var semver = require("semver"); var vm = require("vm"); function createContext() { var context = Object.create(null); Object.defineProperty(context, "console", { value: function() { var con = Object.create(null); Object.defineProperty(con, "log", { value: function(msg) { if (arguments.length == 1 && typeof msg == "string") { return console.log("%s", msg); } return console.log.apply(console, [].map.call(arguments, function(arg) { return safe_log(arg, 3); })); } }); return con; }() }); return vm.createContext(context); } function safe_log(arg, level) { if (arg) switch (typeof arg) { case "function": return arg.toString(); case "object": if (/Error$/.test(arg.name)) return arg.toString(); arg.constructor.toString(); if (level--) for (var key in arg) { var desc = Object.getOwnPropertyDescriptor(arg, key); if (!desc || !desc.get) { arg[key] = safe_log(arg[key], level); } } } return arg; } function strip_func_ids(text) { return ("" + text).replace(/F[0-9]{6}N/g, "N>"); } var context; var FUNC_TOSTRING = [ "[ Array, Boolean, Error, Function, Number, Object, RegExp, String].forEach(function(f) {", " f.toString = Function.prototype.toString;", "});", "Function.prototype.toString = function() {", " var id = 100000;", " return function() {", " var n = this.name;", " if (!/^F[0-9]{6}N$/.test(n)) {", ' n = "F" + ++id + "N";', ].concat(Object.getOwnPropertyDescriptor(Function.prototype, "name").configurable ? [ ' Object.defineProperty(this, "name", {', " get: function() {", " return n;", " }", " });", ] : [], [ " }", ' return "function(){}";', " };", "}();", ]).join("\n"); exports.run_code = function(code, reuse) { var stdout = ""; var original_write = process.stdout.write; process.stdout.write = function(chunk) { stdout += chunk; }; try { if (!reuse || !context) context = createContext(); vm.runInContext([ FUNC_TOSTRING, "!function() {", code, "}();", ].join("\n"), context, { timeout: 5000 }); return stdout; } catch (ex) { return ex; } finally { process.stdout.write = original_write; if (!reuse || /prototype/.test(code)) { context = null; } else for (var key in context) { delete context[key]; } } }; exports.same_stdout = semver.satisfies(process.version, "0.12") ? function(expected, actual) { if (typeof expected != typeof actual) return false; if (typeof expected != "string") { if (expected.name != actual.name) return false; expected = expected.message.slice(expected.message.lastIndexOf("\n") + 1); actual = actual.message.slice(actual.message.lastIndexOf("\n") + 1); } return strip_func_ids(expected) == strip_func_ids(actual); } : function(expected, actual) { return typeof expected == typeof actual && strip_func_ids(expected) == strip_func_ids(actual); }; tests/pack.scm, tests/packages.scm, tests/profiles.scm, tests/system.scm: Remove #:use-module (guix grafts). Ludovic Courtès 2022-02-14git-authenticate: Ensure the target is a descendant of the introductory commit....Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. Ludovic Courtès 2021-12-22tests: Move keys into ./tests/keys/ and add a third ed25519 key....The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Attila Lendvai