t/t-clone.sh: use encrypted TLS key in Git clone

chrisd8088 · chrisd8088 · commit e0ddd44b58d2 · 2024-10-29T16:59:42.000-07:00
The "cloneSSL" test in what is now our t/t-clone.sh test script was added in commits 4c64e82 and 8f91a1b of PR git-lfs#1067, and since then has performed the same basic set of checks. A bare test repository is first cloned using a TLS/SSL connection. Example Git LFS objects are then committed to the repository, and pushed, after which a "git lfs clone" command is run with a specified, non-default directory name argument so the repository is cloned into a new working tree under that local directory. The test then checks that the Git LFS objects have also been populated into the new working tree. Finally, a regular "git clone" command is run (without a directory name argument), again with a TLS/SSL connection, which should run the Git LFS "smudge" filter and fail if that does not also succeed. This test design was later used as a template for the "clone ClientCert" test when it was added in commit daba49a of PR git-lfs#1893; like the "cloneSSL" test, it performed the same series of checks, just using a client TLS certificate and key when cloning from the remote. We then added support for encrypted TLS certificate keys in commit 706beca of PR git-lfs#3270, and at this time, the "clone ClientCert" was updated to repeat the "git lfs clone" step and checks using first an unencrypted key and then an encrypted key. However, the "git clone" step was not moved into the same loop with the "git lfs clone" command, so it is only run using the unencrypted key. For this reason, the "http.<url>.sslKey" Git configuration value is reset after the end of the loop, so it contains just the unencrypted key's path. As we expect to make several other adjustments to this test in subsequent commits in this PR, we first bring the "git clone" command into the same loop with the "git lfs clone" command, which means we no longer need to reset the "http.<url>.sslKey" configuration value, as we want to use the same value for both cloning commands. This change also ensures we perform all the same checks with both types of TLS certificate keys.
diff --git a/t/t-clone.sh b/t/t-clone.sh
@@ -205,6 +205,7 @@ begin_test "clone ClientCert"
   git push origin main
 
   # Now clone again with 'git lfs clone', test specific clone dir
+  # Test with both unencrypted and encrypted client certificate keys
   cd "$TRASHDIR"
 
   for i in "$LFS_CLIENT_KEY_FILE" "$LFS_CLIENT_KEY_FILE_ENCRYPTED"
@@ -232,14 +233,11 @@ begin_test "clone ClientCert"
       [ ! -e "lfs" ]
       assert_clean_status
     popd
-  done
-
-  git config --global http.$LFS_CLIENT_CERT_URL/.sslKey "$LFS_CLIENT_KEY_FILE"
-
-  # Now check SSL clone with standard 'git clone' and smudge download
-  rm -rf "$reponame"
-  git clone "$CLIENTCERTGITSERVER/$reponame"
 
+    # Now check clone with standard 'git clone' and smudge download
+    rm -rf "$reponame"
+    git clone "$CLIENTCERTGITSERVER/$reponame"
+  done
 )
 end_test
 
