aboutsummaryrefslogtreecommitdiff
path: root/t
diff options
context:
space:
mode:
authorJonathan Tan <jonathantanmy@google.com>2017-05-09 12:23:53 -0700
committerJunio C Hamano <gitster@pobox.com>2017-05-10 13:18:28 +0900
commitcbaf82cc6b734244a9190c3341ca5f08f8d5acc4 (patch)
treeb06badfc81d2b16f22715a4f8b33dc40523a6719 /t
parentb7b744f297b736c51636407f5883b3777bb36433 (diff)
downloadgit-cbaf82cc6b734244a9190c3341ca5f08f8d5acc4.tar.gz
git-cbaf82cc6b734244a9190c3341ca5f08f8d5acc4.tar.xz
receive-pack: verify push options in cert
In commit f6a4e61 ("push: accept push options", 2016-07-14), send-pack was taught to include push options both within the signed cert (if the push is a signed push) and outside the signed cert; however, receive-pack ignores push options within the cert, only handling push options outside the cert. Teach receive-pack, in the case that push options are provided for a signed push, to verify that the push options both within the cert and outside the cert are consistent. This sets in stone the requirement that send-pack redundantly send its push options in 2 places, but I think that this is better than the alternatives. Sending push options only within the cert is backwards-incompatible with existing Git servers (which read push options only from outside the cert), and sending push options only outside the cert means that the push options are not signed for. Signed-off-by: Jonathan Tan <jonathantanmy@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't')
-rwxr-xr-xt/t5534-push-signed.sh37
1 files changed, 37 insertions, 0 deletions
diff --git a/t/t5534-push-signed.sh b/t/t5534-push-signed.sh
index ecb8d446a..5bcb288f5 100755
--- a/t/t5534-push-signed.sh
+++ b/t/t5534-push-signed.sh
@@ -124,6 +124,43 @@ test_expect_success GPG 'signed push sends push certificate' '
test_cmp expect dst/push-cert-status
'
+test_expect_success GPG 'inconsistent push options in signed push not allowed' '
+ # First, invoke receive-pack with dummy input to obtain its preamble.
+ prepare_dst &&
+ git -C dst config receive.certnonceseed sekrit &&
+ git -C dst config receive.advertisepushoptions 1 &&
+ printf xxxx | test_might_fail git receive-pack dst >preamble &&
+
+ # Then, invoke push. Simulate a receive-pack that sends the preamble we
+ # obtained, followed by a dummy packet.
+ write_script myscript <<-\EOF &&
+ cat preamble &&
+ printf xxxx &&
+ cat >push
+ EOF
+ test_might_fail git push --push-option="foo" --push-option="bar" \
+ --receive-pack="\"$(pwd)/myscript\"" --signed dst --delete ff &&
+
+ # Replay the push output on a fresh dst, checking that ff is truly
+ # deleted.
+ prepare_dst &&
+ git -C dst config receive.certnonceseed sekrit &&
+ git -C dst config receive.advertisepushoptions 1 &&
+ git receive-pack dst <push &&
+ test_must_fail git -C dst rev-parse ff &&
+
+ # Tweak the push output to make the push option outside the cert
+ # different, then replay it on a fresh dst, checking that ff is not
+ # deleted.
+ perl -pe "s/([^ ])bar/\$1baz/" push >push.tweak &&
+ prepare_dst &&
+ git -C dst config receive.certnonceseed sekrit &&
+ git -C dst config receive.advertisepushoptions 1 &&
+ git receive-pack dst <push.tweak >out &&
+ git -C dst rev-parse ff &&
+ grep "inconsistent push options" out
+'
+
test_expect_success GPG 'fail without key and heed user.signingkey' '
prepare_dst &&
mkdir -p dst/.git/hooks &&