diff options
| author | Florian Klink <flokli@flokli.de> | 2024-10-11T14·50+0300 |
|---|---|---|
| committer | flokli <flokli@flokli.de> | 2024-10-11T17·19+0000 |
| commit | 8b7b85359b50f1b93cd63e2935ff09bdc50d5916 (patch) | |
| tree | 8fbce7592b9605aa67e6def515859771d4bf1941 | |
| parent | 6a116d5057954470a3aa9907c3050c05ba6e8a37 (diff) | |
test(tvix/store/signing_wrapper): restructure r/8790
Move things around a bit to make it easier to understand what's going on: - We first validate our fixture invariants - We then insert into the PathInfoService - Do all comparisons and checks we can on the returned PathInfo struct - Only convert to the NarInfo variant to calculate the fingerprint, and don't keep intermediate let bindings for this Before cl/12588, this was arguably much harder to do that way, as we relied on some of the conversions done in the to_narinfo() function. Change-Id: Iaddbf1079f73ce566ef6d56f69a823e080b2e006 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12595 Reviewed-by: Marijan Petričević <marijan.petricevic94@gmail.com> Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: sinavir <tvix@sinavir.fr>
| -rw-r--r-- | tvix/store/src/pathinfoservice/signing_wrapper.rs | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/tvix/store/src/pathinfoservice/signing_wrapper.rs b/tvix/store/src/pathinfoservice/signing_wrapper.rs index 3230e000ab96..4dff23722888 100644 --- a/tvix/store/src/pathinfoservice/signing_wrapper.rs +++ b/tvix/store/src/pathinfoservice/signing_wrapper.rs @@ -133,39 +133,41 @@ mod test { async fn put_and_verify_signature() { let svc = super::test_signing_service(); - // pathinfo_1 should not be there ... + // Pick a PATH_INFO with 0 signatures… + assert!( + PATH_INFO.signatures.is_empty(), + "PathInfo from fixtures should have no signatures" + ); + + // Asking PathInfoService, it should not be there ... assert!(svc .get(*PATH_INFO.store_path.digest()) .await .expect("no error") .is_none()); - // ... and not be signed - assert!(PATH_INFO.signatures.is_empty()); - // insert it svc.put(PATH_INFO.clone()).await.expect("no error"); // now it should be there ... - let signed = svc + let path_info = svc .get(*PATH_INFO.store_path.digest()) .await .expect("no error") .unwrap(); - // and signed - let narinfo = signed.to_narinfo(); - let fp = narinfo.fingerprint(); + // Ensure there's a signature now + let new_sig = path_info + .signatures + .last() + .expect("The retrieved narinfo to be signed") + .as_ref(); // load our keypair from the fixtures let (signing_key, _verifying_key) = super::parse_keypair(super::DUMMY_KEYPAIR).expect("must succeed"); - // ensure the signature is added - let new_sig = narinfo - .signatures - .last() - .expect("The retrieved narinfo to be signed"); + // ensure that the new signature is using this key name assert_eq!(signing_key.name(), *new_sig.name()); // verify the new signature against the verifying key @@ -173,7 +175,7 @@ mod test { VerifyingKey::parse(super::DUMMY_VERIFYING_KEY).expect("parsing dummy verifying key"); assert!( - verifying_key.verify(&fp, new_sig), + verifying_key.verify(&path_info.to_narinfo().fingerprint(), &new_sig), "expect signature to be valid" ); } |