florian/git-hardening
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f1b9d0183dc315ce7af9a463294b9cbacec16b4f
git-hardening/test/interactive/test-signing-generate.sh
Flo f1b9d0183d feat: add e2e container test harness 
Implements spec docs/specs/2026-03-30-e2e-container-tests.md:
- 5 Containerfiles (ubuntu, debian, fedora, alpine, arch)
- test/e2e.sh runner with --runtime, --rebuild, single-distro mode
- tmux-based interactive tests (full accept, safety gate decline,
  signing generate, signing skip)
- All scripts pass shellcheck

Closes: #18, #19, #20

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2026-03-31 11:30:40 +02:00

90 lines
2.2 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Interactive test: generate ed25519 key via signing wizard
# Verifies: key created, user.signingkey configured, commit.gpgsign=true
set -o errexit
set -o nounset
set -o pipefail
IFS=$'\n\t'
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
# shellcheck source=helpers.sh
source "${SCRIPT_DIR}/helpers.sh"
main() {
trap cleanup EXIT
printf 'Test: Signing wizard - generate ed25519 key\n' >&2
# Ensure no existing keys
rm -f "${HOME}/.ssh/id_ed25519" "${HOME}/.ssh/id_ed25519.pub"
start_session
# Safety review gate
wait_for "reviewed this script"
send "y" Enter
# Proceed with hardening
wait_for "Proceed with hardening"
send "y" Enter
# Accept settings until signing wizard
local pane_content
for _ in $(seq 1 30); do
sleep 0.3
pane_content="$(tmux capture-pane -t "$TMUX_SESSION" -p 2>/dev/null || true)"
if printf '%s' "$pane_content" | grep -qF "Signing key options"; then
break
fi
if printf '%s' "$pane_content" | grep -qF "Hardening complete"; then
break
fi
send "y" Enter
done
# Signing wizard — option 1: generate ed25519
wait_for "Signing key options" 15
send "1" Enter
# ssh-keygen prompts for passphrase — enter empty twice
wait_for "Enter passphrase" 10
send "" Enter
wait_for "Enter same passphrase" 10
send "" Enter
# Wait for completion
sleep 3
capture_output >/dev/null 2>&1 || true
# Verify key exists
if [ -f "${HOME}/.ssh/id_ed25519.pub" ]; then
pass "Key generated: ~/.ssh/id_ed25519.pub exists"
else
fail "Key not generated"
exit 1
fi
# Verify signing key configured
local signing_key
signing_key="$(git config --global --get user.signingkey 2>/dev/null || true)"
if [ -n "$signing_key" ]; then
pass "user.signingkey configured: ${signing_key}"
else
fail "user.signingkey not configured"
exit 1
fi
# Verify gpgsign enabled
local gpgsign
gpgsign="$(git config --global --get commit.gpgsign 2>/dev/null || true)"
if [ "$gpgsign" = "true" ]; then
pass "commit.gpgsign=true"
else
fail "commit.gpgsign not set"
exit 1
fi
}
main
Reference in New Issue View Git Blame Copy Permalink