t/t5534-push-signed.sh

   1 #!/bin/sh
   2
   3 test_description='signed push'
   4
   5 . ./test-lib.sh
   6 . "$TEST_DIRECTORY"/lib-gpg.sh
   7
   8 prepare_dst () {
   9         rm -fr dst &&
  10         test_create_repo dst &&
  11
  12         git push dst master:noop master:ff master:noff
  13 }
  14
  15 test_expect_success setup '
  16         # master, ff and noff branches pointing at the same commit
  17         test_tick &&
  18         git commit --allow-empty -m initial &&
  19
  20         git checkout -b noop &&
  21         git checkout -b ff &&
  22         git checkout -b noff &&
  23
  24         # noop stays the same, ff advances, noff rewrites
  25         test_tick &&
  26         git commit --allow-empty --amend -m rewritten &&
  27         git checkout ff &&
  28
  29         test_tick &&
  30         git commit --allow-empty -m second
  31 '
  32
  33 test_expect_success 'unsigned push does not send push certificate' '
  34         prepare_dst &&
  35         mkdir -p dst/.git/hooks &&
  36         write_script dst/.git/hooks/post-receive <<-\EOF &&
  37         # discard the update list
  38         cat >/dev/null
  39         # record the push certificate
  40         if test -n "${GIT_PUSH_CERT-}"
  41         then
  42                 git cat-file blob $GIT_PUSH_CERT >../push-cert
  43         fi
  44         EOF
  45
  46         git push dst noop ff +noff &&
  47         ! test -f dst/push-cert
  48 '
  49
  50 test_expect_success 'talking with a receiver without push certificate support' '
  51         prepare_dst &&
  52         mkdir -p dst/.git/hooks &&
  53         git -C dst config receive.acceptpushcert no &&
  54         write_script dst/.git/hooks/post-receive <<-\EOF &&
  55         # discard the update list
  56         cat >/dev/null
  57         # record the push certificate
  58         if test -n "${GIT_PUSH_CERT-}"
  59         then
  60                 git cat-file blob $GIT_PUSH_CERT >../push-cert
  61         fi
  62         EOF
  63
  64         git push dst noop ff +noff &&
  65         ! test -f dst/push-cert
  66 '
  67
  68 test_expect_success 'push --signed fails with a receiver without push certificate support' '
  69         prepare_dst &&
  70         mkdir -p dst/.git/hooks &&
  71         git -C dst config receive.acceptpushcert no &&
  72         test_must_fail git push --signed dst noop ff +noff 2>err &&
  73         test_i18ngrep "the receiving end does not support" err
  74 '
  75
  76 test_expect_success GPG 'no certificate for a signed push with no update' '
  77         prepare_dst &&
  78         mkdir -p dst/.git/hooks &&
  79         write_script dst/.git/hooks/post-receive <<-\EOF &&
  80         if test -n "${GIT_PUSH_CERT-}"
  81         then
  82                 git cat-file blob $GIT_PUSH_CERT >../push-cert
  83         fi
  84         EOF
  85         git push dst noop &&
  86         ! test -f dst/push-cert
  87 '
  88
  89 test_expect_success GPG 'signed push sends push certificate' '
  90         prepare_dst &&
  91         mkdir -p dst/.git/hooks &&
  92         write_script dst/.git/hooks/post-receive <<-\EOF &&
  93         # discard the update list
  94         cat >/dev/null
  95         # record the push certificate
  96         if test -n "${GIT_PUSH_CERT-}"
  97         then
  98                 git cat-file blob $GIT_PUSH_CERT >../push-cert
  99         fi &&
 100
 101         cat >../push-cert-status <<E_O_F
 102         SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
 103         KEY=${GIT_PUSH_CERT_KEY-nokey}
 104         STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
 105         E_O_F
 106
 107         EOF
 108
 109         cat >expect <<-\EOF &&
 110         SIGNER=C O Mitter <committer@example.com>
 111         KEY=13B6F51ECDDE430D
 112         STATUS=G
 113         EOF
 114
 115         git push --signed dst noop ff +noff &&
 116         grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
 117         grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
 118         test_cmp expect dst/push-cert-status
 119 '
 120
 121 test_done