test(tvix/store/signing_wrapper): restructure

Move things around a bit to make it easier to understand what's going on: - We first validate our fixture invariants - We then insert into the PathInfoService - Do all comparisons and checks we can on the returned PathInfo struct - Only convert to the NarInfo variant to calculate the fingerprint, and don't keep intermediate let bindings for this Before cl/12588, this was arguably much harder to do that way, as we relied on some of the conversions done in the to_narinfo() function. Change-Id: Iaddbf1079f73ce566ef6d56f69a823e080b2e006 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12595 Reviewed-by: Marijan Petričević <marijan.petricevic94@gmail.com> Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: sinavir <tvix@sinavir.fr>
2024-10-11 17:50:46 +03:00 · 2024-10-11 17:50:46 +03:00 · 8b7b85359b
commit 8b7b85359b
parent 6a116d5057
1 changed files with 16 additions and 14 deletions
--- a/tvix/store/src/pathinfoservice/signing_wrapper.rs
+++ b/tvix/store/src/pathinfoservice/signing_wrapper.rs
@ -133,39 +133,41 @@ mod test {
    async fn put_and_verify_signature() {
        let svc = super::test_signing_service();

-        // pathinfo_1 should not be there ...
+        // Pick a PATH_INFO with 0 signatures…
+        assert!(
+            PATH_INFO.signatures.is_empty(),
+            "PathInfo from fixtures should have no signatures"
+        );
+
+        // Asking PathInfoService, it should not be there ...
        assert!(svc
            .get(*PATH_INFO.store_path.digest())
            .await
            .expect("no error")
            .is_none());

-        // ... and not be signed
-        assert!(PATH_INFO.signatures.is_empty());
-
        // insert it
        svc.put(PATH_INFO.clone()).await.expect("no error");

        // now it should be there ...
-        let signed = svc
+        let path_info = svc
            .get(*PATH_INFO.store_path.digest())
            .await
            .expect("no error")
            .unwrap();

-        // and signed
-        let narinfo = signed.to_narinfo();
-        let fp = narinfo.fingerprint();
+        // Ensure there's a signature now
+        let new_sig = path_info
+            .signatures
+            .last()
+            .expect("The retrieved narinfo to be signed")
+            .as_ref();

        // load our keypair from the fixtures
        let (signing_key, _verifying_key) =
            super::parse_keypair(super::DUMMY_KEYPAIR).expect("must succeed");

-        // ensure the signature is added
-        let new_sig = narinfo
-            .signatures
-            .last()
-            .expect("The retrieved narinfo to be signed");
+        // ensure that the new signature is using this key name
        assert_eq!(signing_key.name(), *new_sig.name());

        // verify the new signature against the verifying key
@ -173,7 +175,7 @@ mod test {
            VerifyingKey::parse(super::DUMMY_VERIFYING_KEY).expect("parsing dummy verifying key");

        assert!(
-            verifying_key.verify(&fp, new_sig),
+            verifying_key.verify(&path_info.to_narinfo().fingerprint(), &new_sig),
            "expect signature to be valid"
        );
    }