From b13332c991ce2695626eaca367dd8208b174c9ca Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Thu, 14 Apr 2016 17:59:24 +0300
Subject: Add support for repository authentication

---
 tests/test.sh | 398 +++++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 284 insertions(+), 114 deletions(-)

(limited to 'tests/test.sh')

diff --git a/tests/test.sh b/tests/test.sh
index 0cdcd4f..84ad8be 100755
--- a/tests/test.sh
+++ b/tests/test.sh
@@ -13,7 +13,7 @@
 # --remote
 #    Test using the remote repositories. Normally, you would first run the
 #    local test in order to create the repositories, then publish them (see
-#    repository/publish.sh), and finally run the remote test.
+#    pkg/publish.sh), and finally run the remote test.
 #
 # --valgrind
 #    Run under valgrind (takes forever).
@@ -79,15 +79,18 @@ fi
 
 bpkg="$bpkg $options"
 
-# Repository location, name, and absolute location prefixes.
+# Repository location, name, and absolute location prefixes. Note that the
+# local path is carefully crafted so that we end up with the same repository
+# names in both cases. This is necessary for the authentication tests to work
+# in both cases.
 #
 if [ "$remote" = "y" ]; then
-  rep=https://build2.org/pkg/1/tests
-  repn=build2.org/tests/
+  rep=https://build2.org/bpkg/1
+  repn=build2.org/
   repa=$rep
 else
-  rep=repository/1
-  repn=`pwd`/repository/
+  rep=pkg/1/build2.org
+  repn=build2.org/
   repa=`pwd`/$rep
 fi
 
@@ -104,6 +107,11 @@ function test ()
     ops="-d $cfg"
   fi
 
+  if [ "$cmd" = "cfg-fetch" -o \
+       "$cmd" = "rep-info" ]; then
+    ops="$ops --auth all"
+  fi
+
   if [ -t 0 ]; then
     $bpkg $cmd $ops $*
   else
@@ -129,6 +137,11 @@ function fail ()
     ops="-d $cfg"
   fi
 
+  if [ "$cmd" = "cfg-fetch" -o \
+       "$cmd" = "rep-info" ]; then
+    ops="$ops --auth all"
+  fi
+
   if [ "$verbose" = "y" ]; then
     $bpkg $cmd $ops $*
   else
@@ -164,6 +177,24 @@ function gone ()
 
 #if false; then
 
+# Repository certificate fingerprint.
+#
+function rep_cert_fp ()
+{
+  cat $1/repositories | \
+  sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' | \
+  openssl x509 -sha256 -noout -fingerprint | \
+  sed -n 's/^SHA256 Fingerprint=\(.*\)$/\1/p'
+}
+
+# Edit file with sed.
+#
+function edit ()
+{
+  local path=$1; shift
+  sed "$@" $path > $path.bak
+  mv $path.bak $path
+}
 
 ##
 ## Low-level commands.
@@ -175,25 +206,25 @@ function gone ()
 ##
 fail pkg-verify                 # archive expected
 fail pkg-verify ./no-such-file  # archive does not exist
-fail pkg-verify repository/1/common/not-a-package.tar.gz
-fail pkg-verify --silent repository/1/common/not-a-package.tar.gz
-test pkg-verify repository/1/common/hello/libhello-1.0.0+1.tar.gz
+fail pkg-verify pkg/1/build2.org/common/not-a-package.tar.gz
+fail pkg-verify --silent pkg/1/build2.org/common/not-a-package.tar.gz
+test pkg-verify pkg/1/build2.org/common/hello/libhello-1.0.0+1.tar.gz
 
 
 ##
 ## rep-create
 ##
-fail rep-create                      # no 'repositories' file
-fail rep-create repository/1/satisfy # unexpected files
+fail rep-create                          # no 'repositories' file
+fail rep-create pkg/1/build2.org/satisfy # unexpected files
 
-test rep-create repository/1/common/hello
+test rep-create pkg/1/build2.org/common/hello --key key.pem
 
-test rep-create repository/1/common/foo/stable
-test rep-create repository/1/common/foo/testing
+test rep-create pkg/1/build2.org/common/foo/stable
+test rep-create pkg/1/build2.org/common/foo/testing
 
-test rep-create repository/1/common/bar/stable
-test rep-create repository/1/common/bar/testing
-test rep-create repository/1/common/bar/unstable
+test rep-create pkg/1/build2.org/common/bar/stable
+test rep-create pkg/1/build2.org/common/bar/testing
+test rep-create pkg/1/build2.org/common/bar/unstable
 
 
 ##
@@ -201,13 +232,13 @@ test rep-create repository/1/common/bar/unstable
 ##
 fail rep-info # repository location expected
 
-test rep-info $rep/common/foo/testing <<EOF
+test rep-info --trust-yes $rep/common/foo/testing <<EOF
 ${repn}common/foo/testing $repa/common/foo/testing
 complement ${repn}common/foo/stable $repa/common/foo/stable
 libfoo 1.1.0
 EOF
 
-test rep-info -m -r -n $rep/common/bar/unstable <<EOF
+test rep-info -m -r -n --trust-yes $rep/common/bar/unstable <<EOF
 ${repn}common/bar/unstable $repa/common/bar/unstable
 : 1
 location: ../../foo/testing
@@ -217,7 +248,7 @@ role: complement
 :
 EOF
 
-test rep-info -m -p $rep/common/bar/unstable <<EOF
+test rep-info -m -p --trust-yes $rep/common/bar/unstable <<EOF
 : 1
 sha256sum: 3034b727288efbb52b7b6e41fe147b815e7b3aa704e8cef6c2ee8d7421ab5b72
 :
@@ -290,16 +321,17 @@ fail cfg-fetch # no repositories
 
 # hello repository
 #
+hello_fp=`rep_cert_fp pkg/1/build2.org/common/hello`
 test cfg-create --wipe
 test cfg-add $rep/common/hello
-test cfg-fetch
+test cfg-fetch --trust $hello_fp
 test cfg-fetch
 
 # bar/unstable repository
 #
 test cfg-create --wipe
 test cfg-add $rep/common/bar/unstable
-test cfg-fetch
+test cfg-fetch --trust-yes
 test cfg-fetch
 
 # both
@@ -307,14 +339,14 @@ test cfg-fetch
 test cfg-create --wipe
 test cfg-add $rep/common/hello
 test cfg-add $rep/common/bar/unstable
-test cfg-fetch
+test cfg-fetch --trust-yes
 test cfg-fetch
 
 
 ##
 ## pkg-fetch
 ##
-test rep-create repository/1/fetch/t1
+test rep-create pkg/1/build2.org/fetch/t1
 test cfg-create --wipe
 
 fail pkg-fetch -e                # archive expected
@@ -327,28 +359,28 @@ fail pkg-fetch libfoo/1/2/3      # invalid package version
 fail pkg-fetch libfoo/1.0.0      # no repositories
 test cfg-add $rep/fetch/t1
 fail pkg-fetch libfoo/1.0.0      # no packages
-test cfg-fetch
+test cfg-fetch --trust-yes
 fail pkg-fetch libfoo/2+1.0.0    # not available
 
 test cfg-create --wipe
 test cfg-add $rep/fetch/t1
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-fetch libfoo/1.0.0
 stat libfoo/1.0.0 fetched
 fail pkg-fetch libfoo/1.0.0
-fail pkg-fetch -e repository/1/fetch/libfoo-1.0.0.tar.gz
+fail pkg-fetch -e pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz
 test pkg-purge libfoo
-test pkg-fetch -e repository/1/fetch/libfoo-1.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz
 stat libfoo/1.0.0 fetched
 test pkg-unpack libfoo
 test pkg-fetch -r libfoo/1.1.0
 stat libfoo/1.1.0 fetched
 test pkg-unpack libfoo
-test pkg-fetch -r -e repository/1/fetch/libfoo-1.0.0.tar.gz
+test pkg-fetch -r -e pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz
 stat libfoo/1.0.0 fetched
 test pkg-fetch -r libfoo/1.1.0
 stat libfoo/1.1.0 fetched
-test pkg-fetch -r -e repository/1/fetch/libfoo-1.0.0.tar.gz
+test pkg-fetch -r -e pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz
 stat libfoo/1.0.0 fetched
 test pkg-purge libfoo
 
@@ -356,7 +388,7 @@ test pkg-purge libfoo
 #
 test cfg-create --wipe
 test cfg-add $rep/common/hello
-test cfg-fetch
+test cfg-fetch --trust $hello_fp
 test pkg-fetch libhello/1.0.0+1
 test pkg-purge libhello
 
@@ -370,37 +402,37 @@ fail pkg-unpack -e # package directory expected
 fail pkg-unpack    # package name expected
 
 test cfg-add $rep/fetch/t1
-test cfg-fetch
+test cfg-fetch --trust-yes
 
 # existing
 #
 fail pkg-unpack -e ./no-such-dir # package directory does not exist
-fail pkg-unpack -e ./repository  # not a package directory
+fail pkg-unpack -e ./pkg         # not a package directory
 test pkg-fetch libfoo/1.0.0
-fail pkg-unpack -e repository/1/fetch/libfoo-1.1.0 # already exists
+fail pkg-unpack -e pkg/1/build2.org/fetch/libfoo-1.1.0 # already exists
 test pkg-purge libfoo
-test pkg-unpack -e repository/1/fetch/libfoo-1.1.0
+test pkg-unpack -e pkg/1/build2.org/fetch/libfoo-1.1.0
 stat libfoo/1.1.0 unpacked
 test pkg-purge libfoo
 
 # existing & replace
 #
 test pkg-fetch libfoo/1.0.0
-fail pkg-unpack -e repository/1/fetch/libfoo-1.1.0
-test pkg-unpack -r -e repository/1/fetch/libfoo-1.1.0
+fail pkg-unpack -e pkg/1/build2.org/fetch/libfoo-1.1.0
+test pkg-unpack -r -e pkg/1/build2.org/fetch/libfoo-1.1.0
 stat libfoo/1.1.0 unpacked
 test pkg-purge libfoo
 test pkg-fetch libfoo/1.0.0
 test pkg-unpack libfoo
-fail pkg-unpack -e repository/1/fetch/libfoo-1.1.0
-test pkg-unpack -r -e repository/1/fetch/libfoo-1.1.0
+fail pkg-unpack -e pkg/1/build2.org/fetch/libfoo-1.1.0
+test pkg-unpack -r -e pkg/1/build2.org/fetch/libfoo-1.1.0
 stat libfoo/1.1.0 unpacked
 test pkg-purge libfoo
 
 # package name
 #
 fail pkg-unpack libfoo # no such package in configuration
-test pkg-unpack -e repository/1/fetch/libfoo-1.1.0
+test pkg-unpack -e pkg/1/build2.org/fetch/libfoo-1.1.0
 fail pkg-unpack libfoo # wrong package state
 test pkg-purge libfoo
 test pkg-fetch libfoo/1.0.0
@@ -413,7 +445,7 @@ test pkg-purge libfoo
 #
 test cfg-create --wipe
 test cfg-add $rep/common/hello
-test cfg-fetch
+test cfg-fetch --trust $hello_fp
 test pkg-fetch libhello/1.0.0+1
 test pkg-unpack libhello
 test pkg-purge libhello
@@ -429,20 +461,20 @@ fail pkg-purge libfoo  # no such package
 
 # purge fetched
 #
-test pkg-fetch -e repository/1/fetch/libfoo-1.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz
 test pkg-purge libfoo
 stat libfoo unknown
 
 # --keep
 #
-test pkg-fetch -e repository/1/fetch/libfoo-1.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz
 test pkg-purge -k libfoo
 stat libfoo "fetched 1.0.0"
 test pkg-purge libfoo
 
 # archive and --purge
 #
-cp repository/1/fetch/libfoo-1.0.0.tar.gz $cfg/
+cp pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz $cfg/
 test pkg-fetch -e -p $cfg/libfoo-1.0.0.tar.gz
 test pkg-purge libfoo
 stat libfoo unknown
@@ -450,20 +482,20 @@ gone $cfg/libfoo-1.0.0.tar.gz
 
 # no archive but --keep
 #
-test pkg-unpack -e repository/1/fetch/libfoo-1.1.0
+test pkg-unpack -e pkg/1/build2.org/fetch/libfoo-1.1.0
 fail pkg-purge --keep libfoo
 stat libfoo "unpacked 1.1.0"
 test pkg-purge libfoo
 
 # purge unpacked directory
 #
-test pkg-unpack -e repository/1/fetch/libfoo-1.1.0
+test pkg-unpack -e pkg/1/build2.org/fetch/libfoo-1.1.0
 test pkg-purge libfoo
 stat libfoo unknown
 
 # purge unpacked archive
 #
-test pkg-fetch -e repository/1/fetch/libfoo-1.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz
 test pkg-unpack libfoo
 test pkg-purge libfoo
 stat libfoo unknown
@@ -471,7 +503,7 @@ gone $cfg/libfoo-1.0.0
 
 # purge unpacked archive but --keep
 #
-test pkg-fetch -e repository/1/fetch/libfoo-1.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz
 test pkg-unpack libfoo
 test pkg-purge --keep libfoo
 stat libfoo "fetched 1.0.0"
@@ -481,7 +513,7 @@ stat libfoo unknown
 
 # directory and --purge
 #
-cp -r repository/1/fetch/libfoo-1.1.0 $cfg/
+cp -r pkg/1/build2.org/fetch/libfoo-1.1.0 $cfg/
 test pkg-unpack -e -p $cfg/libfoo-1.1.0
 test pkg-purge libfoo
 stat libfoo unknown
@@ -489,7 +521,7 @@ gone $cfg/libfoo-1.1.0
 
 # archive and --purge
 #
-cp repository/1/fetch/libfoo-1.0.0.tar.gz $cfg/
+cp pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz $cfg/
 test pkg-fetch -e -p $cfg/libfoo-1.0.0.tar.gz
 test pkg-unpack libfoo
 test pkg-purge libfoo
@@ -499,7 +531,7 @@ gone $cfg/libfoo-1.0.0.tar.gz
 
 # broken
 #
-cp repository/1/fetch/libfoo-1.0.0.tar.gz $cfg/
+cp pkg/1/build2.org/fetch/libfoo-1.0.0.tar.gz $cfg/
 test pkg-fetch -e -p $cfg/libfoo-1.0.0.tar.gz
 test pkg-unpack libfoo
 chmod 000 $cfg/libfoo-1.0.0
@@ -521,7 +553,7 @@ stat libfoo unknown
 ##
 test cfg-create --wipe
 test cfg-add $rep/common/hello
-test cfg-fetch
+test cfg-fetch --trust $hello_fp
 
 fail pkg-configure                        # package name expected
 fail pkg-configure config.dist.root=/tmp  # ditto
@@ -552,7 +584,7 @@ stat libhello/1.0.0 "available 1.0.0+1"
 # src != out
 #
 test cfg-create --wipe
-test pkg-unpack -e repository/1/common/libhello-1.0.0+1
+test pkg-unpack -e pkg/1/build2.org/common/libhello-1.0.0+1
 test pkg-configure libhello
 stat libhello "configured 1.0.0+1"
 test pkg-disfigure libhello
@@ -563,7 +595,7 @@ gone $cfg/libhello-1.0.0+1
 
 # out still exists after disfigure
 #
-test pkg-unpack -e repository/1/common/libhello-1.0.0+1
+test pkg-unpack -e pkg/1/build2.org/common/libhello-1.0.0+1
 test pkg-configure libhello
 touch $cfg/libhello-1.0.0+1/stray
 fail pkg-disfigure libhello
@@ -574,7 +606,7 @@ stat libhello unknown
 
 # disfigure failed
 #
-test pkg-unpack -e repository/1/common/libhello-1.0.0+1
+test pkg-unpack -e pkg/1/build2.org/common/libhello-1.0.0+1
 test pkg-configure libhello
 chmod 555 $cfg/libhello-1.0.0+1
 fail pkg-disfigure libhello
@@ -586,7 +618,7 @@ stat libhello unknown
 
 # configure failed but disfigure succeeds
 #
-test pkg-unpack -e repository/1/common/libhello-1.0.0+1
+test pkg-unpack -e pkg/1/build2.org/common/libhello-1.0.0+1
 mkdir -p $cfg/libhello-1.0.0+1/build
 chmod 555 $cfg/libhello-1.0.0+1/build
 fail pkg-configure libhello
@@ -596,7 +628,7 @@ stat libhello unknown
 
 # configure and disfigure both failed
 #
-test pkg-unpack -e repository/1/common/libhello-1.0.0+1
+test pkg-unpack -e pkg/1/build2.org/common/libhello-1.0.0+1
 mkdir -p $cfg/libhello-1.0.0+1/build
 chmod 555 $cfg/libhello-1.0.0+1 $cfg/libhello-1.0.0+1/build # Trip both con/dis.
 fail pkg-configure libhello
@@ -608,10 +640,10 @@ stat libhello unknown
 
 # dependency management
 #
-test rep-create repository/1/depend/stable
+test rep-create pkg/1/build2.org/depend/stable
 test cfg-create --wipe
 test cfg-add $rep/depend/stable
-test cfg-fetch
+test cfg-fetch --trust-yes
 
 test pkg-fetch libbar/1.0.0
 test pkg-unpack libbar
@@ -677,10 +709,10 @@ test pkg-purge libbar
 ##
 ## pkg-status (also tested in pkg-{fetch,unpack,configure,disfigure,purge})
 ##
-test rep-create repository/1/status/stable
-test rep-create repository/1/status/extra
-test rep-create repository/1/status/testing
-test rep-create repository/1/status/unstable
+test rep-create pkg/1/build2.org/status/stable
+test rep-create pkg/1/build2.org/status/extra
+test rep-create pkg/1/build2.org/status/testing
+test rep-create pkg/1/build2.org/status/unstable
 
 # basics
 #
@@ -688,7 +720,7 @@ test cfg-create --wipe
 stat libfoo/1.0.0 "unknown"
 stat libfoo "unknown"
 test cfg-add $rep/status/stable
-test cfg-fetch
+test cfg-fetch --trust-yes
 stat libfoo/1.0.0 "available"
 stat libfoo "available 1.0.0"
 test pkg-fetch libfoo/1.0.0
@@ -699,20 +731,20 @@ stat libfoo "fetched 1.0.0"
 #
 test cfg-create --wipe
 test cfg-add $rep/status/extra
-test cfg-fetch
+test cfg-fetch --trust-yes
 stat libbar "available 1.1.0+1"
 test cfg-add $rep/status/stable
-test cfg-fetch
+test cfg-fetch --trust-yes
 stat libbar "available 1.1.0+1 1.0.0"
 
 test cfg-create --wipe
 test cfg-add $rep/status/testing
-test cfg-fetch
+test cfg-fetch --trust-yes
 stat libbar "available 1.1.0 1.0.0+1 1.0.0"
 
 test cfg-create --wipe
 test cfg-add $rep/status/unstable
-test cfg-fetch
+test cfg-fetch --trust-yes
 stat libbar "available 2.0.0 1.1.0 1.0.0+1 1.0.0"
 test pkg-fetch libbar/1.0.0+1
 stat libbar "fetched 1.0.0+1; available 2.0.0 1.1.0"
@@ -726,7 +758,7 @@ stat libbar "fetched 2.0.0"
 ##
 test cfg-create --wipe
 test cfg-add $rep/common/hello
-test cfg-fetch
+test cfg-fetch --trust $hello_fp
 
 fail pkg-update                # package name expected
 fail pkg-update libhello       # no such package
@@ -747,7 +779,7 @@ test pkg-purge libhello
 # src != out
 #
 test cfg-create --wipe
-test pkg-unpack -e repository/1/common/libhello-1.0.0+1
+test pkg-unpack -e pkg/1/build2.org/common/libhello-1.0.0+1
 test pkg-configure libhello
 test pkg-update libhello
 test pkg-update libhello
@@ -760,7 +792,7 @@ test pkg-purge libhello
 ##
 test cfg-create --wipe
 test cfg-add $rep/common/hello
-test cfg-fetch
+test cfg-fetch --trust $hello_fp
 
 fail pkg-clean                  # package name expected
 fail pkg-clean libhello         # no such package
@@ -782,7 +814,7 @@ test pkg-purge libhello
 # src != out
 #
 test cfg-create --wipe
-test pkg-unpack -e repository/1/common/libhello-1.0.0+1
+test pkg-unpack -e pkg/1/build2.org/common/libhello-1.0.0+1
 test pkg-configure libhello
 test pkg-update libhello
 test pkg-clean libhello
@@ -800,7 +832,7 @@ test pkg-purge libhello
 #
 test cfg-create --wipe cxx
 test cfg-add $rep/common/hello
-test cfg-fetch
+test cfg-fetch --trust $hello_fp
 test pkg-fetch libhello/1.0.0+1
 test pkg-unpack libhello
 test pkg-configure libhello
@@ -815,20 +847,20 @@ test pkg-purge libhello
 
 # 1 (libfoo)
 #
-test rep-create repository/1/satisfy/t1
+test rep-create pkg/1/build2.org/satisfy/t1
 test cfg-create --wipe
 
 fail pkg-build -p               # package name expected
 fail pkg-build -p libfoo        # unknown package
 fail pkg-build -p libfoo/1.0.0  # unknown package
-test pkg-build -p repository/1/satisfy/libfoo-1.1.0.tar.gz <<EOF
+test pkg-build -p pkg/1/build2.org/satisfy/libfoo-1.1.0.tar.gz <<EOF
 build libfoo 1.1.0
 EOF
-test pkg-build -p repository/1/satisfy/libfoo-1.1.0/ <<EOF
+test pkg-build -p pkg/1/build2.org/satisfy/libfoo-1.1.0/ <<EOF
 build libfoo 1.1.0
 EOF
 
-test pkg-unpack -e repository/1/satisfy/libfoo-1.1.0
+test pkg-unpack -e pkg/1/build2.org/satisfy/libfoo-1.1.0
 test pkg-build -p libfoo <<< "build libfoo 1.1.0"
 test pkg-build -p libfoo/1.1.0 <<< "build libfoo 1.1.0"
 test pkg-build -p libfoo libfoo <<< "build libfoo 1.1.0"
@@ -839,7 +871,7 @@ fail pkg-build -p libfoo/1.0.0
 test pkg-purge libfoo
 
 test cfg-add $rep/satisfy/t1
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-build -p libfoo <<< "build libfoo 1.0.0"
 test pkg-build -p libfoo/1.0.0 <<< "build libfoo 1.0.0"
 test pkg-build -p libfoo libfoo <<< "build libfoo 1.0.0"
@@ -848,13 +880,13 @@ test pkg-build -p libfoo/1.0.0 libfoo <<< "build libfoo 1.0.0"
 test pkg-build -p libfoo/1.0.0 libfoo/1.0.0 <<< "build libfoo 1.0.0"
 fail pkg-build -p libfoo/1.1.0
 
-test pkg-unpack -e repository/1/satisfy/libfoo-1.1.0
+test pkg-unpack -e pkg/1/build2.org/satisfy/libfoo-1.1.0
 test pkg-build -p libfoo <<< "build libfoo 1.1.0"
 test pkg-build -p libfoo/1.0.0 <<< "downgrade libfoo 1.0.0"
 fail pkg-build -p libfoo/0.0.0
 test pkg-purge libfoo
 
-test pkg-fetch -e repository/1/satisfy/libfoo-0.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/satisfy/libfoo-0.0.0.tar.gz
 test pkg-unpack libfoo
 test pkg-build -p libfoo <<< "upgrade libfoo 1.0.0"
 test pkg-build -p libfoo/0.0.0 <<< "build libfoo 0.0.0"
@@ -863,13 +895,13 @@ test pkg-purge libfoo
 
 # 2 (libbar depends on libfoo)
 #
-test rep-create repository/1/satisfy/t2
+test rep-create pkg/1/build2.org/satisfy/t2
 test cfg-create --wipe
 
-fail pkg-build repository/1/satisfy/libbar-1.0.0.tar.gz
+fail pkg-build pkg/1/build2.org/satisfy/libbar-1.0.0.tar.gz
 
 test cfg-add $rep/satisfy/t2
-test cfg-fetch
+test cfg-fetch --trust-yes
 
 test pkg-build -p libbar <<EOF
 build libfoo 1.0.0 (required by libbar)
@@ -889,7 +921,7 @@ build libbar 1.0.0
 EOF
 fail pkg-build -p libbar libfoo/1.1.0
 
-test pkg-fetch -e repository/1/satisfy/libfoo-0.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/satisfy/libfoo-0.0.0.tar.gz
 test pkg-unpack libfoo
 test pkg-build -p libbar <<EOF
 build libfoo 0.0.0 (required by libbar)
@@ -905,7 +937,7 @@ build libbar 1.0.0
 EOF
 test pkg-purge libfoo
 
-test pkg-unpack -e repository/1/satisfy/libfoo-1.1.0
+test pkg-unpack -e pkg/1/build2.org/satisfy/libfoo-1.1.0
 test pkg-build -p libbar <<EOF
 build libfoo 1.1.0 (required by libbar)
 build libbar 1.0.0
@@ -922,10 +954,10 @@ test pkg-purge libfoo
 
 # 3 (libbaz depends on libbar; libbar in prerequisite repository)
 #
-test rep-create repository/1/satisfy/t3
+test rep-create pkg/1/build2.org/satisfy/t3
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t3
-test cfg-fetch
+test cfg-fetch --trust-yes
 
 # only in prerequisite repository
 #
@@ -1038,14 +1070,14 @@ EOF
 
 # 4 (libbaz depends on libfoo and libbar; libbar depends on libfoo >= 1.1.0)
 #
-test rep-create repository/1/satisfy/t4a
-test rep-create repository/1/satisfy/t4b
-test rep-create repository/1/satisfy/t4c
-test rep-create repository/1/satisfy/t4d
+test rep-create pkg/1/build2.org/satisfy/t4a
+test rep-create pkg/1/build2.org/satisfy/t4b
+test rep-create pkg/1/build2.org/satisfy/t4c
+test rep-create pkg/1/build2.org/satisfy/t4d
 
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t4c
-test cfg-fetch
+test cfg-fetch --trust-yes
 
 test pkg-build -p libbaz <<EOF
 build libfoo 1.1.0 (required by libbar libbaz)
@@ -1064,7 +1096,7 @@ fail pkg-build -p libfoo/1.1.0 libbaz
 
 # upgrade warning
 #
-test pkg-fetch -e repository/1/satisfy/libfoo-0.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/satisfy/libfoo-0.0.0.tar.gz
 test pkg-unpack libfoo
 test pkg-build -p libbaz <<EOF
 upgrade libfoo 1.1.0 (required by libbar libbaz)
@@ -1075,11 +1107,11 @@ test pkg-purge libfoo
 
 # downgrade error
 #
-test pkg-fetch -e repository/1/satisfy/libfoo-1.2.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/satisfy/libfoo-1.2.0.tar.gz
 test pkg-unpack libfoo
 fail pkg-build -p libbaz
 test cfg-add $rep/satisfy/t4a
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-build -p libfoo/1.1.0 libbaz <<EOF
 downgrade libfoo 1.1.0
 build libbar 1.1.0 (required by libbaz)
@@ -1095,7 +1127,7 @@ test pkg-configure libfoo
 test pkg-fetch libbar/1.1.0
 test pkg-unpack libbar
 test pkg-configure libbar
-fail pkg-build -p repository/1/satisfy/libfoo-1.2.0.tar.gz
+fail pkg-build -p pkg/1/build2.org/satisfy/libfoo-1.2.0.tar.gz
 fail pkg-build -p libfoo/1.0.0
 test pkg-build -p libfoo/1.1.0 <<< "build libfoo 1.1.0"
 test pkg-disfigure libbar
@@ -1107,19 +1139,19 @@ test pkg-purge libfoo
 #
 test cfg-create --wipe
 
-test pkg-fetch -e repository/1/satisfy/libfoo-1.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/satisfy/libfoo-1.0.0.tar.gz
 test pkg-unpack libfoo
 test pkg-configure libfoo
-test pkg-fetch -e repository/1/satisfy/libbar-1.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/satisfy/libbar-1.0.0.tar.gz
 test pkg-unpack libbar
 test pkg-configure libbar
-test pkg-fetch -e repository/1/satisfy/libbaz-1.1.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/satisfy/libbaz-1.1.0.tar.gz
 test pkg-unpack libbaz
 test pkg-configure libbaz
 
 test cfg-add $rep/satisfy/t4a
 test cfg-add $rep/satisfy/t4b
-test cfg-fetch
+test cfg-fetch --trust-yes
 
 test pkg-build -p libbar <<EOF
 upgrade libfoo 1.1.0 (required by libbar libbaz)
@@ -1160,7 +1192,7 @@ EOF
 #
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t4c
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-build -y libbaz
 stat libfoo/1.1.0 "configured"
 stat libbar/1.1.0 "configured"
@@ -1169,14 +1201,14 @@ stat libbaz/1.1.0 "configured hold_package"
 # hold
 #
 test cfg-create --wipe
-test pkg-build -y repository/1/satisfy/libfoo-1.0.0.tar.gz
+test pkg-build -y pkg/1/build2.org/satisfy/libfoo-1.0.0.tar.gz
 stat libfoo "configured 1.0.0 hold_package hold_version"
-test pkg-build -y repository/1/satisfy/libfoo-1.1.0/
+test pkg-build -y pkg/1/build2.org/satisfy/libfoo-1.1.0/
 stat libfoo "configured 1.1.0 hold_package hold_version"
 
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t4c
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-build -y libfoo
 stat libfoo "configured 1.0.0 hold_package"
 test pkg-build -y libfoo/1.0.0
@@ -1184,12 +1216,12 @@ stat libfoo "configured 1.0.0 hold_package hold_version"
 
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t4c
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-build -y libfoo/1.0.0
 stat libfoo "configured 1.0.0 hold_package hold_version"
 
 test cfg-create --wipe
-test pkg-fetch -e repository/1/satisfy/libfoo-1.0.0.tar.gz
+test pkg-fetch -e pkg/1/build2.org/satisfy/libfoo-1.0.0.tar.gz
 test pkg-unpack libfoo
 test pkg-configure libfoo
 stat libfoo "configured 1.0.0"
@@ -1198,7 +1230,7 @@ stat libfoo "configured 1.0.0 hold_package"
 
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t4c
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-build -y libfoo
 stat libfoo "configured 1.0.0 hold_package"
 test pkg-build -y libbaz
@@ -1206,30 +1238,30 @@ stat libfoo "configured 1.1.0 hold_package"
 
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t4c
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-build -y libfoo/1.0.0
 stat libfoo "configured 1.0.0 hold_package hold_version"
 fail pkg-build -y libbaz
 
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t4c
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-build -y libbaz
 stat libfoo "configured 1.1.0"
 
 # drop prerequisites on downgrade
 #
-test rep-create repository/1/satisfy/t5
+test rep-create pkg/1/build2.org/satisfy/t5
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t2
-test cfg-fetch
+test cfg-fetch --trust-yes
 
 test pkg-build -y libbar
 stat libfoo "configured 1.0.0"
 stat libbar "configured 1.0.0 hold_package"
 
 test cfg-add $rep/satisfy/t5
-test cfg-fetch
+test cfg-fetch --trust-yes
 
 test pkg-build -y libbar
 stat libfoo "available 1.0.0"
@@ -1254,7 +1286,7 @@ fail pkg-drop -p libfoo/1.0.0  # unknown package
 
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t4c
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-build -y libbaz
 
 test pkg-drop -p -y libfoo libbaz libbar <<EOF
@@ -1319,7 +1351,7 @@ EOF
 
 test cfg-create --wipe
 test cfg-add $rep/satisfy/t4d
-test cfg-fetch
+test cfg-fetch --trust-yes
 test pkg-build -y libbiz
 
 test pkg-drop -p -y libbiz <<EOF
@@ -1404,3 +1436,141 @@ stat libfoo/1.1.0 "unknown"
 stat libbar/1.1.0 "unknown"
 stat libbaz/1.1.0 "unknown"
 stat libbiz/1.0.0 "available"
+
+##
+## auth
+##
+
+# rep-create
+#
+fail rep-create pkg/1/build2.org/auth/create-noemail --key key.pem
+fail rep-create pkg/1/build2.org/auth/create-expired --key key.pem
+
+fail rep-create pkg/1/build2.org/auth/signed # no --key option
+test rep-create pkg/1/build2.org/auth/signed --key key.pem
+test rep-create pkg/1/build2.org/auth/unsigned1
+test rep-create pkg/1/build2.org/auth/unsigned2
+test rep-create pkg/1/build2.org/auth/name-mismatch --key key.pem
+
+test rep-create pkg/1/build2.org/auth/sha256sum-mismatch --key key.pem
+
+# Tamper signature manifest's sha256sum value.
+#
+s=d374c59b36fdbdbd0d4468665061d94fda9c6c687863dfe72b0bcc34ff9d5fb4
+edit pkg/1/build2.org/auth/sha256sum-mismatch/signature \
+     "s/^\(sha256sum: \).*\$/\1$s/"
+
+test rep-create pkg/1/build2.org/auth/signature-mismatch --key key.pem
+
+# Tamper signature manifest's signature value.
+#
+edit pkg/1/build2.org/auth/signature-mismatch/signature \
+     '/^signature: \\$/,/^\\$/d'
+cat >> pkg/1/build2.org/auth/signature-mismatch/signature << EOF
+signature: \\
+XBjnmXXVHY0RqMI0gL/P4t/vuWwK9JJkLl4Qf2gMxq5k2WQ2CIE56DfG0RaGklgKcI3UxsQZvMQI
+5PNtAHJDjteQ+BqY0io8A43KPX+2LKMU+I825sKmPRjCLYleGM3mNndDkWfYtAzYk5AmR2piqRz0
+D7CLq9GIoQQZO4Fw44muaQDMCRcXy8Txx2jDnretQjx/C0ZQw4M/cd6/cKEKUmLITDkBig9oVlSh
+tpxHqWz5NTbO3vm8ILc03AwiOJHwZweLb6ocJ6a467IJa+F/xUm9B09k8wFWMs+jHXXzHDE0syv7
+lqWL7SvHSjVFrGVFKS6nx7lCj2b8XFiGlwWIwjY4m/VK/5QmbL/lC4f+ww5XT5NG5iYh/eMaCxCJ
+zTg5iZsWNLhrx9uKNrL5xC4z0OONRVOwzu7gsqr0GLWewPyhH0AqJLgOSkw9N7FJwbv2IKNZ88YA
+u2YMXNkXytcQvENLVQDX5oxvUMEurUJFOCuYB/SEnpcwkV5h9RtXzIFVy4OCTU2MhQHDEldI8s7w
+Hga/ct4WupgE228gGdgwJLCbHx6AWBlS9iL10AdS8JkQ9LaZwTMHHz44f8y00X4MiT06gpgDeoQD
+rUyP0KNG65tdWnVTMqg6Q/YXhtRZLHoD6+QbiYLlruR1phu4y4fDt7AKxoXfeme/a86A37UogZY=
+\\
+EOF
+
+# cfg-fetch
+#
+test cfg-create --wipe
+test cfg-add $rep/auth/signed
+test cfg-fetch --trust `rep_cert_fp pkg/1/build2.org/auth/signed`
+test cfg-fetch
+test cfg-fetch --trust-no # certificate is already trusted
+
+test cfg-create --wipe
+test cfg-add $rep/auth/signed
+test cfg-fetch --trust-yes
+test cfg-fetch
+
+test cfg-create --wipe
+test cfg-add $rep/auth/signed
+fail cfg-fetch --trust-no
+
+test cfg-create --wipe
+test cfg-add $rep/auth/signed
+fail cfg-fetch --trust-yes --trust-no # inconsistent options
+
+test cfg-create --wipe
+test cfg-add $rep/auth/unsigned1
+test cfg-fetch --trust-yes
+test cfg-fetch
+test cfg-add $rep/auth/unsigned2
+test cfg-fetch
+test cfg-fetch --trust-no # certificates are already trusted
+
+test cfg-create --wipe
+test cfg-add $rep/auth/unsigned1
+fail cfg-fetch --trust-no
+
+test cfg-create --wipe
+test cfg-add $rep/auth/name-mismatch
+fail cfg-fetch --trust-yes # certificate name mismatch
+
+test cfg-create --wipe
+test cfg-add $rep/auth/expired
+fail cfg-fetch --trust-yes # certificate expired
+
+test cfg-create --wipe
+test cfg-add $rep/auth/sha256sum-mismatch
+fail cfg-fetch --trust-yes # packages file checksum mismatch
+
+test cfg-create --wipe
+test cfg-add $rep/auth/signature-mismatch
+fail cfg-fetch --trust-yes # packages file signature:mismatch
+
+# rep-info
+#
+test cfg-create --wipe
+test rep-info --trust-yes -d $cfg $rep/auth/signed <<EOF
+${repn}auth/signed $repa/auth/signed
+libfoo 1.0.0
+EOF
+
+test rep-info -d $cfg $rep/auth/signed <<EOF
+${repn}auth/signed $repa/auth/signed
+libfoo 1.0.0
+EOF
+
+test cfg-create --wipe
+test rep-info --trust-yes $rep/auth/signed <<EOF
+${repn}auth/signed $repa/auth/signed
+libfoo 1.0.0
+EOF
+
+fail rep-info $rep/auth/signed <<EOF
+${repn}auth/signed $repa/auth/signed
+libfoo 1.0.0
+EOF
+
+test cfg-create --wipe
+test rep-info --trust-yes -d $cfg $rep/auth/unsigned1 <<EOF
+${repn}auth/unsigned1 $repa/auth/unsigned1
+libfoo 1.0.0
+EOF
+
+test rep-info -d $cfg $rep/auth/unsigned2 <<EOF
+${repn}auth/unsigned2 $repa/auth/unsigned2
+libfoo 1.0.0
+EOF
+
+test cfg-create --wipe
+test rep-info --trust-yes $rep/auth/unsigned1 <<EOF
+${repn}auth/unsigned1 $repa/auth/unsigned1
+libfoo 1.0.0
+EOF
+
+fail rep-info $rep/auth/unsigned1 <<EOF
+${repn}auth/unsigned1 $repa/auth/unsigned1
+libfoo 1.0.0
+EOF
-- 
cgit v1.1