test coverage for several verify scenarios

This commit is contained in:
Lance Vick 2020-11-20 20:50:12 -08:00
parent fe96172114
commit e9da8fee86
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
5 changed files with 118 additions and 28 deletions

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+3nnQACgkQjkeh7DWh
VR25iRAAkbnxfyyuYIc6o5G2OlzigkFon6bhpQkxczkF/O2utTL/reMVk9Gi2JLj
FupgAs5pdybiFJZo1ugAaaFL7eSoxopIOImdGIIK0AiQsbDDU5739WyAAbgqDruC
EuwekUfXv7oTyRI3m4o4LIDEhQ5YDrY+kvRCl93/PZt0xy0FinQAfi/QR06sEj4q
JjA++k8wfTr6QwjwbM+VNfKfI+sdFvynL1cchKXx9ybsOZRGLFGaih1FqcHmJCEM
XZ+Zun5zP/XUKdAHRB7GMxff7srmOyx93NQstv5/oqss/QO0kbZLpD82mGCcUWCd
Lx0c1rwVjIB74C/S9NY12KY5sIfE8ROpCEgsbqgvetgo6I734eAWRJMkZuasSYSF
7OSRwzeNuS1eLWsL9/EJy6n0UDNGwIDCFzSP6a19iNwWuftV15nC2sOhKQN5eLAa
bv6uvBVeGQpjah5treE/PcbuhtytbrVX4kmbUnIk0opBmLzYBIHHLd6gPmoOP8Ig
erua+9WK+LZunr7DonSsIvVyWJBS/Qz5HFXTAs0ZfblZ5GwFwrsAuVim3pV5lwUd
yFQHeqWHU/IhbZKs2Ch42oztOd0oIStH9G2Y8vqXRGSlFLqArhMdSYvlJCWn5KBa
2oAnn0s3ntLKD0YoPB27ks9WXa34Z+Kr3vRtRW/EdnMt5fYdBew=
=i0LH
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+4nEwACgkQjkeh7DWh
VR0HOg/+M33tcLn9pmiE+31ovH+4/XuDfYIuefWrxc/YLS+E8QIvmw5X+cXCuohV
/qtfPg/EHddvMHq6BCMdo4XwqiPhYXbrh25FgT+bG2c8N8SMK797ffGo3DRH2ZbF
yDFlQz0jShSbjvSFDFHYiS75ACKQ1AXN86gHr+/oH4aMiVtNA2AwrFmcajtY/nUN
UmmRW6h/4mFbIp+MhbX9YH9Pc39da7ZvZyO/S6t9jA3M6Kwu5TZGkhPIHmuhnWc4
CLG+PqQJabtYjt6VniJCcz4uubKKAgmjgB7RgVCQt05wLiB3Ca9MiTWZpGjuhedJ
XrdphEep6cvWa4hvgWvKHQMtJEAKCD21rmnFXkGUl4hbe/joQ1rvEv+JL+QLIZv9
S8rPeByVM4MtItJGIALL157K7dQdepxneRsGOJam6bI0ZLo3DJyDMODJWLFiHmUt
WlZ2Queqp6UQbs19HJYgNve82wZsX/iXbqSRzg6V+043EDgOHpXX0zbJ6qMQXEd9
UlJZQE4VPr/4V8LvYzMxbtlEClhAFIjKY2qAGwvkwoQgEcxYZ6fQZz6nriSPmWOO
lFa5QQZEgJtMge9kQqmYAenD4J0F30S2Lj2IcS+t28XtTYyMiQ48cI37PUkuB5BC
LSCx7lUGGLo5+Uz3aJ89yTpmhCXK0XvmCEqA0rPpz30NcWEaJ+Q=
=7Skg
-----END PGP SIGNATURE-----

View File

@ -1,8 +1,8 @@
64263feac7b00952e9ec3b6c1fd11316faa58ff673c6bd085fac9f6f8d8389f6 .gitignore
67377eee89dfc4411665474ac0bee0f9a19ea7e594bcc8606b0bc3ace69f0aa1 .gitlab-ci.yml
c38c2540b680a721a741b4613f9a8d443c8ed8952994f10f73fd8183c3288df7 Makefile
ad3d473c630217dff7c4499efc1de46fc3a55068677c2bb3a21714aa56dd408a Makefile
464ed12795e3e41eee83713709069fefb07f0676ba237894a9325aafe5c91e31 README.md
bb1a24c30f2a26889195deac4ad98fcf9fd485baa4aa1dd04c12abef8212f6ad sig
3dfa934d88199ed8992d63d68bce81c5b82970b4a78d4ccde056d6039ee3cf5f sig
646a6c11ef22d51bd7fadff5ecc806d8d3e7c62151a0dd56bbeb59eca74c671c test/Dockerfile
dd79ef0e6d0738321f916a5c85a60d44152fb1ffcd71572de98cf48e0d0d911c test/keys/user1.pub.asc
c98a656738f188f650fa0107e3478d640c175a3db481a6c3cbc267f75a05b440 test/keys/user1.sec.asc
@ -14,5 +14,5 @@ c0e3df63b1f01a83e17c463af9e37365a5e38ee0289d59cdfee725df202a311b test/keys/user3
d4cbeffdbf7064aaffe94556b5879c88cddf479e3e76518f25c3491482abd789 test/keys/user4.sec.asc
c608e63175a1e9cc3fe2500372769a9e30b808d2e4d4a950796d98dac14775ea test/keys/user5.pub.asc
873f3a1e2da41587f4b5a0dad5d8b704a37144e54931fe3a167ea9648772a5dc test/keys/user5.sec.asc
9ebc08efa02b1e11cfd8a2544dbcf5bb8a798b0f485e317bdf0f96b89384c8de test/test.bats
ab7f531be1e3f9075ee43e20dd230b6400cf856f7dfc857b848c5e9b766fc3f4 test/test.bats
418903b58dad935ee3aa1dfcc4c4ac22fd77a838b87a5c2c3fe4e510a164f0a0 test/test_helper.bash

View File

@ -5,7 +5,6 @@ all: lint test verify
test: test-image
docker run \
--rm \
--interactive \
--volume $(PWD)/:/home/test/sig \
local/sig-test \
bats sig/test/test.bats

3
sig
View File

@ -27,6 +27,8 @@ die_pkg() {
install_cmd="yum install ${package}"
elif command -v "pacman" >/dev/null; then
install_cmd="pacman -Ss ${package}"
elif command -v "emerge" >/dev/null; then
install_cmd="emerge ${package}"
elif command -v "nix-env" >/dev/null; then
install_cmd="nix-env -i ${package}"
fi
@ -41,6 +43,7 @@ die_pkg() {
}
### Ask user to make a binary decision
### If not an interactive terminal: auto-accept default
ask() {
local prompt default
while true; do

View File

@ -64,7 +64,7 @@ load test_helper
[ "$status" -eq 0 ]
}
@test "Can verify git repo has signed commits by anyone" {
@test "Verify succeeds when 1 unique git sig requirement is satisifed" {
set_identity "user1"
echo "test string" > somefile
git init
@ -74,38 +74,126 @@ load test_helper
[ "$status" -eq 0 ]
}
@test "Verify succeeds when 3/3 unique git sig requirement is satisfied" {
@test "Verify succeeds when 3 unique git sig requirement is satisfied" {
git init
set_identity "user1"
echo "test string 1" > somefile1
git add .
git commit -m "user1 commit"
set_identity "user2"
echo "test string 2" > somefile2
git add .
git commit -m "user2 commit"
set_identity "user3"
echo "test string 3" > somefile3
git add .
git commit -m "user3 commit"
run sig verify --method git --threshold 3
[ "$status" -eq 0 ]
}
@test "Verify fails when 2/2 unique git sig requirement is not satisfied" {
@test "Verify fails when 2 unique git sig requirement is not satisfied" {
git init
set_identity "user1"
echo "test string 1" > somefile1
git add .
git commit -m "user1 commit"
run sig verify --method git --threshold 2
[ "$status" -eq 1 ]
}
@test "Verify succeeds when 1 group git sig requirement is satisifed" {
set_identity "user1"
echo "test string" > somefile
git init
git add .
git commit -m "initial commit"
sig fetch --group maintainers AE08157232C35F04309FA478C5EBC4A7CF55A2D0
run sig verify --method git --group maintainers
[ "$status" -eq 0 ]
}
@test "Verify succeeds when 3 group git sig requirement is satisifed" {
set_identity "user1"
echo "test string" > somefile1
git init
git add .
git commit -m "User 1 Commit"
set_identity "user2"
echo "test string" > somefile2
git init
git add .
git commit -m "User 2 Commit"
set_identity "user3"
echo "test string" > somefile3
git init
git add .
git commit -m "User 3 Commit"
sig fetch --group maintainers AE08157232C35F04309FA478C5EBC4A7CF55A2D0
sig fetch --group maintainers BE4D60F6CFD2237A8AF978583C51CADD33BD0EE8
sig fetch --group maintainers 3E45AC9E190B4EE32BAE9F61A331AFB540761D69
run sig verify --method git --threshold 3 --group maintainers
[ "$status" -eq 0 ]
}
@test "Verify fails when 2 group git sig requirement is not satisifed" {
set_identity "user1"
echo "test string" > somefile
git init
git add .
git commit -m "initial commit"
run sig verify --method git --threshold 2 --group maintainers
[ "$status" -eq 1 ]
}
@test "Verify succeeds when 1 unique detached sig requirement is satisifed" {
set_identity "user1"
run sig add
run sig verify --method detached
[ "$status" -eq 0 ]
}
@test "Verify succeeds when 2 unique detached sig requirement is satisifed" {
set_identity "user1"
run sig add
set_identity "user2"
run sig add
run sig verify --threshold 2 --method detached
[ "$status" -eq 0 ]
}
@test "Verify fails when 2 unique detached sig requirement is not satisifed" {
set_identity "user1"
run sig add
run sig verify --threshold 2 --method detached
[ "$status" -eq 1 ]
}
@test "Verify succeeds when 1 group detached sig requirement is satisifed" {
set_identity "user1"
sig add
sig fetch --group maintainers AE08157232C35F04309FA478C5EBC4A7CF55A2D0
run sig verify --method detached --group maintainers
[ "$status" -eq 0 ]
}
@test "Verify succeeds when 3 group detached sig requirement is satisifed" {
set_identity "user1"
sig add
set_identity "user2"
sig add
set_identity "user3"
sig add
sig fetch --group maintainers AE08157232C35F04309FA478C5EBC4A7CF55A2D0
sig fetch --group maintainers BE4D60F6CFD2237A8AF978583C51CADD33BD0EE8
sig fetch --group maintainers 3E45AC9E190B4EE32BAE9F61A331AFB540761D69
run sig verify --method detached --threshold 3 --group maintainers
[ "$status" -eq 0 ]
}
@test "Verify fails when 2 group detached sig requirement is not satisifed" {
set_identity "user1"
sig add
run sig verify --method detached --threshold 2 --group maintainers
[ "$status" -eq 1 ]
}