v1.2.3'/>
<meta name='robots' content='noindex, nofollow'/>
<link rel='stylesheet' type='text/css' href='/cgit-static/cgit.css'/>
<link rel='stylesheet' type='text/css' href='/cgit-static/better-cgit-markdown-heading-color.css'/>
<link rel='shortcut icon' href='/cgit-static/favicon.ico'/>
<link rel='alternate' title='Atom feed' href='https://git.koszko.org/guix/atom/tests/git-authenticate.scm?h=koszko' type='application/atom+xml'/>
</head>
<body>
<div id='cgit'><table id='header'>
<tr>
<td class='logo' rowspan='2'><a href='/'><img src='https://git.koszko.org/cgit-static/cgit.png' alt='cgit logo'/></a></td>
<td class='main'><a href='/'>index</a> : <a href='/guix/'>guix</a></td><td class='form'><form method='get'>
<input type='hidden' name='id' value='b41ff1a00d551e211c31a9530b7c9a034a6d33c8'/><input type='hidden' name='showmsg' value='1'/><select name='h' onchange='this.form.submit();'>
<option value='koszko' selected='selected'>koszko</option>
<option value='koszko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=b41ff1a00d551e211c31a9530b7c9a034a6d33c8'>refs</a><a class='active' href='/guix/log/tests/git-authenticate.scm?showmsg=1'>log</a><a href='/guix/tree/tests/git-authenticate.scm?id=b41ff1a00d551e211c31a9530b7c9a034a6d33c8'>tree</a><a href='/guix/commit/tests/git-authenticate.scm?id=b41ff1a00d551e211c31a9530b7c9a034a6d33c8'>commit</a><a href='/guix/diff/tests/git-authenticate.scm?id=b41ff1a00d551e211c31a9530b7c9a034a6d33c8'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/git-authenticate.scm'>
<input type='hidden' name='id' value='b41ff1a00d551e211c31a9530b7c9a034a6d33c8'/><input type='hidden' name='showmsg' value='1'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=b41ff1a00d551e211c31a9530b7c9a034a6d33c8&amp;showmsg=1'>root</a>/<a href='/guix/log/tests?id=b41ff1a00d551e211c31a9530b7c9a034a6d33c8&amp;showmsg=1'>tests</a>/<a href='/guix/log/tests/git-authenticate.scm?id=b41ff1a00d551e211c31a9530b7c9a034a6d33c8&amp;showmsg=1'>git-authenticate.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/git-authenticate.scm?id=b41ff1a00d551e211c31a9530b7c9a034a6d33c8'>Collapse</a>)</th><th class='left'>Author</th></tr>
<tr class='logheader'><td><span title='2022-02-14 11:23:08 +0100'>2022-02-14</span></td><td class='logsubject'><a href='/guix/commit/tests/git-authenticate.scm?id=ca87601dd97dd9d356409827802eb0f8a3a535f0'>git-authenticate: Ensure the target is a descendant of the introductory commit.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
Fixes a bug whereby authentication of a commit *not* descending from the
introductory commit could succeed, provided the commit verifies the
authorization invariant.

In the example below, A is a common ancestor of the introductory commit
I and of commit X.  Authentication of X would succeed, even though it is
not a descendant of I, as long as X is authorized according to the
'.guix-authorizations' in A:

   X   	 I
    \   /
      A

This is because, 'authenticate-repository' would not check whether X
descends from I, and the call (commit-difference X I) would return X.

In practice that only affects forks because it means that ancestors of
the introductory commit already contain a '.guix-authorizations' file.

* guix/git-authenticate.scm (authenticate-repository): Add call to
'commit-descendant?'.
* tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"):
New test.
* tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"):
New test.
* tests/guix-git-authenticate.sh: Expect earlier test to fail since
9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of
$intro_commit.  Add new test targeting an ancestor of the introductory
commit, and another test targeting the v1.2.0 commit.
* doc/guix.texi (Specifying Channel Authorizations): Add a sentence.


</td></tr>
<tr class='logheader'><td><span title='2022-02-14 11:23:07 +0100'>2022-02-14</span></td><td class='logsubject'><a href='/guix/commit/tests/git-authenticate.scm?id=36cb04df96623ffe8f1074172a4ed9e51bcf6e3a'>git-authenticate: Test introductory commit signature verification.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
These tests mimic similar tests already in 'tests/channels.scm', but
without using the higher-level 'authenticate-channel'.

* tests/git-authenticate.scm ("introductory commit, valid signature")
("introductory commit, missing signature")
("introductory commit, wrong signature"): New tests.


</td></tr>
<tr class='logheader'><td><span title='2021-12-22 10:53:19 +0100'>2021-12-22</span></td><td class='logsubject'><a href='/guix/commit/tests/git-authenticate.scm?id=9ebc9ca070a21ba0aeb3f61202a8071bb250ccc8'>tests: Move keys into ./tests/keys/ and add a third ed25519 key.</a></td><td>Attila Lendvai</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe &lt;othacehe@gnu.org&gt;


</td></tr>