[thirdparty/git.git] / t / t5534-push-signed.sh

#!/bin/sh

test_description='signed push'

. ./test-lib.sh
. "$TEST_DIRECTORY"/lib-gpg.sh

prepare_dst () {
	rm -fr dst &&
	test_create_repo dst &&

	git push dst master:noop master:ff master:noff
}

test_expect_success setup '
	# master, ff and noff branches pointing at the same commit
	test_tick &&
	git commit --allow-empty -m initial &&

	git checkout -b noop &&
	git checkout -b ff &&
	git checkout -b noff &&

	# noop stays the same, ff advances, noff rewrites
	test_tick &&
	git commit --allow-empty --amend -m rewritten &&
	git checkout ff &&

	test_tick &&
	git commit --allow-empty -m second
'

test_expect_success 'unsigned push does not send push certificate' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	write_script dst/.git/hooks/post-receive <<-\EOF &&
	# discard the update list
	cat >/dev/null
	# record the push certificate
	if test -n "${GIT_PUSH_CERT-}"
	then
		git cat-file blob $GIT_PUSH_CERT >../push-cert
	fi
	EOF

	git push dst noop ff +noff &&
	! test -f dst/push-cert
'

test_expect_success 'talking with a receiver without push certificate support' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	write_script dst/.git/hooks/post-receive <<-\EOF &&
	# discard the update list
	cat >/dev/null
	# record the push certificate
	if test -n "${GIT_PUSH_CERT-}"
	then
		git cat-file blob $GIT_PUSH_CERT >../push-cert
	fi
	EOF

	git push dst noop ff +noff &&
	! test -f dst/push-cert
'

test_expect_success 'push --signed fails with a receiver without push certificate support' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	test_must_fail git push --signed dst noop ff +noff 2>err &&
	test_i18ngrep "the receiving end does not support" err
'

test_expect_success GPG 'no certificate for a signed push with no update' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	write_script dst/.git/hooks/post-receive <<-\EOF &&
	if test -n "${GIT_PUSH_CERT-}"
	then
		git cat-file blob $GIT_PUSH_CERT >../push-cert
	fi
	EOF
	git push dst noop &&
	! test -f dst/push-cert
'

test_expect_success GPG 'signed push sends push certificate' '
	prepare_dst &&
	mkdir -p dst/.git/hooks &&
	git -C dst config receive.certnonceseed sekrit &&
	write_script dst/.git/hooks/post-receive <<-\EOF &&
	# discard the update list
	cat >/dev/null
	# record the push certificate
	if test -n "${GIT_PUSH_CERT-}"
	then
		git cat-file blob $GIT_PUSH_CERT >../push-cert
	fi &&

	cat >../push-cert-status <<E_O_F
	SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
	KEY=${GIT_PUSH_CERT_KEY-nokey}
	STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
	NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
	NONCE=${GIT_PUSH_CERT_NONCE-nononce}
	E_O_F

	EOF

	git push --signed dst noop ff +noff &&

	(
		cat <<-\EOF &&
		SIGNER=C O Mitter <committer@example.com>
		KEY=13B6F51ECDDE430D
		STATUS=G
		NONCE_STATUS=OK
		EOF
		sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
	) >expect &&

	grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
	grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
	test_cmp expect dst/push-cert-status
'

test_done
Commit	Line	Data
a85b377d JH	1	#!/bin/sh
	2
	3	test_description='signed push'
	4
	5	. ./test-lib.sh
	6	. "$TEST_DIRECTORY"/lib-gpg.sh
	7
	8	prepare_dst () {
	9	rm -fr dst &&
	10	test_create_repo dst &&
	11
	12	git push dst master:noop master:ff master:noff
	13	}
	14
	15	test_expect_success setup '
	16	# master, ff and noff branches pointing at the same commit
	17	test_tick &&
	18	git commit --allow-empty -m initial &&
	19
	20	git checkout -b noop &&
	21	git checkout -b ff &&
	22	git checkout -b noff &&
	23
	24	# noop stays the same, ff advances, noff rewrites
	25	test_tick &&
	26	git commit --allow-empty --amend -m rewritten &&
	27	git checkout ff &&
	28
	29	test_tick &&
	30	git commit --allow-empty -m second
	31	'
	32
	33	test_expect_success 'unsigned push does not send push certificate' '
	34	prepare_dst &&
	35	mkdir -p dst/.git/hooks &&
	36	write_script dst/.git/hooks/post-receive <<-\EOF &&
	37	# discard the update list
	38	cat >/dev/null
	39	# record the push certificate
	40	if test -n "${GIT_PUSH_CERT-}"
	41	then
	42	git cat-file blob $GIT_PUSH_CERT >../push-cert
	43	fi
	44	EOF
	45
	46	git push dst noop ff +noff &&
	47	! test -f dst/push-cert
	48	'
	49
	50	test_expect_success 'talking with a receiver without push certificate support' '
	51	prepare_dst &&
	52	mkdir -p dst/.git/hooks &&
a85b377d JH	53	write_script dst/.git/hooks/post-receive <<-\EOF &&
	54	# discard the update list
	55	cat >/dev/null
	56	# record the push certificate
	57	if test -n "${GIT_PUSH_CERT-}"
	58	then
	59	git cat-file blob $GIT_PUSH_CERT >../push-cert
	60	fi
	61	EOF
	62
	63	git push dst noop ff +noff &&
	64	! test -f dst/push-cert
	65	'
	66
	67	test_expect_success 'push --signed fails with a receiver without push certificate support' '
	68	prepare_dst &&
	69	mkdir -p dst/.git/hooks &&
a85b377d JH	70	test_must_fail git push --signed dst noop ff +noff 2>err &&
	71	test_i18ngrep "the receiving end does not support" err
	72	'
	73
20a7558f JH	74	test_expect_success GPG 'no certificate for a signed push with no update' '
	75	prepare_dst &&
	76	mkdir -p dst/.git/hooks &&
	77	write_script dst/.git/hooks/post-receive <<-\EOF &&
	78	if test -n "${GIT_PUSH_CERT-}"
	79	then
	80	git cat-file blob $GIT_PUSH_CERT >../push-cert
	81	fi
	82	EOF
	83	git push dst noop &&
	84	! test -f dst/push-cert
	85	'
	86
a85b377d JH	87	test_expect_success GPG 'signed push sends push certificate' '
	88	prepare_dst &&
	89	mkdir -p dst/.git/hooks &&
b89363e4	90	git -C dst config receive.certnonceseed sekrit &&
a85b377d JH	91	write_script dst/.git/hooks/post-receive <<-\EOF &&
	92	# discard the update list
	93	cat >/dev/null
	94	# record the push certificate
	95	if test -n "${GIT_PUSH_CERT-}"
	96	then
	97	git cat-file blob $GIT_PUSH_CERT >../push-cert
d05b9618 JH	98	fi &&
	99
	100	cat >../push-cert-status <<E_O_F
	101	SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
	102	KEY=${GIT_PUSH_CERT_KEY-nokey}
	103	STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
b89363e4 JH	104	NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
b89363e4 JH	105	NONCE=${GIT_PUSH_CERT_NONCE-nononce}
d05b9618 JH	106	E_O_F
	107
	108	EOF
	109
a85b377d	110	git push --signed dst noop ff +noff &&
b89363e4 JH	111
	112	(
	113	cat <<-\EOF &&
	114	SIGNER=C O Mitter <committer@example.com>
	115	KEY=13B6F51ECDDE430D
	116	STATUS=G
	117	NONCE_STATUS=OK
	118	EOF
	119	sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
	120	) >expect &&
	121
a85b377d	122	grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
d05b9618 JH	123	grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
d05b9618 JH	124	test_cmp expect dst/push-cert-status
a85b377d JH	125	'
	126
	127	test_done