mirror of
https://github.com/git/git
synced 2024-09-12 21:04:12 +00:00
20a7558f31
We would want to update the interim protocol so that we do not send the usual update commands when the push certificate feature is in use, as the same information is in the certificate. Once that happens, the push-cert packet may become the only protocol command, but then there is no packet to put the feature request behind, like we always did. As we have prepared the receiving end that understands the push-cert feature to accept the feature request on the first protocol packet (other than "shallow ", which was an unfortunate historical mistake that has to come before everything else), we can give the feature request on the push-cert packet instead of the first update protocol packet, in preparation for the next step to actually update to the final protocol. Signed-off-by: Junio C Hamano <gitster@pobox.com>
122 lines
2.8 KiB
Bash
Executable file
122 lines
2.8 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
test_description='signed push'
|
|
|
|
. ./test-lib.sh
|
|
. "$TEST_DIRECTORY"/lib-gpg.sh
|
|
|
|
prepare_dst () {
|
|
rm -fr dst &&
|
|
test_create_repo dst &&
|
|
|
|
git push dst master:noop master:ff master:noff
|
|
}
|
|
|
|
test_expect_success setup '
|
|
# master, ff and noff branches pointing at the same commit
|
|
test_tick &&
|
|
git commit --allow-empty -m initial &&
|
|
|
|
git checkout -b noop &&
|
|
git checkout -b ff &&
|
|
git checkout -b noff &&
|
|
|
|
# noop stays the same, ff advances, noff rewrites
|
|
test_tick &&
|
|
git commit --allow-empty --amend -m rewritten &&
|
|
git checkout ff &&
|
|
|
|
test_tick &&
|
|
git commit --allow-empty -m second
|
|
'
|
|
|
|
test_expect_success 'unsigned push does not send push certificate' '
|
|
prepare_dst &&
|
|
mkdir -p dst/.git/hooks &&
|
|
write_script dst/.git/hooks/post-receive <<-\EOF &&
|
|
# discard the update list
|
|
cat >/dev/null
|
|
# record the push certificate
|
|
if test -n "${GIT_PUSH_CERT-}"
|
|
then
|
|
git cat-file blob $GIT_PUSH_CERT >../push-cert
|
|
fi
|
|
EOF
|
|
|
|
git push dst noop ff +noff &&
|
|
! test -f dst/push-cert
|
|
'
|
|
|
|
test_expect_success 'talking with a receiver without push certificate support' '
|
|
prepare_dst &&
|
|
mkdir -p dst/.git/hooks &&
|
|
git -C dst config receive.acceptpushcert no &&
|
|
write_script dst/.git/hooks/post-receive <<-\EOF &&
|
|
# discard the update list
|
|
cat >/dev/null
|
|
# record the push certificate
|
|
if test -n "${GIT_PUSH_CERT-}"
|
|
then
|
|
git cat-file blob $GIT_PUSH_CERT >../push-cert
|
|
fi
|
|
EOF
|
|
|
|
git push dst noop ff +noff &&
|
|
! test -f dst/push-cert
|
|
'
|
|
|
|
test_expect_success 'push --signed fails with a receiver without push certificate support' '
|
|
prepare_dst &&
|
|
mkdir -p dst/.git/hooks &&
|
|
git -C dst config receive.acceptpushcert no &&
|
|
test_must_fail git push --signed dst noop ff +noff 2>err &&
|
|
test_i18ngrep "the receiving end does not support" err
|
|
'
|
|
|
|
test_expect_success GPG 'no certificate for a signed push with no update' '
|
|
prepare_dst &&
|
|
mkdir -p dst/.git/hooks &&
|
|
write_script dst/.git/hooks/post-receive <<-\EOF &&
|
|
if test -n "${GIT_PUSH_CERT-}"
|
|
then
|
|
git cat-file blob $GIT_PUSH_CERT >../push-cert
|
|
fi
|
|
EOF
|
|
git push dst noop &&
|
|
! test -f dst/push-cert
|
|
'
|
|
|
|
test_expect_success GPG 'signed push sends push certificate' '
|
|
prepare_dst &&
|
|
mkdir -p dst/.git/hooks &&
|
|
write_script dst/.git/hooks/post-receive <<-\EOF &&
|
|
# discard the update list
|
|
cat >/dev/null
|
|
# record the push certificate
|
|
if test -n "${GIT_PUSH_CERT-}"
|
|
then
|
|
git cat-file blob $GIT_PUSH_CERT >../push-cert
|
|
fi &&
|
|
|
|
cat >../push-cert-status <<E_O_F
|
|
SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
|
|
KEY=${GIT_PUSH_CERT_KEY-nokey}
|
|
STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
|
|
E_O_F
|
|
|
|
EOF
|
|
|
|
cat >expect <<-\EOF &&
|
|
SIGNER=C O Mitter <committer@example.com>
|
|
KEY=13B6F51ECDDE430D
|
|
STATUS=G
|
|
EOF
|
|
|
|
git push --signed dst noop ff +noff &&
|
|
grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
|
|
grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
|
|
test_cmp expect dst/push-cert-status
|
|
'
|
|
|
|
test_done
|