aboutsummaryrefslogtreecommitdiff
path: root/tests/guix-git-authenticate.sh
blob: 2b90d8a4afeeb55a18315d8bd667fd074c87d567 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

# GNU Guix --- Functional package management for GNU
# Copyright © 2020, 2022 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

#
# Test the 'guix git authenticate' command-line utility.
#

# Skip if we're not in a Git checkout.
[ -d "$abs_top_srcdir/.git" ] || exit 77

# Skip if there's no 'keyring' branch.
guile -c '(use-modules (git))
  (member "refs/heads/keyring" (branch-list (repository-open ".")))' || \
    exit 77

# Keep in sync with '%default-channels' in (guix channels)!
intro_commit="9edb3f66fd807b096b48283debdcddccfea34bad"
intro_signer="BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA"

cache_key="test-$$"

# This must fail because the end commit is not a descendant of $intro_commit.
! guix git authenticate "$intro_commit" "$intro_signer"	\
     --cache-key="$cache_key" --stats			\
     --end=9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604

# The v1.2.0 commit is a descendant of $intro_commit and it satisfies the
# authorization invariant.
v1_2_0_commit="a099685659b4bfa6b3218f84953cbb7ff9e88063"
guix git authenticate "$intro_commit" "$intro_signer"	\
     --cache-key="$cache_key" --stats			\
     --end="$v1_2_0_commit"

rm "$XDG_CACHE_HOME/guix/authentication/$cache_key"

# Commit and signer of the 'v1.0.0' tag.
v1_0_0_commit="6298c3ffd9654d3231a6f25390b056483e8f407c"
v1_0_0_signer="3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5" # civodul
v1_0_1_commit="d68de958b60426798ed62797ff7c96c327a672ac"

# This should succeed because v1.0.0 is an ancestor of $intro_commit.
guix git authenticate "$intro_commit" "$intro_signer"	\
     --cache-key="$cache_key" --stats			\
     --end="$v1_0_0_commit"

# This should fail because these commits lack '.guix-authorizations'.
! guix git authenticate "$v1_0_0_commit" "$v1_0_0_signer" \
       --cache-key="$cache_key" --end="$v1_0_1_commit"

# This should work thanks to '--historical-authorizations'.
guix git authenticate "$v1_0_0_commit" "$v1_0_0_signer" 	\
     --cache-key="$cache_key" --end="$v1_0_1_commit" --stats	\
     --historical-authorizations="$abs_top_srcdir/etc/historical-authorizations"
generated by cgit
ès 2023-06-02services: Error in MODIFY-SERVICES when services don't exist...This patch causes MODIFY-SERVICES to raise an error if a reference is made to a service which isn't in its service list. This it to help users notice if they have an invalid rule, which is currently silently ignored. * gnu/services.scm (%delete-service): new procedure (%apply-clauses): new syntax rule (%modify-service): remove syntax rule Signed-off-by: Ludovic Courtès <ludo@gnu.org> Brian Cully 2023-05-16services: Add default values....* gnu/services.scm (boot-service-type, activation-service-type, etc-service-type, profile-service-type): Add default-value. * gnu/system/shadow.scm (account-service-type): Add default-value. Andrew Tropin 2023-03-16services: etc-service: Deprecate etc-service procedure....* gnu/services.scm (etc-service): Deprecate procedure. * gnu/system.scm (operating-system-etc-service): Replace etc-service with etc-service-type. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal 2022-08-30services: provenance: Use 'current-channels' to obtain provenance data....Previously, build-time metadata from (guix config) would be ignored when available--e.g., when running /run/current-system/profile/bin/guix. This is a followup to 316fc2acbb112bfa572ae30f95a93bcd56621234. * gnu/services.scm (provenance-entry): Use 'current-channels' instead of 'current-profile' + 'profile-channels'. Ludovic Courtès 2022-05-29gnu: services: Update setuid service description....* gnu/services.scm (setuid-program-service-type)[description]: Remove ‘root’, add ‘setgid’. Tobias Geerinckx-Rice 2022-05-18services: Make <service-type> 'description' field mandatory....* gnu/services.scm (<service-type>)[description]: Remove default value. * tests/services.scm: Add 'description' field to each 'service-type' form. Ludovic Courtès 2022-05-18services: Add more description fields....* gnu/services.scm (simple-service): Add 'description' field. * gnu/services/base.scm (udev-rules-service): Likewise. * gnu/system/install.scm (configuration-template-service-type): Likewise. * gnu/tests.scm (marionette-service-type): Likewise. Ludovic Courtès 2022-03-10services: startup: Add description....* gnu/services.scm (hurd-startup-service-type)[description]: New field. Ludovic Courtès 2021-11-27services: Document the 'delete' clause of 'modify-services'....* doc/guix.texi (Service Reference): Mention the 'delete' clause of 'modify-services'. * gnu/services.scm (modify-services): Likewise in docstring. Ludovic Courtès 2021-08-12system: Handle 'setuid-programs' deprecation handling as a field sanitizer....Previously, evaluating an OS configuration with a childhurd (for instance) would produce tens of lines like: guix system: warning: representing setuid programs with '#<file-append #<package shadow@4.8.1 gnu/packages/admin.scm:798 7ff97f6f7640> "/bin/passwd">' is deprecated; use 'setuid-program' instead Now, it prints this one line: gnu/system/hurd.scm:105:2: warning: representing setuid programs with file-like objects is deprecated; use 'setuid-program' instead This change also means that extensions of 'setuid-program-service-type' now have to provide a list of <setuid-program>, so it's stricter in this sense. * gnu/services.scm (setuid-program-file-like-deprecated): Remove. (setuid-program-service-type)[extend]: Remove 'setuid-program-file-like-deprecated' call. Assume CONFIG and EXTENSIONS are already lists of <setuid-program> records. * gnu/system.scm (<operating-system>)[setuid-programs]: Add 'sanitize' property. Change accessor name from '%operating-system-setuid-programs' to 'operating-system-setuid-programs'. (operating-system-default-essential-services) (hurd-default-essential-services): Adjust accordingly. (ensure-setuid-program-list): New macro. (%ensure-setuid-program-list): New procedure, based on 'setuid-program-file-like-deprecated'. Ludovic Courtès 2021-07-29services: setuid: More configurable setuid support....New record <setuid-program> with fields for setting the specific user and group, as well as specifically selecting the setuid and setgid bits, for a program within the setuid-program-service. * gnu/services.scm (setuid-program-file-like-deprecated): New function. (setuid-program-service-type): Make use of setuid-program->activation-gexp. Adjust the extend property to handle <setuid-program>. * gnu/build/activation.scm (activate-setuid-programs): Update to expect a <setuid-record> list for each program entry. * gnu/system.scm: (operating-system-setuid-programs): Renamed to %operating-system-setuid-programs and replace it with new procedure. (operating-system-default-essential-services, hurd-default-essential-services): Replace operating-system-setuid-programs with %operating-system-setuid-programs. * gnu/system/setuid.scm: New file. * doc/guix.texi (Setuid Programs): Document <setuid-program>. Co-authored-by: Brice Waegeneire <brice@waegenei.re> Chris Lemmer-Webber 2021-05-11gnu: Allow services to install kernel-loadable modules....* gnu/system.scm (operating-system-directory-base-entries): Remove code to handle generation of "kernel" for linux-libre kernels. (operating-system-default-essential-services): Instantiate linux-builder-service-type. (package-for-kernel): Move ... * gnu/services.scm: ... to here. (linux-builder-service-type): New variable. (linux-builder-configuration): New type. (linux-loadable-module-service-type): New variable. * gnu/tests/linux-modules.scm (run-loadable-kernel-modules-test): Move code to ... (run-loadable-kernel-modules-test-base): ... new procedure here. (run-loadable-kernel-modules-service-test): New procedure. (%test-loadable-kernel-modules-service-0): New variable. (%test-loadable-kernel-modules-service-1): New variable. (%test-loadable-kernel-modules-service-2): New variable. * doc/guix.texi: Document linux-loadable-module-service-type. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org> raid5atemyhomework 2021-04-12services: Support DELETE in MODIFY-SERVICES macro....* gnu/services.scm (%modify-service): Add clause for DELETE syntax. (modify-services): Use FILTER-MAP; adjust docstring. * doc/guix.texi (System Services): Mention alternative syntax. (X Window): Use MODIFY-SERVICES syntax. Ricardo Wurmus 2021-03-09gnu: services: Add activate script to the profile system directory....* gnu/services.scm (activation-profile-entry): New procedure... (activation-service-type): ... use it. Brice Waegeneire