;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Eric Bavier ;;; Copyright © 2016 Alex Sassmannshausen ;;; Copyright © 2020 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (test-cpan) #:use-module (guix import cpan) #:use-module (guix base32) #:use-module (gcrypt hash) #:use-module (guix tests http) #:use-module (guix grafts) #:use-module (srfi srfi-64) #:use-module (web client) #:use-module (ice-9 match)) ;; Globally disable grafts because they can trigger early builds. (%graft? #f) (define test-json "{ \"metadata\" : { \"name\" : \"Foo-Bar\", \"version\" : \"0.1\" } \"name\" : \"Foo-Bar-0.1\", \"distribution\" : \"Foo-Bar\", \"license\" : [ \"perl_5\" ], \"dependency\": [ { \"relationship\": \"requires\", \"phase\": \"runtime\", \"version\": \"1.05\", \"module\": \"Test::Script\" } ], \"abstract\" : \"Fizzle Fuzz\", \"download_url\" : \"http://example.com/Foo-Bar-0.1.tar.gz\", \"author\" : \"Guix\", \"version\" : \"0.1\" }") (define test-source "foobar") ;; Avoid collisions with other tests. (%http-server-port 10400) (test-begin "cpan") (test-assert "cpan->guix-package" ;; Replace network resources with sample data. (with-http-server `((200 ,test-json) (200 ,test-source) (200 "{ \"distribution\" : \"Test-Script\" }")) (parameterize ((%metacpan-base-url (%local-url)) (current-http-proxy (%local-url))) (match (cpan->guix-package "Foo::Bar") (('package ('name "perl-foo-bar") ('version "0.1") ('source ('origin ('method 'url-fetch) ('uri ('string-append "http://example.com/Foo-Bar-" 'version ".tar.gz")) ('sha256 ('base32 (? string? hash))))) ('build-system 'perl-build-system) ('propagated-inputs ('quasiquote (("perl-test-script" ('unquote 'perl-test-script))))) ('home-page "https://metacpan.org/release/Foo-Bar") ('synopsis "Fizzle Fuzz") ('description 'fill-in-yourself!) ('license 'perl-license)) (string=? (bytevector->nix-base32-string (call-with-input-string test-source port-sha256)) hash)) (x (pk 'fail x #f)))))) (test-equal "metacpan-url->mirror-url, http" "mirror://cpan/authors/id/T/TE/TEST/Foo-Bar-0.1.tar.gz" (metacpan-url->mirror-url "http://cpan.metacpan.org/authors/id/T/TE/TEST/Foo-Bar-0.1.tar.gz")) (test-equal "metacpan-url->mirror-url, https" "mirror://cpan/authors/id/T/TE/TEST/Foo-Bar-0.1.tar.gz" (metacpan-url->mirror-url "https://cpan.metacpan.org/authors/id/T/TE/TEST/Foo-Bar-0.1.tar.gz")) (test-end "cpan") e: Ensure the target is a descendant of the introductory commit.Ludovic Courtès Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. 2022-02-14git-authenticate: Test introductory commit signature verification.Ludovic Courtès These tests mimic similar tests already in 'tests/channels.scm', but without using the higher-level 'authenticate-channel'. * tests/git-authenticate.scm ("introductory commit, valid signature") ("introductory commit, missing signature") ("introductory commit, wrong signature"): New tests. 2021-12-22tests: Move keys into ./tests/keys/ and add a third ed25519 key.Attila Lendvai The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>