t/t5534-push-signed.sh

   1 #!/bin/sh
   2
   3 test_description='signed push'
   4
   5 . ./test-lib.sh
   6 . "$TEST_DIRECTORY"/lib-gpg.sh
   7
   8 prepare_dst () {
   9         rm -fr dst &&
  10         test_create_repo dst &&
  11
  12         git push dst master:noop master:ff master:noff
  13 }
  14
  15 test_expect_success setup '
  16         # master, ff and noff branches pointing at the same commit
  17         test_tick &&
  18         git commit --allow-empty -m initial &&
  19
  20         git checkout -b noop &&
  21         git checkout -b ff &&
  22         git checkout -b noff &&
  23
  24         # noop stays the same, ff advances, noff rewrites
  25         test_tick &&
  26         git commit --allow-empty --amend -m rewritten &&
  27         git checkout ff &&
  28
  29         test_tick &&
  30         git commit --allow-empty -m second
  31 '
  32
  33 test_expect_success 'unsigned push does not send push certificate' '
  34         prepare_dst &&
  35         mkdir -p dst/.git/hooks &&
  36         write_script dst/.git/hooks/post-receive <<-\EOF &&
  37         # discard the update list
  38         cat >/dev/null
  39         # record the push certificate
  40         if test -n "${GIT_PUSH_CERT-}"
  41         then
  42                 git cat-file blob $GIT_PUSH_CERT >../push-cert
  43         fi
  44         EOF
  45
  46         git push dst noop ff +noff &&
  47         ! test -f dst/push-cert
  48 '
  49
  50 test_expect_success 'talking with a receiver without push certificate support' '
  51         prepare_dst &&
  52         mkdir -p dst/.git/hooks &&
  53         git -C dst config receive.acceptpushcert no &&
  54         write_script dst/.git/hooks/post-receive <<-\EOF &&
  55         # discard the update list
  56         cat >/dev/null
  57         # record the push certificate
  58         if test -n "${GIT_PUSH_CERT-}"
  59         then
  60                 git cat-file blob $GIT_PUSH_CERT >../push-cert
  61         fi
  62         EOF
  63
  64         git push dst noop ff +noff &&
  65         ! test -f dst/push-cert
  66 '
  67
  68 test_expect_success 'push --signed fails with a receiver without push certificate support' '
  69         prepare_dst &&
  70         mkdir -p dst/.git/hooks &&
  71         git -C dst config receive.acceptpushcert no &&
  72         test_must_fail git push --signed dst noop ff +noff 2>err &&
  73         test_i18ngrep "the receiving end does not support" err
  74 '
  75
  76 test_expect_success GPG 'signed push sends push certificate' '
  77         prepare_dst &&
  78         mkdir -p dst/.git/hooks &&
  79         write_script dst/.git/hooks/post-receive <<-\EOF &&
  80         # discard the update list
  81         cat >/dev/null
  82         # record the push certificate
  83         if test -n "${GIT_PUSH_CERT-}"
  84         then
  85                 git cat-file blob $GIT_PUSH_CERT >../push-cert
  86         fi &&
  87
  88         cat >../push-cert-status <<E_O_F
  89         SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
  90         KEY=${GIT_PUSH_CERT_KEY-nokey}
  91         STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
  92         E_O_F
  93
  94         EOF
  95
  96         cat >expect <<-\EOF &&
  97         SIGNER=C O Mitter <committer@example.com>
  98         KEY=13B6F51ECDDE430D
  99         STATUS=G
 100         EOF
 101
 102         git push --signed dst noop ff +noff &&
 103         grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
 104         grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
 105         test_cmp expect dst/push-cert-status
 106 '
 107
 108 test_done