vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-04-20 19:38:39 +00:00
Code Issues Projects Releases Wiki Activity

Add detached signature to installer hashsum file

Browse Source
This commit is contained in:
Oliver Sauder
2018-05-22 16:47:58 +02:00
parent 2e52692ba6
commit b7323db31b
4 changed files with 49 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
deb/index_files.go
View File

@@ -29,7 +29,8 @@ type indexFile struct {
discardable bool discardable bool
compressable bool compressable bool
onlyGzip bool onlyGzip bool
signable bool clearSign bool
detachedSign bool
acquireByHash bool acquireByHash bool
relativePath string relativePath string
tempFilename string tempFilename string
@@ -133,34 +134,42 @@ func (file *indexFile) Finalize(signer pgp.Signer) error {
} }
} }
if file.signable && signer != nil { if signer != nil {
err = signer.DetachedSign(file.tempFilename, file.tempFilename+".gpg") if file.detachedSign {
if err != nil { err = signer.DetachedSign(file.tempFilename, file.tempFilename+".gpg")
return fmt.Errorf("unable to detached sign file: %s", err) if err != nil {
return fmt.Errorf("unable to detached sign file: %s", err)
}
if file.parent.suffix != "" {
file.parent.renameMap[filepath.Join(file.parent.basePath, file.relativePath+file.parent.suffix+".gpg")] =
filepath.Join(file.parent.basePath, file.relativePath+".gpg")
}
err = file.parent.publishedStorage.PutFile(filepath.Join(file.parent.basePath, file.relativePath+file.parent.suffix+".gpg"),
file.tempFilename+".gpg")
if err != nil {
return fmt.Errorf("unable to publish file: %s", err)
}
} }
err = signer.ClearSign(file.tempFilename, filepath.Join(filepath.Dir(file.tempFilename), "In"+filepath.Base(file.tempFilename))) if file.clearSign {
if err != nil { err = signer.ClearSign(file.tempFilename, filepath.Join(filepath.Dir(file.tempFilename), "In"+filepath.Base(file.tempFilename)))
return fmt.Errorf("unable to clearsign file: %s", err) if err != nil {
} return fmt.Errorf("unable to clearsign file: %s", err)
}
if file.parent.suffix != "" { if file.parent.suffix != "" {
file.parent.renameMap[filepath.Join(file.parent.basePath, file.relativePath+file.parent.suffix+".gpg")] = file.parent.renameMap[filepath.Join(file.parent.basePath, "In"+file.relativePath+file.parent.suffix)] =
filepath.Join(file.parent.basePath, file.relativePath+".gpg") filepath.Join(file.parent.basePath, "In"+file.relativePath)
file.parent.renameMap[filepath.Join(file.parent.basePath, "In"+file.relativePath+file.parent.suffix)] = }
filepath.Join(file.parent.basePath, "In"+file.relativePath)
}
err = file.parent.publishedStorage.PutFile(filepath.Join(file.parent.basePath, file.relativePath+file.parent.suffix+".gpg"), err = file.parent.publishedStorage.PutFile(filepath.Join(file.parent.basePath, "In"+file.relativePath+file.parent.suffix),
file.tempFilename+".gpg") filepath.Join(filepath.Dir(file.tempFilename), "In"+filepath.Base(file.tempFilename)))
if err != nil { if err != nil {
return fmt.Errorf("unable to publish file: %s", err) return fmt.Errorf("unable to publish file: %s", err)
} }
err = file.parent.publishedStorage.PutFile(filepath.Join(file.parent.basePath, "In"+file.relativePath+file.parent.suffix),
filepath.Join(filepath.Dir(file.tempFilename), "In"+filepath.Base(file.tempFilename)))
if err != nil {
return fmt.Errorf("unable to publish file: %s", err)
} }
} }
@@ -255,7 +264,8 @@ func (files *indexFiles) PackageIndex(component, arch string, udeb, installer bo
parent: files, parent: files,
discardable: false, discardable: false,
compressable: !installer, compressable: !installer,
signable: false, detachedSign: installer,
clearSign: false,
acquireByHash: files.acquireByHash, acquireByHash: files.acquireByHash,
relativePath: relativePath, relativePath: relativePath,
} }
@@ -289,7 +299,8 @@ func (files *indexFiles) ReleaseIndex(component, arch string, udeb bool) *indexF
parent: files, parent: files,
discardable: udeb, discardable: udeb,
compressable: false, compressable: false,
signable: false, detachedSign: false,
clearSign: false,
acquireByHash: files.acquireByHash, acquireByHash: files.acquireByHash,
relativePath: relativePath, relativePath: relativePath,
} }
@@ -320,7 +331,8 @@ func (files *indexFiles) ContentsIndex(component, arch string, udeb bool) *index
discardable: true, discardable: true,
compressable: true, compressable: true,
onlyGzip: true, onlyGzip: true,
signable: false, detachedSign: false,
clearSign: false,
acquireByHash: files.acquireByHash, acquireByHash: files.acquireByHash,
relativePath: relativePath, relativePath: relativePath,
} }
@@ -351,7 +363,8 @@ func (files *indexFiles) LegacyContentsIndex(arch string, udeb bool) *indexFile
discardable: true, discardable: true,
compressable: true, compressable: true,
onlyGzip: true, onlyGzip: true,
signable: false, detachedSign: false,
clearSign: false,
acquireByHash: files.acquireByHash, acquireByHash: files.acquireByHash,
relativePath: relativePath, relativePath: relativePath,
} }
@@ -367,19 +380,20 @@ func (files *indexFiles) ReleaseFile() *indexFile {
parent: files, parent: files,
discardable: false, discardable: false,
compressable: false, compressable: false,
signable: true, detachedSign: true,
clearSign: true,
relativePath: "Release", relativePath: "Release",
} }
} }
func (files *indexFiles) FinalizeAll(progress aptly.Progress) (err error) { func (files *indexFiles) FinalizeAll(progress aptly.Progress, signer pgp.Signer) (err error) {
if progress != nil { if progress != nil {
progress.InitBar(int64(len(files.indexes)), false) progress.InitBar(int64(len(files.indexes)), false)
defer progress.ShutdownBar() defer progress.ShutdownBar()
} }
for _, file := range files.indexes { for _, file := range files.indexes {
err = file.Finalize(nil) err = file.Finalize(signer)
if err != nil { if err != nil {
return return
} }

2
deb/publish.go
View File

@@ -749,7 +749,7 @@ func (p *PublishedRepo) Publish(packagePool aptly.PackagePool, publishedStorageP
progress.Printf("Finalizing metadata files...\n") progress.Printf("Finalizing metadata files...\n")
} }
err = indexes.FinalizeAll(progress) err = indexes.FinalizeAll(progress, signer)
if err != nil { if err != nil {
return err return err
} }

1
system/t06_publish/PublishSnapshot38Test_gold
View File

@@ -1,6 +1,7 @@
Loading packages... Loading packages...
Generating metadata files and linking package files... Generating metadata files and linking package files...
Finalizing metadata files... Finalizing metadata files...
Signing file 'main_installer-s390x_current_images_SHA256SUMS' with gpg, please enter your passphrase when prompted:
Signing file 'Release' with gpg, please enter your passphrase when prompted: Signing file 'Release' with gpg, please enter your passphrase when prompted:
Clearsigning file 'Release' with gpg, please enter your passphrase when prompted: Clearsigning file 'Release' with gpg, please enter your passphrase when prompted:

1
system/t06_publish/snapshot.py
View File

@@ -1039,6 +1039,7 @@ class PublishSnapshot38Test(BaseTest):
def check(self): def check(self):
super(PublishSnapshot38Test, self).check() super(PublishSnapshot38Test, self).check()
self.check_exists('public/dists/wheezy/main/installer-s390x/current/images/SHA256SUMS') self.check_exists('public/dists/wheezy/main/installer-s390x/current/images/SHA256SUMS')
self.check_exists('public/dists/wheezy/main/installer-s390x/current/images/SHA256SUMS.gpg')
self.check_exists('public/dists/wheezy/main/installer-s390x/current/images/generic/debian.exec') self.check_exists('public/dists/wheezy/main/installer-s390x/current/images/generic/debian.exec')
self.check_exists('public/dists/wheezy/main/installer-s390x/current/images/MANIFEST') self.check_exists('public/dists/wheezy/main/installer-s390x/current/images/MANIFEST')