIT_COMMITTER_EMAIL &&
	git config user.email hasnokey@nowhere.com &&
	test_must_fail git push --signed dst noop ff +noff &&
	git config user.signingkey committer@example.com &&
	git push --signed dst noop ff +noff &&

	(
		cat <<-\EOF &&
		SIGNER=C O Mitter <committer@example.com>
		KEY=13B6F51ECDDE430D
		STATUS=G
		NONCE_STATUS=OK
		EOF
		sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
	) >expect &&

	noop=$(git rev-parse noop) &&
	ff=$(git rev-parse ff) &&
	noff=$(git rev-parse noff) &&
	grep "$noop $ff refs/heads/ff" dst/push-cert &&
	grep "$noop $noff refs/heads/noff" dst/push-cert &&
	test_cmp expect dst/push-cert-status
'

test_done
Commit	Line	Data
a85b377d JH	1	#!/bin/sh
	2
	3	test_description='signed push'
	4
	5	. ./test-lib.sh
	6	. "$TEST_DIRECTORY"/lib-gpg.sh
	7
	8	prepare_dst () {
	9	rm -fr dst &&
	10	test_create_repo dst &&
	11
	12	git push dst master:noop master:ff master:noff
	13	}
	14
	15	test_expect_success setup '
	16	# master, ff and noff branches pointing at the same commit
	17	test_tick &&
	18	git commit --allow-empty -m initial &&
	19
	20	git checkout -b noop &&
	21	git checkout -b ff &&
	22	git checkout -b noff &&
	23
	24	# noop stays the same, ff advances, noff rewrites
	25	test_tick &&
	26	git commit --allow-empty --amend -m rewritten &&
	27	git checkout ff &&
	28
	29	test_tick &&
	30	git commit --allow-empty -m second
	31	'
	32
	33	test_expect_success 'unsigned push does not send push certificate' '
	34	prepare_dst &&
	35	mkdir -p dst/.git/hooks &&
	36	write_script dst/.git/hooks/post-receive <<-\EOF &&
	37	# discard the update list
	38	cat >/dev/null
	39	# record the push certificate
	40	if test -n "${GIT_PUSH_CERT-}"
	41	then
	42	git cat-file blob $GIT_PUSH_CERT >../push-cert
	43	fi
	44	EOF
	45
	46	git push dst noop ff +noff &&
	47	! test -f dst/push-cert
	48	'
	49
	50	test_expect_success 'talking with a receiver without push certificate support' '
	51	prepare_dst &&
	52	mkdir -p dst/.git/hooks &&
a85b377d JH	53	write_script dst/.git/hooks/post-receive <<-\EOF &&
	54	# discard the update list
	55	cat >/dev/null
	56	# record the push certificate
	57	if test -n "${GIT_PUSH_CERT-}"
	58	then
	59	git cat-file blob $GIT_PUSH_CERT >../push-cert
	60	fi
	61	EOF
	62
	63	git push dst noop ff +noff &&
	64	! test -f dst/push-cert
	65	'
	66
	67	test_expect_success 'push --signed fails with a receiver without push certificate support' '
	68	prepare_dst &&
	69	mkdir -p dst/.git/hooks &&
a85b377d JH	70	test_must_fail git push --signed dst noop ff +noff 2>err &&
	71	test_i18ngrep "the receiving end does not support" err
	72	'
	73
20a7558f JH	74	test_expect_success GPG 'no certificate for a signed push with no update' '
	75	prepare_dst &&
	76	mkdir -p dst/.git/hooks &&
	77	write_script dst/.git/hooks/post-receive <<-\EOF &&
	78	if test -n "${GIT_PUSH_CERT-}"
	79	then
	80	git cat-file blob $GIT_PUSH_CERT >../push-cert
	81	fi
	82	EOF
	83	git push dst noop &&
	84	! test -f dst/push-cert
	85	'
	86
a85b377d JH	87	test_expect_success GPG 'signed push sends push certificate' '
	88	prepare_dst &&
	89	mkdir -p dst/.git/hooks &&
b89363e4	90	git -C dst config receive.certnonceseed sekrit &&
a85b377d JH	91	write_script dst/.git/hooks/post-receive <<-\EOF &&
	92	# discard the update list
	93	cat >/dev/null
	94	# record the push certificate
	95	if test -n "${GIT_PUSH_CERT-}"
	96	then
	97	git cat-file blob $GIT_PUSH_CERT >../push-cert
d05b9618 JH	98	fi &&
	99
	100	cat >../push-cert-status <<E_O_F
	101	SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
	102	KEY=${GIT_PUSH_CERT_KEY-nokey}
	103	STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
b89363e4 JH	104	NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
b89363e4 JH	105	NONCE=${GIT_PUSH_CERT_NONCE-nononce}
d05b9618 JH	106	E_O_F
	107
	108	EOF
	109
a85b377d	110	git push --signed dst noop ff +noff &&
b89363e4 JH	111
	112	(
	113	cat <<-\EOF &&
	114	SIGNER=C O Mitter <committer@example.com>
	115	KEY=13B6F51ECDDE430D
	116	STATUS=G
	117	NONCE_STATUS=OK
	118	EOF
	119	sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
	120	) >expect &&
	121
8722947e JS	122	noop=$(git rev-parse noop) &&
	123	ff=$(git rev-parse ff) &&
	124	noff=$(git rev-parse noff) &&
	125	grep "$noop $ff refs/heads/ff" dst/push-cert &&
	126	grep "$noop $noff refs/heads/noff" dst/push-cert &&
d05b9618	127	test_cmp expect dst/push-cert-status
a85b377d JH	128	'
a85b377d JH	129
cbaf82cc JT	130	test_expect_success GPG 'inconsistent push options in signed push not allowed' '
	131	# First, invoke receive-pack with dummy input to obtain its preamble.
	132	prepare_dst &&
	133	git -C dst config receive.certnonceseed sekrit &&
	134	git -C dst config receive.advertisepushoptions 1 &&
	135	printf xxxx \| test_might_fail git receive-pack dst >preamble &&
	136
	137	# Then, invoke push. Simulate a receive-pack that sends the preamble we
	138	# obtained, followed by a dummy packet.
	139	write_script myscript <<-\EOF &&
	140	cat preamble &&
	141	printf xxxx &&
	142	cat >push
	143	EOF
	144	test_might_fail git push --push-option="foo" --push-option="bar" \
	145	--receive-pack="\"$(pwd)/myscript\"" --signed dst --delete ff &&
	146
	147	# Replay the push output on a fresh dst, checking that ff is truly
	148	# deleted.
	149	prepare_dst &&
	150	git -C dst config receive.certnonceseed sekrit &&
	151	git -C dst config receive.advertisepushoptions 1 &&
	152	git receive-pack dst <push &&
	153	test_must_fail git -C dst rev-parse ff &&
	154
	155	# Tweak the push output to make the push option outside the cert
	156	# different, then replay it on a fresh dst, checking that ff is not
	157	# deleted.
	158	perl -pe "s/([^ ])bar/\$1baz/" push >push.tweak &&
	159	prepare_dst &&
	160	git -C dst config receive.certnonceseed sekrit &&
	161	git -C dst config receive.advertisepushoptions 1 &&
	162	git receive-pack dst <push.tweak >out &&
	163	git -C dst rev-parse ff &&
	164	grep "inconsistent push options" out
	165	'
	166
b9459019 MG	167	test_expect_success GPG 'fail without key and heed user.signingkey' '
	168	prepare_dst &&
	169	mkdir -p dst/.git/hooks &&
	170	git -C dst config receive.certnonceseed sekrit &&
	171	write_script dst/.git/hooks/post-receive <<-\EOF &&
	172	# discard the update list
	173	cat >/dev/null
	174	# record the push certificate
	175	if test -n "${GIT_PUSH_CERT-}"
	176	then
	177	git cat-file blob $GIT_PUSH_CERT >../push-cert
	178	fi &&
	179
	180	cat >../push-cert-status <<E_O_F
	181	SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
	182	KEY=${GIT_PUSH_CERT_KEY-nokey}
	183	STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
	184	NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
	185	NONCE=${GIT_PUSH_CERT_NONCE-nononce}
	186	E_O_F
	187
	188	EOF
	189
	190	unset GIT_COMMITTER_EMAIL &&
	191	git config user.email hasnokey@nowhere.com &&
	192	test_must_fail git push --signed dst noop ff +noff &&
	193	git config user.signingkey committer@example.com &&
	194	git push --signed dst noop ff +noff &&
	195
	196	(
	197	cat <<-\EOF &&
	198	SIGNER=C O Mitter <committer@example.com>
	199	KEY=13B6F51ECDDE430D
	200	STATUS=G
	201	NONCE_STATUS=OK
	202	EOF
	203	sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
	204	) >expect &&
	205
8722947e JS	206	noop=$(git rev-parse noop) &&
	207	ff=$(git rev-parse ff) &&
	208	noff=$(git rev-parse noff) &&
	209	grep "$noop $ff refs/heads/ff" dst/push-cert &&
	210	grep "$noop $noff refs/heads/noff" dst/push-cert &&
b9459019 MG	211	test_cmp expect dst/push-cert-status
	212	'
	213
a85b377d	214	test_done