mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test(tvix/store/signing_wrapper): restructure

Browse source 
Move things around a bit to make it easier to understand what's going on:

 - We first validate our fixture invariants
 - We then insert into the PathInfoService
 - Do all comparisons and checks we can on the returned PathInfo struct
 - Only convert to the NarInfo variant to calculate the fingerprint,
   and don't keep intermediate let bindings for this

Before cl/12588, this was arguably much harder to do that way, as we
relied on some of the conversions done in the to_narinfo() function.

Change-Id: Iaddbf1079f73ce566ef6d56f69a823e080b2e006
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12595
Reviewed-by: Marijan Petričević <marijan.petricevic94@gmail.com>
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: sinavir <tvix@sinavir.fr>
This commit is contained in:
Florian Klink 2024-10-11 17:50:46 +03:00 committed by flokli
parent 6a116d5057
commit 8b7b85359b
1 changed files with 16 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
tvix/store/src/pathinfoservice/signing_wrapper.rs
View file

@ -133,39 +133,41 @@ mod test {
async fn put_and_verify_signature() { async fn put_and_verify_signature() {
let svc = super::test_signing_service(); let svc = super::test_signing_service();
// pathinfo_1 should not be there ... // Pick a PATH_INFO with 0 signatures…
assert!(
PATH_INFO.signatures.is_empty(),
"PathInfo from fixtures should have no signatures"
);
// Asking PathInfoService, it should not be there ...
assert!(svc assert!(svc
.get(*PATH_INFO.store_path.digest()) .get(*PATH_INFO.store_path.digest())
.await .await
.expect("no error") .expect("no error")
.is_none()); .is_none());
// ... and not be signed
assert!(PATH_INFO.signatures.is_empty());
// insert it // insert it
svc.put(PATH_INFO.clone()).await.expect("no error"); svc.put(PATH_INFO.clone()).await.expect("no error");
// now it should be there ... // now it should be there ...
let signed = svc let path_info = svc
.get(*PATH_INFO.store_path.digest()) .get(*PATH_INFO.store_path.digest())
.await .await
.expect("no error") .expect("no error")
.unwrap(); .unwrap();
// and signed // Ensure there's a signature now
let narinfo = signed.to_narinfo(); let new_sig = path_info
let fp = narinfo.fingerprint(); .signatures
.last()
.expect("The retrieved narinfo to be signed")
.as_ref();
// load our keypair from the fixtures // load our keypair from the fixtures
let (signing_key, _verifying_key) = let (signing_key, _verifying_key) =
super::parse_keypair(super::DUMMY_KEYPAIR).expect("must succeed"); super::parse_keypair(super::DUMMY_KEYPAIR).expect("must succeed");
// ensure the signature is added // ensure that the new signature is using this key name
let new_sig = narinfo
.signatures
.last()
.expect("The retrieved narinfo to be signed");
assert_eq!(signing_key.name(), *new_sig.name()); assert_eq!(signing_key.name(), *new_sig.name());
// verify the new signature against the verifying key // verify the new signature against the verifying key
@ -173,7 +175,7 @@ mod test {
VerifyingKey::parse(super::DUMMY_VERIFYING_KEY).expect("parsing dummy verifying key"); VerifyingKey::parse(super::DUMMY_VERIFYING_KEY).expect("parsing dummy verifying key");
assert!( assert!(
verifying_key.verify(&fp, new_sig), verifying_key.verify(&path_info.to_narinfo().fingerprint(), &new_sig),
"expect signature to be valid" "expect signature to be valid"
); );
} }