sequoia-git 0.5.0

A tool for managing and enforcing a commit signing policy.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

use std::fs;

use sequoia_openpgp::types::ReasonForRevocation;

mod common;
use common::Environment;
use common::rotate_subkeys;
use common::revoke_cert;

#[test]
fn revoked_certificate() -> anyhow::Result<()> {
    // Consider:
    //
    // Alice is authorized to add commits at time t0.  Then she
    // rotates her signing subkey.

    let e = Environment::new()?;
    let p = e.git_state();

    let (alice, alice_pgp) = e.gen("alice", None, None);
    let alice_fpr = &alice.fingerprint().to_string();

    // Alice adds herself as the project maintainer.
    e.sq_git(&[
        "policy",
        "authorize",
        "alice",
        "--cert-file", &alice_pgp,
        "--project-maintainer"
    ])?;
    e.git(&["add", "openpgp-policy.toml"])?;
    e.git(&[
        "commit",
        "-m", "Initial commit.",
    ])?;
    let root = e.git_current_commit()?;

    e.git(&["log"])?;
    e.sq_git(&["log", "--trust-root", &root])?;

    // Check that she can add commits.
    fs::write(p.join("2"), "2.")?;
    e.git(&["add", "2"])?;
    e.git(&[
        "commit",
        "-m", "Alice adds a commit.",
        &format!("-S{}", alice_fpr),
    ])?;
    let _c2 = e.git_current_commit()?;

    e.git(&["log"])?;
    e.sq_git(&["log", "--trust-root", &root])?;

    // Alice rotates her signing subkey.
    let alice_rotated = rotate_subkeys(&alice);
    assert!(alice_rotated.keys().count() > alice.keys().count());
    e.import(&alice_rotated).expect("can import");

    e.sq_git(&[
        "policy",
        "authorize",
        "alice",
        "--cert", &alice.fingerprint().to_string(),
        "--sign-commit"
    ])?;
    e.git(&["add", "openpgp-policy.toml"])?;
    e.git(&[
        "commit",
        "-m", "Adding rotated key.",
        &format!("-S{}", alice_fpr),
    ])?;
    let _c3 = e.git_current_commit()?;

    e.git(&["log"])?;
    e.sq_git(&["log", "--trust-root", &root])?;

    e.check_export("alice", None, &[ &alice_rotated ]);


    // Check that she can still add commits.
    fs::write(p.join("4"), "4.")?;
    e.git(&["add", "4"])?;
    e.git(&[
        "commit",
        "-m", "Alice adds a commit.",
        &format!("-S{}", alice_fpr),
    ])?;
    let _c4 = e.git_current_commit()?;

    e.git(&["log"])?;
    e.sq_git(&["log", "--trust-root", &root])?;


    // Alice revokes her certificate.
    let alice_revoked
        = revoke_cert(&alice_rotated, ReasonForRevocation::KeyRetired);

    let alice_revoked_pgp
        = e.serialize_cert("alice-revoked", &alice_revoked);

    e.sq_git(&[
        "policy",
        "authorize",
        "alice",
        "--cert-file", &alice_revoked_pgp,
        "--sign-commit"
    ])?;
    e.git(&["add", "openpgp-policy.toml"])?;
    e.git(&[
        "commit",
        "-m", "Adding revoked key.",
        &format!("-S{}", alice_fpr),
    ])?;
    let _c5 = e.git_current_commit()?;

    e.check_export("alice", None, &[ &alice_revoked ]);

    e.git(&["log"])?;
    e.sq_git(&["log", "--trust-root", &root])?;


    // Alice shouldn't be able to add any more commits.
    fs::write(p.join("6"), "6.")?;
    e.git(&["add", "6"])?;
    e.git(&[
        "commit",
        "-m", "Alice adds a commit with her revoked key.",
        &format!("-S{}", alice_fpr),
    ])?;
    let _c6 = e.git_current_commit()?;

    e.git(&["log"])?;
    assert!(e.sq_git(&["log", "--trust-root", &root]).is_err());

    Ok(())
}