;; -*- mode: scheme; -*- ;; This is an operating system configuration template for a "Docker image" ;; setup, so it has barely any services at all. (use-modules (gnu)) (operating-system (host-name "komputilo") (timezone "Europe/Berlin") (locale "en_US.utf8") ;; This is where user accounts are specified. The "root" account is ;; implicit, and is initially created with the empty password. (users (cons (user-account (name "alice") (comment "Bob's sister") (group "users") (supplementary-groups '("wheel" "audio" "video"))) %base-user-accounts)) ;; Globally-installed packages. (packages %base-packages) ;; Because the system will run in a Docker container, we may omit many ;; things that would normally be required in an operating system ;; configuration file. These things include: ;; ;; * bootloader ;; * file-systems ;; * services such as mingetty, udevd, slim, networking, dhcp ;; ;; Either these things are simply not required, or Docker provides ;; similar services for us. ;; This will be ignored. (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets '("does-not-matter")))) ;; This will be ignored, too. (file-systems (list (file-system (device "does-not-matter") (mount-point "/") (type "does-not-matter")))) ;; Guix is all you need! (services (list (service guix-service-type)))) ight' method='get' action='/guix/log/tests/git-authenticate.scm'>
path: root/tests/git-authenticate.scm
AgeCommit message (Expand)Author
2022-02-14git-authenticate: Ensure the target is a descendant of the introductory commit....Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. Ludovic Courtès
2022-02-14git-authenticate: Test introductory commit signature verification....These tests mimic similar tests already in 'tests/channels.scm', but without using the higher-level 'authenticate-channel'. * tests/git-authenticate.scm ("introductory commit, valid signature") ("introductory commit, missing signature") ("introductory commit, wrong signature"): New tests. Ludovic Courtès
2021-12-22tests: Move keys into ./tests/keys/ and add a third ed25519 key....The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Attila Lendvai