(command.CommandList children: [ (command.ShAssignment pairs: [ (assign_pair lhs: (sh_lhs_expr.Name name:test_description) op: assign_op.Equal rhs: {(SQ (Token id:Id.Lit_Chars val:'signed push' span_id:6))} spids: [4] ) ] ) (C {(.)} {(./test-lib.sh)}) (C {(.)} {(DQ ($ Id.VSub_DollarName '$TEST_DIRECTORY')) (/lib-gpg.sh)}) (command.ShFunction name: prepare_dst body: (command.BraceGroup children: [ (command.AndOr ops: [Id.Op_DAmp Id.Op_DAmp] children: [ (C {(rm)} {(-fr)} {(dst)}) (C {(test_create_repo)} {(dst)}) (C {(git)} {(push)} {(dst)} {(master) (Id.Lit_Other ':') (noop)} {(master) (Id.Lit_Other ':') (ff)} {(master) (Id.Lit_Other ':') (noff)} ) ] ) ] ) ) (C {(test_expect_success)} {(setup)} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:73) (Token id: Id.Lit_Chars val: '\t# master, ff and noff branches pointing at the same commit\n' span_id: 74 ) (Token id:Id.Lit_Chars val:'\ttest_tick &&\n' span_id:75) (Token id: Id.Lit_Chars val: '\tgit commit --allow-empty -m initial &&\n' span_id: 76 ) (Token id:Id.Lit_Chars val:'\n' span_id:77) (Token id:Id.Lit_Chars val:'\tgit checkout -b noop &&\n' span_id:78) (Token id:Id.Lit_Chars val:'\tgit checkout -b ff &&\n' span_id:79) (Token id:Id.Lit_Chars val:'\tgit checkout -b noff &&\n' span_id:80) (Token id:Id.Lit_Chars val:'\n' span_id:81) (Token id: Id.Lit_Chars val: '\t# noop stays the same, ff advances, noff rewrites\n' span_id: 82 ) (Token id:Id.Lit_Chars val:'\ttest_tick &&\n' span_id:83) (Token id: Id.Lit_Chars val: '\tgit commit --allow-empty --amend -m rewritten &&\n' span_id: 84 ) (Token id:Id.Lit_Chars val:'\tgit checkout ff &&\n' span_id:85) (Token id:Id.Lit_Chars val:'\n' span_id:86) (Token id:Id.Lit_Chars val:'\ttest_tick &&\n' span_id:87) (Token id:Id.Lit_Chars val:'\tgit commit --allow-empty -m second\n' span_id:88) ) } ) (C {(test_expect_success)} {(SQ (Token id:Id.Lit_Chars val:'unsigned push does not send push certificate' span_id:95))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:99) (Token id:Id.Lit_Chars val:'\tprepare_dst &&\n' span_id:100) (Token id:Id.Lit_Chars val:'\tmkdir -p dst/.git/hooks &&\n' span_id:101) (Token id: Id.Lit_Chars val: '\twrite_script dst/.git/hooks/post-receive <<-\\EOF &&\n' span_id: 102 ) (Token id:Id.Lit_Chars val:'\t# discard the update list\n' span_id:103) (Token id:Id.Lit_Chars val:'\tcat >/dev/null\n' span_id:104) (Token id:Id.Lit_Chars val:'\t# record the push certificate\n' span_id:105) (Token id:Id.Lit_Chars val:'\tif test -n "${GIT_PUSH_CERT-}"\n' span_id:106) (Token id:Id.Lit_Chars val:'\tthen\n' span_id:107) (Token id: Id.Lit_Chars val: '\t\tgit cat-file blob $GIT_PUSH_CERT >../push-cert\n' span_id: 108 ) (Token id:Id.Lit_Chars val:'\tfi\n' span_id:109) (Token id:Id.Lit_Chars val:'\tEOF\n' span_id:110) (Token id:Id.Lit_Chars val:'\n' span_id:111) (Token id:Id.Lit_Chars val:'\tgit push dst noop ff +noff &&\n' span_id:112) (Token id:Id.Lit_Chars val:'\t! test -f dst/push-cert\n' span_id:113) ) } ) (C {(test_expect_success)} { (SQ (Token id: Id.Lit_Chars val: 'talking with a receiver without push certificate support' span_id: 120 ) ) } { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:124) (Token id:Id.Lit_Chars val:'\tprepare_dst &&\n' span_id:125) (Token id:Id.Lit_Chars val:'\tmkdir -p dst/.git/hooks &&\n' span_id:126) (Token id: Id.Lit_Chars val: '\twrite_script dst/.git/hooks/post-receive <<-\\EOF &&\n' span_id: 127 ) (Token id:Id.Lit_Chars val:'\t# discard the update list\n' span_id:128) (Token id:Id.Lit_Chars val:'\tcat >/dev/null\n' span_id:129) (Token id:Id.Lit_Chars val:'\t# record the push certificate\n' span_id:130) (Token id:Id.Lit_Chars val:'\tif test -n "${GIT_PUSH_CERT-}"\n' span_id:131) (Token id:Id.Lit_Chars val:'\tthen\n' span_id:132) (Token id: Id.Lit_Chars val: '\t\tgit cat-file blob $GIT_PUSH_CERT >../push-cert\n' span_id: 133 ) (Token id:Id.Lit_Chars val:'\tfi\n' span_id:134) (Token id:Id.Lit_Chars val:'\tEOF\n' span_id:135) (Token id:Id.Lit_Chars val:'\n' span_id:136) (Token id:Id.Lit_Chars val:'\tgit push dst noop ff +noff &&\n' span_id:137) (Token id:Id.Lit_Chars val:'\t! test -f dst/push-cert\n' span_id:138) ) } ) (C {(test_expect_success)} { (SQ (Token id: Id.Lit_Chars val: 'push --signed fails with a receiver without push certificate support' span_id: 145 ) ) } { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:149) (Token id:Id.Lit_Chars val:'\tprepare_dst &&\n' span_id:150) (Token id:Id.Lit_Chars val:'\tmkdir -p dst/.git/hooks &&\n' span_id:151) (Token id: Id.Lit_Chars val: '\ttest_must_fail git push --signed dst noop ff +noff 2>err &&\n' span_id: 152 ) (Token id:Id.Lit_Chars val:'\ttest_i18ngrep "the receiving end does not support" err\n' span_id:153) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'no certificate for a signed push with no update' span_id:162))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:166) (Token id:Id.Lit_Chars val:'\tprepare_dst &&\n' span_id:167) (Token id:Id.Lit_Chars val:'\tmkdir -p dst/.git/hooks &&\n' span_id:168) (Token id: Id.Lit_Chars val: '\twrite_script dst/.git/hooks/post-receive <<-\\EOF &&\n' span_id: 169 ) (Token id:Id.Lit_Chars val:'\tif test -n "${GIT_PUSH_CERT-}"\n' span_id:170) (Token id:Id.Lit_Chars val:'\tthen\n' span_id:171) (Token id:Id.Lit_Chars val:'\t\tgit cat-file blob $GIT_PUSH_CERT >../push-cert\n' span_id:172) (Token id:Id.Lit_Chars val:'\tfi\n' span_id:173) (Token id:Id.Lit_Chars val:'\tEOF\n' span_id:174) (Token id:Id.Lit_Chars val:'\tgit push dst noop &&\n' span_id:175) (Token id:Id.Lit_Chars val:'\t! test -f dst/push-cert\n' span_id:176) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'signed push sends push certificate' span_id:185))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:189) (Token id:Id.Lit_Chars val:'\tprepare_dst &&\n' span_id:190) (Token id:Id.Lit_Chars val:'\tmkdir -p dst/.git/hooks &&\n' span_id:191) (Token id: Id.Lit_Chars val: '\tgit -C dst config receive.certnonceseed sekrit &&\n' span_id: 192 ) (Token id:Id.Lit_Chars val:'\twrite_script dst/.git/hooks/post-receive <<-\\EOF &&\n' span_id:193) (Token id:Id.Lit_Chars val:'\t# discard the update list\n' span_id:194) (Token id:Id.Lit_Chars val:'\tcat >/dev/null\n' span_id:195) (Token id:Id.Lit_Chars val:'\t# record the push certificate\n' span_id:196) (Token id:Id.Lit_Chars val:'\tif test -n "${GIT_PUSH_CERT-}"\n' span_id:197) (Token id:Id.Lit_Chars val:'\tthen\n' span_id:198) (Token id:Id.Lit_Chars val:'\t\tgit cat-file blob $GIT_PUSH_CERT >../push-cert\n' span_id:199) (Token id:Id.Lit_Chars val:'\tfi &&\n' span_id:200) (Token id:Id.Lit_Chars val:'\n' span_id:201) (Token id:Id.Lit_Chars val:'\tcat >../push-cert-status <<E_O_F\n' span_id:202) (Token id:Id.Lit_Chars val:'\tSIGNER=${GIT_PUSH_CERT_SIGNER-nobody}\n' span_id:203) (Token id:Id.Lit_Chars val:'\tKEY=${GIT_PUSH_CERT_KEY-nokey}\n' span_id:204) (Token id:Id.Lit_Chars val:'\tSTATUS=${GIT_PUSH_CERT_STATUS-nostatus}\n' span_id:205) (Token id: Id.Lit_Chars val: '\tNONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}\n' span_id: 206 ) (Token id:Id.Lit_Chars val:'\tNONCE=${GIT_PUSH_CERT_NONCE-nononce}\n' span_id:207) (Token id:Id.Lit_Chars val:'\tE_O_F\n' span_id:208) (Token id:Id.Lit_Chars val:'\n' span_id:209) (Token id:Id.Lit_Chars val:'\tEOF\n' span_id:210) (Token id:Id.Lit_Chars val:'\n' span_id:211) (Token id:Id.Lit_Chars val:'\tgit push --signed dst noop ff +noff &&\n' span_id:212) (Token id:Id.Lit_Chars val:'\n' span_id:213) (Token id:Id.Lit_Chars val:'\t(\n' span_id:214) (Token id:Id.Lit_Chars val:'\t\tcat <<-\\EOF &&\n' span_id:215) (Token id:Id.Lit_Chars val:'\t\tSIGNER=C O Mitter <committer@example.com>\n' span_id:216) (Token id:Id.Lit_Chars val:'\t\tKEY=13B6F51ECDDE430D\n' span_id:217) (Token id:Id.Lit_Chars val:'\t\tSTATUS=G\n' span_id:218) (Token id:Id.Lit_Chars val:'\t\tNONCE_STATUS=OK\n' span_id:219) (Token id:Id.Lit_Chars val:'\t\tEOF\n' span_id:220) (Token id: Id.Lit_Chars val: '\t\tsed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert\n' span_id: 221 ) (Token id:Id.Lit_Chars val:'\t) >expect &&\n' span_id:222) (Token id:Id.Lit_Chars val:'\n' span_id:223) (Token id: Id.Lit_Chars val: '\tgrep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&\n' span_id: 224 ) (Token id: Id.Lit_Chars val: '\tgrep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&\n' span_id: 225 ) (Token id:Id.Lit_Chars val:'\ttest_cmp expect dst/push-cert-status\n' span_id:226) ) } ) (C {(test_expect_success)} {(GPG)} {(SQ (Token id:Id.Lit_Chars val:'fail without key and heed user.signingkey' span_id:235))} { (SQ (Token id:Id.Lit_Chars val:'\n' span_id:239) (Token id:Id.Lit_Chars val:'\tprepare_dst &&\n' span_id:240) (Token id:Id.Lit_Chars val:'\tmkdir -p dst/.git/hooks &&\n' span_id:241) (Token id: Id.Lit_Chars val: '\tgit -C dst config receive.certnonceseed sekrit &&\n' span_id: 242 ) (Token id:Id.Lit_Chars val:'\twrite_script dst/.git/hooks/post-receive <<-\\EOF &&\n' span_id:243) (Token id:Id.Lit_Chars val:'\t# discard the update list\n' span_id:244) (Token id:Id.Lit_Chars val:'\tcat >/dev/null\n' span_id:245) (Token id:Id.Lit_Chars val:'\t# record the push certificate\n' span_id:246) (Token id:Id.Lit_Chars val:'\tif test -n "${GIT_PUSH_CERT-}"\n' span_id:247) (Token id:Id.Lit_Chars val:'\tthen\n' span_id:248) (Token id:Id.Lit_Chars val:'\t\tgit cat-file blob $GIT_PUSH_CERT >../push-cert\n' span_id:249) (Token id:Id.Lit_Chars val:'\tfi &&\n' span_id:250) (Token id:Id.Lit_Chars val:'\n' span_id:251) (Token id:Id.Lit_Chars val:'\tcat >../push-cert-status <<E_O_F\n' span_id:252) (Token id:Id.Lit_Chars val:'\tSIGNER=${GIT_PUSH_CERT_SIGNER-nobody}\n' span_id:253) (Token id:Id.Lit_Chars val:'\tKEY=${GIT_PUSH_CERT_KEY-nokey}\n' span_id:254) (Token id:Id.Lit_Chars val:'\tSTATUS=${GIT_PUSH_CERT_STATUS-nostatus}\n' span_id:255) (Token id: Id.Lit_Chars val: '\tNONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}\n' span_id: 256 ) (Token id:Id.Lit_Chars val:'\tNONCE=${GIT_PUSH_CERT_NONCE-nononce}\n' span_id:257) (Token id:Id.Lit_Chars val:'\tE_O_F\n' span_id:258) (Token id:Id.Lit_Chars val:'\n' span_id:259) (Token id:Id.Lit_Chars val:'\tEOF\n' span_id:260) (Token id:Id.Lit_Chars val:'\n' span_id:261) (Token id:Id.Lit_Chars val:'\tunset GIT_COMMITTER_EMAIL &&\n' span_id:262) (Token id: Id.Lit_Chars val: '\tgit config user.email hasnokey@nowhere.com &&\n' span_id: 263 ) (Token id:Id.Lit_Chars val:'\ttest_must_fail git push --signed dst noop ff +noff &&\n' span_id:264) (Token id: Id.Lit_Chars val: '\tgit config user.signingkey committer@example.com &&\n' span_id: 265 ) (Token id:Id.Lit_Chars val:'\tgit push --signed dst noop ff +noff &&\n' span_id:266) (Token id:Id.Lit_Chars val:'\n' span_id:267) (Token id:Id.Lit_Chars val:'\t(\n' span_id:268) (Token id:Id.Lit_Chars val:'\t\tcat <<-\\EOF &&\n' span_id:269) (Token id:Id.Lit_Chars val:'\t\tSIGNER=C O Mitter <committer@example.com>\n' span_id:270) (Token id:Id.Lit_Chars val:'\t\tKEY=13B6F51ECDDE430D\n' span_id:271) (Token id:Id.Lit_Chars val:'\t\tSTATUS=G\n' span_id:272) (Token id:Id.Lit_Chars val:'\t\tNONCE_STATUS=OK\n' span_id:273) (Token id:Id.Lit_Chars val:'\t\tEOF\n' span_id:274) (Token id: Id.Lit_Chars val: '\t\tsed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert\n' span_id: 275 ) (Token id:Id.Lit_Chars val:'\t) >expect &&\n' span_id:276) (Token id:Id.Lit_Chars val:'\n' span_id:277) (Token id: Id.Lit_Chars val: '\tgrep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&\n' span_id: 278 ) (Token id: Id.Lit_Chars val: '\tgrep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&\n' span_id: 279 ) (Token id:Id.Lit_Chars val:'\ttest_cmp expect dst/push-cert-status\n' span_id:280) ) } ) (C {(test_done)}) ] )