vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-06-01 04:40:38 +00:00
Code Issues Projects Releases Wiki Activity

Refactor to get Keys from Changes. #71

Browse Source
This commit is contained in:
Andrey Smirnov
2015-03-19 01:36:39 +03:00
parent 813b9593fa
commit c573746896
3 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deb/changes.go
+4 -1
View File
@@ -22,6 +22,7 @@ type Changes struct {
Binary []string Binary []string
Architectures []string Architectures []string
Stanza Stanza Stanza Stanza
SignatureKeys []utils.GpgKey
} }
// NewChanges moves .changes file into temporary directory and creates Changes structure // NewChanges moves .changes file into temporary directory and creates Changes structure
@@ -67,11 +68,13 @@ func (c *Changes) VerifyAndParse(acceptUnsigned, ignoreSignature bool, verifier
} }
if isClearSigned && !ignoreSignature { if isClearSigned && !ignoreSignature {
_, err = verifier.VerifyClearsigned(input, false) keyInfo, err := verifier.VerifyClearsigned(input, false)
if err != nil { if err != nil {
return err return err
} }
input.Seek(0, 0) input.Seek(0, 0)
c.SignatureKeys = keyInfo.GoodKeys
} }
var text *os.File var text *os.File
deb/uploaders.go
+3 -3
View File
@@ -47,11 +47,11 @@ func (u *Uploaders) ExpandGroups(items []string) []string {
} }
// IsAllowed checks whether listed keys are allowed to upload given .changes file // IsAllowed checks whether listed keys are allowed to upload given .changes file
func (u *Uploaders) IsAllowed(keys []utils.GpgKey, changes *Changes) bool { func (u *Uploaders) IsAllowed(changes *Changes) bool {
for _, rule := range u.Rules { for _, rule := range u.Rules {
if rule.CompiledCondition.Matches(changes) { if rule.CompiledCondition.Matches(changes) {
deny := u.ExpandGroups(rule.Deny) deny := u.ExpandGroups(rule.Deny)
for _, key := range keys { for _, key := range changes.SignatureKeys {
for _, item := range deny { for _, item := range deny {
if item == "*" || key.Matches(utils.GpgKey(item)) { if item == "*" || key.Matches(utils.GpgKey(item)) {
return false return false
@@ -60,7 +60,7 @@ func (u *Uploaders) IsAllowed(keys []utils.GpgKey, changes *Changes) bool {
} }
allow := u.ExpandGroups(rule.Allow) allow := u.ExpandGroups(rule.Allow)
for _, key := range keys { for _, key := range changes.SignatureKeys {
for _, item := range allow { for _, item := range allow {
if item == "*" || key.Matches(utils.GpgKey(item)) { if item == "*" || key.Matches(utils.GpgKey(item)) {
return true return true
deb/uploaders_test.go
+8 -8
View File
@@ -58,22 +58,22 @@ func (s *UploadersSuite) TestIsAllowed(c *C) {
} }
// no keys - not allowed // no keys - not allowed
c.Check(u.IsAllowed([]utils.GpgKey{}, &Changes{Stanza: Stanza{"Source": "calamares"}}), Equals, false) c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{}, Stanza: Stanza{"Source": "calamares"}}), Equals, false)
// no rule - not allowed // no rule - not allowed
c.Check(u.IsAllowed([]utils.GpgKey{"37E1C17570096AD1", "EC4B033C70096AD1"}, &Changes{Stanza: Stanza{"Source": "unknown-calamares"}}), Equals, false) c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"37E1C17570096AD1", "EC4B033C70096AD1"}, Stanza: Stanza{"Source": "unknown-calamares"}}), Equals, false)
// first rule: allow anyone do stuff with calamares // first rule: allow anyone do stuff with calamares
c.Check(u.IsAllowed([]utils.GpgKey{"ABCD1234", "1234ABCD"}, &Changes{Stanza: Stanza{"Source": "calamares"}}), Equals, true) c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"ABCD1234", "1234ABCD"}, Stanza: Stanza{"Source": "calamares"}}), Equals, true)
// second rule: nobody is allowed to do stuff with never-calamares // second rule: nobody is allowed to do stuff with never-calamares
c.Check(u.IsAllowed([]utils.GpgKey{"ABCD1234", "1234ABCD"}, &Changes{Stanza: Stanza{"Source": "never-calamares"}}), Equals, false) c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"ABCD1234", "1234ABCD"}, Stanza: Stanza{"Source": "never-calamares"}}), Equals, false)
// third rule: anyone from the group or explicit key // third rule: anyone from the group or explicit key
c.Check(u.IsAllowed([]utils.GpgKey{"45678901", "12345678"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, true) c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"45678901", "12345678"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
c.Check(u.IsAllowed([]utils.GpgKey{"37E1C17570096AD1"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, true) c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"37E1C17570096AD1"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
c.Check(u.IsAllowed([]utils.GpgKey{"70096AD1"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, true) c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"70096AD1"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
// fourth rule: some are not allowed // fourth rule: some are not allowed
c.Check(u.IsAllowed([]utils.GpgKey{"ABCD1234", "45678901"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, false) c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"ABCD1234", "45678901"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, false)
} }