test coverage for several verify scenarios

.sig/manifest.8E47A1EC35A1551D.asc

@@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+3nnQACgkQjkeh7DWh
-VR25iRAAkbnxfyyuYIc6o5G2OlzigkFon6bhpQkxczkF/O2utTL/reMVk9Gi2JLj
-FupgAs5pdybiFJZo1ugAaaFL7eSoxopIOImdGIIK0AiQsbDDU5739WyAAbgqDruC
-EuwekUfXv7oTyRI3m4o4LIDEhQ5YDrY+kvRCl93/PZt0xy0FinQAfi/QR06sEj4q
-JjA++k8wfTr6QwjwbM+VNfKfI+sdFvynL1cchKXx9ybsOZRGLFGaih1FqcHmJCEM
-XZ+Zun5zP/XUKdAHRB7GMxff7srmOyx93NQstv5/oqss/QO0kbZLpD82mGCcUWCd
-Lx0c1rwVjIB74C/S9NY12KY5sIfE8ROpCEgsbqgvetgo6I734eAWRJMkZuasSYSF
-7OSRwzeNuS1eLWsL9/EJy6n0UDNGwIDCFzSP6a19iNwWuftV15nC2sOhKQN5eLAa
-bv6uvBVeGQpjah5treE/PcbuhtytbrVX4kmbUnIk0opBmLzYBIHHLd6gPmoOP8Ig
-erua+9WK+LZunr7DonSsIvVyWJBS/Qz5HFXTAs0ZfblZ5GwFwrsAuVim3pV5lwUd
-yFQHeqWHU/IhbZKs2Ch42oztOd0oIStH9G2Y8vqXRGSlFLqArhMdSYvlJCWn5KBa
-2oAnn0s3ntLKD0YoPB27ks9WXa34Z+Kr3vRtRW/EdnMt5fYdBew=
-=i0LH
+iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+4nEwACgkQjkeh7DWh
+VR0HOg/+M33tcLn9pmiE+31ovH+4/XuDfYIuefWrxc/YLS+E8QIvmw5X+cXCuohV
+/qtfPg/EHddvMHq6BCMdo4XwqiPhYXbrh25FgT+bG2c8N8SMK797ffGo3DRH2ZbF
+yDFlQz0jShSbjvSFDFHYiS75ACKQ1AXN86gHr+/oH4aMiVtNA2AwrFmcajtY/nUN
+UmmRW6h/4mFbIp+MhbX9YH9Pc39da7ZvZyO/S6t9jA3M6Kwu5TZGkhPIHmuhnWc4
+CLG+PqQJabtYjt6VniJCcz4uubKKAgmjgB7RgVCQt05wLiB3Ca9MiTWZpGjuhedJ
+XrdphEep6cvWa4hvgWvKHQMtJEAKCD21rmnFXkGUl4hbe/joQ1rvEv+JL+QLIZv9
+S8rPeByVM4MtItJGIALL157K7dQdepxneRsGOJam6bI0ZLo3DJyDMODJWLFiHmUt
+WlZ2Queqp6UQbs19HJYgNve82wZsX/iXbqSRzg6V+043EDgOHpXX0zbJ6qMQXEd9
+UlJZQE4VPr/4V8LvYzMxbtlEClhAFIjKY2qAGwvkwoQgEcxYZ6fQZz6nriSPmWOO
+lFa5QQZEgJtMge9kQqmYAenD4J0F30S2Lj2IcS+t28XtTYyMiQ48cI37PUkuB5BC
+LSCx7lUGGLo5+Uz3aJ89yTpmhCXK0XvmCEqA0rPpz30NcWEaJ+Q=
+=7Skg
 -----END PGP SIGNATURE-----

.sig/manifest.txt

@@ -1,8 +1,8 @@
 64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
 67377eee89dfc4411665474ac0bee0f9a19ea7e594bcc8606b0bc3ace69f0aa1 .gitlab-ci.yml
-c38c2540b680a721a741b4613f9a8d443c8ed8952994f10f73fd8183c3288df7 Makefile
+ad3d473c630217dff7c4499efc1de46fc3a55068677c2bb3a21714aa56dd408a Makefile
 464ed12795e3e41eee83713709069fefb07f0676ba237894a9325aafe5c91e31 README.md
-bb1a24c30f2a26889195deac4ad98fcf9fd485baa4aa1dd04c12abef8212f6ad sig
+3dfa934d88199ed8992d63d68bce81c5b82970b4a78d4ccde056d6039ee3cf5f sig
 646a6c11ef22d51bd7fadff5ecc806d8d3e7c62151a0dd56bbeb59eca74c671c test/Dockerfile
 dd79ef0e6d0738321f916a5c85a60d44152fb1ffcd71572de98cf48e0d0d911c test/keys/user1.pub.asc
 c98a656738f188f650fa0107e3478d640c175a3db481a6c3cbc267f75a05b440 test/keys/user1.sec.asc
@@ -14,5 +14,5 @@ c0e3df63b1f01a83e17c463af9e37365a5e38ee0289d59cdfee725df202a311b test/keys/user3
 d4cbeffdbf7064aaffe94556b5879c88cddf479e3e76518f25c3491482abd789 test/keys/user4.sec.asc
 c608e63175a1e9cc3fe2500372769a9e30b808d2e4d4a950796d98dac14775ea test/keys/user5.pub.asc
 873f3a1e2da41587f4b5a0dad5d8b704a37144e54931fe3a167ea9648772a5dc test/keys/user5.sec.asc
-9ebc08efa02b1e11cfd8a2544dbcf5bb8a798b0f485e317bdf0f96b89384c8de test/test.bats
+ab7f531be1e3f9075ee43e20dd230b6400cf856f7dfc857b848c5e9b766fc3f4 test/test.bats
 418903b58dad935ee3aa1dfcc4c4ac22fd77a838b87a5c2c3fe4e510a164f0a0 test/test_helper.bash

Makefile

@@ -5,7 +5,6 @@ all: lint test verify
 test: test-image
 	docker run \
 		--rm \
-		--interactive \
 		--volume $(PWD)/:/home/test/sig \
 		local/sig-test \
 		bats sig/test/test.bats

sig

@@ -27,6 +27,8 @@ die_pkg() {
 				install_cmd="yum install ${package}"
 			elif command -v "pacman" >/dev/null; then
 				install_cmd="pacman -Ss ${package}"
+			elif command -v "emerge" >/dev/null; then
+				install_cmd="emerge ${package}"
 			elif command -v "nix-env" >/dev/null; then
 				install_cmd="nix-env -i ${package}"
 			fi
@@ -41,6 +43,7 @@ die_pkg() {
 }
 
 ### Ask user to make a binary decision
+### If not an interactive terminal: auto-accept default
 ask() {
 	local prompt default
 	while true; do

test/test.bats

@@ -64,7 +64,7 @@ load test_helper
 	[ "$status" -eq 0 ]
 }
 
-@test "Can verify git repo has signed commits by anyone" {
+@test "Verify succeeds when 1 unique git sig requirement is satisifed" {
 	set_identity "user1"
 	echo "test string" > somefile
 	git init
@@ -74,38 +74,126 @@ load test_helper
 	[ "$status" -eq 0 ]
 }
 
-@test "Verify succeeds when 3/3 unique git sig requirement is satisfied" {
-
+@test "Verify succeeds when 3 unique git sig requirement is satisfied" {
 	git init
-
 	set_identity "user1"
 	echo "test string 1" > somefile1
 	git add .
 	git commit -m "user1 commit"
-
 	set_identity "user2"
 	echo "test string 2" > somefile2
 	git add .
 	git commit -m "user2 commit"
-
 	set_identity "user3"
 	echo "test string 3" > somefile3
 	git add .
 	git commit -m "user3 commit"
-
 	run sig verify --method git --threshold 3
 	[ "$status" -eq 0 ]
 }
 
-@test "Verify fails when 2/2 unique git sig requirement is not satisfied" {
-
+@test "Verify fails when 2 unique git sig requirement is not satisfied" {
 	git init
-
 	set_identity "user1"
 	echo "test string 1" > somefile1
 	git add .
 	git commit -m "user1 commit"
-
 	run sig verify --method git --threshold 2
 	[ "$status" -eq 1 ]
 }
+
+@test "Verify succeeds when 1 group git sig requirement is satisifed" {
+	set_identity "user1"
+	echo "test string" > somefile
+	git init
+	git add .
+	git commit -m "initial commit"
+	sig fetch --group maintainers AE08157232C35F04309FA478C5EBC4A7CF55A2D0
+	run sig verify --method git --group maintainers
+	[ "$status" -eq 0 ]
+}
+
+@test "Verify succeeds when 3 group git sig requirement is satisifed" {
+	set_identity "user1"
+	echo "test string" > somefile1
+	git init
+	git add .
+	git commit -m "User 1 Commit"
+	set_identity "user2"
+	echo "test string" > somefile2
+	git init
+	git add .
+	git commit -m "User 2 Commit"
+	set_identity "user3"
+	echo "test string" > somefile3
+	git init
+	git add .
+	git commit -m "User 3 Commit"
+	sig fetch --group maintainers AE08157232C35F04309FA478C5EBC4A7CF55A2D0
+	sig fetch --group maintainers BE4D60F6CFD2237A8AF978583C51CADD33BD0EE8
+	sig fetch --group maintainers 3E45AC9E190B4EE32BAE9F61A331AFB540761D69
+	run sig verify --method git --threshold 3 --group maintainers
+	[ "$status" -eq 0 ]
+}
+
+@test "Verify fails when 2 group git sig requirement is not satisifed" {
+	set_identity "user1"
+	echo "test string" > somefile
+	git init
+	git add .
+	git commit -m "initial commit"
+	run sig verify --method git --threshold 2 --group maintainers
+	[ "$status" -eq 1 ]
+}
+
+@test "Verify succeeds when 1 unique detached sig requirement is satisifed" {
+	set_identity "user1"
+	run sig add
+	run sig verify --method detached
+	[ "$status" -eq 0 ]
+}
+
+@test "Verify succeeds when 2 unique detached sig requirement is satisifed" {
+	set_identity "user1"
+	run sig add
+	set_identity "user2"
+	run sig add
+	run sig verify --threshold 2 --method detached
+	[ "$status" -eq 0 ]
+}
+
+@test "Verify fails when 2 unique detached sig requirement is not satisifed" {
+	set_identity "user1"
+	run sig add
+	run sig verify --threshold 2 --method detached
+	[ "$status" -eq 1 ]
+}
+
+@test "Verify succeeds when 1 group detached sig requirement is satisifed" {
+	set_identity "user1"
+	sig add
+	sig fetch --group maintainers AE08157232C35F04309FA478C5EBC4A7CF55A2D0
+	run sig verify --method detached --group maintainers
+	[ "$status" -eq 0 ]
+}
+
+@test "Verify succeeds when 3 group detached sig requirement is satisifed" {
+	set_identity "user1"
+	sig add
+	set_identity "user2"
+	sig add
+	set_identity "user3"
+	sig add
+	sig fetch --group maintainers AE08157232C35F04309FA478C5EBC4A7CF55A2D0
+	sig fetch --group maintainers BE4D60F6CFD2237A8AF978583C51CADD33BD0EE8
+	sig fetch --group maintainers 3E45AC9E190B4EE32BAE9F61A331AFB540761D69
+	run sig verify --method detached --threshold 3 --group maintainers
+	[ "$status" -eq 0 ]
+}
+
+@test "Verify fails when 2 group detached sig requirement is not satisifed" {
+	set_identity "user1"
+	sig add
+	run sig verify --method detached --threshold 2 --group maintainers
+	[ "$status" -eq 1 ]
+}