From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id T2RxBiNlUmGBIQEAgWs5BA (envelope-from ) for ; Tue, 28 Sep 2021 02:43:15 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id 4C2MASNlUmFsRgAAB5/wlQ (envelope-from ) for ; Tue, 28 Sep 2021 00:43:15 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 907A123E04 for ; Tue, 28 Sep 2021 02:43:14 +0200 (CEST) Received: from localhost ([::1]:47500 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mV1DF-0000R9-KM for larch@yhetil.org; Mon, 27 Sep 2021 20:43:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47104) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mV1D4-0000QK-Ro for guix-patches@gnu.org; Mon, 27 Sep 2021 20:43:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:59903) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mV1D4-0004Ya-Hs for guix-patches@gnu.org; Mon, 27 Sep 2021 20:43:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mV1D4-0005rs-GR for guix-patches@gnu.org; Mon, 27 Sep 2021 20:43:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#50750] [PATCH 3/4] tests: Add failing test for .guix-authorizations and channel intro. Resent-From: Attila Lendvai Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 28 Sep 2021 00:43:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50750 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 50750@debbugs.gnu.org Cc: Attila Lendvai Received: via spool by 50750-submit@debbugs.gnu.org id=B50750.163278972622472 (code B ref 50750); Tue, 28 Sep 2021 00:43:02 +0000 Received: (at 50750) by debbugs.gnu.org; 28 Sep 2021 00:42:06 +0000 Received: from localhost ([127.0.0.1]:43211 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mV1C9-0005qH-8N for submit@debbugs.gnu.org; Mon, 27 Sep 2021 20:42:05 -0400 Received: from mail-ed1-f54.google.com ([209.85.208.54]:43776) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mV1C5-0005p9-P0 for 50750@debbugs.gnu.org; Mon, 27 Sep 2021 20:42:02 -0400 Received: by mail-ed1-f54.google.com with SMTP id v10so71902858edj.10 for <50750@debbugs.gnu.org>; Mon, 27 Sep 2021 17:42:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mxCmtYduNfzRY4W65cpguVjKtVAsqcGpiJxJEGG3V5E=; b=oJAKtiQPPVOUzQYvy9PcmHHZ3tP/i0u7cP0RKK8XPXZoxTH6W9c3SlsPTT0B1Fv7CB ZDg3N8kzixZEcMZQlaX3RmmMsjYHUVsk4VV8FB7PWysAPYuhX85GjSNCWHfvExbV8qnX Z2FuikT8sYRRnrbk6V3G2NcoIJzXoDbLmSmfHpkYHWDFHmRO2qEaNxMiWwUoyDSvROSn yg+zl7joj+vLDZOW6MwqIo6epcd5F6QcqpCntGittbOxDuZKq8O7NYUKMOpyIhkHEwI1 MVtUel7bjtmc+9r8q7gnkTVlu8SZPREvIR4NoSwlAkxjyl/jxS7Aa4l7tzhnCf0Dr1D0 ywkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=mxCmtYduNfzRY4W65cpguVjKtVAsqcGpiJxJEGG3V5E=; b=oK+qN5d+vY7ElTzHwyKwJ8oQQGD/dqspR0WI9JIXzOHgPBdqizFLcTb2KIcZxREaf/ bVRHU26Z2fIHflr+735IEqDEs/gplnLlxeTJNKKac9IYVGLXl1I/toqQpvcReVZDjSHY 4ES9ijgpooWFqOt4jO7kcnI/EhbWUnpzRlmYL/MBtTr5ZrgMM3eDrvE35Pzgf4qq1EcD 3MY/DcMt/f2/xLJUCb3f8tMGZsvYOmsXKvf1b7j9tnZmcdt6ql1rk3eBunaQyyKhrw1N jhohQEHTM58l4khXWdPgr/AEHUSUN0WYncxXZeclXVdiB2dgHDQTazQi6gGcqh12ZmMw 45qQ== X-Gm-Message-State: AOAM531lDkwxD2wuyv87egXPg6pBtjtMq75uI2Sz+JN3xkYTpD0CJNhK er8RdFry2AxxekFpFsC4UsBFfnKY7r0= X-Google-Smtp-Source: ABdhPJypf1XZXTI7RWzjkjHq3UujMuuTO7gpnEy/Mwbtsc0uC50/sZnb5rGLMAz7jJAPFINOp/cPJA== X-Received: by 2002:a17:906:49d0:: with SMTP id w16mr3469784ejv.455.1632789716157; Mon, 27 Sep 2021 17:41:56 -0700 (PDT) Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu. [213.222.131.28]) by smtp.gmail.com with ESMTPSA id u4sm9396207ejc.19.2021.09.27.17.41.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Sep 2021 17:41:55 -0700 (PDT) From: Attila Lendvai Date: Tue, 28 Sep 2021 02:40:05 +0200 Message-Id: <20210928004005.28786-3-attila@lendvai.name> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210928004005.28786-1-attila@lendvai.name> References: <20210928004005.28786-1-attila@lendvai.name> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1632789794; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=mxCmtYduNfzRY4W65cpguVjKtVAsqcGpiJxJEGG3V5E=; b=sFKUGwH9DNjCmxYhTbfd9lJpE3kyeTjCZp3IRcPxl+Bgo4gFyfV8E0t5+NuX+PsrnGITxW CrwbZUGufBSBkUKvGos/9YaER+XwiObWq3qj+eVCBLbG1SK9tRtmoRsAhLGE2gucDjT4yp CYvMXCucG1y3DE2tZsZNFxWjFWicMlF7UzKIAu3D1KDlys1zgpW+wl0Nt1dE0sX+OJyhHo tTmrfan9SEKzuUyvTRLspjg0E7s4iLuaZs/kTKCBfbpjGizQf0wVI0z0O5xe3RnLSuXWCA YJe/anH5fqBoVMY/CvmrTcmj6kgCLTF0p5UzwI8bp0sAjTdH8oU4frDQ4+RJIQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1632789794; a=rsa-sha256; cv=none; b=LgzvX1y3+pUuh4rVAc/XAzmOEOiLEvSHswIZ3kRODFj9INvmxz1Rx7cxfve66QlWvaYPVU rdpiwj63mXK0cGYhomDF1+f7KsNwxbZ7HPvlURPAjR9pJYUCTAL8tWQh83nkvBjvVOkywd YoJLAV1X9gvLmW2ElXAQfTbMNnpJuQf4jhGbiQmHruohfced2VMMRRmIkX5hMGVwbU7eaI kLTw81TJ0EWWYP9ssiyiNZjK5q0GH2hr5r7rxENWqWlrXfVcrr47OreFx0T0pvE9AhF9Se H0bOomjHBb1aJMK3H+WP0HNThDJOCOIKiUJsyDRfcmrTu6x82735GBCmR1miww== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=oJAKtiQP; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: 3.61 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=oJAKtiQP; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 907A123E04 X-Spam-Score: 3.61 X-Migadu-Scanner: scn0.migadu.com X-TUID: TjSHXtXIXlj7 Will be fixed in a subsequent commit. * tests/git-authenticate.scm: New test "signed commits, .guix-authorizations, channel-introduction". --- tests/git-authenticate.scm | 112 +++++++++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm index f66ef191b0..91eaac73c1 100644 --- a/tests/git-authenticate.scm +++ b/tests/git-authenticate.scm @@ -24,6 +24,7 @@ #:use-module (guix tests git) #:use-module (guix tests gnupg) #:use-module (guix build utils) + #:use-module ((ice-9 control) #:select (let/ec)) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) #:use-module (srfi srfi-64) @@ -226,6 +227,117 @@ #:keyring-reference "master") #f))))))) +(unless (gpg+git-available?) (test-skip 1)) +(test-assert "signed commits, .guix-authorizations, channel-introduction" + (let* ((result #true) + (key1 %ed25519-public-key-file) + (key2 %ed25519-2-public-key-file) + (key3 %ed25519-3-public-key-file)) + (with-fresh-gnupg-setup (list key1 %ed25519-secret-key-file + key2 %ed25519-2-secret-key-file + key3 %ed25519-3-secret-key-file) + (with-temporary-git-repository dir + `((checkout "keyring" orphan) + (add "signer1.key" ,(call-with-input-file key1 get-string-all)) + (add "signer2.key" ,(call-with-input-file key2 get-string-all)) + (add "signer3.key" ,(call-with-input-file key3 get-string-all)) + (commit "keyring commit") + + (checkout "main" orphan) + (add "noise0") + (add ".guix-authorizations" + ,(object->string + `(authorizations + (version 0) + ((,(key-fingerprint key1) (name "Alice")))))) + (commit "commit 0" (signer ,(key-fingerprint key3))) + (add "noise1") + (commit "commit 1" (signer ,(key-fingerprint key1))) + (add "noise2") + (commit "commit 2" (signer ,(key-fingerprint key1)))) + (with-repository dir repo + (let* ((commit-0 (find-commit repo "commit 0")) + (check-from + (lambda* (commit #:key (should-fail? #false) (key key1) + (historical-authorizations + ;; key3 is trusted to authorize commit 0 + (list (key-fingerprint-vector key3)))) + (guard (c ((unauthorized-commit-error? c) + (if should-fail? + c + (let ((port (current-output-port))) + (format port "FAILURE: Unexpected exception at commit '~s':~%" + commit) + (print-exception port (stack-ref (make-stack #t) 1) + c (exception-args c)) + (set! result #false) + '())))) + (format #true "~%~%Checking ~s, should-fail? ~s, repo commits:~%" + commit should-fail?) + ;; to be able to inspect in the logs + (invoke "git" "-C" dir "log" "--reverse" "--pretty=oneline" "main") + (set! commit (find-commit repo commit)) + (authenticate-repository + repo + (commit-id commit) + (key-fingerprint-vector key) + #:historical-authorizations historical-authorizations) + (when should-fail? + (format #t "FAILURE: Authenticating commit '~s' should have failed.~%" commit) + (set! result #false)) + '())))) + (check-from "commit 0" #:key key3) + (check-from "commit 1") + (check-from "commit 2") + (with-git-repository dir + `((add "noise 3") + ;; a commit with key2 + (commit "commit 3" (signer ,(key-fingerprint key2)))) + ;; Should fail because it is signed with key2, not key1 + (check-from "commit 3" #:should-fail? #true) + ;; Specify commit 3 as a channel-introduction signed with + ;; key2. This is valid, but it should warn the user, because + ;; .guix-authorizations is not updated to include key2, which + ;; means that any subsequent commits with the same key will be + ;; rejected. + ;; + ;; TODO we should check somehow that a warning is issued + (check-from "commit 3" #:key key2)) + (with-git-repository dir + `((reset ,(oid->string (commit-id (find-commit repo "commit 2")))) + (add "noise 4") + ;; set it up properly + (add ".guix-authorizations" + ,(object->string + `(authorizations + (version 0) + ((,(key-fingerprint key1) (name "Alice")) + (,(key-fingerprint key2) (name "Bob")))))) + (commit "commit 4" (signer ,(key-fingerprint key2)))) + ;; This should fail because even though commit 4 adds key2 to + ;; .guix-authorizations, the commit itself is not authorized. + (check-from "commit 1" #:should-fail? #true) + ;; This should pass, because it's a valid channel intro at commit 4 + (check-from "commit 4" #:key key2)) + (with-git-repository dir + `((add "noise 5") + (commit "commit 5" (signer ,(key-fingerprint key2)))) + ;; This is not very intuitive: because commit 4 has once been + ;; used as a channel intro, it got marked as trusted in the + ;; ~/.cache/, and because commit 1 is one of its parent, it is + ;; also trusted. + (check-from "commit 1") + (check-from "commit 2") + ;; Should still be fine, but only when starting from commit 4 + (check-from "commit 4" #:key key2)) + (with-git-repository dir + `((add "noise 6") + (commit "commit 6" (signer ,(key-fingerprint key1)))) + (check-from "commit 1") + (check-from "commit 2") + (check-from "commit 4" #:key key2)))))) + result)) + (unless (gpg+git-available?) (test-skip 1)) (test-assert "signed commits, .guix-authorizations, authorized merge" (with-fresh-gnupg-setup (list %ed25519-public-key-file -- 2.33.0