;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016, 2017 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (test-modules) #:use-module (guix modules) #:use-module ((guix build-system gnu) #:select (%gnu-build-system-modules)) #:use-module ((guix utils) #:select (call-with-temporary-directory)) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) #:use-module (srfi srfi-64)) (test-begin "modules") (test-assert "closure of (guix build gnu-build-system)" (lset= equal? (live-module-closure '((guix build gnu-build-system))) (source-module-closure '((guix build gnu-build-system))) %gnu-build-system-modules (source-module-closure %gnu-build-system-modules) (live-module-closure %gnu-build-system-modules))) (test-assert "closure of (gnu build install)" (lset= equal? (live-module-closure '((gnu build install))) (source-module-closure '((gnu build install))))) (test-assert "closure of (gnu build image)" (lset= equal? (live-module-closure '((gnu build image))) (source-module-closure '((gnu build image))))) (test-equal "&missing-dependency-error" '(something that does not exist) (call-with-temporary-directory (lambda (directory) (call-with-output-file (string-append directory "/foobar.scm") (lambda (port) (write '(define-module (foobar) #:use-module (something that does not exist)) port))) (call-with-output-file (string-append directory "/baz.scm") (lambda (port) (write '(define-module (baz) #:use-module (foobar)) port))) (guard (c ((missing-dependency-error? c) (missing-dependency-module c))) (source-module-closure '((baz)) (list directory) #:select? (const #t)))))) (test-end) '/guix/log/gnu/services/kerberos.scm?id=701bced65e578cb97743c24e7744ee0862ef252d&showmsg=1'>Expand)Author >tests: Assume ‘git’ is always available....* tests/channels.scm (gpg+git-available?): Check for ‘gpg-command’ only. Remove all ‘test-skip’ statements. * tests/derivations.scm: Likewise. * tests/git-authenticate.scm: Likewise. * tests/git.scm: Likewise. * tests/import-git.scm: Likewise. Ludovic Courtès 2022-02-14git-authenticate: Ensure the target is a descendant of the introductory commit....Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. Ludovic Courtès 2022-02-14git-authenticate: Test introductory commit signature verification....These tests mimic similar tests already in 'tests/channels.scm', but without using the higher-level 'authenticate-channel'. * tests/git-authenticate.scm ("introductory commit, valid signature") ("introductory commit, missing signature") ("introductory commit, wrong signature"): New tests. Ludovic Courtès 2021-12-22tests: Move keys into ./tests/keys/ and add a third ed25519 key....The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Attila Lendvai