t/t5534-push-signed.sh

   1 #!/bin/sh
   2
   3 test_description='signed push'
   4
   5 . ./test-lib.sh
   6 . "$TEST_DIRECTORY"/lib-gpg.sh
   7
   8 prepare_dst () {
   9         rm -fr dst &&
  10         test_create_repo dst &&
  11
  12         git push dst master:noop master:ff master:noff
  13 }
  14
  15 test_expect_success setup '
  16         # master, ff and noff branches pointing at the same commit
  17         test_tick &&
  18         git commit --allow-empty -m initial &&
  19
  20         git checkout -b noop &&
  21         git checkout -b ff &&
  22         git checkout -b noff &&
  23
  24         # noop stays the same, ff advances, noff rewrites
  25         test_tick &&
  26         git commit --allow-empty --amend -m rewritten &&
  27         git checkout ff &&
  28
  29         test_tick &&
  30         git commit --allow-empty -m second
  31 '
  32
  33 test_expect_success 'unsigned push does not send push certificate' '
  34         prepare_dst &&
  35         mkdir -p dst/.git/hooks &&
  36         write_script dst/.git/hooks/post-receive <<-\EOF &&
  37         if test -n "${GIT_PUSH_CERT-}"
  38         then
  39                 git cat-file blob $GIT_PUSH_CERT >../push-cert
  40         fi
  41         EOF
  42
  43         git push dst noop ff +noff &&
  44         test -f dst/push-cert &&
  45         ! test -s dst/push-cert
  46 '
  47
  48 test_expect_success GPG 'signed push sends push certificate' '
  49         prepare_dst &&
  50         mkdir -p dst/.git/hooks &&
  51         write_script dst/.git/hooks/post-receive <<-\EOF &&
  52         if test -n "${GIT_PUSH_CERT-}"
  53         then
  54                 git cat-file blob $GIT_PUSH_CERT >../push-cert
  55         fi &&
  56
  57         cat >../push-cert-status <<E_O_F
  58         SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
  59         KEY=${GIT_PUSH_CERT_KEY-nokey}
  60         STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
  61         NONCE=${GIT_PUSH_CERT_NONCE-nononce}
  62         E_O_F
  63
  64         EOF
  65
  66         git push --signed dst noop ff +noff &&
  67
  68         (
  69                 cat <<-\EOF &&
  70                 SIGNER=C O Mitter <committer@example.com>
  71                 KEY=13B6F51ECDDE430D
  72                 STATUS=G
  73                 EOF
  74                 sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
  75         ) >expect &&
  76
  77         grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
  78         grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
  79         test_cmp expect dst/push-cert-status
  80 '
  81
  82 test_done