test: add commit signing

Author: kuwv

test/conftest.py

@@ -53,6 +53,7 @@ def emptyrepo(tmp_path):
     with utils.TemporaryRepository('emptyrepo.zip', tmp_path) as path:
         yield pygit2.Repository(path)
 
+
 @pytest.fixture
 def encodingrepo(tmp_path):
     with utils.TemporaryRepository('encoding.zip', tmp_path) as path:
@@ -81,3 +82,9 @@ def testrepo_path(tmp_path):
 def testrepopacked(tmp_path):
     with utils.TemporaryRepository('testrepopacked.zip', tmp_path) as path:
         yield pygit2.Repository(path)
+
+
+@pytest.fixture
+def gpgsigned(tmp_path):
+    with utils.TemporaryRepository('gpgsigned.git', tmp_path) as path:
+        yield pygit2.Repository(path)

test/data/gpgsigned.git/HEAD

@@ -0,0 +1 @@
+ref: refs/heads/master

test/data/gpgsigned.git/HEAD_TRACKER

@@ -0,0 +1 @@
+ref: HEAD

test/data/gpgsigned.git/config

@@ -0,0 +1,8 @@
+[core]
+        repositoryformatversion = 0
+        filemode = true
+        bare = false
+        logallrefupdates = true
+[remote "test"]
+	url = git://github.com/libgit2/libgit2
+	fetch = +refs/heads/*:refs/remotes/test/*

test/data/gpgsigned.git/index

@@ -0,0 +1 @@
+0000000000000000000000000000000000000000 099fabac3a9ea935598528c27f866e34089c2eff Patrick Steinhardt <[email protected]> 1442484463 +0200	branch: Created from HEAD

test/data/gpgsigned.git/logs/refs/heads/testrepo-worktree

@@ -0,0 +1 @@
+x
��Q� P�9�^@��B!1F��'��J?���#�7��K��JhM�VE�,��.3���������uVsH�-;��U���,�M���P�Iɉ&�Ĕ׍�ס�K�O.2µո$8��N��ݗ��r��!�l�CTk�l�Ugf�0��s�ÓG(

test/data/gpgsigned.git/objects/09/9fabac3a9ea935598528c27f866e34089c2eff

@@ -0,0 +1,2 @@
+x
��Q
+�0D��)��6�ͦ "xO���-�Fb��Eo��0�Ǥ�,ske�[�Pn8R,EpD?�g�}�^3���<��G�hYK���8ЖDA��)���;g�ݧ���j�p�4����-������r���;�s�GA4ۺ=���(�in7�I�K�FE

test/data/gpgsigned.git/objects/13/85f264afb75a56a5bec74243be9b367ba4ca08

@@ -0,0 +1,2 @@
+x
���	1E�Ni@��k2 "X�$�YW0Yc����Ås���z����MD�
�0��8!�����s�X��g�d�::@X0�P�w�"F/����R��Uz��m�ZZ�����V}|�/�o5����I�!�1z��:v��Uim}�/�>
+�F-

test/data/gpgsigned.git/objects/14/4344043ba4d4a405da03de3844aa829ae8be0e

@@ -0,0 +1 @@
+x
��A�!D��}�G��Mr�\�m[F��1��1gȢ�(�G�Rr3�Co"�v�^hq�<7��A�Y{��"�&$�D�S�g��([B!�ΡwƳY��g���l$%E�������ֲ�'\d�_w-�[�k�'����1h���Z�t��B��&;��:��A���"�m�%�
�V

test/data/gpgsigned.git/objects/16/8e4ebd1c667499548ae12403b19b22a5c5e925

@@ -0,0 +1 @@
+x
��Aj!��?0����09�o}�H�6�}��jUPP��Z&Y��� Aԛ��p��Fd��pz�[f�Y��P�qLJ.,Z�`�Ů�.�`�v��q$�5+9�O�t��>�/�DE/龡W��*e��V�df1>�覭����ě��ʙF����T��h�k.i�^0�?P�R,

test/data/gpgsigned.git/objects/18/1037049a54a1eb5fab404658a3a250b44335d7

@@ -0,0 +1 @@
+x
+)JMU044b040031Qrut�ueX�l��mmA�m�̣�J}G�;U�T���������WRQ�`6���Kǥ�^/�-*|��W��3P�y��`%�E���\&g��|�0���{
Ӎ1X

test/data/gpgsigned.git/objects/18/10dff58d8a660512d4832e740f692884338ccd

@@ -0,0 +1,3 @@
+x
��[
+�0E��*f��դ "�W0��-�F�t�݁��pS[�Y��x�^
+D�b	CLhut��}�8X*4Z��sY���U��A���X3�R�M��) s6輢M��រ�&Jm��;}�����<��\@����ޏpĀ�v�?��jۺL��?H�

test/data/gpgsigned.git/objects/1d/d0968be3ff95fcaecb6fa4245662db9fdc4568

@@ -0,0 +1,2 @@
+x
��;j1D��md�����ǎ|M��3`��V{>���Q����vL0I?�!�4�Z=�!�צ8�F���!r�sQ�y�9�]$D�&�l6A�>jFW�ҵIKNi��Z�%�S���
+��	������U~̽��>'���	�w��[������DGڡ���Q-�M���>d���O����}�\�8g_Ш�oYr

test/data/gpgsigned.git/objects/1f/67fc4386b2d171e0d21be1c447e12660561f9b

@@ -0,0 +1,3 @@
+x
��Q
+!@��s�B�Q"���	�ٱr������{<x����ƪ
+�Hl�JSer!�ZPTe*�j�U��Eo^��2�(���XS�€ED��O<Y��j$2�s_�&}��,}��[~p�7~<��:�	�����Z���p�?�1_��C0

test/data/gpgsigned.git/objects/27/0b8ea76056d5cad83af921837702d3e3c2924d

@@ -0,0 +1,2 @@
+x
�A
+�0�a�9��I�	���p'�1�Ѷ�v\x{c���V�p�vW�g��ǎ0x�[]"g�#{rD�Cot ���N �U$��?9-p+1�^��Qx���9O\�C��	�m�'D{m�V��(+���l��,�

test/data/gpgsigned.git/objects/2b/d0a343aeef7a2cf0d158478966a6e587ff3863

@@ -0,0 +1,3 @@
+x
��Kj1D��)z�UB��-0��uV9����<#������+�W<J���&8�/s��e���ȕKJ����S
+�Rv��{��Q��r��Y�QN$H\E����=6�X5���K Fr)�(�dC��Ά�����j�s�}���9�c-�w8�o�\�r��I���:
+l}F�W$Ds�ǣ��ٚOW�e�]V8-Ý��"U

test/data/gpgsigned.git/objects/32/59a6bd5b57fb9c1281bb7ed3167b50f224cb54

@@ -0,0 +1,3 @@
+x
��Q
+�0D��)�ʦ�I<�'�lR+�Fj��Eo��0<x�h���a ���]ș��XUl�PF)�z�4y�,\r	'S��-mI4
+�Xh��&��F�}n+\���Y�-p|鷜oU�z;-��a�
�lt{��?�I�,:�o�R��cHK

test/data/gpgsigned.git/objects/36/97d64be941a53d4ae8f6a271e4e3fa56b022cc

@@ -0,0 +1,2 @@
+x
�N[
+B!��U��z�ꁈ~�A8W�� 3�K-?�v�|�f&�R.]�6�1K�-p��%� ��d�
��&���S�6�;5�u�3���	�9΄h|��`U�h8gAk_j������y��Qor����#����ZR;�*�1*�j@w���g��ǵ�|e��O�

test/data/gpgsigned.git/objects/45/b983be36b73c0788dc9cbcb76cbb80fc7bb057

@@ -0,0 +1,4 @@
+# pack-refs with: peeled sorted 
+41bc8c69075bbdb46c5c6f0566cc8cc5b46e8bd9 refs/heads/packed
+5b5b025afb0b4c913b4c338a42934a3863bf3644 refs/heads/packed-test
+b25fa35b38051e4ae45d4222e795f9df2e43f1d1 refs/tags/packed-tag

test/data/gpgsigned.git/objects/45/dd856fdd4d89b884c340ba0e047752d9b085d6

@@ -0,0 +1 @@
+a4a7dce85cf63874e984719f4fdd239f5145052f

test/data/gpgsigned.git/objects/4a/202b346bb0fb0db7eff3cffeb3c70babbd2045

@@ -0,0 +1 @@
+144344043ba4d4a405da03de3844aa829ae8be0e

test/data/gpgsigned.git/objects/4e/0883eeeeebc1fb1735161cea82f7cb5fab7e63

@@ -0,0 +1 @@
+f9ed4af42472941da45a3ce44458455ed227a6be

test/data/gpgsigned.git/objects/4e/886e602529caa9ab11d71f86634bd1b6e0de10

@@ -0,0 +1 @@
+6fd5c7dd2ab27b48c493023f794be09861e9045f

test/data/gpgsigned.git/objects/57/43a3ef145d3638a0fa28233ca92897117ad74f

@@ -0,0 +1 @@
+6b377958d8c6a4906e8573b53672a1a23a4e8ce6

test/data/gpgsigned.git/objects/5b/5b025afb0b4c913b4c338a42934a3863bf3644

@@ -0,0 +1 @@
+099fabac3a9ea935598528c27f866e34089c2eff

test/data/gpgsigned.git/objects/62/eb56dabb4b9929bc15dd9263c2c733b13d2dcc

@@ -0,0 +1 @@
+a38d028f71eaa590febb7d716b1ca32350cf70da

test/data/gpgsigned.git/objects/66/3adb09143767984f7be83a91effa47e128c735

@@ -0,0 +1 @@
+4a202b346bb0fb0db7eff3cffeb3c70babbd2045

test/data/gpgsigned.git/objects/6b/377958d8c6a4906e8573b53672a1a23a4e8ce6

@@ -0,0 +1 @@
+763d71aadf09a7951596c9746c024e7eece7c7af

test/data/gpgsigned.git/objects/6b/9b767af9992b4abad5e24ffb1ba2d688ca602e

@@ -0,0 +1 @@
+e90810b8df3e80c413d903f631643c716887138d

test/data/gpgsigned.git/objects/6f/d5c7dd2ab27b48c493023f794be09861e9045f

@@ -0,0 +1 @@
+099fabac3a9ea935598528c27f866e34089c2eff

test/data/gpgsigned.git/objects/75/057dd4114e74cca1d750d0aee1647c903cb60a

@@ -0,0 +1 @@
+ref: refs/heads/master

test/data/gpgsigned.git/objects/76/3d71aadf09a7951596c9746c024e7eece7c7af

@@ -0,0 +1 @@
+7b4384978d2493e851f9cca7858815fac9b10980

test/data/gpgsigned.git/objects/7b/2417a23b63e1fdde88c80e14b33247c6e5785a

@@ -0,0 +1 @@
+b25fa35b38051e4ae45d4222e795f9df2e43f1d1

test/data/gpgsigned.git/objects/7b/4384978d2493e851f9cca7858815fac9b10980

@@ -0,0 +1 @@
+b25fa35b38051e4ae45d4222e795f9df2e43f1d1

test/data/gpgsigned.git/objects/81/4889a078c031f61ed08ab5fa863aea9314344d

@@ -0,0 +1 @@
+1385f264afb75a56a5bec74243be9b367ba4ca08

test/data/gpgsigned.git/objects/84/96071c1b46c854b31185ea97743be6a8774479

@@ -0,0 +1 @@
+b25fa35b38051e4ae45d4222e795f9df2e43f1d1

test/data/gpgsigned.git/objects/87/380ae84009e9c503506c2f6143a4fc6c60bf80

@@ -0,0 +1 @@
+ref: refs/heads/testrepo-worktree

test/data/gpgsigned.git/objects/94/4c0f6e4dfa41595e6eb3ceecdb14f50fe18162

@@ -0,0 +1 @@
+../..

test/data/gpgsigned.git/objects/97/328ac7e3bd0bcd3900cb3e7a624d71dd0df888

@@ -0,0 +1 @@
+../../../../testrepo-worktree/.git

test/data/gpgsigned.git/objects/99/1f1b12603e1d78411c1b4042719f964efa7adf

@@ -0,0 +1 @@
+099fabac3a9ea935598528c27f866e34089c2eff 099fabac3a9ea935598528c27f866e34089c2eff Patrick Steinhardt <[email protected]> 1442484463 +0200	checkout: moving from 099fabac3a9ea935598528c27f866e34089c2eff to testrepo-worktree

test/data/gpgsigned.git/objects/9a/03079b8a8ee85a0bee58bf9be3da8b62414ed4

@@ -22,49 +22,115 @@
 # along with this program; see the file COPYING.  If not, write to
 # the Free Software Foundation, 51 Franklin Street, Fifth Floor,
 # Boston, MA 02110-1301, USA.
+from pygit2 import GIT_OBJ_COMMIT, Oid, Signature
 
-import pygit2
-import pytest
+content = """\
+tree 4b825dc642cb6eb9a060e54bf8d69288fbee4904
+parent 8496071c1b46c854b31185ea97743be6a8774479
+author Ben Burkert <[email protected]> 1358451456 -0800
+committer Ben Burkert <[email protected]> 1358451456 -0800
 
-from . import utils
+a simple commit which works"""
 
+gpgsig = """\
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (Darwin)
 
-@pytest.fixture
-def repo(tmp_path):
-    with utils.TemporaryRepository('gpgsigned.zip', tmp_path) as path:
-        yield pygit2.Repository(path)
+iQIcBAABAgAGBQJQ+FMIAAoJEH+LfPdZDSs1e3EQAJMjhqjWF+WkGLHju7pTw2al
+o6IoMAhv0Z/LHlWhzBd9e7JeCnanRt12bAU7yvYp9+Z+z+dbwqLwDoFp8LVuigl8
+JGLcnwiUW3rSvhjdCp9irdb4+bhKUnKUzSdsR2CK4/hC0N2i/HOvMYX+BRsvqweq
+AsAkA6dAWh+gAfedrBUkCTGhlNYoetjdakWqlGL1TiKAefEZrtA1TpPkGn92vbLq
+SphFRUY9hVn1ZBWrT3hEpvAIcZag3rTOiRVT1X1flj8B2vGCEr3RrcwOIZikpdaW
+who/X3xh/DGbI2RbuxmmJpxxP/8dsVchRJJzBwG+yhwU/iN3MlV2c5D69tls/Dok
+6VbyU4lm/ae0y3yR83D9dUlkycOnmmlBAHKIZ9qUts9X7mWJf0+yy2QxJVpjaTGG
+cmnQKKPeNIhGJk2ENnnnzjEve7L7YJQF6itbx5VCOcsGh3Ocb3YR7DMdWjt7f8pu
+c6j+q1rP7EpE2afUN/geSlp5i3x8aXZPDj67jImbVCE/Q1X9voCtyzGJH7MXR0N9
+ZpRF8yzveRfMH8bwAJjSOGAFF5XkcR/RNY95o+J+QcgBLdX48h+ZdNmUf6jqlu3J
+7KmTXXQcOVpN6dD3CmRFsbjq+x6RHwa8u1iGn+oIkX908r97ckfB/kHKH7ZdXIJc
+cpxtDQQMGYFpXK/71stq
+=ozeK
+-----END PGP SIGNATURE-----"""
 
+gpgsig_content = """\
+tree 4b825dc642cb6eb9a060e54bf8d69288fbee4904
+parent 8496071c1b46c854b31185ea97743be6a8774479
+author Ben Burkert <[email protected]> 1358451456 -0800
+committer Ben Burkert <[email protected]> 1358451456 -0800
+gpgsig -----BEGIN PGP SIGNATURE-----
+ Version: GnuPG v1.4.12 (Darwin)
+ 
+ iQIcBAABAgAGBQJQ+FMIAAoJEH+LfPdZDSs1e3EQAJMjhqjWF+WkGLHju7pTw2al
+ o6IoMAhv0Z/LHlWhzBd9e7JeCnanRt12bAU7yvYp9+Z+z+dbwqLwDoFp8LVuigl8
+ JGLcnwiUW3rSvhjdCp9irdb4+bhKUnKUzSdsR2CK4/hC0N2i/HOvMYX+BRsvqweq
+ AsAkA6dAWh+gAfedrBUkCTGhlNYoetjdakWqlGL1TiKAefEZrtA1TpPkGn92vbLq
+ SphFRUY9hVn1ZBWrT3hEpvAIcZag3rTOiRVT1X1flj8B2vGCEr3RrcwOIZikpdaW
+ who/X3xh/DGbI2RbuxmmJpxxP/8dsVchRJJzBwG+yhwU/iN3MlV2c5D69tls/Dok
+ 6VbyU4lm/ae0y3yR83D9dUlkycOnmmlBAHKIZ9qUts9X7mWJf0+yy2QxJVpjaTGG
+ cmnQKKPeNIhGJk2ENnnnzjEve7L7YJQF6itbx5VCOcsGh3Ocb3YR7DMdWjt7f8pu
+ c6j+q1rP7EpE2afUN/geSlp5i3x8aXZPDj67jImbVCE/Q1X9voCtyzGJH7MXR0N9
+ ZpRF8yzveRfMH8bwAJjSOGAFF5XkcR/RNY95o+J+QcgBLdX48h+ZdNmUf6jqlu3J
+ 7KmTXXQcOVpN6dD3CmRFsbjq+x6RHwa8u1iGn+oIkX908r97ckfB/kHKH7ZdXIJc
+ cpxtDQQMGYFpXK/71stq
+ =ozeK
+ -----END PGP SIGNATURE-----
 
-def test_get_gpg_signature_when_signed(repo):
-    signed_hash = 'a00b212d5455ad8c4c1779f778c7d2a81bb5da23'
-    expected_signature = (
-        '-----BEGIN PGP SIGNATURE-----\n\n'
-        'iQFGBAABCgAwFiEEQZu9JtePgJbDk7VC0+mlK74z13oFAlpzXykSHG1hcmtAbWFy\n'
-        'a2FkYW1zLm1lAAoJENPppSu+M9d6FRoIAJXeQRRT1V47nnHITiel6426loYkeij7\n'
-        '66doGNIyll95H92SwH4LAjPyEEByIG1VsA6NztzUoNgnEvAXI0iAz3LyI7N16M4b\n'
-        'dPDkC72pp8tu280H5Qt5b2V5hmlKKSgtOS5iNhdU/FbWVS8MlHsqzQTZfoTdi6ch\n'
-        'KWUsjzudVd3F/H/AU+1Jsxt8Iz/oK4T/puUQLnJZKjKlljGP994FA3JIpnZpZmbG\n'
-        'FybYJEDXnng7uhx3Fz/Mo3KBJoQfAExTtaToY0n0hSjOe6GN9rEsRSMK3mWdysf2\n'
-        'wOdtYMMcT16hG5tAwnD/myZ4rIIpyZJ/9mjymdUsj6UKf7D+vJuqfsI=\n=IyYy\n'
-        '-----END PGP SIGNATURE-----'
-    ).encode('ascii')
+a simple commit which works"""
+# NOTE: ^^^ mind the gap (space must exist after GnuPG header) ^^^
 
-    expected_payload = (
-        'tree c36c20831e43e5984c672a714661870b67ab1d95\nauthor Mark Adams '
-        '<[email protected]> 1517510299 -0600\ncommitter Mark Adams <ma'
-        '[email protected]> 1517510441 -0600\n\nMaking a GPG signed commi'
-        't\n'
-    ).encode('ascii')
 
-    commit = repo.get(signed_hash)
-    signature, payload = commit.gpg_signature
+def test_commit_signing(gpgsigned):
+    repo = gpgsigned
+    message = "a simple commit which works"
+    author = Signature(
+        name="Ben Burkert",
+        email="[email protected]",
+        time=1358451456,
+        offset=-480,
+    )
+    committer = Signature(
+        name="Ben Burkert",
+        email="[email protected]",
+        time=1358451456,
+        offset=-480,
+    )
+    tree = "4b825dc642cb6eb9a060e54bf8d69288fbee4904"
+    parents = ["8496071c1b46c854b31185ea97743be6a8774479"]
+
+    # create commit string
+    commit = repo.create_commit_string(
+        author, committer, message, tree, parents
+    )
+    assert commit == content
+
+    # create signed commit
+    signed_oid = repo.create_commit_with_signature(content, gpgsig)
+    signed_commit = repo.get(signed_oid)
+
+    # verify signed commit
+    signature, payload = signed_commit.gpg_signature
+    assert gpgsig == signature.decode("utf-8")
+    assert content == payload.decode("utf-8")
+    assert signed_commit.read_raw().decode("utf-8") == gpgsig_content
+
+    # perform sanity checks
+    assert GIT_OBJ_COMMIT == signed_commit.type
+    assert "6569fdf71dbd99081891154641869c537784a3ba" == signed_commit.hex
+    assert signed_commit.message_encoding is None
+    assert message == signed_commit.message
+    assert 1358451456 == signed_commit.commit_time
+    assert committer == signed_commit.committer
+    assert author == signed_commit.author
+    assert tree == signed_commit.tree.hex
+    assert Oid(hex=tree) == signed_commit.tree_id
+    assert 1 == len(signed_commit.parents)
+    assert parents[0] == signed_commit.parents[0].hex
+    assert Oid(hex=parents[0]) == signed_commit.parent_ids[0]
 
-    assert signature == expected_signature
-    assert payload == expected_payload
 
+def test_get_gpg_signature_when_unsigned(gpgsigned):
+    unsigned_hash = "5b5b025afb0b4c913b4c338a42934a3863bf3644"
 
-def test_get_gpg_signature_when_unsigned(repo):
-    unsigned_hash = 'a84938d1d885e80dae24b86b06621cec47ff6edd'
+    repo = gpgsigned
     commit = repo.get(unsigned_hash)
     signature, payload = commit.gpg_signature