summaryrefslogtreecommitdiff
path: root/tests/tests/trustingpolicy-replay
blob: 2a1012b69ef68366cd62dd910776e9604c55d3d3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#!/bin/bash
set -e
. tests/lib

t-tstunt-parsechangelog

t-dependencies dput-ng

t-git-config dgit.default.dep14tag no

t-dsd
t-policy dgit-repos-policy-trusting
t-prep-newpackage example 1.0

cd $p
revision=1
git tag start

t-dgit build
t-dgit push --new

t-rm-dput-dropping

t-commit 'Prep v1.1 which will be rewound'
t-dgit build
t-dgit push

git checkout $tagpfx/1.0
t-dgit build
t-dgit push --deliberately-fresh-repo

remote="`git config dgit-distro.test-dummy.git-url`/$p.git"

t-expect-push-fail 'Replay of previously-rewound upload' \
git push "$remote" \
	$tagpfx/1.1 \
	$tagpfx/1.1~0:refs/dgit/sid

git checkout master


: "More subtle replay prevention checks"

prepare-replay () {
	delib=$1

	# We have to stop the pushes succeeding because if they work they
	# record the tag, which prevents the replays.  We are simulating
	# abortive pushes (since we do want to avoid a situation where
	# dangerous old signed tags can exist).
	t-policy-nonexist

	t-commit "request with $delib that we will replay"
	t-dgit build
	t-expect-push-fail 'system: No such file or directory' \
	t-dgit push $delib

	t-policy dgit-repos-policy-trusting

	replayv=$v
}

attempt-replay () {
	local mpat=$1
	git show $tagpfx/$replayv | grep -e $delib
	t-expect-push-fail "$mpat" \
	git push "$remote" \
		$tagpfx/$replayv \
		+$tagpfx/$replayv~0:refs/dgit/sid
}

prepare-replay --deliberately-fresh-repo

# simulate some other thing that we shouldn't delete
git push $dgitrepo +master:refs/heads/for-testing

attempt-replay 'does not declare previously heads/for-testing'

prepare-replay --deliberately-not-fast-forward

t-commit 'later version to stop not fast forward rewinding'
t-dgit build
t-dgit push

attempt-replay "does not declare previously tags/$tagpfx/$v"


t-ok