summaryrefslogtreecommitdiff
path: root/commits.go
blob: 68c809927e2e2889edeab5d0b348741a2084187e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
package main

import (
	"fmt"
	"github.com/KatolaZ/git2go"
	"github.com/go-yaml/yaml"
	"golang.org/x/crypto/openpgp"
	"log"
	"os"
	"strings"
	//	"log"
)

func CommitToString(commit *git.Commit) string {

	var ret string

	ret += fmt.Sprintf("type: %s\n", commit.Type())
	ret += fmt.Sprintf("Id: %s\n", commit.Id())
	ret += fmt.Sprintf("Author: %s\n", commit.Author())
	ret += fmt.Sprintf("Message: %s\n", commit.Message())
	ret += fmt.Sprintf("Parent-count: %d\n", commit.ParentCount())

	return ret
}

// FIXME: RETURN THE ENTITY PROVIDED BY THE CHECK, OR nil
func check_signature(commit *git.Commit, keyring *openpgp.KeyRing) (signature, signed string, err error) {

	signature, signed, err = commit.ExtractSignature()

	if err == nil {
		_, err_sig :=
			openpgp.CheckArmoredDetachedSignature(*keyring, strings.NewReader(signed),
				strings.NewReader(signature))

		if err_sig == nil {
			fmt.Printf("Good signature \n")
			return signature, signed, nil
		}
		err = err_sig
	}

	return "", "", err
}

func find_scorsh_message(commit *git.Commit) (string, error) {

	sep := "---\n"

	msg := commit.RawMessage()
	debug.log("[find_scorsg_msg] found message:\n %s\n", msg)

	// FIXME!!! replace the following with a proper regexp.Match
	idx := strings.Index(msg, sep)

	return msg[idx:], nil
}

// return a list of keyring names which verify the signature of a given commit
func get_valid_keys(commit *git.Commit, keys *map[string]openpgp.KeyRing) []string {

	var ret []string

	for k_name, k_val := range *keys {
		_, _, err := check_signature(commit, &k_val)
		if err == nil {
			ret = append(ret, k_name)
		}
	}
	return ret
}

func intersect_keys(ref map[string]bool, keys []string) []string {

	var ret []string

	for _, k := range keys {

		if _, ok := ref[k]; ok {
			ret = append(ret, k)
		}
	}
	return ret
}

func find_tag_config(tag_name string, w *SCORSHworker) (*SCORSHtag_cfg, bool) {

	for _, c := range w.Tags {
		if c.Name == tag_name {
			return &c, true
		}
	}
	return nil, false
}

// traverse all the commits between two references, looking for scorsh
// commands
// fixme: we don't have just one keyring here....
func walk_commits(msg SCORSHmsg, w *SCORSHworker) error {

	var tags SCORSHclient_msg
	var commit_msg string

	fmt.Printf("Inside parse_commits\n")

	reponame := msg.Repo
	old_rev := msg.Old_rev
	new_rev := msg.New_rev

	repo, err := git.OpenRepository(reponame)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error while opening repository %s (%s)\n",
			reponame, err)
		return SCORSHerr(SCORSH_ERR_NO_REPO)
	}

	old_rev_oid, err := git.NewOid(old_rev)

	oldrev_commit, err := repo.LookupCommit(old_rev_oid)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Commit: %s does not exist\n", old_rev)
		return SCORSHerr(SCORSH_ERR_NO_COMMIT)
	}

	new_rev_oid, err := git.NewOid(new_rev)

	newrev_commit, err := repo.LookupCommit(new_rev_oid)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Commit: %s does not exist\n", new_rev)
		return SCORSHerr(SCORSH_ERR_NO_COMMIT)
	}

	cur_commit := newrev_commit

	for cur_commit.Id().String() != oldrev_commit.Id().String() {

		commit, err := repo.LookupCommit(cur_commit.Id())
		if err == nil {

			//debug.log("commit: %s", CommitToString(commit))
			// We should look for scorsh-tags, and if the commit has any,
			// check if it can be verified by any of the keyrings associated
			// with that specific scorsh-tag

			// check if the commit contains a scorsh command

			commit_msg, err = find_scorsh_message(commit)
			if err != nil {
				log.Printf("[worker: %s] %s\n", w.Name, SCORSHerr(SCORSH_ERR_SIGNATURE))
			}

			// Check if is the comment contains a valid scorsh message
			err = yaml.Unmarshal([]byte(commit_msg), &tags)

			if err != nil {
				// no scorsh message found
				log.Printf("[worker: %s] no scorsh message found: %s", err)
			} else {
				// there is a scorsh message there so

				// 1) get the list of all the keys which verify the message
				valid_keys := get_valid_keys(commit, &(w.Keys))
				debug.log("[worker: %s] validated keyrings on commit: %s\n", w.Name, valid_keys)

				// 2) then for each tag in the message
				for _, t := range tags.Tags {
					// a) check that the tag is among those accepted by the worker
					tag_cfg, good_tag := find_tag_config(t.Tag, w)
					debug.log("[worker: %s] good_tag: %s\n", w.Name, good_tag)

					if !good_tag {
						debug.log("[worker: %s] unsupported tag: %s\n", w.Name, t.Tag)
						continue
					}

					// b) check that at least one of the accepted tag keys is in valid_keys
					good_keys := intersect_keys(w.TagKeys[t.Tag], valid_keys) != nil
					debug.log("[worker: %s] good_keys: %s\n", w.Name, good_keys)

					if !good_keys {
						debug.log("[worker: %s] no matching keys for tag: %s\n", w.Name, t.Tag)
						continue
					}

					// c) If everything is OK, execute the tag
					if good_tag && good_keys {
						env := set_environment(&msg)
						errs := exec_tag(tag_cfg, t.Args, env)
						debug.log("[worker: %s] errors in tag %s: %s\n", w.Name, t.Tag, errs)
					}
				}
			}

			cur_commit = commit.Parent(0)
		} else {
			fmt.Printf("Commit %x not found!\n", cur_commit.Id())
			return SCORSHerr(SCORSH_ERR_NO_COMMIT)
		}
	}
	return nil
}