;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (test-cpio) #:use-module (guix cpio) #:use-module (guix tests) #:use-module ((guix build utils) #:select (which)) #:use-module ((guix utils) #:select (call-with-temporary-output-file)) #:use-module (ice-9 match) #:use-module (ice-9 popen) #:use-module (rnrs io ports) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-64)) (define %cpio-program (which "cpio")) (test-begin "cpio") (test-assert "file->cpio-header + write-cpio-header + read-cpio-header" (let* ((file (search-path %load-path "guix.scm")) (header (file->cpio-header file))) (call-with-values (lambda () (open-bytevector-output-port)) (lambda (port get-bv) (write-cpio-header header port) (let ((port (open-bytevector-input-port (get-bv)))) (equal? header (read-cpio-header port))))))) (unless %cpio-program (test-skip 1)) (test-assert "bit-identical to GNU cpio's output" (call-with-temporary-output-file (lambda (link _) (delete-file link) (symlink "chbouib" link) (let ((files (cons* "/" (canonicalize-path (dirname (search-path %load-path "guix.scm"))) link (map (compose canonicalize-path (cut search-path %load-path <>)) '("guix.scm" "guix/build/syscalls.scm" "guix/packages.scm"))))) (call-with-temporary-output-file (lambda (ref-file _) (let ((pipe (open-pipe* OPEN_WRITE %cpio-program "-o" "-O" ref-file "-H" "newc" "--null"))) (for-each (lambda (file) (format pipe "~a\0" file)) files) (and (zero? (close-pipe pipe)) (call-with-temporary-output-file (lambda (file port) (write-cpio-archive files port) (close-port port) (or (file=? ref-file file) (throw 'cpio-archives-differ files ref-file file (stat:size (stat ref-file)) (stat:size (stat file)))))))))))))) (test-end "cpio") p; false' to indicate an expected failure. * tests/guix-archive.sh, tests/guix-build-branch.sh, tests/guix-build.sh, tests/guix-daemon.sh, tests/guix-download.sh, tests/guix-environment-container.sh, tests/guix-environment.sh, tests/guix-gc.sh, tests/guix-git-authenticate.sh, tests/guix-graph.sh, tests/guix-hash.sh, tests/guix-home.sh, tests/guix-pack-relocatable.sh, tests/guix-pack.sh, tests/guix-package-aliases.sh, tests/guix-package-net.sh, tests/guix-package.sh, tests/guix-refresh.sh, tests/guix-shell.sh, tests/guix-style.sh, tests/guix-system.sh: Replace uses of '! ...' with '... && false' or `test ! ...` as appropriate. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Eric Bavier 2022-02-14git-authenticate: Ensure the target is a descendant of the introductory commit....Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. Ludovic Courtès 2020-09-28tests: Simplify shell exit status negation;...* tests/guix-archive.sh, tests/guix-build-branch.sh, tests/guix-build.sh, tests/guix-daemon.sh, tests/guix-download.sh, tests/guix-environment.sh, tests/guix-gc.sh, tests/guix-git-authenticate.sh, tests/guix-graph.sh, tests/guix-hash.sh, tests/guix-lint.sh, tests/guix-pack-relocatable.sh, tests/guix-pack.sh, tests/guix-package-aliases.sh, tests/guix-package-net.sh, tests/guix-package.sh: Use the shell '!' keyword to negate command exit status in place of 'if ...; then false; else true; fi' Eric Bavier