tests/guix-git-authenticate.sh

   1 # GNU Guix --- Functional package management for GNU
   2 # Copyright © 2020, 2022 Ludovic Courtès <ludo@gnu.org>
   3 #
   4 # This file is part of GNU Guix.
   5 #
   6 # GNU Guix is free software; you can redistribute it and/or modify it
   7 # under the terms of the GNU General Public License as published by
   8 # the Free Software Foundation; either version 3 of the License, or (at
   9 # your option) any later version.
  10 #
  11 # GNU Guix is distributed in the hope that it will be useful, but
  12 # WITHOUT ANY WARRANTY; without even the implied warranty of
  13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 # GNU General Public License for more details.
  15 #
  16 # You should have received a copy of the GNU General Public License
  17 # along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
  18
  19 #
  20 # Test the 'guix git authenticate' command-line utility.
  21 #
  22
  23 # Skip if we're not in a Git checkout.
  24 [ -d "$abs_top_srcdir/.git" ] || exit 77
  25
  26 # Skip if there's no 'keyring' branch.
  27 guile -c '(use-modules (git))
  28   (member "refs/heads/keyring" (branch-list (repository-open ".")))' || \
  29     exit 77
  30
  31 # Keep in sync with '%default-channels' in (guix channels)!
  32 intro_commit="9edb3f66fd807b096b48283debdcddccfea34bad"
  33 intro_signer="BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA"
  34
  35 cache_key="test-$$"
  36
  37 # This must fail because the end commit is not a descendant of $intro_commit.
  38 ! guix git authenticate "$intro_commit" "$intro_signer" \
  39      --cache-key="$cache_key" --stats                   \
  40      --end=9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604
  41
  42 # The v1.2.0 commit is a descendant of $intro_commit and it satisfies the
  43 # authorization invariant.
  44 v1_2_0_commit="a099685659b4bfa6b3218f84953cbb7ff9e88063"
  45 guix git authenticate "$intro_commit" "$intro_signer"   \
  46      --cache-key="$cache_key" --stats                   \
  47      --end="$v1_2_0_commit"
  48
  49 rm "$XDG_CACHE_HOME/guix/authentication/$cache_key"
  50
  51 # Commit and signer of the 'v1.0.0' tag.
  52 v1_0_0_commit="6298c3ffd9654d3231a6f25390b056483e8f407c"
  53 v1_0_0_signer="3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5" # civodul
  54 v1_0_1_commit="d68de958b60426798ed62797ff7c96c327a672ac"
  55
  56 # This should succeed because v1.0.0 is an ancestor of $intro_commit.
  57 guix git authenticate "$intro_commit" "$intro_signer"   \
  58      --cache-key="$cache_key" --stats                   \
  59      --end="$v1_0_0_commit"
  60
  61 # This should fail because these commits lack '.guix-authorizations'.
  62 ! guix git authenticate "$v1_0_0_commit" "$v1_0_0_signer" \
  63        --cache-key="$cache_key" --end="$v1_0_1_commit"
  64
  65 # This should work thanks to '--historical-authorizations'.
  66 guix git authenticate "$v1_0_0_commit" "$v1_0_0_signer"         \
  67      --cache-key="$cache_key" --end="$v1_0_1_commit" --stats    \
  68      --historical-authorizations="$abs_top_srcdir/etc/historical-authorizations"