summaryrefslogtreecommitdiff
path: root/tests/channels.scm
Commit message (Collapse)AuthorAgeFilesLines
* git-authenticate: Ensure the target is a descendant of the introductory commit.Ludovic Courtès2022-02-141-1/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence.
* tests: Move keys into ./tests/keys/ and add a third ed25519 key.Attila Lendvai2021-12-221-9/+9
| | | | | | | | | | | | | | | The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* channels: 'channel-news-entry-commit' correctly resolves annotated tags.Ludovic Courtès2021-09-181-0/+47
| | | | | | | | | | | | Previously, 'channel-news-entry-commit' would return the tag ID rather than the commit ID when the news entry was referred to via an annotated tag. Reported by Xinglu Chen <public@yoctocell.xyz>. * guix/channels.scm (resolve-channel-news-entry-tag): Check whether the reference points to annotated tag; resolve it if it does. * tests/channels.scm ("channel-news, annotated tag"): New test.
* tests: Add missing copyright line.Ludovic Courtès2020-10-121-0/+1
| | | | * tests/channels.scm: Add copyright line for past changes.
* channels: Address test failure.Ludovic Courtès2020-10-121-1/+0
| | | | | | | | | | | | | Fixes <https://bugs.gnu.org/43940>. Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>. The "channel-instances->manifest" test would fail since 1d4ab335b22a93e01c2eb1eb3e93fc6534157040: 'quiet-guile' would be passed #f as GUILE, and thus 'package-version' would fail with wrong-type-arg. * guix/channels.scm (whole-package-for-legacy): Pass #:guile to 'whole-package'. * tests/channels.scm ("channel-instances->manifest"): Remove 'test-expect-fail'.
* tests: Mark the channel-instances->manifest as expected to fail.Maxim Cournoyer2020-10-121-0/+1
| | | | | | | | Allow the Guix package to be updated while awaiting resolution for <https://issues.guix.gnu.org/43940>. * tests/channels.scm (channel-instances->manifest): Mark test as expected to fail.
* Use 'formatted-message' instead of '&message' where appropriate.Ludovic Courtès2020-07-251-6/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * gnu.scm (%try-use-modules): Use 'formatted-message' instead of '&message'. * gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error): Likewise. * gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise. (machine-check-building-for-appropriate-system): Likewise. (deploy-managed-host): Likewise. (maybe-raise-unsupported-configuration-error): Likewise. * gnu/packages.scm (search-patch): Likewise. * gnu/services.scm (%service-with-default-value): Likewise. (files->etc-directory): Likewise. (fold-services): Likewise. * gnu/system.scm (locale-name->definition*): Likewise. * gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise. (check-luks-device): Likewise. * guix/channels.scm (latest-channel-instance): Likewise. * guix/cve.scm (json->cve-items): Likewise. * guix/git-authenticate.scm (commit-signing-key): Likewise. (commit-authorized-keys): Likewise. (authenticate-commit): Likewise. (verify-introductory-commit): Likewise. * guix/remote.scm (remote-pipe-for-gexp): Likewise. * guix/scripts/graph.scm (assert-package): Likewise. * guix/scripts/offload.scm (private-key-from-file*): Likewise. * guix/ssh.scm (authenticate-server*): Likewise. (open-ssh-session): Likewise. (remote-inferior): Likewise. * guix/ui.scm (matching-generations): Likewise. * guix/upstream.scm (package-update): Likewise. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): Catch 'formatted-message?'. ("authenticate-channel, wrong first commit signer"): Likewise. * tests/lint.scm ("patches: not found"): Adjust message string. * tests/packages.scm ("patch not found yields a run-time error"): Catch 'formatted-message?'. * guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'. (check-derivation): Ditto.
* utils: Move <location> and '&error-location' to (guix diagnostics).Ludovic Courtès2020-07-251-1/+1
| | | | | | | | | | | | | * guix/utils.scm (<location>, source-properties->location) (location->source-properties, &error-location): Move to... * guix/diagnostics.scm: ... here. * gnu.scm: Adjust imports accordingly. * gnu/machine.scm: Likewise. * gnu/system.scm: Likewise. * gnu/tests.scm: Likewise. * guix/inferior.scm: Likewise. * tests/channels.scm: Likewise. * tests/packages.scm: Likewise.
* channels: Dependencies listed in '.guix-channel' can have an introduction.Ludovic Courtès2020-07-011-0/+50
| | | | | | | | | | | Suggested by Ricardo Wurmus and Simon Tournier. * guix/channels.scm (sexp->channel-introduction): New procedure. (read-channel-metadata): Use it. (profile-channels)[sexp->channel-introduction]: Remove. * tests/channels.scm ("latest-channel-instances, authenticate dependency"): New test. * doc/guix.texi (Channels)[Declaring Channel Dependencies]: Augment example.
* channels: Properly diagnose test failure.Ludovic Courtès2020-07-011-1/+2
| | | | | | | | This fixes a style issue similar to that of a18d02def9862dfb9b7a5e3d5aa3b541b066d198. * tests/channels.scm ("authenticate-channel, .guix-authorizations"): Change to 'test-equal' so that test failures are properly diagnosed.
* channels: Make channel introductions public.Ludovic Courtès2020-07-011-6/+4
| | | | | | | | | | | * guix/channels.scm (<channel-introduction>): Rename constructor to '%make-channel-introduction'. (make-channel-introduction): New procedure. * tests/channels.scm ("authenticate-channel, wrong first commit signer") ("authenticate-channel, .guix-authorizations"): Use 'make-channel-introduction' without '@@' and without third argument. * doc/guix.texi (Channels)[Channel Authentication, Specifying Channel Authorizations]: New subsections.
* channels: Error out when the 'guix' channel lacks an introduction.Ludovic Courtès2020-06-281-0/+21
| | | | | | | * guix/channels.scm (latest-channel-instance): Raise an error instead of warning when 'guix is unauthenticated. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): New test.
* channels: Fix test for introductory commit signer.Ludovic Courtès2020-06-251-3/+8
| | | | | | | | | | | Until now the test would always succeed because it would return 'failed, which has truth value. The exercise 'verify-introductory-commit', we need to add a second commit beyond the introductory commit, which is what we do here. * tests/channels.scm ("authenticate-channel, wrong first commit signer"): Add a second commit and authenticate up to that one. Change 'message?' to 'message-condition?'.
* channels: Make 'validate-pull' call right after clone/pull.Ludovic Courtès2020-06-161-2/+2
| | | | | | | | | | | | | | This should come before patching, authentication, etc. * guix/channels.scm (latest-channel-instance): Add #:validate-pull parameter and honor it. Return a single value: the instance. (ensure-forward-channel-update): Change 'instance' parameter to 'commit' and adjust accordingly. (latest-channel-instances): Adjust to 'latest-channel-instance' changes. * guix/scripts/pull.scm (warn-about-backward-updates): Change 'instance' parameter to 'commit' and adjust accordingly. * tests/channels.scm ("latest-channel-instances #:validate-pull"): Likewise.
* channels: 'latest-channel-instance' authenticates Git checkouts.Ludovic Courtès2020-06-161-0/+122
| | | | | | | | | | | | | | | | | | | | | | Fixes <https://bugs.gnu.org/22883>. * guix/channels.scm (<channel>)[introduction]: New field. (<channel-introduction>): New record type. (%guix-channel-introduction): New variable. (%default-channels): Use it. (<channel-metadata>)[keyring-reference]: New field. (%default-keyring-reference): New variable. (read-channel-metadata, read-channel-metadata-from-source): Initialize the 'keyring-reference' field. (commit-short-id, verify-introductory-commit) (authenticate-channel): New procedures. (latest-channel-instance): Call 'authenticate-channel' when CHANNEL has an introduction. * tests/channels.scm (gpg+git-available?, commit-id-string): New procedures. ("authenticate-channel, wrong first commit signer"): ("authenticate-channel, .guix-authorizations"): New tests. * doc/guix.texi (Invoking guix pull): Mention authentication.
* channels: 'latest-channel-instances' guards against non-forward updates.Ludovic Courtès2020-05-251-0/+35
| | | | | | | | | | | | | | | * guix/channels.scm (latest-channel-instance): Add #:starting-commit and pass it to 'update-cached-checkout'. Return the commit relation as a second value. (ensure-forward-channel-update): New procedure. (latest-channel-instances): Add #:current-channels and #:validate-pull. [current-commit]: New procedure. Pass #:starting-commit to 'latest-channel-instance'. When the returned relation is true, call VALIDATE-PULL. (latest-channel-derivation): Add #:current-channels and #:validate-pull. Pass them to 'latest-channel-instances*'. * tests/channels.scm ("latest-channel-instances #:validate-pull"): New test.
* git: 'update-cached-checkout' returns the commit relation.Ludovic Courtès2020-05-251-6/+6
| | | | | | | | | | | * guix/git.scm (update-cached-checkout): Add #:starting-commit parameter. Call 'commit-relation' when #:starting-commit is true. Always return the relation or #f as the third value. (latest-repository-commit): Adjust accordingly. * guix/import/opam.scm (get-opam-repository): Likewise. * tests/channels.scm ("latest-channel-instances includes channel dependencies") ("latest-channel-instances excludes duplicate channel dependencies"): Update mock of 'update-cached-checkout' accordingly.
* channels: Add mechanism to patch checkouts of the 'guix channel.Ludovic Courtès2020-05-071-30/+34
| | | | | | | | | | | | | | | * guix/channels.scm (<patch>): New record type. (apply-patches): New procedure. (latest-channel-instance)[dot-git?]: New procedure. Use 'update-cached-checkout' and 'add-to-store' instead of 'latest-repository-commit'. Call 'apply-patches' when CHANNEL is the 'guix channel. (%patches): New variable. * guix/git.scm (url+commit->name): Make public. * tests/channels.scm ("latest-channel-instances includes channel dependencies") ("latest-channel-instances excludes duplicate channel dependencies"): Mock 'update-cached-checkout' instead of 'latest-repository-commit'. Wrap body in 'with-store' and pass the store to 'latest-channel-instances'.
* channels: Allow news entries to refer to a tag.Ludovic Courtès2019-09-231-2/+7
| | | | | | | | | | | | | | | | Suggested by Ricardo Wurmus <rekado@elephly.net>. * guix/channels.scm (<channel-news-entry>)[tag]: New field. (sexp->channel-news-entry): Accept either 'commit' or 'tag' in 'entry' forms. (resolve-channel-news-entry-tag): New procedure. (channel-news-for-commit): Move 'with-repository' form one level higher. Call 'resolve-channel-news-entry-tag' on all the news entries. * guix/tests/git.scm (populate-git-repository): Add clause for 'tag'. * tests/channels.scm ("channel-news, one entry"): Create a tag and add an entry with a tag. Check that the tag is resolved and also visible in the <channel-news-entry> record. * doc/guix.texi (Channels): Mention tags in news entries.
* channels: Add support for a news file.Ludovic Courtès2019-09-231-0/+99
| | | | | | | | | | | | | | * guix/channels.scm (<channel-metadata>)[news-file]: New field. (read-channel-metadata): Set the 'news-file' field. (read-channel-metadata-from-source): Likewise. (<channel-news>, <channel-news-entry>): New record types. (sexp->channel-news-entry, read-channel-news) (channel-news-for-commit): New procedures. * guix/tests/git.scm (populate-git-repository): For 'add', allow CONTENTS to be a procedure. * tests/channels.scm ("channel-news, no news") ("channel-news, one entry"): New tests. * doc/guix.texi (Channels): Document it.
* channels: Always provide a <channel-metadata> record.Ludovic Courtès2019-07-191-16/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | This simplifies the code since one no longer needs to think about whether '.guix-channel' was present. * guix/channels.scm (read-channel-metadata): Always pass a string as the first argument to 'channel-metadata'. (read-channel-metadata-from-source): Always return a <channel-metadata> record. (channel-instance-dependencies): Remove now unneeded 'match'. (standard-module-derivation): Assume DIRECTORY is never #f and contains a leading slash. * tests/channels.scm (channel-metadata-directory) (channel-metadata-dependencies): New procedures. ("channel-instance-metadata returns #f if .guix-channel does not exist"): Remove. ("channel-instance-metadata returns default if .guix-channel does not exist"): New test. (make-instance): Use 'write' instead of 'display' when creating '.guix-channel'. (instance--no-deps): Remove dependencies. (instance--sub-directory): New variable. ("channel-instance-metadata and default dependencies") ("channel-instance-metadata and directory"): New tests. ("latest-channel-instances excludes duplicate channel dependencies"): Expect 'channel-commit' to return a string and adjust accordingly.
* channels: Strictly check the version of '.guix-channel'.Ludovic Courtès2019-07-191-8/+21
| | | | | | | | | | | | | | | | | | Until now the 'version' field in '.guix-channel' could be omitted, or it could be any value. * guix/channels.scm (read-channel-metadata): Rename to... (channel-instance-metadata): ... this. (channel-instance-dependencies): Adjust accordingly. (read-channel-metadata): New procedure. Use 'match' to require a 'version' field. Provide proper error handling when the channel sexp is malformed or when given an unsupported version number. (read-channel-metadata-from-source): Use 'catch' and 'system-error-errno' instead of 'file-exists?'. * tests/channels.scm (instance--unsupported-version): New variable. (read-channel-metadata): Rename to... (channel-instance-metadata): ... this. Rename tests accordingly. ("channel-instance-metadata rejects unsupported version"): New test.
* inferior: 'gexp->derivation-in-inferior' honors EXP's load path.Ludovic Courtès2019-01-201-6/+10
| | | | | | | | | | | | Previously the imported modules and extensions of EXP would be missing from the load path of 'guix repl'. * guix/inferior.scm (gexp->derivation-in-inferior)[script]: New variable. [trampoline]: Write (primitive-load #$script) to PIPE. Add #$output. * tests/channels.scm ("channel-instances->manifest")[depends?]: Check for requisites rather than direct references. Adjust callers accordingly.
* channels: Don't pull from the same channel more than once.Ludovic Courtès2019-01-201-2/+82
| | | | | | | | | | | | | Previous 'channel-instance->manifest' would call 'latest-channel-derivation', which could trigger another round of 'latest-repository-commit' for no good reason. * guix/channels.scm (resolve-dependencies): New procedure. (channel-instance-derivations)[edges]: New variable. [instance->derivation]: New procedure. * tests/channels.scm (make-instance): Use 'checkout->channel-instance' instead of 'channel-instance'. ("channel-instances->manifest"): New test.
* guix: Add support for channel dependencies.Ricardo Wurmus2018-12-091-0/+139
* guix/channels.scm (<channel-metadata>): New record. (read-channel-metadata, channel-instance-dependencies): New procedures. (latest-channel-instances): Include channel dependencies; add optional argument PREVIOUS-CHANNELS. (channel-instance-derivations): Build derivation for additional channels and add it as dependency to the channel instance derivation. * doc/guix.texi (Channels): Add subsection "Declaring Channel Dependencies". * tests/channels.scm: New file. * Makefile.am (SCM_TESTS): Add it.