sequencer: make sequencer abort safer
[git] / t / t5534-push-signed.sh
1 #!/bin/sh
2
3 test_description='signed push'
4
5 . ./test-lib.sh
6 . "$TEST_DIRECTORY"/lib-gpg.sh
7
8 prepare_dst () {
9         rm -fr dst &&
10         test_create_repo dst &&
11
12         git push dst master:noop master:ff master:noff
13 }
14
15 test_expect_success setup '
16         # master, ff and noff branches pointing at the same commit
17         test_tick &&
18         git commit --allow-empty -m initial &&
19
20         git checkout -b noop &&
21         git checkout -b ff &&
22         git checkout -b noff &&
23
24         # noop stays the same, ff advances, noff rewrites
25         test_tick &&
26         git commit --allow-empty --amend -m rewritten &&
27         git checkout ff &&
28
29         test_tick &&
30         git commit --allow-empty -m second
31 '
32
33 test_expect_success 'unsigned push does not send push certificate' '
34         prepare_dst &&
35         mkdir -p dst/.git/hooks &&
36         write_script dst/.git/hooks/post-receive <<-\EOF &&
37         # discard the update list
38         cat >/dev/null
39         # record the push certificate
40         if test -n "${GIT_PUSH_CERT-}"
41         then
42                 git cat-file blob $GIT_PUSH_CERT >../push-cert
43         fi
44         EOF
45
46         git push dst noop ff +noff &&
47         ! test -f dst/push-cert
48 '
49
50 test_expect_success 'talking with a receiver without push certificate support' '
51         prepare_dst &&
52         mkdir -p dst/.git/hooks &&
53         write_script dst/.git/hooks/post-receive <<-\EOF &&
54         # discard the update list
55         cat >/dev/null
56         # record the push certificate
57         if test -n "${GIT_PUSH_CERT-}"
58         then
59                 git cat-file blob $GIT_PUSH_CERT >../push-cert
60         fi
61         EOF
62
63         git push dst noop ff +noff &&
64         ! test -f dst/push-cert
65 '
66
67 test_expect_success 'push --signed fails with a receiver without push certificate support' '
68         prepare_dst &&
69         mkdir -p dst/.git/hooks &&
70         test_must_fail git push --signed dst noop ff +noff 2>err &&
71         test_i18ngrep "the receiving end does not support" err
72 '
73
74 test_expect_success GPG 'no certificate for a signed push with no update' '
75         prepare_dst &&
76         mkdir -p dst/.git/hooks &&
77         write_script dst/.git/hooks/post-receive <<-\EOF &&
78         if test -n "${GIT_PUSH_CERT-}"
79         then
80                 git cat-file blob $GIT_PUSH_CERT >../push-cert
81         fi
82         EOF
83         git push dst noop &&
84         ! test -f dst/push-cert
85 '
86
87 test_expect_success GPG 'signed push sends push certificate' '
88         prepare_dst &&
89         mkdir -p dst/.git/hooks &&
90         git -C dst config receive.certnonceseed sekrit &&
91         write_script dst/.git/hooks/post-receive <<-\EOF &&
92         # discard the update list
93         cat >/dev/null
94         # record the push certificate
95         if test -n "${GIT_PUSH_CERT-}"
96         then
97                 git cat-file blob $GIT_PUSH_CERT >../push-cert
98         fi &&
99
100         cat >../push-cert-status <<E_O_F
101         SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
102         KEY=${GIT_PUSH_CERT_KEY-nokey}
103         STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
104         NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
105         NONCE=${GIT_PUSH_CERT_NONCE-nononce}
106         E_O_F
107
108         EOF
109
110         git push --signed dst noop ff +noff &&
111
112         (
113                 cat <<-\EOF &&
114                 SIGNER=C O Mitter <committer@example.com>
115                 KEY=13B6F51ECDDE430D
116                 STATUS=G
117                 NONCE_STATUS=OK
118                 EOF
119                 sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
120         ) >expect &&
121
122         grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
123         grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
124         test_cmp expect dst/push-cert-status
125 '
126
127 test_expect_success GPG 'fail without key and heed user.signingkey' '
128         prepare_dst &&
129         mkdir -p dst/.git/hooks &&
130         git -C dst config receive.certnonceseed sekrit &&
131         write_script dst/.git/hooks/post-receive <<-\EOF &&
132         # discard the update list
133         cat >/dev/null
134         # record the push certificate
135         if test -n "${GIT_PUSH_CERT-}"
136         then
137                 git cat-file blob $GIT_PUSH_CERT >../push-cert
138         fi &&
139
140         cat >../push-cert-status <<E_O_F
141         SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
142         KEY=${GIT_PUSH_CERT_KEY-nokey}
143         STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
144         NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
145         NONCE=${GIT_PUSH_CERT_NONCE-nononce}
146         E_O_F
147
148         EOF
149
150         unset GIT_COMMITTER_EMAIL &&
151         git config user.email hasnokey@nowhere.com &&
152         test_must_fail git push --signed dst noop ff +noff &&
153         git config user.signingkey committer@example.com &&
154         git push --signed dst noop ff +noff &&
155
156         (
157                 cat <<-\EOF &&
158                 SIGNER=C O Mitter <committer@example.com>
159                 KEY=13B6F51ECDDE430D
160                 STATUS=G
161                 NONCE_STATUS=OK
162                 EOF
163                 sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
164         ) >expect &&
165
166         grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
167         grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
168         test_cmp expect dst/push-cert-status
169 '
170
171 test_done