chiark / gitweb /
Test suite: Fully test replay attack prevention
authorIan Jackson <ijackson@chiark.greenend.org.uk>
Sun, 31 May 2015 16:28:31 +0000 (17:28 +0100)
committerIan Jackson <ijackson@chiark.greenend.org.uk>
Sun, 31 May 2015 17:32:57 +0000 (18:32 +0100)
tests/tests/trustingpolicy-replay

index 57ef286..4fc3c17 100755 (executable)
@@ -15,7 +15,7 @@ git tag start
 t-dgit build
 t-dgit push --new
 
-t-commit 'Prep v2 which will be rewound'
+t-commit 'Prep v1.1 which will be rewound'
 t-dgit build
 t-dgit push
 
@@ -31,5 +31,53 @@ git push "$remote" \
        debian/1.1 \
        debian/1.1~0:refs/dgit/sid
 
+git checkout master
+
+
+: "More subtle replay prevention checks"
+
+prepare-replay () {
+       delib=$1
+
+       # We have to stop the pushes succeeding because if they work they
+       # record the tag, which prevents the replays.  We are simulating
+       # abortive pushes (since we do want to avoid a situation where
+       # dangerous old signed tags can exist).
+       t-policy false
+
+       t-commit "request with $delib that we will replay"
+       t-dgit build
+       t-expect-fail "policy-hook.*No such file or directory" \
+       t-dgit push $delib
+
+       t-policy dgit-repos-policy-trusting
+
+       replayv=$v
+}
+
+attempt-replay () {
+       local mpat=$1
+       git show debian/$replayv | grep -e $delib
+       t-expect-fail "$mpat" \
+       git push "$remote" \
+               debian/$replayv \
+               +debian/$replayv~0:refs/dgit/sid
+}
+
+prepare-replay --deliberately-fresh-repo
+
+# simulate some other thing that we shouldn't delete
+git push $tmp/git/$p.git +master:refs/heads/for-testing
+
+attempt-replay 'does not declare previously heads/for-testing'
+
+prepare-replay --deliberately-not-fast-forward
+
+t-commit 'later version to stop not fast forward rewinding'
+t-dgit build
+t-dgit push
+
+attempt-replay "does not declare previously tags/debian/$v"
+
+
 echo ok.
-echo xxx want to check replay prevention insufficient proofs in tag