]>
Commit | Line | Data |
---|---|---|
a85b377d JH |
1 | #!/bin/sh |
2 | ||
3 | test_description='signed push' | |
4 | ||
5 | . ./test-lib.sh | |
6 | . "$TEST_DIRECTORY"/lib-gpg.sh | |
7 | ||
8 | prepare_dst () { | |
9 | rm -fr dst && | |
10 | test_create_repo dst && | |
11 | ||
12 | git push dst master:noop master:ff master:noff | |
13 | } | |
14 | ||
15 | test_expect_success setup ' | |
16 | # master, ff and noff branches pointing at the same commit | |
17 | test_tick && | |
18 | git commit --allow-empty -m initial && | |
19 | ||
20 | git checkout -b noop && | |
21 | git checkout -b ff && | |
22 | git checkout -b noff && | |
23 | ||
24 | # noop stays the same, ff advances, noff rewrites | |
25 | test_tick && | |
26 | git commit --allow-empty --amend -m rewritten && | |
27 | git checkout ff && | |
28 | ||
29 | test_tick && | |
30 | git commit --allow-empty -m second | |
31 | ' | |
32 | ||
33 | test_expect_success 'unsigned push does not send push certificate' ' | |
34 | prepare_dst && | |
35 | mkdir -p dst/.git/hooks && | |
36 | write_script dst/.git/hooks/post-receive <<-\EOF && | |
37 | # discard the update list | |
38 | cat >/dev/null | |
39 | # record the push certificate | |
40 | if test -n "${GIT_PUSH_CERT-}" | |
41 | then | |
42 | git cat-file blob $GIT_PUSH_CERT >../push-cert | |
43 | fi | |
44 | EOF | |
45 | ||
46 | git push dst noop ff +noff && | |
47 | ! test -f dst/push-cert | |
48 | ' | |
49 | ||
50 | test_expect_success 'talking with a receiver without push certificate support' ' | |
51 | prepare_dst && | |
52 | mkdir -p dst/.git/hooks && | |
a85b377d JH |
53 | write_script dst/.git/hooks/post-receive <<-\EOF && |
54 | # discard the update list | |
55 | cat >/dev/null | |
56 | # record the push certificate | |
57 | if test -n "${GIT_PUSH_CERT-}" | |
58 | then | |
59 | git cat-file blob $GIT_PUSH_CERT >../push-cert | |
60 | fi | |
61 | EOF | |
62 | ||
63 | git push dst noop ff +noff && | |
64 | ! test -f dst/push-cert | |
65 | ' | |
66 | ||
67 | test_expect_success 'push --signed fails with a receiver without push certificate support' ' | |
68 | prepare_dst && | |
69 | mkdir -p dst/.git/hooks && | |
a85b377d JH |
70 | test_must_fail git push --signed dst noop ff +noff 2>err && |
71 | test_i18ngrep "the receiving end does not support" err | |
72 | ' | |
73 | ||
20a7558f JH |
74 | test_expect_success GPG 'no certificate for a signed push with no update' ' |
75 | prepare_dst && | |
76 | mkdir -p dst/.git/hooks && | |
77 | write_script dst/.git/hooks/post-receive <<-\EOF && | |
78 | if test -n "${GIT_PUSH_CERT-}" | |
79 | then | |
80 | git cat-file blob $GIT_PUSH_CERT >../push-cert | |
81 | fi | |
82 | EOF | |
83 | git push dst noop && | |
84 | ! test -f dst/push-cert | |
85 | ' | |
86 | ||
a85b377d JH |
87 | test_expect_success GPG 'signed push sends push certificate' ' |
88 | prepare_dst && | |
89 | mkdir -p dst/.git/hooks && | |
b89363e4 | 90 | git -C dst config receive.certnonceseed sekrit && |
a85b377d JH |
91 | write_script dst/.git/hooks/post-receive <<-\EOF && |
92 | # discard the update list | |
93 | cat >/dev/null | |
94 | # record the push certificate | |
95 | if test -n "${GIT_PUSH_CERT-}" | |
96 | then | |
97 | git cat-file blob $GIT_PUSH_CERT >../push-cert | |
d05b9618 JH |
98 | fi && |
99 | ||
100 | cat >../push-cert-status <<E_O_F | |
101 | SIGNER=${GIT_PUSH_CERT_SIGNER-nobody} | |
102 | KEY=${GIT_PUSH_CERT_KEY-nokey} | |
103 | STATUS=${GIT_PUSH_CERT_STATUS-nostatus} | |
b89363e4 JH |
104 | NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus} |
105 | NONCE=${GIT_PUSH_CERT_NONCE-nononce} | |
d05b9618 JH |
106 | E_O_F |
107 | ||
108 | EOF | |
109 | ||
a85b377d | 110 | git push --signed dst noop ff +noff && |
b89363e4 JH |
111 | |
112 | ( | |
113 | cat <<-\EOF && | |
114 | SIGNER=C O Mitter <committer@example.com> | |
115 | KEY=13B6F51ECDDE430D | |
116 | STATUS=G | |
117 | NONCE_STATUS=OK | |
118 | EOF | |
119 | sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert | |
120 | ) >expect && | |
121 | ||
a85b377d | 122 | grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert && |
d05b9618 JH |
123 | grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert && |
124 | test_cmp expect dst/push-cert-status | |
a85b377d JH |
125 | ' |
126 | ||
127 | test_done |