From 37a6d33f46d81109ce5dfa0f79ea52395ac7762d Mon Sep 17 00:00:00 2001 From: KatolaZ Date: Thu, 20 Jul 2017 06:57:50 +0100 Subject: tags are correctly authenticated --- commits.go | 3 ++- examples/scorsh_example.cfg | 6 ----- examples/worker2/worker2.cfg | 9 +++++++ workers.go | 63 +++++++++++++++++++++++--------------------- 4 files changed, 44 insertions(+), 37 deletions(-) diff --git a/commits.go b/commits.go index b015fab..4f2f451 100644 --- a/commits.go +++ b/commits.go @@ -57,7 +57,7 @@ func find_scorsh_message(commit *git.Commit) (string, error) { return msg[idx:], nil } -// return a list of keyring names which verify the signature of this commit +// return a list of keyring names which verify the signature of a given commit func get_valid_keys(commit *git.Commit, keys *map[string]openpgp.KeyRing) []string { var ret []string @@ -100,6 +100,7 @@ func exec_tag(tag *SCORSHtag_cfg) []error { for _, c := range tag.Commands { debug.log("[tag: %s] attempting command: %s\n", tag.Name, c.URL) + ret = append(ret, nil) } return ret diff --git a/examples/scorsh_example.cfg b/examples/scorsh_example.cfg index 91bd413..c51926b 100644 --- a/examples/scorsh_example.cfg +++ b/examples/scorsh_example.cfg @@ -11,9 +11,6 @@ s_workers: w_folder: ./worker1, w_logfile: ./worker1/worker1.log, w_tagfile: "./worker1/worker1.cfg", - w_keyrings: [ - "./worker1/allowed_users.asc" - ] }, { w_name: worker2, @@ -21,9 +18,6 @@ s_workers: w_folder: ./worker2, w_logfile: ./worker2/worker2.log, w_tagfile: "./worker2/worker2.cfg", - w_keyrings: [ - "./worker2/allowed_users.asc" - ] } ] ... diff --git a/examples/worker2/worker2.cfg b/examples/worker2/worker2.cfg index 5624cb0..d1538ac 100644 --- a/examples/worker2/worker2.cfg +++ b/examples/worker2/worker2.cfg @@ -9,6 +9,15 @@ w_tags: c_url: "file:///home/katolaz/bin/deploy.sh" } ] + }, + { + t_name: "build", + t_keyrings: ["allowed_users.asc"], + t_commands: [ + { + c_url: "file:///home/katolaz/bin/scorsh_build.sh" + } + ] } ] ... \ No newline at end of file diff --git a/workers.go b/workers.go index b92d3cb..415d169 100644 --- a/workers.go +++ b/workers.go @@ -31,27 +31,38 @@ func (worker *SCORSHworker) Matches(repo, branch string) bool { func (w *SCORSHworker) LoadKeyrings() error { w.Keys = make(map[string]openpgp.KeyRing, len(w.Keyrings)) + w.TagKeys = make(map[string]map[string]bool) - // Open the keyring files - for _, keyring := range w.Keyrings { - f, err_file := os.Open(keyring) + for _, t := range w.Tags { + w.TagKeys[t.Name] = make(map[string]bool) - if err_file != nil { - log.Printf("[worker] cannot open keyring:", err_file) - f.Close() - return fmt.Errorf("Unable to open keyring: ", err_file) - } + // Open the keyring files + for _, keyring := range t.Keyrings { + if _, ok := w.Keys[keyring]; ok { + // keyring has been loaded: just add it to the TagKeys map + w.TagKeys[t.Name][keyring] = true + continue + } + k_file := fmt.Sprintf("%s/%s", w.Folder, keyring) + debug.log("[worker: %s] Trying to open keyring at %s\n", w.Name, k_file) + f, err_file := os.Open(k_file) + if err_file != nil { + log.Printf("[worker] cannot open keyring: %s", err_file) + f.Close() + } - // load the keyring - kr, err_key := openpgp.ReadArmoredKeyRing(f) + // load the keyring + kr, err_key := openpgp.ReadArmoredKeyRing(f) - if err_key != nil { - log.Printf("[worker] cannot load keyring: ", err_key) + if err_key != nil { + log.Printf("[worker] cannot load keyring: %s", err_key) + f.Close() + //return fmt.Errorf("Unable to load keyring: ", err_key) + } + w.Keys[keyring] = kr + w.TagKeys[t.Name][keyring] = true f.Close() - return fmt.Errorf("Unable to load keyring: ", err_key) } - w.Keys[keyring] = kr - f.Close() } return nil } @@ -80,7 +91,6 @@ func Worker(w *SCORSHworker) { var msg SCORSHmsg log.Printf("[worker: %s] Started\n", w.Name) - debug.log("[worker: %s] MsgChan: %s\n", w.Name, w.MsgChan) // notify that we have been started! w.StatusChan <- msg @@ -117,26 +127,19 @@ func StartWorkers(master *SCORSHmaster) error { // Set the Status and Msg channels worker.StatusChan = master.StatusChan worker.MsgChan = make(chan SCORSHmsg, 10) - // Load worker keyrings - err := worker.LoadKeyrings() - if err != nil { - close(worker.MsgChan) - return fmt.Errorf("[Starting worker: %s] Unable to load keyrings: %s\n", worker.Name, err) - } + // Load worker tags from worker.Tagfile - err = worker.LoadTags() + err := worker.LoadTags() if err != nil { close(worker.MsgChan) return fmt.Errorf("[Starting worker: %s] Unable to load tags: %s\n", worker.Name, err) } - // Create the map of keyring for each tag - worker.TagKeys = make(map[string]map[string]bool) - for _, t := range worker.Tags { - worker.TagKeys[t.Name] = make(map[string]bool) - for _, k := range t.Keyrings { - worker.TagKeys[t.Name][k] = true - } + // Load worker keyrings -- this must be called *after* LoadTags!!!! + err = worker.LoadKeyrings() + if err != nil { + close(worker.MsgChan) + return fmt.Errorf("[Starting worker: %s] Unable to load keyrings: %s\n", worker.Name, err) } // Add the repos definitions to the map master.Repos -- cgit v1.2.3