vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-06-10 06:14:22 +00:00
Code Issues Projects Releases Wiki Activity

Refactor to get Keys from Changes. #71

Browse Source
This commit is contained in:
Andrey Smirnov
2015-03-19 01:36:39 +03:00
parent 813b9593fa
commit c573746896
3 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deb/changes.go
+4 -1
View File
@@ -22,6 +22,7 @@ type Changes struct {
Binary []string
Architectures []string
Stanza Stanza
SignatureKeys []utils.GpgKey
}
// NewChanges moves .changes file into temporary directory and creates Changes structure
@@ -67,11 +68,13 @@ func (c *Changes) VerifyAndParse(acceptUnsigned, ignoreSignature bool, verifier
}
if isClearSigned && !ignoreSignature {
_, err = verifier.VerifyClearsigned(input, false)
keyInfo, err := verifier.VerifyClearsigned(input, false)
if err != nil {
return err
}
input.Seek(0, 0)
c.SignatureKeys = keyInfo.GoodKeys
}
var text *os.File
deb/uploaders.go
+3 -3
View File
@@ -47,11 +47,11 @@ func (u *Uploaders) ExpandGroups(items []string) []string {
}
// IsAllowed checks whether listed keys are allowed to upload given .changes file
func (u *Uploaders) IsAllowed(keys []utils.GpgKey, changes *Changes) bool {
func (u *Uploaders) IsAllowed(changes *Changes) bool {
for _, rule := range u.Rules {
if rule.CompiledCondition.Matches(changes) {
deny := u.ExpandGroups(rule.Deny)
for _, key := range keys {
for _, key := range changes.SignatureKeys {
for _, item := range deny {
if item == "*" || key.Matches(utils.GpgKey(item)) {
return false
@@ -60,7 +60,7 @@ func (u *Uploaders) IsAllowed(keys []utils.GpgKey, changes *Changes) bool {
}
allow := u.ExpandGroups(rule.Allow)
for _, key := range keys {
for _, key := range changes.SignatureKeys {
for _, item := range allow {
if item == "*" || key.Matches(utils.GpgKey(item)) {
return true
deb/uploaders_test.go
+8 -8
View File
@@ -58,22 +58,22 @@ func (s *UploadersSuite) TestIsAllowed(c *C) {
}
// no keys - not allowed
c.Check(u.IsAllowed([]utils.GpgKey{}, &Changes{Stanza: Stanza{"Source": "calamares"}}), Equals, false)
c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{}, Stanza: Stanza{"Source": "calamares"}}), Equals, false)
// no rule - not allowed
c.Check(u.IsAllowed([]utils.GpgKey{"37E1C17570096AD1", "EC4B033C70096AD1"}, &Changes{Stanza: Stanza{"Source": "unknown-calamares"}}), Equals, false)
c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"37E1C17570096AD1", "EC4B033C70096AD1"}, Stanza: Stanza{"Source": "unknown-calamares"}}), Equals, false)
// first rule: allow anyone do stuff with calamares
c.Check(u.IsAllowed([]utils.GpgKey{"ABCD1234", "1234ABCD"}, &Changes{Stanza: Stanza{"Source": "calamares"}}), Equals, true)
c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"ABCD1234", "1234ABCD"}, Stanza: Stanza{"Source": "calamares"}}), Equals, true)
// second rule: nobody is allowed to do stuff with never-calamares
c.Check(u.IsAllowed([]utils.GpgKey{"ABCD1234", "1234ABCD"}, &Changes{Stanza: Stanza{"Source": "never-calamares"}}), Equals, false)
c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"ABCD1234", "1234ABCD"}, Stanza: Stanza{"Source": "never-calamares"}}), Equals, false)
// third rule: anyone from the group or explicit key
c.Check(u.IsAllowed([]utils.GpgKey{"45678901", "12345678"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
c.Check(u.IsAllowed([]utils.GpgKey{"37E1C17570096AD1"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
c.Check(u.IsAllowed([]utils.GpgKey{"70096AD1"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"45678901", "12345678"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"37E1C17570096AD1"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"70096AD1"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
// fourth rule: some are not allowed
c.Check(u.IsAllowed([]utils.GpgKey{"ABCD1234", "45678901"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, false)
c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"ABCD1234", "45678901"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, false)
}