From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 28 12:10:50 2022 Received: (at submit) by debbugs.gnu.org; 28 Jan 2022 17:10:50 +0000 Received: from localhost ([127.0.0.1]:60405 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDUlt-0000M2-Ur for submit@debbugs.gnu.org; Fri, 28 Jan 2022 12:10:50 -0500 Received: from lists.gnu.org ([209.51.188.17]:37552) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDUls-0000Lu-CW for submit@debbugs.gnu.org; Fri, 28 Jan 2022 12:10:48 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54634) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nDUlr-0005Xn-Uz for guix-patches@gnu.org; Fri, 28 Jan 2022 12:10:48 -0500 Received: from [2001:470:142:3::e] (port=60272 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nDUlp-0004dh-Ou; Fri, 28 Jan 2022 12:10:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=8ankfDvwqU83dTgItIob6yA+CfNt67T+eWdMdPBO2aM=; b=LEbVaGRAjVOAvo 5/n9bNHm9cZ5Rr9XbqTeNERCeiqGK2uzrVqnL1XknGWPbvt5BmvAqjc+p0VovTaiCxc3p4HO9IBvt mCfMgjM7+K7wfAse0X+/gUI1MLPFYLVD4qcJf8xuQeFh9n6+Y1cR9hAWz+FN/cE2250V/3ZztCA+8 Ufn0+ZrgoxS6PqGu5FJyVXbXx+JcQAxjOjTRZAnQEsalGlJyRDL59//+X1vl+AaXPaj9pAqX3fOMK Bs4EkFvvSie5yYtesA75Qh7rMvLDvY8rKIqPUeQ8GltMxg9PVXvCjIfU43Lvc6gFib80SXJBTgXf5 g8QuWjIBS8p7HqKSYWVA==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=33806 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nDUll-0001eN-5O; Fri, 28 Jan 2022 12:10:44 -0500 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH] git-authenticate: Test introductory commit signature verification. Date: Fri, 28 Jan 2022 18:10:20 +0100 Message-Id: <20220128171020.5778-1-ludo@gnu.org> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 X-Debbugs-Cc: Maxime Devos , Attila Lendvai Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) These tests mimic similar tests already in 'tests/channels.scm', but without using the higher-level 'authenticate-channel'. * tests/git-authenticate.scm ("introductory commit, valid signature") ("introductory commit, missing signature") ("introductory commit, wrong signature"): New tests. --- tests/git-authenticate.scm | 106 ++++++++++++++++++++++++++++++++++++- 1 file changed, 105 insertions(+), 1 deletion(-) Hello! (Cc: Maxime + Attila since you’ve already looked into this code.) This patch adds tests to ensure that an invalidate introductory commit signature and lack of a signature on the introductory commit both lead to an error. These tests do not uncover any problem. In fact, this behavior was already tested in ‘tests/channels.scm’, but using the higher-level ‘authenticate-channel’ procedure. They were prompted by Attila’s comments in and by investigations that led to the bug fix I’m about to send (separately). Thoughts? Thanks, Ludo’. diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm index f66ef191b0..6ec55fb2e5 100644 --- a/tests/git-authenticate.scm +++ b/tests/git-authenticate.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020 Ludovic Courtès +;;; Copyright © 2020, 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -20,12 +20,17 @@ (define-module (test-git-authenticate) #:use-module (git) #:use-module (guix git) #:use-module (guix git-authenticate) + #:use-module ((guix channels) #:select (openpgp-fingerprint)) + #:use-module ((guix diagnostics) + #:select (formatted-message? formatted-message-arguments)) #:use-module (guix openpgp) + #:use-module ((guix tests) #:select (random-text)) #:use-module (guix tests git) #:use-module (guix tests gnupg) #:use-module (guix build utils) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) #:use-module (srfi srfi-64) #:use-module (rnrs bytevectors) #:use-module (rnrs io ports)) @@ -327,4 +332,103 @@ (define (correct? c commit) #:keyring-reference "master") 'failed))))))) +(unless (gpg+git-available?) (test-skip 1)) +(test-assert "introductory commit, valid signature" + (with-fresh-gnupg-setup (list %ed25519-public-key-file + %ed25519-secret-key-file) + (let ((fingerprint (key-fingerprint %ed25519-public-key-file))) + (with-temporary-git-repository directory + `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file + get-string-all)) + (add ".guix-authorizations" + ,(object->string + `(authorizations (version 0) + ((,(key-fingerprint + %ed25519-public-key-file) + (name "Charlie")))))) + (commit "zeroth commit" (signer ,fingerprint)) + (add "a.txt" "A") + (commit "first commit" (signer ,fingerprint))) + (with-repository directory repository + (let ((commit0 (find-commit repository "zero")) + (commit1 (find-commit repository "first"))) + ;; COMMIT0 is signed with the right key, and COMMIT1 is fine. + (authenticate-repository repository + (commit-id commit0) + (openpgp-fingerprint fingerprint) + #:keyring-reference "master" + #:cache-key (random-text)))))))) + +(unless (gpg+git-available?) (test-skip 1)) +(test-equal "introductory commit, missing signature" + 'intro-lacks-signature + (with-fresh-gnupg-setup (list %ed25519-public-key-file + %ed25519-secret-key-file) + (let ((fingerprint (key-fingerprint %ed25519-public-key-file))) + (with-temporary-git-repository directory + `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file + get-string-all)) + (add ".guix-authorizations" + ,(object->string + `(authorizations (version 0) + ((,(key-fingerprint + %ed25519-public-key-file) + (name "Charlie")))))) + (commit "zeroth commit") ;unsigned! + (add "a.txt" "A") + (commit "first commit" (signer ,fingerprint))) + (with-repository directory repository + (let ((commit0 (find-commit repository "zero"))) + ;; COMMIT0 is not signed. + (guard (c ((formatted-message? c) + ;; Message like "commit ~a lacks a signature". + (and (equal? (formatted-message-arguments c) + (list (oid->string (commit-id commit0)))) + 'intro-lacks-signature))) + (authenticate-repository repository + (commit-id commit0) + (openpgp-fingerprint fingerprint) + #:keyring-reference "master" + #:cache-key (random-text))))))))) + +(unless (gpg+git-available?) (test-skip 1)) +(test-equal "introductory commit, wrong signature" + 'wrong-intro-signing-key + (with-fresh-gnupg-setup (list %ed25519-public-key-file + %ed25519-secret-key-file + %ed25519-2-public-key-file + %ed25519-2-secret-key-file) + (let ((fingerprint (key-fingerprint %ed25519-public-key-file)) + (wrong-fingerprint (key-fingerprint %ed25519-2-public-key-file))) + (with-temporary-git-repository directory + `((add "signer1.key" ,(call-with-input-file %ed25519-public-key-file + get-string-all)) + (add "signer2.key" ,(call-with-input-file %ed25519-2-public-key-file + get-string-all)) + (add ".guix-authorizations" + ,(object->string + `(authorizations (version 0) + ((,(key-fingerprint + %ed25519-public-key-file) + (name "Charlie")))))) + (commit "zeroth commit" (signer ,wrong-fingerprint)) + (add "a.txt" "A") + (commit "first commit" (signer ,fingerprint))) + (with-repository directory repository + (let ((commit0 (find-commit repository "zero")) + (commit1 (find-commit repository "first"))) + ;; COMMIT0 is signed with the wrong key--not the one passed as the + ;; SIGNER argument to 'authenticate-repository'. + (guard (c ((formatted-message? c) + ;; Message like "commit ~a signed by ~a instead of ~a". + (and (equal? (formatted-message-arguments c) + (list (oid->string (commit-id commit0)) + wrong-fingerprint fingerprint)) + 'wrong-intro-signing-key))) + (authenticate-repository repository + (commit-id commit0) + (openpgp-fingerprint fingerprint) + #:keyring-reference "master" + #:cache-key (random-text))))))))) + (test-end "git-authenticate") base-commit: e778910bdfc68c60a5be59aac93049d32feae904 -- 2.34.0