mirrors/jj
1
0
Fork 1
mirror of https://github.com/martinvonz/jj.git synced 2025-01-19 19:08:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

sign: GPG backend tests

Browse source
This commit is contained in:
Julien Vincent 2024-02-13 01:53:54 +00:00
parent 0efaef2da9
commit 7c11a61c23
4 changed files with 210 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
.github/workflows/build.yml vendored
View file

@ -26,6 +26,24 @@ jobs:
steps: steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
# The default version of gpg installed on the runners is a version baked in with git
# which only contains the components needed by git and doesn't work for our test cases.
#
# This installs the latest gpg4win version, which is a variation of GnuPG built for
# Windows.
#
# There is some issue with windows PATH max length which is what all the PATH wrangling
# below is for. Please see the below link for where this fix was derived from:
# https://github.com/orgs/community/discussions/24933
- name: Setup GnuPG [windows]
if: ${{ matrix.os == 'windows-latest' }}
run: |
$env:PATH = "C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin"
[Environment]::SetEnvironmentVariable("Path", $env:PATH, "Machine")
choco install --yes gpg4win
echo "C:\Program Files (x86)\Gpg4win\..\GnuPG\bin" >> $env:GITHUB_PATH
- name: Install Rust - name: Install Rust
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8
with: with:

6
flake.nix
View file

@ -62,7 +62,7 @@
in in
{ {
packages = { packages = {
jujutsu = ourRustPlatform.buildRustPackage rec { jujutsu = ourRustPlatform.buildRustPackage {
pname = "jujutsu"; pname = "jujutsu";
version = "unstable-${self.shortRev or "dirty"}"; version = "unstable-${self.shortRev or "dirty"}";
@ -82,6 +82,7 @@
installShellFiles installShellFiles
makeWrapper makeWrapper
pkg-config pkg-config
gnupg # for signing tests
] ++ linuxNativeDeps; ] ++ linuxNativeDeps;
buildInputs = with pkgs; [ buildInputs = with pkgs; [
openssl zstd libgit2 libssh2 openssl zstd libgit2 libssh2
@ -144,6 +145,9 @@
# In case you need to run `cargo run --bin gen-protos` # In case you need to run `cargo run --bin gen-protos`
protobuf protobuf
# To run the signing tests
gnupg
# For building the documentation website # For building the documentation website
poetry poetry
] ++ darwinDeps ++ linuxNativeDeps; ] ++ darwinDeps ++ linuxNativeDeps;

1
lib/tests/runner.rs
View file

@ -14,6 +14,7 @@ mod test_default_revset_graph_iterator;
mod test_diff_summary; mod test_diff_summary;
mod test_git; mod test_git;
mod test_git_backend; mod test_git_backend;
mod test_gpg;
mod test_id_prefix; mod test_id_prefix;
mod test_index; mod test_index;
mod test_init; mod test_init;

186
lib/tests/test_gpg.rs Normal file
View file

@ -0,0 +1,186 @@
#[cfg(unix)]
use std::fs::Permissions;
use std::io::Write;
#[cfg(unix)]
use std::os::unix::prelude::PermissionsExt;
use std::process::Stdio;
use assert_matches::assert_matches;
use insta::assert_debug_snapshot;
use jj_lib::gpg_signing::GpgBackend;
use jj_lib::signing::{SigStatus, SignError, SigningBackend};
static PRIVATE_KEY: &str = r#"-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEZWI3pBYJKwYBBAHaRw8BAQdAaPLTNADvDWapjAPlxaUnx3HXQNIlwSz4EZrW
3Z7hxSwAAP9liwHZWJCGI2xW+XNqMT36qpIvoRcd5YPaKYwvnlkG1w+UtDNTb21l
b25lIChqaiB0ZXN0IHNpZ25pbmcga2V5KSA8c29tZW9uZUBleGFtcGxlLmNvbT6I
kwQTFgoAOxYhBKWOXukGcVPI9eXp6WOHhcsW/qBhBQJlYjekAhsDBQsJCAcCAiIC
BhUKCQgLAgQWAgMBAh4HAheAAAoJEGOHhcsW/qBhyBgBAMph1HkBkKlrZmsun+3i
kTEaOsWmaW/D6NEdMFiw0S/jAP9G3jOYGiZbUN3dWWB2246Oi7SaMTX8Xb2BrLP2
axCbC5RYBGVjxv8WCSsGAQQB2kcPAQEHQE8Oa4ahtVG29gIRssPxjqF4utn8iHPz
m5z/8lX/nl3eAAD5AZ6H2pNhiy2gnGkbPLHw3ZyY4d0NXzCa7qc9EXqOj+sRrLQ9
U29tZW9uZSBFbHNlIChqaiB0ZXN0IHNpZ25pbmcga2V5KSA8c29tZW9uZS1lbHNl
QGV4YW1wbGUuY29tPoiTBBMWCgA7FiEER1BAaEpU3TKUiUvFTtVW6XKeAA8FAmVj
xv8CGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQTtVW6XKeAA/6TQEA
2DkPm3LmH8uG6qLirtf62kbG7T+qljIsarQKFw3CGakA/AveCtrL7wVSpINiu1Rz
lBqJFFP2PqzT0CRfh94HSIMM
=6JC8
-----END PGP PRIVATE KEY BLOCK-----
"#;
struct GpgEnvironment {
homedir: tempfile::TempDir,
}
impl GpgEnvironment {
fn new() -> Result<Self, std::process::Output> {
let dir = tempfile::Builder::new()
.prefix("jj-gpg-signing-test-")
.tempdir()
.unwrap();
let path = dir.path();
#[cfg(unix)]
std::fs::set_permissions(path, Permissions::from_mode(0o700)).unwrap();
let mut gpg = std::process::Command::new("gpg")
.arg("--homedir")
.arg(path)
.arg("--import")
.stdin(Stdio::piped())
.stdout(Stdio::piped())
.stderr(Stdio::piped())
.spawn()
.unwrap();
gpg.stdin
.as_mut()
.unwrap()
.write_all(PRIVATE_KEY.as_bytes())
.unwrap();
gpg.stdin.as_mut().unwrap().flush().unwrap();
let res = gpg.wait_with_output().unwrap();
if !res.status.success() {
println!("Failed to add private key to gpg-agent. Make sure it is running!");
println!("{}", String::from_utf8_lossy(&res.stderr));
return Err(res);
}
Ok(GpgEnvironment { homedir: dir })
}
}
fn backend(env: &GpgEnvironment) -> GpgBackend {
// don't really need faked time for current tests,
// but probably will need it for end-to-end cli tests
GpgBackend::new("gpg".into(), false).with_extra_args(&[
"--homedir".into(),
env.homedir.path().as_os_str().into(),
"--faked-system-time=1701042000!".into(),
])
}
#[test]
fn gpg_singing_roundtrip() {
let env = GpgEnvironment::new().unwrap();
let backend = backend(&env);
let data = b"hello world";
let signature = backend.sign(data, None).unwrap();
let check = backend.verify(data, &signature).unwrap();
assert_eq!(check.status, SigStatus::Good);
assert_eq!(check.key.unwrap(), "638785CB16FEA061");
assert_eq!(
check.display.unwrap(),
"Someone (jj test signing key) <someone@example.com>"
);
let check = backend.verify(b"so so bad", &signature).unwrap();
assert_eq!(check.status, SigStatus::Bad);
assert_eq!(check.key.unwrap(), "638785CB16FEA061");
assert_eq!(
check.display.unwrap(),
"Someone (jj test signing key) <someone@example.com>"
);
}
#[test]
fn gpg_signing_roundtrip_explicit_key() {
let env = GpgEnvironment::new().unwrap();
let backend = backend(&env);
let data = b"hello world";
let signature = backend.sign(data, Some("Someone Else")).unwrap();
assert_debug_snapshot!(backend.verify(data, &signature).unwrap(), @r###"
Verification {
status: Good,
key: Some(
"4ED556E9729E000F",
),
display: Some(
"Someone Else (jj test signing key) <someone-else@example.com>",
),
}
"###);
assert_debug_snapshot!(backend.verify(b"so so bad", &signature).unwrap(), @r###"
Verification {
status: Bad,
key: Some(
"4ED556E9729E000F",
),
display: Some(
"Someone Else (jj test signing key) <someone-else@example.com>",
),
}
"###);
}
#[test]
fn unknown_key() {
let env = GpgEnvironment::new().unwrap();
let backend = backend(&env);
let signature = br"-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQs238pU7eC/ROoPJ0HH+PjJN1zMwUCZWPa5AAKCRAHH+PjJN1z
MyylAP9WQ3sZdbC4b1C+/nxs+Wl+rfwzeQWGbdcsBMyDABcpmgD/U+4KdO7eZj/I
e+U6bvqw3pOBoI53Th35drQ0qPI+jAE=
=kwsk
-----END PGP SIGNATURE-----";
assert_debug_snapshot!(backend.verify(b"hello world", signature).unwrap(), @r###"
Verification {
status: Unknown,
key: Some(
"071FE3E324DD7333",
),
display: None,
}
"###);
assert_debug_snapshot!(backend.verify(b"so bad", signature).unwrap(), @r###"
Verification {
status: Unknown,
key: Some(
"071FE3E324DD7333",
),
display: None,
}
"###);
}
#[test]
fn invalid_signature() {
let env = GpgEnvironment::new().unwrap();
let backend = backend(&env);
let signature = br"-----BEGIN PGP SIGNATURE-----
super duper invalid
-----END PGP SIGNATURE-----";
assert_matches!(
backend.verify(b"hello world", signature),
Err(SignError::InvalidSignatureFormat)
);
}