Compare commits
2 Commits
main
...
public/wel
Author | SHA1 | Date |
---|---|---|
mediocregopher | 1147264ff1 | 4 years ago |
mediocregopher | f5584f1505 | 4 years ago |
@ -1 +1 @@ |
||||
dehub |
||||
/dehub |
||||
|
@ -0,0 +1,72 @@ |
||||
# Welcome! |
||||
|
||||
Hello! Welcome to the dehub project. You've found your way onto the welcome |
||||
branch. This branch is open for anyone to leave a comment commit on it, provided |
||||
they sign their commit with a PGP key. |
||||
|
||||
## Viewing comments |
||||
|
||||
If you've gotten this far then viewing comments is as easy as doing `git log`. |
||||
All commits will be shown from newest to oldest. You will only see the latest |
||||
snapshot of comments that you've pulled from the server. In order to update that |
||||
snapshot do: |
||||
|
||||
``` |
||||
git pull -f origin public/welcome |
||||
``` |
||||
|
||||
## Leaving a comment |
||||
|
||||
The first step to leaving a comment of your own is to install dehub. Visit |
||||
`https://dehub.dev` for more on how to do that. |
||||
|
||||
Once done, and assuming you have this branch checked out (how are you reading |
||||
this if you don't?), just do the following: |
||||
|
||||
``` |
||||
dehub commit --anon-pgp-key=KEY_NAME comment |
||||
``` |
||||
|
||||
(`KEY_NAME` should be replaced with any selector which will match your pgp key, |
||||
such as the key ID, the name on the key, or the email.) |
||||
|
||||
Your default text editor (defined by the `EDITOR` environment variable) will pop |
||||
up and you can then write down your comment. When you save and close your editor |
||||
dehub will sign the comment with your pgp key and create a commit with it. |
||||
|
||||
You can view your newly created commit by calling `git show`. |
||||
|
||||
If after you've created your comment commit (but before you've pushed it) you'd |
||||
like to amend it, do: |
||||
|
||||
``` |
||||
dehub commit --anon-pgp-key=KEY_NAME comment --amend |
||||
``` |
||||
|
||||
Finally, to push your comment commit up, you can do: |
||||
|
||||
``` |
||||
git push origin public/welcome |
||||
``` |
||||
|
||||
Once pushed, everyone will be able to see your comment! |
||||
|
||||
### What to say? |
||||
|
||||
Here's some starting points if you're not sure what to write in your first |
||||
comment: |
||||
|
||||
* Introduce yourself; say where you're from and what your interests are. |
||||
* How did you find dehub? Why is it interesting to you? |
||||
* If you're using dehub for a project, shill your project! |
||||
* If you'd like to get involved in dehub's development, let us know what your |
||||
skills are and how you can help. Remember, it takes more than expert |
||||
programmers to make a project successful. |
||||
|
||||
## Rules |
||||
|
||||
Please be kind to others, and keep discussion related to dehub and |
||||
dehub-adjacent topics. Politics, in general, is not going to be related to |
||||
dehub. Comments which are off-topic or otherwise abusive are subject to being |
||||
removed. |
||||
|
@ -1,195 +0,0 @@ |
||||
# .dehub |
||||
|
||||
The `.dehub` directory contains all meta information related to |
||||
decentralized repository management and access control. |
||||
|
||||
## config.yml |
||||
|
||||
The `.dehub/config.yml` file takes the following structure: |
||||
|
||||
```yaml |
||||
# accounts defines all accounts which are known to the repo. |
||||
accounts: |
||||
|
||||
# Each account is an object with an id and at least one identifier. The id |
||||
# must be unique for each account. |
||||
- id: some_user_id: |
||||
|
||||
# signifiers describes different methods the account might use to |
||||
# identify itself. Generally, these will be different public keys which |
||||
# commits will be signed with. At least one is required. |
||||
signifiers: |
||||
- type: "pgp_public_key" |
||||
body: "FULL PGP PUBLIC KEY STRING" |
||||
|
||||
- type: "pgp_public_key_file" |
||||
path: ".dehub/some_user_id.asc" |
||||
|
||||
- type: "keybase" |
||||
user: "some_keybase_user_id" |
||||
|
||||
# access_controls defines under what conditions different files in the repo may |
||||
# be modified. For each file modified in a commit, all access control patterns |
||||
# are applied sequentially until one matches, and the associated access control |
||||
# conditions are checked. A commit is only allowed if the conditions of all |
||||
# modified files are met. |
||||
access_controls: |
||||
|
||||
# pattern is a glob pattern describing what files this access control |
||||
# applies to. Single star matches all characters except path separators, |
||||
# double star matches everything. |
||||
- pattern: ".dehub/**" |
||||
|
||||
# signature conditions indicate that a commit must be signed by one or |
||||
# more accounts to be allowed. |
||||
condition: |
||||
type: signature |
||||
|
||||
# account_ids lists all accounts whose signature will count towards |
||||
# meeting the condition |
||||
account_ids: |
||||
- some_user_id |
||||
|
||||
# count describes how many signatures are required. It can be either a |
||||
# contrete integer (e.g. 2, meaning any 2 accounts listed by |
||||
# account_ids) or a percent. |
||||
count: 100% |
||||
|
||||
# This catch-all pattern for the rest of the repo requires that changes to |
||||
# any files not under `.dehub/` are signed by at least one of the |
||||
# defined accounts. |
||||
- pattern: "**" |
||||
condition: |
||||
type: signature |
||||
any_account: true # indicates any account defined in accounts is valid |
||||
count: 1 |
||||
``` |
||||
|
||||
# Master commit |
||||
|
||||
All new commits being appended to the HEAD of the `master` branch are subject to |
||||
the following requirements: |
||||
|
||||
* Must conform to all requirements defined by the `access_controls` section of |
||||
the `config.yml`, as found in the HEAD. If the commit is the initial commit of |
||||
the repo then it instead uses the `config.yml` found in itself. |
||||
|
||||
* Must not be a merge commit (this may be amended later, but at present it |
||||
simplifies implementation). |
||||
|
||||
* The commit message must conform to the format and semantics defined below. |
||||
|
||||
## Master Commit Message |
||||
|
||||
The commit message for a commit being appended to the HEAD of the `master` |
||||
branch must conform to the following format: a single line (the message head) |
||||
giving a short description of the change, then two newlines, then a body which |
||||
is a yaml formatted string: |
||||
|
||||
```yaml |
||||
This is the message head. It will be re-iterated within the yaml body. |
||||
|
||||
# Now the yaml body begins |
||||
--- |
||||
message: > |
||||
This is the message head. It will be re-iterated within the yaml body. |
||||
|
||||
The rest of this field is for the message body, which corresponds to the |
||||
body of a normal commit message which might give a more long-form |
||||
explanation of the commit's changes. |
||||
|
||||
Since the message is used in generating the signature it's necessary for it |
||||
to be encoded here fully formed, even though the message head is then |
||||
duplicated. Otherwise the exact bytes of the message would be ambiguous. |
||||
This situation is ugly, but not unbearable. |
||||
|
||||
# See the Commit Signatures section below for how this is computed. The |
||||
# change_hash is always recomputed when verifying a commit, but is reproduced in |
||||
# the commit message itself for cases of forward compatibility, e.g. if the |
||||
algorithm to compute the hash changes. |
||||
change_hash: XXX |
||||
|
||||
# Credentials are the set of credentials which count towards requirements |
||||
# specified in the `access_controls` section of the `config.yml` file. |
||||
credentials: |
||||
|
||||
- type: pgp_signature |
||||
account_id: some_user_id |
||||
pub_key_id: XXX |
||||
body: "base-64 signature body" |
||||
``` |
||||
|
||||
## Commit Signatures |
||||
|
||||
When a commit is being signed by a signifier there is an expected data format |
||||
for the data to be signed. The format is a SHA-256 hash of the following pieces |
||||
of data concatenated together (the "change_hash"): |
||||
|
||||
* A uvarint indicating the number of bytes in the commit message. |
||||
* The message. |
||||
* A uvarint indicating the number of files changed. |
||||
* For each file changed in the commit, ordered lexographically-ascending based |
||||
on its full relative path within the repo, the following is then written: |
||||
* A uvarint indicating the length of the full relative path of the file |
||||
within the repo. |
||||
* The full relative path of the file within the repo. |
||||
* A little-endian uint32 representing the previous file mode of the file (or 0 |
||||
if the file is being inserted). |
||||
* The 20-byte SHA1 hash of the previous version of the file's contents (or 20 |
||||
0 bytes if the file is being inserted). |
||||
* A little-endian uint32 representing the new file mode of the file (or 0 |
||||
if the file is being deleted). |
||||
* The 20-byte SHA1 hash of the new version of the file's contents (or 20 |
||||
0 bytes if the file is being deleted). |
||||
|
||||
The raw output from the SHA-256 is then prepended with a `0` byte (for forward |
||||
compatibility) and signed, and the result used as the signature body. |
||||
|
||||
# Merge Requests |
||||
|
||||
A merge request (MR) may be pushed to the repository as a new branch at any |
||||
time. All MR branch names follow the naming convention `DHMR-short-description`. |
||||
An MR branch has the following qualities: |
||||
|
||||
* Meta commits (see sub-section) will only contain a commit message head/body, |
||||
but no file changes. |
||||
|
||||
* The most recent substantial commit (as opposed to meta commits) should always |
||||
contain the full commit message head and body. |
||||
|
||||
## Meta Commits |
||||
|
||||
Meta commits are those which add information about the changes being requested, |
||||
but do not modify the changes themselves. |
||||
|
||||
### Signature Commits |
||||
|
||||
Signature commits sign the changes requested in order to count towards their |
||||
access control requirements. The message head of these are arbitrary, but the |
||||
body must be formatted as such: |
||||
|
||||
```yaml |
||||
# This object matches the one found in the `credentials` section of the master |
||||
# commit message. |
||||
type: pgp_signature |
||||
account_id: some_user_id ``` |
||||
pub_key_id: XXX |
||||
body: "base-64 signature body" # see Commit Signatures sub-section. |
||||
``` |
||||
|
||||
If a signature commit is added to a MR branch, and a substantial commit is |
||||
added after it, then that signature commit will no longer be valid, as it was |
||||
only signing the the prior changeset. The signer will need to create and push a |
||||
new signature commit, if they agree with the new changes. |
||||
|
||||
## Merging MRs |
||||
|
||||
When an MR has accumulated enough meta commits to fulfuill access control |
||||
requirements it may be coalesced into a single commit destined for the master |
||||
branch. See the Master Commit Message sub-section for details on how commits in |
||||
the master branch must be formatted. |
||||
|
||||
# TODO |
||||
|
||||
* access control patterns related to who may push to MR branches, and what types |
||||
of commits they can push. |
@ -1,53 +0,0 @@ |
||||
package accessctl |
||||
|
||||
import ( |
||||
"fmt" |
||||
|
||||
"github.com/bmatcuk/doublestar" |
||||
) |
||||
|
||||
// AccessControl represents an access control object being defined in the
|
||||
// Config.
|
||||
type AccessControl struct { |
||||
Pattern string `yaml:"pattern"` |
||||
Condition Condition `yaml:"condition"` |
||||
} |
||||
|
||||
// ErrNoApplicableAccessControls is returned from ApplicableAccessControls when
|
||||
// a changed path has no applicable AccessControls which match it.
|
||||
type ErrNoApplicableAccessControls struct { |
||||
Path string |
||||
} |
||||
|
||||
func (err ErrNoApplicableAccessControls) Error() string { |
||||
return fmt.Sprintf("no AccessControls which apply to changed file %q", err.Path) |
||||
} |
||||
|
||||
// ApplicableAccessControls returns a subset of the given AccessControls which
|
||||
// are applicable to the given file paths (ie those whose Conditions must be met
|
||||
// in order for the changes to go through.
|
||||
func ApplicableAccessControls(accessControls []AccessControl, filesChanged []string) ([]AccessControl, error) { |
||||
applicableSet := map[AccessControl]struct{}{} |
||||
for _, path := range filesChanged { |
||||
var any bool |
||||
for _, ac := range accessControls { |
||||
if ok, err := doublestar.PathMatch(ac.Pattern, path); err != nil { |
||||
return nil, fmt.Errorf("error matching path %q to patterrn %q: %w", |
||||
path, ac.Pattern, err) |
||||
} else if ok { |
||||
applicableSet[ac] = struct{}{} |
||||
any = true |
||||
break |
||||
} |
||||
} |
||||
if !any { |
||||
return nil, ErrNoApplicableAccessControls{Path: path} |
||||
} |
||||
} |
||||
|
||||
applicable := make([]AccessControl, 0, len(applicableSet)) |
||||
for ac := range applicableSet { |
||||
applicable = append(applicable, ac) |
||||
} |
||||
return applicable, nil |
||||
} |
@ -1,118 +0,0 @@ |
||||
package accessctl |
||||
|
||||
import ( |
||||
"errors" |
||||
"reflect" |
||||
"sort" |
||||
"testing" |
||||
) |
||||
|
||||
func TestApplicableAccessControls(t *testing.T) { |
||||
tests := []struct { |
||||
descr string |
||||
patterns, filesChanged []string |
||||
exp []string |
||||
expErrPath string |
||||
}{ |
||||
{ |
||||
descr: "empty input empty output", |
||||
}, |
||||
{ |
||||
descr: "empty patterns", |
||||
filesChanged: []string{"foo", "bar"}, |
||||
expErrPath: "foo", |
||||
}, |
||||
{ |
||||
descr: "empty filesChanged", |
||||
patterns: []string{"patternA", "patternB"}, |
||||
}, |
||||
{ |
||||
descr: "no applicable files", |
||||
filesChanged: []string{"foo"}, |
||||
patterns: []string{"bar"}, |
||||
expErrPath: "foo", |
||||
}, |
||||
{ |
||||
descr: "all applicable files", |
||||
filesChanged: []string{"foo", "bar"}, |
||||
patterns: []string{"**"}, |
||||
exp: []string{"**"}, |
||||
}, |
||||
{ |
||||
descr: "pattern precedent", |
||||
filesChanged: []string{"foo"}, |
||||
patterns: []string{"foo", "**"}, |
||||
exp: []string{"foo"}, |
||||
}, |
||||
{ |
||||
descr: "pattern precedent inv", |
||||
filesChanged: []string{"foo"}, |
||||
patterns: []string{"**", "foo"}, |
||||
exp: []string{"**"}, |
||||
}, |
||||
{ |
||||
descr: "individual matches", |
||||
filesChanged: []string{"foo", "bar/baz"}, |
||||
patterns: []string{"foo", "bar/baz"}, |
||||
exp: []string{"foo", "bar/baz"}, |
||||
}, |
||||
{ |
||||
descr: "star match dir", |
||||
filesChanged: []string{"foo", "bar/baz"}, |
||||
patterns: []string{"foo", "bar/*"}, |
||||
exp: []string{"foo", "bar/*"}, |
||||
}, |
||||
{ |
||||
descr: "star not match dir", |
||||
filesChanged: []string{"foo", "bar/baz/biz"}, |
||||
patterns: []string{"foo", "bar/*"}, |
||||
expErrPath: "bar/baz/biz", |
||||
}, |
||||
{ |
||||
descr: "doublestar match dir", |
||||
filesChanged: []string{"foo", "bar/bar", "bar/baz/biz"}, |
||||
patterns: []string{"foo", "bar/**"}, |
||||
exp: []string{"foo", "bar/**"}, |
||||
}, |
||||
} |
||||
|
||||
for _, test := range tests { |
||||
t.Run(test.descr, func(t *testing.T) { |
||||
accessControls := make([]AccessControl, len(test.patterns)) |
||||
for i := range test.patterns { |
||||
accessControls[i] = AccessControl{Pattern: test.patterns[i]} |
||||
} |
||||
|
||||
out, err := ApplicableAccessControls(accessControls, test.filesChanged) |
||||
if err != nil && test.expErrPath == "" { |
||||
t.Fatalf("unexpected error: %v", err) |
||||
} else if test.expErrPath != "" { |
||||
if noAppErr := (ErrNoApplicableAccessControls{}); !errors.As(err, &noAppErr) { |
||||
t.Fatalf("expected ErrNoApplicableAccessControls for path %q, but got %v", test.expErrPath, err) |
||||
} else if test.expErrPath != noAppErr.Path { |
||||
t.Fatalf("expected ErrNoApplicableAccessControls for path %q, but got one for path %q", test.expErrPath, noAppErr.Path) |
||||
} |
||||
return |
||||
} |
||||
|
||||
outPatterns := make([]string, len(out)) |
||||
for i := range out { |
||||
outPatterns[i] = out[i].Pattern |
||||
} |
||||
|
||||
clean := func(s []string) []string { |
||||
if len(s) == 0 { |
||||
return nil |
||||
} |
||||
sort.Strings(s) |
||||
return s |
||||
} |
||||
|
||||
outPatterns = clean(outPatterns) |
||||
test.exp = clean(test.exp) |
||||
if !reflect.DeepEqual(outPatterns, test.exp) { |
||||
t.Fatalf("expected: %+v\ngot: %+v", test.exp, outPatterns) |
||||
} |
||||
}) |
||||
} |
||||
} |
@ -1,130 +0,0 @@ |
||||
package accessctl |
||||
|
||||
import ( |
||||
"dehub/sigcred" |
||||
"dehub/typeobj" |
||||
"errors" |
||||
"fmt" |
||||
"math" |
||||
"strconv" |
||||
"strings" |
||||
) |
||||
|
||||
// ConditionInterface describes the methods that all Signifiers must implement.
|
||||
type ConditionInterface interface { |
||||
|
||||
// Satisfied asserts that the Condition is satisfied by the given set of
|
||||
// Credentials. If it is not (or something else went wrong) then an error is
|
||||
// returned.
|
||||
//
|
||||
// NOTE that Satisfied assumes the Credential has already been Verify'd.
|
||||
Satisfied([]sigcred.Credential) error |
||||
} |
||||
|
||||
// Condition represents an access control condition being defined in the Config.
|
||||
// Only one of its fields may be filled in at a time.
|
||||
type Condition struct { |
||||
Signature *ConditionSignature `type:"signature"` |
||||
} |
||||
|
||||
// MarshalYAML implements the yaml.Marshaler interface.
|
||||
func (c Condition) MarshalYAML() (interface{}, error) { |
||||
return typeobj.MarshalYAML(c) |
||||
} |
||||
|
||||
// UnmarshalYAML implements the yaml.Unmarshaler interface.
|
||||
func (c *Condition) UnmarshalYAML(unmarshal func(interface{}) error) error { |
||||
return typeobj.UnmarshalYAML(c, unmarshal) |
||||
} |
||||
|
||||
// Interface returns the ConditionInterface encapsulated by this Condition
|
||||
// object.
|
||||
func (c Condition) Interface() (ConditionInterface, error) { |
||||
el, _, err := typeobj.Element(c) |
||||
if err != nil { |
||||
return nil, err |
||||
} |
||||
return el.(ConditionInterface), nil |
||||
} |
||||
|
||||
// ConditionSignature represents the configuration of an access control
|
||||
// condition which requires one or more signatures to be present on a commit.
|
||||
//
|
||||
// Either AccountIDs or AccountIDsByMeta must be filled.
|
||||
type ConditionSignature struct { |
||||
AccountIDs []string `yaml:"account_ids,omitempty"` |
||||
AnyAccount bool `yaml:"any_account,omitempty"` |
||||
Count string `yaml:"count"` |
||||
} |
||||
|
||||
var _ ConditionInterface = ConditionSignature{} |
||||
|
||||
func (condSig ConditionSignature) targetNum() (int, error) { |
||||
if !strings.HasSuffix(condSig.Count, "%") { |
||||
return strconv.Atoi(condSig.Count) |
||||
} else if condSig.AnyAccount { |
||||
return 0, errors.New("cannot use AnyAccount and a percent Count together") |
||||
} |
||||
|
||||
percentStr := strings.TrimRight(condSig.Count, "%") |
||||
percent, err := strconv.ParseFloat(percentStr, 64) |
||||
if err != nil { |
||||
return 0, fmt.Errorf("could not parse Count as percent %q: %w", condSig.Count, err) |
||||
} |
||||
targetF := float64(len(condSig.AccountIDs)) * percent / 100 |
||||
targetF = math.Ceil(targetF) |
||||
return int(targetF), nil |
||||
} |
||||
|
||||
// ErrConditionSignatureUnsatisfied is returned from ConditionSignature's
|
||||
// Satisfied method when the Condition has not been satisfied.
|
||||
type ErrConditionSignatureUnsatisfied struct { |
||||
TargetNumAccounts, NumAccounts int |
||||
} |
||||
|
||||
func (err ErrConditionSignatureUnsatisfied) Error() string { |
||||
return fmt.Sprintf("not enough valid signature credentials, requires %d but only had %d", |
||||
err.TargetNumAccounts, err.NumAccounts) |
||||
} |
||||
|
||||
// Satisfied asserts that the given Credentials contains enough signatures to be
|
||||
// satisfied.
|
||||
func (condSig ConditionSignature) Satisfied(creds []sigcred.Credential) error { |
||||
targetN, err := condSig.targetNum() |
||||
if err != nil { |
||||
return fmt.Errorf("could not compute ConditionSignature target number of accounts: %w", err) |
||||
} |
||||
|
||||
credAccountIDs := map[string]struct{}{} |
||||
for _, cred := range creds { |
||||
// TODO currently only signature credentials are implemented, so we can
|
||||
// just assume that the given AccountID has provided a sig. In the
|
||||
// future this may not be true.
|
||||
credAccountIDs[cred.AccountID] = struct{}{} |
||||
} |
||||
|
||||
var n int |
||||
if condSig.AnyAccount { |
||||
// TODO this doesn't actually check that the accounts are defined in the
|
||||
// Config.
|
||||
n = len(credAccountIDs) |
||||
} else { |
||||
targetAccountIDs := map[string]struct{}{} |
||||
for _, accountID := range condSig.AccountIDs { |
||||
targetAccountIDs[accountID] = struct{}{} |
||||
} |
||||
for accountID := range targetAccountIDs { |
||||
if _, ok := credAccountIDs[accountID]; ok { |
||||
n++ |
||||
} |
||||
} |
||||
} |
||||
|
||||
if n < targetN { |
||||
return ErrConditionSignatureUnsatisfied{ |
||||
TargetNumAccounts: targetN, |
||||
NumAccounts: n, |
||||
} |
||||
} |
||||
return nil |
||||
} |
@ -1,110 +0,0 @@ |
||||
package accessctl |
||||
|
||||
import ( |
||||
"dehub/sigcred" |
||||
"reflect" |
||||
"testing" |
||||
) |
||||
|
||||
func TestConditionSignatureSatisfied(t *testing.T) { |
||||
tests := []struct { |
||||
descr string |
||||
cond ConditionSignature |
||||
credAccountIDs []string |
||||
err error |
||||
}{ |
||||
{ |
||||
descr: "no cred accounts", |
||||
cond: ConditionSignature{ |
||||
AnyAccount: true, |
||||
Count: "1", |
||||
}, |
||||
err: ErrConditionSignatureUnsatisfied{ |
||||
TargetNumAccounts: 1, |
||||
NumAccounts: 0, |
||||
}, |
||||
}, |
||||
{ |
||||
descr: "one cred account", |
||||
cond: ConditionSignature{ |
||||
AnyAccount: true, |
||||
Count: "1", |
||||
}, |
||||
credAccountIDs: []string{"foo"}, |
||||
}, |
||||
{ |
||||
descr: "one matching cred account", |
||||
cond: ConditionSignature{ |
||||
AccountIDs: []string{"foo", "bar"}, |
||||
Count: "1", |
||||
}, |
||||
credAccountIDs: []string{"foo"}, |
||||
}, |
||||
{ |
||||
descr: "no matching cred account", |
||||
cond: ConditionSignature{ |
||||
AccountIDs: []string{"foo", "bar"}, |
||||
Count: "1", |
||||
}, |
||||
credAccountIDs: []string{"baz"}, |
||||
err: ErrConditionSignatureUnsatisfied{ |
||||
TargetNumAccounts: 1, |
||||
NumAccounts: 0, |
||||
}, |
||||
}, |
||||
{ |
||||
descr: "two matching cred accounts", |
||||
cond: ConditionSignature{ |
||||
AccountIDs: []string{"foo", "bar"}, |
||||
Count: "2", |
||||
}, |
||||
credAccountIDs: []string{"foo", "bar"}, |
||||
}, |
||||
{ |
||||
descr: "one matching cred account, missing one", |
||||
cond: ConditionSignature{ |
||||
AccountIDs: []string{"foo", "bar"}, |
||||
Count: "2", |
||||
}, |
||||
credAccountIDs: []string{"foo", "baz"}, |
||||
err: ErrConditionSignatureUnsatisfied{ |
||||
TargetNumAccounts: 2, |
||||
NumAccounts: 1, |
||||
}, |
||||
}, |
||||
{ |
||||
descr: "50 percent matching cred accounts", |
||||
cond: ConditionSignature{ |
||||
AccountIDs: []string{"foo", "bar", "baz"}, |
||||
Count: "50%", |
||||
}, |
||||
credAccountIDs: []string{"foo", "bar"}, |
||||
}, |
||||
{ |
||||
descr: "not 50 percent matching cred accounts", |
||||
cond: ConditionSignature{ |
||||
AccountIDs: []string{"foo", "bar", "baz"}, |
||||
Count: "50%", |
||||
}, |
||||
credAccountIDs: []string{"foo"}, |
||||
err: ErrConditionSignatureUnsatisfied{ |
||||
TargetNumAccounts: 2, |
||||
NumAccounts: 1, |
||||
}, |
||||
}, |
||||
} |
||||
|
||||
for _, test := range tests { |
||||
t.Run(test.descr, func(t *testing.T) { |
||||
creds := make([]sigcred.Credential, len(test.credAccountIDs)) |
||||
for i := range test.credAccountIDs { |
||||
creds[i].AccountID = test.credAccountIDs[i] |
||||
} |
||||
|
||||
err := test.cond.Satisfied(creds) |
||||
if !reflect.DeepEqual(err, test.err) { |
||||
t.Fatalf("Satisfied returned %#v\nexpected %#v", err, test.err) |
||||
} |
||||
}) |
||||
} |
||||
} |
@ -1,75 +0,0 @@ |
||||
package dehub |
||||
|
||||
import ( |
||||
"crypto/sha256" |
||||
"encoding/binary" |
||||
"fmt" |
||||
"hash" |
||||
"sort" |
||||
|
||||
"gopkg.in/src-d/go-git.v4/plumbing/object" |
||||
) |
||||
|
||||
var ( |
||||
defaultHashHelperAlgo = sha256.New |
||||
) |
||||
|
||||
type hashHelper struct { |
||||
hash.Hash |
||||
varintBuf []byte |
||||
} |
||||
|
||||
// if h is nil it then defaultHashHelperAlgo will be used
|
||||
func newHashHelper(h hash.Hash) *hashHelper { |
||||
if h == nil { |
||||
h = defaultHashHelperAlgo() |
||||
} |
||||
s := &hashHelper{ |
||||
Hash: h, |
||||
varintBuf: make([]byte, binary.MaxVarintLen64), |
||||
} |
||||
return s |
||||
} |
||||
|
||||
func (s *hashHelper) writeUint(i uint64) { |
||||
n := binary.PutUvarint(s.varintBuf, i) |
||||
if _, err := s.Write(s.varintBuf[:n]); err != nil { |
||||
panic(fmt.Sprintf("error writing %x to sha256 sum: %v", s.varintBuf[:n], err)) |
||||
} |
||||
} |
||||
|
||||
func (s *hashHelper) writeStr(str string) { |
||||
s.writeUint(uint64(len(str))) |
||||
s.Write([]byte(str)) |
||||
} |
||||
|
||||
func (s *hashHelper) writeTreeDiff(from, to *object.Tree) { |
||||
filesChanged, err := calcDiff(from, to) |
||||
if err != nil { |
||||
panic(err.Error()) |
||||
} |
||||
|
||||
sort.Slice(filesChanged, func(i, j int) bool { |
||||
return filesChanged[i].path < filesChanged[j].path |
||||
}) |
||||
|
||||
s.writeUint(uint64(len(filesChanged))) |
||||
for _, fileChanged := range filesChanged { |
||||
s.writeStr(fileChanged.path) |
||||
s.Write(fileChanged.fromMode.Bytes()) |
||||
s.Write(fileChanged.fromHash[:]) |
||||
s.Write(fileChanged.toMode.Bytes()) |
||||
s.Write(fileChanged.toHash[:]) |
||||
} |
||||
|
||||
} |
||||
|
||||
var changeHashVersion = []byte{0} |
||||
|
||||
// if h is nil it then defaultHashHelperAlgo will be used
|
||||
func genChangeHash(h hash.Hash, msg string, from, to *object.Tree) []byte { |
||||
s := newHashHelper(h) |
||||
s.writeStr(msg) |
||||
s.writeTreeDiff(from, to) |
||||
return s.Sum(changeHashVersion) |
||||
} |
@ -1,136 +0,0 @@ |
||||
package main |
||||
|
||||
import ( |
||||
"dehub" |
||||
"errors" |
||||
"flag" |
||||
"fmt" |
||||
"os" |
||||
"strings" |
||||
|
||||
"gopkg.in/src-d/go-git.v4/plumbing" |
||||
) |
||||
|
||||
type subCmdCtx struct { |
||||
repo *dehub.Repo |
||||
args []string |
||||
} |
||||
|
||||
var subCmds = []struct { |
||||
name, descr string |
||||
body func(sctx subCmdCtx) error |
||||
}{ |
||||
{ |
||||
name: "commit", |
||||
descr: "commits staged changes to the head of the current branch", |
||||
body: func(sctx subCmdCtx) error { |
||||
flag := flag.NewFlagSet("commit", flag.ExitOnError) |
||||
msg := flag.String("msg", "", "Commit message to use") |
||||
accountID := flag.String("account-id", "", "Account to sign commit as") |
||||
flag.Parse(sctx.args) |
||||
|
||||
if *msg == "" || *accountID == "" { |
||||
return errors.New("-msg and -account-id are both required") |
||||
} |
||||
|
||||
cfg, err := sctx.repo.LoadConfig() |
||||
if err != nil { |
||||
return err |
||||
} |
||||
|
||||
var account dehub.Account |
||||
var ok bool |
||||
for _, account = range cfg.Accounts { |
||||
if account.ID == *accountID { |
||||
ok = true |
||||
break |
||||
} |
||||
} |
||||
if !ok { |
||||
return fmt.Errorf("account ID %q not found in config", *accountID) |
||||
} else if l := len(account.Signifiers); l == 0 || l > 1 { |
||||
return fmt.Errorf("account %q has %d signifiers, only one is supported right now", *accountID, l) |
||||
} |
||||
|
||||
sig := account.Signifiers[0] |
||||
sigInt, err := sig.Interface() |
||||
if err != nil { |
||||
return fmt.Errorf("could not cast %+v to SignifierInterface: %w", sig, err) |
||||
} |
||||
|
||||
_, hash, err := sctx.repo.CommitMaster(*msg, *accountID, sigInt) |
||||
if err != nil { |
||||
return err |
||||
} |
||||
fmt.Printf("changes committed to HEAD as %s\n", hash) |
||||
return nil |
||||
}, |
||||
}, |
||||
{ |
||||
name: "verify", |
||||
descr: "verifies one or more commits as having the proper credentials", |
||||
body: func(sctx subCmdCtx) error { |
||||
flag := flag.NewFlagSet("verify", flag.ExitOnError) |
||||
rev := flag.String("rev", "HEAD", "Revision of commit to verify") |
||||
flag.Parse(sctx.args) |
||||
|
||||
h, err := sctx.repo.GitRepo.ResolveRevision(plumbing.Revision(*rev)) |
||||
if err != nil { |
||||
return fmt.Errorf("could not resolve revision %q: %w", *rev, err) |
||||
} |
||||
|
||||
if err := sctx.repo.VerifyMasterCommit(*h); err != nil { |
||||
return fmt.Errorf("could not verify commit at %q (%s): %w", *rev, *h, err) |
||||
} |
||||
|
||||
fmt.Printf("commit at %q (%s) is good to go!\n", *rev, *h) |
||||
return nil |
||||
}, |
||||
}, |
||||
} |
||||
|
||||
func printHelp() { |
||||
fmt.Printf("USAGE: %s <command> [-h]\n\n", os.Args[0]) |
||||
fmt.Println("COMMANDS") |
||||
for _, subCmd := range subCmds { |
||||
fmt.Printf("\t%s : %s\n", subCmd.name, subCmd.descr) |
||||
} |
||||
} |
||||
|
||||
func exitErr(err error) { |
||||
fmt.Fprintf(os.Stderr, "exiting: %v\n", err) |
||||
os.Stderr.Sync() |
||||
os.Stdout.Sync() |
||||
os.Exit(1) |
||||
} |
||||
|
||||
func main() { |
||||
if len(os.Args) < 2 { |
||||
printHelp() |
||||
return |
||||
} |
||||
|
||||
subCmdName := strings.ToLower(os.Args[1]) |
||||
for _, subCmd := range subCmds { |
||||
if subCmd.name != subCmdName { |
||||
continue |
||||
} |
||||
|
||||
r, err := dehub.OpenRepo(".") |
||||
if err != nil { |
||||
exitErr(err) |
||||
} |
||||
|
||||
err = subCmd.body(subCmdCtx{ |
||||
repo: r, |
||||
args: os.Args[2:], |
||||
}) |
||||
if err != nil { |
||||
exitErr(err) |
||||
} |
||||
return |
||||
} |
||||
|
||||
fmt.Printf("unknown command %q\n\n", subCmdName) |
||||
printHelp() |
||||
} |
@ -1,251 +0,0 @@ |
||||
package dehub |
||||
|
||||
import ( |
||||
"bytes" |
||||
"dehub/accessctl" |
||||
"dehub/fs" |
||||
"dehub/sigcred" |
||||
"dehub/yamlutil" |
||||
"encoding/base64" |
||||
"errors" |
||||
"fmt" |
||||
"strings" |
||||
"time" |
||||
|
||||
"gopkg.in/src-d/go-git.v4" |
||||
"gopkg.in/src-d/go-git.v4/plumbing" |
||||
"gopkg.in/src-d/go-git.v4/plumbing/object" |
||||
yaml "gopkg.in/yaml.v2" |
||||
) |
||||
|
||||
// MasterCommit describes the structure of the object encoded into the git
|
||||
// message of a commit in the master branch.
|
||||
type MasterCommit struct { |
||||
Message string `yaml:"message"` |
||||
ChangeHash yamlutil.Blob `yaml:"change_hash"` |
||||
Credentials []sigcred.Credential `yaml:"credentials"` |
||||
} |
||||
|
||||
type mcYAML struct { |
||||
Val MasterCommit `yaml:",inline"` |
||||
} |
||||
|
||||
func msgHead(msg string) string { |
||||
i := strings.Index(msg, "\n") |
||||
if i > 0 { |
||||
return msg[:i] |
||||
} |
||||
return msg |
||||
} |
||||
|
||||
// MarshalText implements the encoding.TextMarshaler interface by returning the
|
||||
// form the MasterCommit object takes in the git commit message.
|
||||
func (mc MasterCommit) MarshalText() ([]byte, error) { |
||||
masterCommitEncoded, err := yaml.Marshal(mcYAML{mc}) |
||||
if err != nil { |
||||
return nil, fmt.Errorf("failed to encode MasterCommit message: %w", err) |
||||
} |
||||
|
||||
fullMsg := msgHead(mc.Message) + "\n\n" + string(masterCommitEncoded) |
||||
return []byte(fullMsg), nil |
||||
} |
||||
|
||||
// UnmarshalText implements the encoding.TextUnmarshaler interface by decoding a
|
||||
// MasterCommit object which has been encoded into a git commit message.
|
||||
func (mc *MasterCommit) UnmarshalText(msg []byte) error { |
||||
i := bytes.Index(msg, []byte("\n")) |
||||
if i < 0 { |
||||
return fmt.Errorf("commit message %q is malformed", msg) |
||||
} |
||||
msgHead, msg := msg[:i], msg[i:] |
||||
|
||||
var mcy mcYAML |
||||
if err := yaml.Unmarshal(msg, &mcy); err != nil { |
||||
return fmt.Errorf("could not unmarshal MasterCommit message: %w", err) |
||||
} |
||||
|
||||
*mc = mcy.Val |
||||
if !strings.HasPrefix(mc.Message, string(msgHead)) { |
||||
return errors.New("encoded MasterCommit is malformed, it might not be an encoded MasterCommit") |
||||
} |
||||
|
||||
return nil |
||||
} |
||||
|
||||
// CommitMaster constructs a MasterCommit using the given SignifierInterface to
|
||||
// create a Credential for it. It returns the commit's hash after having set it
|
||||
// to HEAD.
|
||||
//
|
||||
// TODO this method is a prototype and does not reflect the method's final form.
|
||||
func (r *Repo) CommitMaster(msg, accountID string, sig sigcred.SignifierInterface) (MasterCommit, plumbing.Hash, error) { |
||||
_, headTree, err := r.head() |
||||
if errors.Is(err, plumbing.ErrReferenceNotFound) { |
||||
headTree = &object.Tree{} |
||||
} else if err != nil { |
||||
return MasterCommit{}, plumbing.ZeroHash, err |
||||
} |
||||
|
||||
_, stagedTree, err := fs.FromStagedChangesTree(r.GitRepo) |
||||
if err != nil { |
||||
return MasterCommit{}, plumbing.ZeroHash, err |
||||
} |
||||
|
||||
// this is necessarily different than headTree for the case of there being
|
||||
// no HEAD (ie it's the first commit). In that case we want headTree to be
|
||||
// empty (because it's being used to generate the change hash), but we want
|
||||
// the signifier to use the raw fs (because that's where the signifier's
|
||||
// data might be).
|
||||
sigFS, err := r.headOrRawFS() |
||||
if err != nil { |
||||
return MasterCommit{}, plumbing.ZeroHash, err |
||||
} |
||||
|
||||
cfg, err := r.loadConfig(sigFS) |
||||
if err != nil { |
||||
return MasterCommit{}, plumbing.ZeroHash, fmt.Errorf("could not load config: %w", err) |
||||
} |
||||
|
||||
changeHash := genChangeHash(nil, msg, headTree, stagedTree) |
||||
cred, err := sig.Sign(sigFS, changeHash) |
||||
if err != nil { |
||||
return MasterCommit{}, plumbing.ZeroHash, fmt.Errorf("failed to sign commit hash: %w", err) |
||||
} |
||||
cred.AccountID = accountID |
||||
|
||||
// This isn't strictly necessary, but we want to save people the effort of
|
||||
// creating an invalid commit, pushing it, having it be rejected, then
|
||||
// having to reset on the commit.
|
||||
err = r.assertAccessControls( |
||||
cfg.AccessControls, []sigcred.Credential{cred}, |
||||
headTree, stagedTree, |
||||
) |
||||
if err != nil { |
||||
return MasterCommit{}, plumbing.ZeroHash, fmt.Errorf("commit would not satisfy access controls: %w", err) |
||||
} |
||||
|
||||
masterCommit := MasterCommit{ |
||||
Message: msg, |
||||
ChangeHash: changeHash, |
||||
Credentials: []sigcred.Credential{cred}, |
||||
} |
||||
|
||||
masterCommitB, err := masterCommit.MarshalText() |
||||
if err != nil { |
||||
return masterCommit, plumbing.ZeroHash, err |
||||
} |
||||
|
||||
w, err := r.GitRepo.Worktree() |
||||
if err != nil { |
||||
return masterCommit, plumbing.ZeroHash, fmt.Errorf("could not get git worktree: %w", err) |
||||
} |
||||
|
||||
hash, err := w.Commit(string(masterCommitB), &git.CommitOptions{ |
||||
Author: &object.Signature{ |
||||
Name: accountID, |
||||
When: time.Now(), |
||||
}, |
||||
}) |
||||
if err != nil { |
||||
return masterCommit, hash, fmt.Errorf("failed to commit changed: %w", err) |
||||
} |
||||
|
||||
return masterCommit, hash, nil |
||||
|
||||
} |
||||
|
||||
func (r *Repo) assertAccessControls( |
||||
accessCtls []accessctl.AccessControl, creds []sigcred.Credential, |
||||
from, to *object.Tree, |
||||
) error { |
||||
filesChanged, err := calcDiff(from, to) |
||||
if err != nil { |
||||
return err |
||||
} |
||||
|
||||
pathsChanged := make([]string, len(filesChanged)) |
||||
for i := range filesChanged { |
||||
pathsChanged[i] = filesChanged[i].path |
||||
} |
||||
|
||||
accessCtls, err = accessctl.ApplicableAccessControls(accessCtls, pathsChanged) |
||||
if err != nil { |
||||
return fmt.Errorf("could not determine applicable access controls: %w", err) |
||||
} |
||||
|
||||
for _, accessCtl := range accessCtls { |
||||
condInt, err := accessCtl.Condition.Interface() |
||||
if err != nil { |
||||
return fmt.Errorf("could not cast Condition to interface: %w", err) |
||||
} else if err := condInt.Satisfied(creds); err != nil { |
||||
return fmt.Errorf("access control for pattern %q not satisfied: %w", |
||||
accessCtl.Pattern, err) |
||||
} |
||||
} |
||||
|
||||
return nil |
||||
} |
||||
|
||||
// VerifyMasterCommit verifies that the commit at the given hash, which is
|
||||
// presumably on the master branch, is gucci.
|
||||
func (r *Repo) VerifyMasterCommit(h plumbing.Hash) error { |
||||
commit, err := r.GitRepo.CommitObject(h) |
||||
if err != nil { |
||||
return fmt.Errorf("could not retrieve commit object: %w", err) |
||||
} |
||||
|
||||
commitTree, err := r.GitRepo.TreeObject(commit.TreeHash) |
||||
if err != nil { |
||||
return fmt.Errorf("could not retrieve tree object: %w", err) |
||||
} |
||||
|
||||
var masterCommit MasterCommit |
||||
if err := masterCommit.UnmarshalText([]byte(commit.Message)); err != nil { |
||||
return err |
||||
} |
||||
|
||||
sigTree := commitTree // only for root commit
|
||||
parentTree := &object.Tree{} |
||||
if commit.NumParents() > 0 { |
||||
parent, err := commit.Parent(0) |
||||
if err != nil { |
||||
return fmt.Errorf("could not retrieve parent of commit: %w", err) |
||||
} else if parentTree, err = r.GitRepo.TreeObject(parent.TreeHash); err != nil { |
||||
return fmt.Errorf("could not retrieve tree object of parent %q: %w", parent.Hash, err) |
||||
} |
||||
sigTree = parentTree |
||||
} |
||||
sigFS := fs.FromTree(sigTree) |
||||
|
||||
cfg, err := r.loadConfig(sigFS) |
||||
if err != nil { |
||||
return fmt.Errorf("error loading config: %w", err) |
||||
} |
||||
|
||||
err = r.assertAccessControls( |
||||
cfg.AccessControls, masterCommit.Credentials, |
||||
parentTree, commitTree, |
||||
) |
||||
if err != nil { |
||||
return fmt.Errorf("failed to satisfy all access controls: %w", err) |
||||
} |
||||
|
||||
expectedChangeHash := genChangeHash(nil, masterCommit.Message, parentTree, commitTree) |
||||
if !bytes.Equal(masterCommit.ChangeHash, expectedChangeHash) { |
||||
return fmt.Errorf("malformed change_hash in commit body, is %s but should be %s", |
||||
base64.StdEncoding.EncodeToString(expectedChangeHash), |
||||
base64.StdEncoding.EncodeToString(masterCommit.ChangeHash)) |
||||
} |
||||
|
||||
for _, cred := range masterCommit.Credentials { |
||||
sig, err := r.signifierForCredential(sigFS, cred) |
||||
if err != nil { |
||||
return fmt.Errorf("error finding signifier for credential %+v: %w", cred, err) |
||||
} else if err := sig.Verify(sigFS, expectedChangeHash, cred); err != nil { |
||||
return fmt.Errorf("error verifying credential %+v: %w", cred, err) |
||||
} |
||||
} |
||||
|
||||
// TODO access controls
|
||||
|
||||
return nil |
||||
} |
@ -1,170 +0,0 @@ |
||||
package dehub |
||||
|
||||
import ( |
||||
"dehub/accessctl" |
||||
"dehub/sigcred" |
||||
"errors" |
||||
"reflect" |
||||
"strings" |
||||
"testing" |
||||
|
||||
"github.com/davecgh/go-spew/spew" |
||||
"gopkg.in/src-d/go-git.v4/plumbing" |
||||
yaml "gopkg.in/yaml.v2" |
||||
) |
||||
|
||||
func TestMasterCommitVerify(t *testing.T) { |
||||
type step struct { |
||||
msg string |
||||
msgHead string // defaults to msg
|
||||
tree map[string]string |
||||
} |
||||
testCases := []struct { |
||||
descr string |
||||
steps []step |
||||
}{ |
||||
{ |
||||
descr: "single commit", |
||||
steps: []step{ |
||||
{ |
||||
msg: "first commit", |
||||
tree: map[string]string{"a": "0", "b": "1"}, |
||||
}, |
||||
}, |
||||
}, |
||||
{ |
||||
descr: "multiple commits", |
||||
steps: []step{ |
||||
{ |
||||
msg: "first commit", |
||||
tree: map[string]string{"a": "0", "b": "1"}, |
||||
}, |
||||
{ |
||||
msg: "second commit, changing a", |
||||
tree: map[string]string{"a": "1"}, |
||||
}, |
||||
{ |
||||
msg: "third commit, empty", |
||||
}, |
||||
{ |
||||
msg: "fourth commit, adding c, removing b", |
||||
tree: map[string]string{"b": "", "c": "2"}, |
||||
}, |
||||
}, |
||||
}, |
||||
{ |
||||
descr: "big body commits", |
||||
steps: []step{ |
||||
{ |
||||
msg: "first commit, single line but with newline\n", |
||||
}, |
||||
{ |
||||
msg: "second commit, single line but with two newlines\n\n", |
||||
msgHead: "second commit, single line but with two newlines\n\n", |
||||
}, |
||||
{ |
||||
msg: "third commit, multi-line with one newline\nanother line!", |
||||
msgHead: "third commit, multi-line with one newline\n\n", |
||||
}, |
||||
{ |
||||
msg: "fourth commit, multi-line with two newlines\n\nanother line!", |
||||
msgHead: "fourth commit, multi-line with two newlines\n\n", |
||||
}, |
||||
}, |
||||
}, |
||||
} |
||||
|
||||
for _, test := range testCases { |
||||
t.Run(test.descr, func(t *testing.T) { |
||||
h := newHarness(t) |
||||
for _, step := range test.steps { |
||||
h.stage(step.tree) |
||||
account := h.cfg.Accounts[0] |
||||
|
||||
masterCommit, hash, err := h.repo.CommitMaster(step.msg, account.ID, h.sig) |
||||
if err != nil { |
||||
t.Fatalf("failed to make MasterCommit: %v", err) |
||||
} else if err := h.repo.VerifyMasterCommit(hash); err != nil { |
||||
t.Fatalf("could not verify hash %v: %v", hash, err) |
||||
} |
||||
|
||||
commit, err := h.repo.GitRepo.CommitObject(hash) |
||||
if err != nil { |
||||
t.Fatalf("failed to retrieve commit %v: %v", hash, err) |
||||
} else if step.msgHead == "" { |
||||
step.msgHead = strings.TrimSpace(step.msg) + "\n\n" |
||||
} |
||||
|
||||
if !strings.HasPrefix(commit.Message, step.msgHead) { |
||||
t.Fatalf("commit message %q does not start with expected head %q", commit.Message, step.msgHead) |
||||
} |
||||
|
||||
var actualMasterCommit MasterCommit |
||||
if err := actualMasterCommit.UnmarshalText([]byte(commit.Message)); err != nil { |
||||
t.Fatalf("error unmarshaling commit body: %v", err) |
||||
} else if !reflect.DeepEqual(actualMasterCommit, masterCommit) { |
||||
t.Fatalf("returned master commit:\n%s\ndoes not match actual one:\n%s", |
||||
spew.Sdump(masterCommit), spew.Sdump(actualMasterCommit)) |
||||
} |
||||
} |
||||
}) |
||||
} |
||||
} |
||||
|
||||
func TestConfigChange(t *testing.T) { |
||||
h := newHarness(t) |
||||
|
||||
var hashes []plumbing.Hash |
||||
|
||||
// commit the initial staged changes, which merely include the config and
|
||||
// public key
|
||||
_, hash, err := h.repo.CommitMaster("commit configuration", h.cfg.Accounts[0].ID, h.sig) |
||||
if err != nil { |
||||
t.Fatal(err) |
||||
} |
||||
hashes = append(hashes, hash) |
||||
|
||||
// create a new account and add it to the configuration. It should not be
|
||||
// able to actually make that commit though.
|
||||
newSig, newPubKeyBody := sigcred.SignifierPGPTmp(h.rand) |
||||
h.cfg.Accounts = append(h.cfg.Accounts, Account{ |
||||
ID: "toot", |
||||
Signifiers: []sigcred.Signifier{{PGPPublicKey: &sigcred.SignifierPGP{ |
||||
Body: string(newPubKeyBody), |
||||
}}}, |
||||
}) |
||||
h.cfg.AccessControls[0].Condition.Signature.AccountIDs = []string{"root", "toot"} |
||||
h.cfg.AccessControls[0].Condition.Signature.Count = "1" |
||||
|
||||
cfgBody, err := yaml.Marshal(h.cfg) |
||||
if err != nil { |
||||
t.Fatal(err) |
||||
} |
||||
h.stage(map[string]string{ConfigPath: string(cfgBody)}) |
||||
|
||||
_, _, err = h.repo.CommitMaster("add toot user", h.cfg.Accounts[1].ID, newSig) |
||||
if aclErr := (accessctl.ErrConditionSignatureUnsatisfied{}); !errors.As(err, &aclErr) { |
||||
t.Fatalf("CommitMaster should have returned an ErrConditionSignatureUnsatisfied, but returned %v", err) |
||||
} |
||||
|
||||
// now add with the root user, this should work.
|
||||
_, hash, err = h.repo.CommitMaster("add toot user", h.cfg.Accounts[0].ID, h.sig) |
||||
if err != nil { |
||||
t.Fatalf("got an unexpected error committing with root: %v", err) |
||||
} |
||||
hashes = append(hashes, hash) |
||||
|
||||
// _now_ the toot user should be able to do things.
|
||||
h.stage(map[string]string{"foo/bar": "what a cool file"}) |
||||
_, hash, err = h.repo.CommitMaster("add a cool file", h.cfg.Accounts[1].ID, newSig) |
||||
if err != nil { |
||||
t.Fatalf("got an unexpected error committing with toot: %v", err) |
||||
} |
||||
hashes = append(hashes, hash) |
||||
|
||||
for i, hash := range hashes { |
||||
if err := h.repo.VerifyMasterCommit(hash); err != nil { |
||||
t.Fatalf("commit %d (%v) should have been verified but wasn't: %v", i, hash, err) |
||||
} |
||||
} |
||||
} |
@ -1,83 +0,0 @@ |
||||
package dehub |
||||
|
||||
import ( |
||||
"dehub/accessctl" |
||||
"dehub/fs" |
||||
"dehub/sigcred" |
||||
"errors" |
||||
"fmt" |
||||
|
||||
yaml "gopkg.in/yaml.v2" |
||||
) |
||||
|
||||
// Account represents a single account defined in the Config.
|
||||
type Account struct { |
||||
ID string `yaml:"id"` |
||||
Signifiers []sigcred.Signifier `yaml:"signifiers"` |
||||
Meta map[string]string `yaml:"meta,omitempty"` |
||||
} |
||||
|
||||
// Config represents the structure of the main dehub configuration file, and is
|
||||
// used to marshal/unmarshal the yaml file.
|
||||
type Config struct { |
||||
Accounts []Account `yaml:"accounts"` |
||||
AccessControls []accessctl.AccessControl `yaml:"access_controls"` |
||||
} |
||||
|
||||
func (r *Repo) loadConfig(fs fs.FS) (Config, error) { |
||||
rc, err := fs.Open(ConfigPath) |
||||
if err != nil { |
||||
return Config{}, fmt.Errorf("could not open config.yml: %w", err) |
||||
} |
||||
defer rc.Close() |
||||
|
||||
var cfg Config |
||||
if err := yaml.NewDecoder(rc).Decode(&cfg); err != nil { |
||||
return cfg, fmt.Errorf("could not decode config.yml: %w", err) |
||||
} |
||||
|
||||
// TODO validate Config
|
||||
|
||||
return cfg, nil |
||||
} |
||||
|
||||
// LoadConfig loads the Config object from the HEAD of the repo, or directly
|
||||
// from the filesystem if there is no HEAD yet.
|
||||
func (r *Repo) LoadConfig() (Config, error) { |
||||
headFS, err := r.headOrRawFS() |
||||
if err != nil { |
||||
return Config{}, fmt.Errorf("error retrieving repo HEAD: %w", err) |
||||
} |
||||
return r.loadConfig(headFS) |
||||
} |
||||
|
||||
func (r *Repo) signifierForCredential(fs fs.FS, cred sigcred.Credential) (sigcred.SignifierInterface, error) { |
||||
cfg, err := r.loadConfig(fs) |
||||
if err != nil { |
||||
return nil, fmt.Errorf("error loading config: %w", err) |
||||
} |
||||
|
||||
var account Account |
||||
var ok bool |
||||
for _, account = range cfg.Accounts { |
||||
if account.ID == cred.AccountID { |
||||
ok = true |
||||
break |
||||
} |
||||
} |
||||
if !ok { |
||||
return nil, fmt.Errorf("no account object for account id %q present in config", cred.AccountID) |
||||
} |
||||
|
||||
for i, sig := range account.Signifiers { |
||||
if sigInt, err := sig.Interface(); err != nil { |
||||
return nil, fmt.Errorf("error converting signifier index:%d to inteface: %w", i, err) |
||||
} else if ok, err := sigInt.Signed(fs, cred); err != nil { |
||||
return nil, fmt.Errorf("error checking if signfier index:%d signed credential: %w", i, err) |
||||
} else if ok { |
||||
return sigInt, nil |
||||
} |
||||
} |
||||
|
||||
return nil, errors.New("no signifier found for credential") |
||||
} |
@ -1,41 +0,0 @@ |
||||
package dehub |
||||
|
||||
import ( |
||||
"fmt" |
||||
|
||||
"gopkg.in/src-d/go-git.v4/plumbing" |
||||
"gopkg.in/src-d/go-git.v4/plumbing/filemode" |
||||
"gopkg.in/src-d/go-git.v4/plumbing/object" |
||||
) |
||||
|
||||
type fileChanged struct { |
||||
path string |
||||
fromMode, toMode filemode.FileMode |
||||
fromHash, toHash plumbing.Hash |
||||
} |
||||
|
||||
func calcDiff(from, to *object.Tree) ([]fileChanged, error) { |
||||
|
||||
changes, err := object.DiffTree(from, to) |
||||
if err != nil { |
||||
return nil, fmt.Errorf("could not calculate tree diff: %w", err) |
||||
} |
||||
|
||||
filesChanged := make([]fileChanged, len(changes)) |
||||
for i, change := range changes { |
||||
if from := change.From; from.Name != "" { |
||||
filesChanged[i].path = from.Name |
||||
filesChanged[i].fromMode = from.TreeEntry.Mode |
||||
filesChanged[i].fromHash = from.TreeEntry.Hash |
||||
} |
||||
if to := change.To; to.Name != "" { |
||||
if exPath := filesChanged[i].path; exPath != "" && exPath != to.Name { |
||||
panic(fmt.Sprintf("DiffTree entry changed path from %q to %q", exPath, to.Name)) |
||||
} |
||||
filesChanged[i].path = to.Name |
||||
filesChanged[i].toMode = to.TreeEntry.Mode |
||||
filesChanged[i].toHash = to.TreeEntry.Hash |
||||
} |
||||
} |
||||
return filesChanged, nil |
||||
} |
@ -1,117 +0,0 @@ |
||||
package fs |
||||
|
||||
import ( |
||||
"path" |
||||
"sort" |
||||
"strings" |
||||
|
||||
"gopkg.in/src-d/go-billy.v4" |
||||
"gopkg.in/src-d/go-git.v4/plumbing" |
||||
"gopkg.in/src-d/go-git.v4/plumbing/filemode" |
||||
"gopkg.in/src-d/go-git.v4/plumbing/format/index" |
||||
"gopkg.in/src-d/go-git.v4/plumbing/object" |
||||
"gopkg.in/src-d/go-git.v4/storage" |
||||
) |
||||
|
||||
// This file is largely copied from the git-go project's worktree_commit.go @ v4.13.1
|
||||
|
||||
// buildTreeHelper converts a given index.Index file into multiple git objects
|
||||
// reading the blobs from the given filesystem and creating the trees from the
|
||||
// index structure. The created objects are pushed to a given Storer.
|
||||
type buildTreeHelper struct { |
||||
fs billy.Filesystem |
||||
s storage.Storer |
||||
|
||||
trees map[string]*object.Tree |
||||
entries map[string]*object.TreeEntry |
||||
} |
||||
|
||||
// BuildTree builds the tree objects and push its to the storer, the hash
|
||||
// of the root tree is returned.
|
||||
func (h *buildTreeHelper) BuildTree(idx *index.Index) (plumbing.Hash, error) { |
||||
const rootNode = "" |
||||
h.trees = map[string]*object.Tree{rootNode: {}} |
||||
h.entries = map[string]*object.TreeEntry{} |
||||
|
||||
for _, e := range idx.Entries { |
||||
if err := h.commitIndexEntry(e); err != nil { |
||||
return plumbing.ZeroHash, err |
||||
} |
||||
} |
||||
|
||||
return h.copyTreeToStorageRecursive(rootNode, h.trees[rootNode]) |
||||
} |
||||
|
||||
func (h *buildTreeHelper) commitIndexEntry(e *index.Entry) error { |
||||
parts := strings.Split(e.Name, "/") |
||||
|
||||
var fullpath string |
||||
for _, part := range parts { |
||||
parent := fullpath |
||||
fullpath = path.Join(fullpath, part) |
||||
|
||||
h.doBuildTree(e, parent, fullpath) |
||||
} |
||||
|
||||
return nil |
||||
} |
||||
|
||||
func (h *buildTreeHelper) doBuildTree(e *index.Entry, parent, fullpath string) { |
||||
if _, ok := h.trees[fullpath]; ok { |
||||
return |
||||
} |
||||
|
||||
if _, ok := h.entries[fullpath]; ok { |
||||
return |
||||
} |
||||
|
||||
te := object.TreeEntry{Name: path.Base(fullpath)} |
||||
|
||||
if fullpath == e.Name { |
||||
te.Mode = e.Mode |
||||
te.Hash = e.Hash |
||||
} else { |
||||
te.Mode = filemode.Dir |
||||
h.trees[fullpath] = &object.Tree{} |
||||
} |
||||
|
||||
h.trees[parent].Entries = append(h.trees[parent].Entries, te) |
||||
} |
||||
|
||||
type sortableEntries []object.TreeEntry |
||||
|
||||
func (sortableEntries) sortName(te object.TreeEntry) string { |
||||
if te.Mode == filemode.Dir { |
||||
return te.Name + "/" |
||||
} |
||||
return te.Name |
||||
} |
||||
func (se sortableEntries) Len() int { return len(se) } |
||||
func (se sortableEntries) Less(i int, j int) bool { return se.sortName(se[i]) < se.sortName(se[j]) } |
||||
func (se sortableEntries) Swap(i int, j int) { se[i], se[j] = se[j], se[i] } |
||||
|
||||
func (h *buildTreeHelper) copyTreeToStorageRecursive(parent string, t *object.Tree) (plumbing.Hash, error) { |
||||
sort.Sort(sortableEntries(t.Entries)) |
||||
for i, e := range t.Entries { |
||||
if e.Mode != filemode.Dir && !e.Hash.IsZero() { |
||||
continue |
||||
} |
||||
|
||||
path := path.Join(parent, e.Name) |
||||
|
||||
var err error |
||||
e.Hash, err = h.copyTreeToStorageRecursive(path, h.trees[path]) |
||||
if err != nil { |
||||
return plumbing.ZeroHash, err |
||||
} |
||||
|
||||
t.Entries[i] = e |
||||
} |
||||
|
||||
o := h.s.NewEncodedObject() |
||||
if err := t.Encode(o); err != nil { |
||||
return plumbing.ZeroHash, err |
||||
} |
||||
|
||||
return h.s.SetEncodedObject(o) |
||||
} |
@ -1,100 +0,0 @@ |
||||
// Package fs implements abstractions for interacting with a filesystem, either
|
||||
// via a git tree, a staged index, or directly.
|
||||
package fs |
||||
|
||||
import ( |
||||
"bytes" |
||||
"fmt" |
||||
"io" |
||||
"io/ioutil" |
||||
"os" |
||||
|
||||
"gopkg.in/src-d/go-billy.v4" |
||||
"gopkg.in/src-d/go-git.v4" |
||||
"gopkg.in/src-d/go-git.v4/plumbing/object" |
||||
) |
||||
|
||||
// FS is a simple interface for reading off a snapshot of a filesystem.
|
||||
type FS interface { |
||||
Open(path string) (io.ReadCloser, error) |
||||
} |
||||
|
||||
type treeFS struct { |
||||
tree *object.Tree |
||||
} |
||||
|
||||
// FromTree wraps a git tree object to implement the FS interface. All paths
|
||||
// will be relative to the root of the tree.
|
||||
func FromTree(t *object.Tree) FS { |
||||
return treeFS{tree: t} |
||||
} |
||||
|
||||
func (gt treeFS) Open(path string) (io.ReadCloser, error) { |
||||
f, err := gt.tree.File(path) |
||||
if err != nil { |
||||
return nil, err |
||||
} |
||||
|
||||
return f.Blob.Reader() |
||||
} |
||||
|
||||
type billyFS struct { |
||||
fs billy.Filesystem |
||||
} |
||||
|
||||
// FromBillyFilesystem wraps a billy.Filesystem to implement the FS interface.
|
||||
// All paths will be relative to the filesystem's root.
|
||||
func FromBillyFilesystem(bfs billy.Filesystem) FS { |
||||
return billyFS{fs: bfs} |
||||
} |
||||
|
||||
func (bfs billyFS) Open(path string) (io.ReadCloser, error) { |
||||
return bfs.fs.Open(path) |
||||
} |
||||
|
||||
// FromStagedChangesTree processes the current set of staged changes into a tree
|
||||
// object, and returns an FS for that tree. All paths will be relative to the
|
||||
// root of the git repo.
|
||||
func FromStagedChangesTree(repo *git.Repository) (FS, *object.Tree, error) { |
||||
w, err := repo.Worktree() |
||||
if err != nil { |
||||
return nil, nil, fmt.Errorf("could not open git worktree: %w", err) |
||||
} |
||||
|
||||
storer := repo.Storer |
||||
idx, err := storer.Index() |
||||
if err != nil { |
||||
return nil, nil, fmt.Errorf("could not open git staging index: %w", err) |
||||
} |
||||
|
||||
th := &buildTreeHelper{ |
||||
fs: w.Filesystem, |
||||
s: storer, |
||||
} |
||||
|
||||
treeHash, err := th.BuildTree(idx) |
||||
if err != nil { |
||||
return nil, nil, fmt.Errorf("could not build staging index tree: %w", err) |
||||
} |
||||
|
||||
tree, err := repo.TreeObject(treeHash) |
||||
if err != nil { |
||||
return nil, nil, fmt.Errorf("could not get staged tree object (%q): %w", treeHash, err) |
||||
} |
||||
|
||||
return FromTree(tree), tree, nil |
||||
} |
||||
|
||||
// Stub is an implementation of FS based on a map of paths to the file contents
|
||||
// at that path. Paths should be "clean" or they will not match with anything.
|
||||
type Stub map[string][]byte |
||||
|
||||
// Open implements the method for the FS interface.
|
||||
func (s Stub) Open(path string) (io.ReadCloser, error) { |
||||
body, ok := s[path] |
||||
if !ok { |
||||
return nil, os.ErrNotExist |
||||
} |
||||
|
||||
return ioutil.NopCloser(bytes.NewReader(body)), nil |
||||
} |
@ -1,12 +0,0 @@ |
||||
module dehub |
||||
|
||||
go 1.13 |
||||
|
||||
require ( |
||||
github.com/bmatcuk/doublestar v1.2.2 |
||||
github.com/davecgh/go-spew v1.1.1 |
||||
golang.org/x/crypto v0.0.0-20200109152110-61a87790db17 |
||||
gopkg.in/src-d/go-billy.v4 v4.3.2 |
||||
gopkg.in/src-d/go-git.v4 v4.13.1 |
||||
gopkg.in/yaml.v2 v2.2.7 |
||||
) |
@ -1,82 +0,0 @@ |
||||
github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs= |
||||
github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= |
||||
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= |
||||
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= |
||||
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= |
||||
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= |
||||
github.com/bmatcuk/doublestar v1.2.2 h1:oC24CykoSAB8zd7XgruHo33E0cHJf/WhQA/7BeXj+x0= |
||||
github.com/bmatcuk/doublestar v1.2.2/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE= |
||||
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= |
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= |
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= |
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= |
||||
github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= |
||||
github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= |
||||
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= |
||||
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= |
||||
github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= |
||||
github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= |
||||
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= |
||||
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= |
||||
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= |
||||
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= |
||||
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= |
||||
github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd h1:Coekwdh0v2wtGp9Gmz1Ze3eVRAWJMLokvN3QjdzCHLY= |
||||
github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= |
||||
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= |
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= |
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= |
||||
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= |
||||
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= |
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= |
||||
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= |
||||
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= |
||||
github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= |
||||
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= |
||||
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= |
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= |
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= |
||||
github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= |
||||
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= |
||||
github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4= |
||||
github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= |
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= |
||||
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= |
||||
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= |
||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= |
||||
github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70= |
||||
github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= |
||||
golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= |
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= |
||||
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc= |
||||
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= |
||||
golang.org/x/crypto v0.0.0-20200109152110-61a87790db17 h1:nVJ3guKA9qdkEQ3TUdXI9QSINo2CUPM/cySEvw2w8I0= |
||||
golang.org/x/crypto v0.0.0-20200109152110-61a87790db17/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= |
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= |
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= |
||||
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80 h1:Ao/3l156eZf2AW5wK8a7/smtodRU+gha3+BeqJ69lRk= |
||||
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= |
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= |
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= |
||||
golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= |
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
||||
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e h1:D5TXcfTk7xF7hvieo4QErS3qqCB4teTffacDWr7CI+0= |
||||
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= |
||||
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= |
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= |
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= |
||||
golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= |
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= |
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= |
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= |
||||
gopkg.in/src-d/go-billy.v4 v4.3.2 h1:0SQA1pRztfTFx2miS8sA97XvooFeNOmvUenF4o0EcVg= |
||||
gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= |
||||
gopkg.in/src-d/go-git-fixtures.v3 v3.5.0 h1:ivZFOIltbce2Mo8IjzUHAFoq/IylO9WHhNOAJK+LsJg= |
||||
gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= |
||||
gopkg.in/src-d/go-git.v4 v4.13.1 h1:SRtFyV8Kxc0UP7aCHcijOMQGPxHSmMOPrzulQWolkYE= |
||||
gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= |
||||
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= |
||||
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= |
||||
gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= |
||||
gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= |
@ -1,104 +0,0 @@ |
||||
// Package dehub TODO needs package docs
|
||||
package dehub |
||||
|
||||
import ( |
||||
"dehub/fs" |
||||
"errors" |
||||
"fmt" |
||||
"path/filepath" |
||||
|
||||
"gopkg.in/src-d/go-billy.v4" |
||||
"gopkg.in/src-d/go-billy.v4/memfs" |
||||
"gopkg.in/src-d/go-git.v4" |
||||
"gopkg.in/src-d/go-git.v4/plumbing" |
||||
"gopkg.in/src-d/go-git.v4/plumbing/object" |
||||
"gopkg.in/src-d/go-git.v4/storage/memory" |
||||
) |
||||
|
||||
const ( |
||||
// DehubDir defines the name of the directory where all dehub-related files are
|
||||
// expected to be found.
|
||||
DehubDir = ".dehub" |
||||
) |
||||
|
||||
var ( |
||||
// ConfigPath defines the expected path to the Repo's configuration file.
|
||||
ConfigPath = filepath.Join(DehubDir, "config.yml") |
||||
) |
||||
|
||||
// Repo is an object which allows accessing and modifying the dehub repo.
|
||||
type Repo struct { |
||||
GitRepo *git.Repository |
||||
} |
||||
|
||||
// OpenRepo opens the dehub repo in the given directory and returns the object
|
||||
// for it.
|
||||
//
|
||||
// The given path is expected to have a git repo and .dehub folder already
|
||||
// initialized.
|
||||
func OpenRepo(path string) (*Repo, error) { |
||||
r := Repo{} |
||||
var err error |
||||
openOpts := &git.PlainOpenOptions{ |
||||
DetectDotGit: true, |
||||
} |
||||
if r.GitRepo, err = git.PlainOpenWithOptions(path, openOpts); err != nil { |
||||
return nil, fmt.Errorf("could not open git repo: %w", err) |
||||
} |
||||
return &r, nil |
||||
} |
||||
|
||||
// InitMemRepo initializes an empty repository which only exists in memory.
|
||||
func InitMemRepo() *Repo { |
||||
r, err := git.Init(memory.NewStorage(), memfs.New()) |
||||
if err != nil { |
||||
panic(err) |
||||
} |
||||
|
||||
return &Repo{GitRepo: r} |
||||
} |
||||
|
||||
func (r *Repo) billyFilesystem() (billy.Filesystem, error) { |
||||
w, err := r.GitRepo.Worktree() |
||||
if err != nil { |
||||
return nil, fmt.Errorf("could not open git worktree: %w", err) |
||||
} |
||||
return w.Filesystem, nil |
||||
} |
||||
|
||||
func (r *Repo) head() (*object.Commit, *object.Tree, error) { |
||||
head, err := r.GitRepo.Head() |
||||
if err != nil { |
||||
return nil, nil, fmt.Errorf("could not get repo HEAD: %w", err) |
||||
} |
||||
|
||||
headHash := head.Hash() |
||||
headCommit, err := r.GitRepo.CommitObject(headHash) |
||||
if err != nil { |
||||
return nil, nil, fmt.Errorf("could not get commit at HEAD (%q): %w", headHash, err) |
||||
} |
||||
|
||||
headTree, err := r.GitRepo.TreeObject(headCommit.TreeHash) |
||||
if err != nil { |
||||
return nil, nil, fmt.Errorf("could not get tree object at HEAD (commit:%q tree:%q): %w", |
||||
headHash, headCommit.TreeHash, err) |
||||
} |
||||
|
||||
return headCommit, headTree, nil |
||||
} |
||||
|
||||
// headOrRawFS returns an FS based on the HEAD commit, or if there is no HEAD
|
||||
// commit (it's an empty repo) an FS based on the raw filesystem.
|
||||
func (r *Repo) headOrRawFS() (fs.FS, error) { |
||||
_, headTree, err := r.head() |
||||
if errors.Is(err, plumbing.ErrReferenceNotFound) { |
||||
bfs, err := r.billyFilesystem() |
||||
if err != nil { |
||||
return nil, fmt.Errorf("could not get underlying filesystem: %w", err) |
||||
} |
||||
return fs.FromBillyFilesystem(bfs), nil |
||||
} else if err != nil { |
||||
return nil, fmt.Errorf("could not get HEAD tree: %w", err) |
||||
} |
||||
return fs.FromTree(headTree), nil |
||||
} |
@ -1,118 +0,0 @@ |
||||
package dehub |
||||
|
||||
import ( |
||||
"bytes" |
||||
"dehub/accessctl" |
||||
"dehub/sigcred" |
||||
"io" |
||||
"math/rand" |
||||
"path/filepath" |
||||
"testing" |
||||
|
||||
"gopkg.in/src-d/go-git.v4" |
||||
"gopkg.in/src-d/go-git.v4/plumbing" |
||||
"gopkg.in/src-d/go-git.v4/plumbing/object" |
||||
yaml "gopkg.in/yaml.v2" |
||||
) |
||||
|
||||
type harness struct { |
||||
t *testing.T |
||||
rand *rand.Rand |
||||
repo *Repo |
||||
cfg *Config |
||||
sig sigcred.SignifierInterface |
||||
} |
||||
|
||||
func newHarness(t *testing.T) *harness { |
||||
rand := rand.New(rand.NewSource(0xb4eadb01)) |
||||
sig, pubKeyBody := sigcred.SignifierPGPTmp(rand) |
||||
pubKeyPath := filepath.Join(DehubDir, "root.asc") |
||||
|
||||
cfg := &Config{ |
||||
Accounts: []Account{{ |
||||
ID: "root", |
||||
Signifiers: []sigcred.Signifier{{PGPPublicKeyFile: &sigcred.SignifierPGPFile{ |
||||
Path: pubKeyPath, |
||||
}}}, |
||||
}}, |
||||
AccessControls: []accessctl.AccessControl{ |
||||
{ |
||||
Pattern: "**", |
||||
Condition: accessctl.Condition{ |
||||
Signature: &accessctl.ConditionSignature{ |
||||
AccountIDs: []string{"root"}, |
||||
Count: "100%", |
||||
}, |
||||
}, |
||||
}, |
||||
}, |
||||
} |
||||
cfgBody, err := yaml.Marshal(cfg) |
||||
if err != nil { |
||||
t.Fatal(err) |
||||
} |
||||
|
||||
h := &harness{ |
||||
t: t, |
||||
rand: rand, |
||||
repo: InitMemRepo(), |
||||
cfg: cfg, |
||||
sig: sig, |
||||
} |
||||
h.stage(map[string]string{ |
||||
ConfigPath: string(cfgBody), |
||||
pubKeyPath: string(pubKeyBody), |
||||
}) |
||||
|
||||
return h |
||||
} |
||||
|
||||
func (h *harness) stage(tree map[string]string) { |
||||
w, err := h.repo.GitRepo.Worktree() |
||||
if err != nil { |
||||
h.t.Fatal(err) |
||||
} |
||||
fs := w.Filesystem |
||||
for path, content := range tree { |
||||
if content == "" { |
||||
if _, err := w.Remove(path); err != nil { |
||||
h.t.Fatalf("error removing %q: %v", path, err) |
||||
} |
||||
continue |
||||
} |
||||
|
||||
dir := filepath.Dir(path) |
||||
if err := fs.MkdirAll(dir, 0666); err != nil { |
||||
h.t.Fatalf("error making directory %q: %v", dir, err) |
||||
} |
||||
|
||||
f, err := fs.Create(path) |
||||
if err != nil { |
||||
h.t.Fatalf("error creating file %q: %v", path, err) |
||||
|
||||
} else if _, err := io.Copy(f, bytes.NewBufferString(content)); err != nil { |
||||
h.t.Fatalf("error writing to file %q: %v", path, err) |
||||
|
||||
} else if err := f.Close(); err != nil { |
||||
h.t.Fatalf("error closing file %q: %v", path, err) |
||||
|
||||
} else if _, err := w.Add(path); err != nil { |
||||
h.t.Fatalf("error adding file %q to index: %v", path, err) |
||||
} |
||||
} |
||||
} |
||||
|
||||
func (h *harness) commit(msg string) plumbing.Hash { |
||||
w, err := h.repo.GitRepo.Worktree() |
||||
if err != nil { |
||||
h.t.Fatal(err) |
||||
} |
||||
hash, err := w.Commit(msg, &git.CommitOptions{ |
||||
Author: &object.Signature{Name: "god"}, |
||||
}) |
||||
if err != nil { |
||||
h.t.Fatal(err) |
||||
} |
||||
|
||||
return hash |
||||
} |
@ -1,25 +0,0 @@ |
||||
package sigcred |
||||
|
||||
import "dehub/typeobj" |
||||
|
||||
// Credential represents a credential which has been attached to a commit which
|
||||
// hopefully will allow it to be included in the master branch. Exactly one
|
||||
// field tagged with "type" should be set.
|
||||
type Credential struct { |
||||
PGPSignature *CredentialPGPSignature `type:"pgp_signature"` |
||||
|
||||
// AccountID specifies the account which generated this Credential. The
|
||||
// Credentials produced by the Signifier.Sign method do not fill this field
|
||||
// in.
|
||||
AccountID string `yaml:"account"` |
||||
} |
||||
|
||||
// MarshalYAML implements the yaml.Marshaler interface.
|
||||
func (c Credential) MarshalYAML() (interface{}, error) { |
||||
return typeobj.MarshalYAML(c) |
||||
} |
||||
|
||||
// UnmarshalYAML implements the yaml.Unmarshaler interface.
|
||||
func (c *Credential) UnmarshalYAML(unmarshal func(interface{}) error) error { |
||||
return typeobj.UnmarshalYAML(c, unmarshal) |
||||
} |
@ -1,279 +0,0 @@ |
||||
package sigcred |
||||
|
||||
import ( |
||||
"bytes" |
||||
"crypto" |
||||
"crypto/ecdsa" |
||||
"crypto/elliptic" |
||||
"crypto/sha256" |
||||
"dehub/fs" |
||||
"dehub/yamlutil" |
||||
"fmt" |
||||
"io" |
||||
"io/ioutil" |
||||
"os/exec" |
||||
"path/filepath" |
||||
"strings" |
||||
"time" |
||||
|
||||
"golang.org/x/crypto/openpgp/armor" |
||||
"golang.org/x/crypto/openpgp/packet" |
||||
) |
||||
|
||||
// CredentialPGPSignature describes a PGP signature which has been used to sign
|
||||
// a commit.
|
||||
type CredentialPGPSignature struct { |
||||
PubKeyID string `yaml:"pub_key_id"` |
||||
Body yamlutil.Blob `yaml:"body"` |
||||
} |
||||
|
||||
type pgpPubKey struct { |
||||
pubKey *packet.PublicKey |
||||
} |
||||
|
||||
func newPGPPubKey(r io.Reader) (pgpPubKey, error) { |
||||
// TODO support non-armored keys as well
|
||||
block, err := armor.Decode(r) |
||||
if err != nil { |
||||
return pgpPubKey{}, fmt.Errorf("could not decode armored PGP public key: %w", err) |
||||
} |
||||
|
||||
pkt, err := packet.Read(block.Body) |
||||
if err != nil { |
||||
return pgpPubKey{}, fmt.Errorf("could not read PGP public key: %w", err) |
||||
} |
||||
|
||||
pubKey, ok := pkt.(*packet.PublicKey) |
||||
if !ok { |
||||
return pgpPubKey{}, fmt.Errorf("packet is not a public key, it's a %T", pkt) |
||||
} |
||||
|
||||
return pgpPubKey{pubKey: pubKey}, nil |
||||
} |
||||
|
||||
func (s pgpPubKey) Signed(_ fs.FS, cred Credential) (bool, error) { |
||||
if cred.PGPSignature == nil { |
||||
return false, nil |
||||
} |
||||
|
||||
return cred.PGPSignature.PubKeyID == s.pubKey.KeyIdString(), nil |
||||
} |
||||
|
||||
func (s pgpPubKey) Verify(_ fs.FS, data []byte, cred Credential) error { |
||||
credSig := cred.PGPSignature |
||||
if credSig == nil { |
||||
return fmt.Errorf("SignifierPGPFile cannot verify %+v", cred) |
||||
} |
||||
|
||||
pkt, err := packet.Read(bytes.NewBuffer(credSig.Body)) |
||||
if err != nil { |
||||
return fmt.Errorf("could not read signature packet: %w", err) |
||||
} |
||||
|
||||
sigPkt, ok := pkt.(*packet.Signature) |
||||
if !ok { |
||||
return fmt.Errorf("signature bytes were parsed as a %T, not a signature", pkt) |
||||
} |
||||
|
||||
// The gpg process which is invoked during normal signing automatically
|
||||
// hashes whatever is piped to it. The VerifySignature method in the openpgp
|
||||
// package expects you to do it yourself.
|
||||
h := sigPkt.Hash.New() |
||||
h.Write(data) |
||||
return s.pubKey.VerifySignature(h, sigPkt) |
||||
} |
||||
|
||||
func (s pgpPubKey) encode() ([]byte, error) { |
||||
body := new(bytes.Buffer) |
||||
armorEncoder, err := armor.Encode(body, "PGP PUBLIC KEY", nil) |
||||
if err != nil { |
||||
return nil, fmt.Errorf("error initializing armor encoder: %w", err) |
||||
} else if err := s.pubKey.Serialize(armorEncoder); err != nil { |
||||
return nil, fmt.Errorf("error encoding public key: %w", err) |
||||
} else if err := armorEncoder.Close(); err != nil { |
||||
return nil, fmt.Errorf("error closing armor encoder: %w", err) |
||||
} |
||||
return body.Bytes(), nil |
||||
} |
||||
|
||||
func (s pgpPubKey) asSignfier() (SignifierPGP, error) { |
||||
body, err := s.encode() |
||||
if err != nil { |
||||
return SignifierPGP{}, err |
||||
} |
||||
|
||||
return SignifierPGP{ |
||||
Body: string(body), |
||||
}, nil |
||||
} |
||||
|
||||
type pgpPrivKey struct { |
||||
pgpPubKey |
||||
privKey *packet.PrivateKey |
||||
} |
||||
|
||||
// SignifierPGPTmp returns a direct implementation of the SignifierInterface
|
||||
// which uses a random private key generated in memory, as well as an armored
|
||||
// version of its public key.
|
||||
func SignifierPGPTmp(randReader io.Reader) (SignifierInterface, []byte) { |
||||
rawPrivKey, err := ecdsa.GenerateKey(elliptic.P521(), randReader) |
||||
if err != nil { |
||||
panic(err) |
||||
} |
||||
|
||||
privKeyRaw := packet.NewECDSAPrivateKey(time.Now(), rawPrivKey) |
||||
privKey := pgpPrivKey{ |
||||
pgpPubKey: pgpPubKey{ |
||||
pubKey: &privKeyRaw.PublicKey, |
||||
}, |
||||
privKey: privKeyRaw, |
||||
} |
||||
|
||||
pubKeyBody, err := privKey.pgpPubKey.encode() |
||||
if err != nil { |
||||
panic(err) |
||||
} |
||||
return privKey, pubKeyBody |
||||
} |
||||
|
||||
func (s pgpPrivKey) Sign(_ fs.FS, data []byte) (Credential, error) { |
||||
h := sha256.New() |
||||
h.Write(data) |
||||
var sig packet.Signature |
||||
sig.Hash = crypto.SHA256 |
||||
sig.PubKeyAlgo = s.pubKey.PubKeyAlgo |
||||
if err := sig.Sign(h, s.privKey, nil); err != nil { |
||||
return Credential{}, fmt.Errorf("failed to sign data: %w", err) |
||||
} |
||||
|
||||
body := new(bytes.Buffer) |
||||
if err := sig.Serialize(body); err != nil { |
||||
return Credential{}, fmt.Errorf("failed to serialize signature: %w", err) |
||||
} |
||||
|
||||
return Credential{ |
||||
PGPSignature: &CredentialPGPSignature{ |
||||
PubKeyID: s.pubKey.KeyIdString(), |
||||
Body: body.Bytes(), |
||||
}, |
||||
}, nil |
||||
} |
||||
|
||||
// SignifierPGP describes a pgp public key whose corresponding private key will
|
||||
// be used as a signing key.
|
||||
type SignifierPGP struct { |
||||
Body string `yaml:"body"` |
||||
} |
||||
|
||||
var _ SignifierInterface = SignifierPGP{} |
||||
|
||||
func (s SignifierPGP) load() (pgpPubKey, error) { |
||||
return newPGPPubKey(strings.NewReader(s.Body)) |
||||
} |
||||
|
||||
// Sign will sign the given arbitrary bytes using the private key corresponding
|
||||
// to the pgp public key embedded in this Signifier.
|
||||
func (s SignifierPGP) Sign(fs fs.FS, data []byte) (Credential, error) { |
||||
sigPGP, err := s.load() |
||||
if err != nil { |
||||
return Credential{}, err |
||||
} |
||||
|
||||
stderr := new(bytes.Buffer) |
||||
cmd := exec.Command("gpg", |
||||
"--openpgp", |
||||
"--detach-sign", |
||||
"--local-user", sigPGP.pubKey.KeyIdString()) |
||||
cmd.Stdin = bytes.NewBuffer(data) |
||||
cmd.Stderr = stderr |
||||
sig, err := cmd.Output() |
||||
if err != nil { |
||||
return Credential{}, fmt.Errorf("error signing with gpg (%v): %s", err, stderr.String()) |
||||
} |
||||
|
||||
return Credential{ |
||||
PGPSignature: &CredentialPGPSignature{ |
||||
PubKeyID: sigPGP.pubKey.KeyIdString(), |
||||
Body: sig, |
||||
}, |
||||
}, nil |
||||
} |
||||
|
||||
// Signed returns true if the private key corresponding to the pgp public key
|
||||
// embedded in this Signifier was used to produce the given Credential.
|
||||
func (s SignifierPGP) Signed(fs fs.FS, cred Credential) (bool, error) { |
||||
sigPGP, err := s.load() |
||||
if err != nil { |
||||
return false, err |
||||
} |
||||
|
||||
return sigPGP.Signed(fs, cred) |
||||
} |
||||
|
||||
// Verify asserts that the given signature was produced by this key signing the
|
||||
// given piece of data.
|
||||
func (s SignifierPGP) Verify(fs fs.FS, data []byte, cred Credential) error { |
||||
sigPGP, err := s.load() |
||||
if err != nil { |
||||
return err |
||||
} |
||||
return sigPGP.Verify(fs, data, cred) |
||||
} |
||||
|
||||
// SignifierPGPFile is the same as SignifierPGP, except that the public key is
|
||||
// found in the repo rather than encoded into the object.
|
||||
type SignifierPGPFile struct { |
||||
Path string `yaml:"path"` |
||||
} |
||||
|
||||
var _ SignifierInterface = SignifierPGPFile{} |
||||
|
||||
func (s SignifierPGPFile) load(fs fs.FS) (SignifierPGP, error) { |
||||
path := filepath.Clean(s.Path) |
||||
fr, err := fs.Open(path) |
||||
if err != nil { |
||||
return SignifierPGP{}, fmt.Errorf("could not open PGP public key file at %q: %w", path, err) |
||||
} |
||||
defer fr.Close() |
||||
|
||||
pubKeyB, err := ioutil.ReadAll(fr) |
||||
if err != nil { |
||||
return SignifierPGP{}, fmt.Errorf("could not read PGP public key from file blob at %q: %w", s.Path, err) |
||||
} |
||||
|
||||
return SignifierPGP{Body: string(pubKeyB)}, nil |
||||
} |
||||
|
||||
// Sign will sign the given arbitrary bytes using the private key corresponding
|
||||
// to the pgp public key located by this Signifier.
|
||||
func (s SignifierPGPFile) Sign(fs fs.FS, data []byte) (Credential, error) { |
||||
sigPGP, err := s.load(fs) |
||||
if err != nil { |
||||
return Credential{}, err |
||||
} |
||||
return sigPGP.Sign(fs, data) |
||||
} |
||||
|
||||
// Signed returns true if the private key corresponding to the pgp public key
|
||||
// located by this Signifier was used to produce the given Credential.
|
||||
func (s SignifierPGPFile) Signed(fs fs.FS, cred Credential) (bool, error) { |
||||
if cred.PGPSignature == nil { |
||||
return false, nil |
||||
} |
||||
|
||||
sigPGP, err := s.load(fs) |
||||
if err != nil { |
||||
return false, err |
||||
} |
||||
return sigPGP.Signed(fs, cred) |
||||
} |
||||
|
||||
// Verify asserts that the given signature was produced by this key signing the
|
||||
// given piece of data.
|
||||
func (s SignifierPGPFile) Verify(fs fs.FS, data []byte, cred Credential) error { |
||||
sigPGP, err := s.load(fs) |
||||
if err != nil { |
||||
return err |
||||
} |
||||
return sigPGP.Verify(fs, data, cred) |
||||
} |
@ -1,66 +0,0 @@ |
||||
package sigcred |
||||
|
||||
import ( |
||||
"dehub/fs" |
||||
"math/rand" |
||||
"testing" |
||||
"time" |
||||
) |
||||
|
||||
// There are not currently tests for testing pgp signature creation, as they
|
||||
// require calls out to the gpg executable. Wrapping tests in docker containers
|
||||
// would make this doable.
|
||||
|
||||
func TestPGPVerification(t *testing.T) { |
||||
tests := []struct { |
||||
descr string |
||||
init func(pubKeyBody []byte) (SignifierInterface, fs.FS) |
||||
}{ |
||||
{ |
||||
descr: "SignifierPGP", |
||||
init: func(pubKeyBody []byte) (SignifierInterface, fs.FS) { |
||||
return SignifierPGP{Body: string(pubKeyBody)}, nil |
||||
}, |
||||
}, |
||||
{ |
||||
descr: "SignifierPGPFile", |
||||
init: func(pubKeyBody []byte) (SignifierInterface, fs.FS) { |
||||
pubKeyPath := "some/dir/pubkey.asc" |
||||
fs := fs.Stub{pubKeyPath: pubKeyBody} |
||||
sigPGPFile := SignifierPGPFile{Path: pubKeyPath} |
||||
return sigPGPFile, fs |
||||
}, |
||||
}, |
||||
} |
||||
|
||||
for _, test := range tests { |
||||
t.Run(test.descr, func(t *testing.T) { |
||||
seed := time.Now().UnixNano() |
||||
t.Logf("seed: %d", seed) |
||||
rand := rand.New(rand.NewSource(seed)) |
||||
privKey, pubKeyBody := SignifierPGPTmp(rand) |
||||
|
||||
sig, fs := test.init(pubKeyBody) |
||||
data := make([]byte, rand.Intn(1024)) |
||||
if _, err := rand.Read(data); err != nil { |
||||
t.Fatal(err) |
||||
} |
||||
|
||||
cred, err := privKey.Sign(nil, data) |
||||
if err != nil { |
||||
t.Fatal(err) |
||||
} |
||||
|
||||
signed, err := sig.Signed(fs, cred) |
||||
if err != nil { |
||||
t.Fatal(err) |
||||
} else if !signed { |
||||
t.Fatal("expected signed to be true") |
||||
} |
||||
|
||||
if err := sig.Verify(fs, data, cred); err != nil { |
||||
t.Fatal(err) |
||||
} |
||||
}) |
||||
} |
||||
} |
@ -1,5 +0,0 @@ |
||||
// Package sigcred implements the Signifier and Credential types, which
|
||||
// interplay together to provide the ability to sign arbitrary blobs of data
|
||||
// (producing Credentials) and to verify those Credentials within the context of
|
||||
// a dehub repo.
|
||||
package sigcred |
@ -1,50 +0,0 @@ |
||||
package sigcred |
||||
|
||||
import ( |
||||
"dehub/fs" |
||||
"dehub/typeobj" |
||||
) |
||||
|
||||
// Signifier reprsents a single signing method being defined in the Config. Only
|
||||
// one field should be set on each Signifier.
|
||||
type Signifier struct { |
||||
PGPPublicKey *SignifierPGP `type:"pgp_public_key"` |
||||
PGPPublicKeyFile *SignifierPGPFile `type:"pgp_public_key_file"` |
||||
} |
||||
|
||||
// MarshalYAML implements the yaml.Marshaler interface.
|
||||
func (s Signifier) MarshalYAML() (interface{}, error) { |
||||
return typeobj.MarshalYAML(s) |
||||
} |
||||
|
||||
// UnmarshalYAML implements the yaml.Unmarshaler interface.
|
||||
func (s *Signifier) UnmarshalYAML(unmarshal func(interface{}) error) error { |
||||
return typeobj.UnmarshalYAML(s, unmarshal) |
||||
} |
||||
|
||||
// Interface returns the SignifierInterface instance encapsulated by this
|
||||
// Signifier object.
|
||||
func (s Signifier) Interface() (SignifierInterface, error) { |
||||
el, _, err := typeobj.Element(s) |
||||
if err != nil { |
||||
return nil, err |
||||
} |
||||
return el.(SignifierInterface), nil |
||||
} |
||||
|
||||
// SignifierInterface describes the methods that all Signifiers must implement.
|
||||
type SignifierInterface interface { |
||||
// Sign returns a Credential containing a signature of the given data.
|
||||
//
|
||||
// tree can be used to find the Signifier at a particular snapshot.
|
||||
Sign(fs fs.FS, data []byte) (Credential, error) |
||||
|
||||
// Signed returns true if the Signifier was used to sign the Credential.
|
||||
Signed(fs fs.FS, cred Credential) (bool, error) |
||||
|
||||
// Verify asserts that the Signifier produced the given Credential for the
|
||||
// given data set, or returns an error.
|
||||
//
|
||||
// tree can be used to find the Signifier at a particular snapshot.
|
||||
Verify(fs fs.FS, data []byte, cred Credential) error |
||||
} |
@ -1,158 +0,0 @@ |
||||
// Package typeobj implements a set of utility functions intended to be used on
|
||||
// union structs whose fields are tagged with the "type" tag and which expect
|
||||
// only one of the fields to be set. For example:
|
||||
//
|
||||
// type OuterType struct {
|
||||
// A *InnerTypeA `type:"a"`
|
||||
// B *InnerTypeB `type:"b"`
|
||||
// C *InnerTypeC `type:"c"`
|
||||
// }
|
||||
//
|
||||
package typeobj |
||||
|
||||
import ( |
||||
"errors" |
||||
"fmt" |
||||
"reflect" |
||||
) |
||||
|
||||
// UnmarshalYAML is intended to be used within the UnmarshalYAML method of a
|
||||
// union struct. It will use the given input data's "type" field and match that
|
||||
// to the struct field tagged with that value. it will then unmarshal the input
|
||||
// data into that inner field.
|
||||
func UnmarshalYAML(i interface{}, unmarshal func(interface{}) error) error { |
||||
val := reflect.Indirect(reflect.ValueOf(i)) |
||||
if !val.CanSet() { |
||||
return fmt.Errorf("cannot unmarshal into value of type %T", i) |
||||
} |
||||
|
||||
// unmarshal in all non-typeobj fields. construct a type which wraps the
|
||||
// given one, hiding its UnmarshalYAML method (if it has one), and unmarshal
|
||||
// onto that directly. The "type" field is also unmarshaled at this stage.
|
||||
valWrap := reflect.New(reflect.StructOf([]reflect.StructField{ |
||||
reflect.StructField{ |
||||
Name: "Type", |
||||
Type: typeOfString, |
||||
Tag: `yaml:"type"`, |
||||
}, |
||||
{ |
||||
Name: "Val", |
||||
Type: val.Type(), |
||||
Tag: `yaml:",inline"`, |
||||
}, |
||||
})) |
||||
if err := unmarshal(valWrap.Interface()); err != nil { |
||||
return err |
||||
} |
||||
typeVal := valWrap.Elem().Field(0).String() |
||||
val.Set(valWrap.Elem().Field(1)) |
||||
|
||||
typ := val.Type() |
||||
for i := 0; i < val.NumField(); i++ { |
||||
fieldVal, fieldTyp := val.Field(i), typ.Field(i) |
||||
if fieldTyp.Tag.Get("type") != typeVal { |
||||
continue |
||||
} |
||||
|
||||
var valInto interface{} |
||||
if fieldVal.Kind() == reflect.Ptr { |
||||
newFieldVal := reflect.New(fieldTyp.Type.Elem()) |
||||
fieldVal.Set(newFieldVal) |
||||
valInto = newFieldVal.Interface() |
||||
} else { |
||||
valInto = fieldVal.Addr().Interface() |
||||
} |
||||
return unmarshal(valInto) |
||||
} |
||||
|
||||
return fmt.Errorf("invalid type value %q", typeVal) |
||||
} |
||||
|
||||
// val should be of kind struct
|
||||
func element(val reflect.Value) (reflect.Value, string, []int, error) { |
||||
typ := val.Type() |
||||
numFields := val.NumField() |
||||
|
||||
var fieldVal reflect.Value |
||||
var typeTag string |
||||
nonTypeFields := make([]int, 0, numFields) |
||||
for i := 0; i < numFields; i++ { |
||||
innerFieldVal := val.Field(i) |
||||
innerTypeTag := typ.Field(i).Tag.Get("type") |
||||
if innerTypeTag == "" { |
||||
nonTypeFields = append(nonTypeFields, i) |
||||
} else if innerFieldVal.IsZero() { |
||||
continue |
||||
} else { |
||||
fieldVal = innerFieldVal |
||||
typeTag = innerTypeTag |
||||
} |
||||
} |
||||
|
||||
if fieldVal.IsZero() { |
||||
return reflect.Value{}, "", nil, errors.New(`no non-zero fields tagged with "type"`) |
||||
} |
||||
return fieldVal, typeTag, nonTypeFields, nil |
||||
} |
||||
|
||||
// Element returns the value of the first non-zero field tagged with "type", as
|
||||
// well as the value of the "type" tag.
|
||||
func Element(i interface{}) (interface{}, string, error) { |
||||
val := reflect.Indirect(reflect.ValueOf(i)) |
||||
fieldVal, tag, _, err := element(val) |
||||
if err != nil { |
||||
return fieldVal, tag, err |
||||
} |
||||
return fieldVal.Interface(), tag, nil |
||||
} |
||||
|
||||
var typeOfString = reflect.TypeOf("string") |
||||
|
||||
// MarshalYAML is intended to be used within the MarshalYAML method of a union
|
||||
// struct. It will find the first field of the given struct which has a "type"
|
||||
// tag and is non-zero. It will then marshal that field's value, inlining an
|
||||
// extra YAML field "type" whose value is the value of the "type" tag on the
|
||||
// struct field, and return that.
|
||||
func MarshalYAML(i interface{}) (interface{}, error) { |
||||
val := reflect.Indirect(reflect.ValueOf(i)) |
||||
typ := val.Type() |
||||
fieldVal, typeTag, nonTypeFields, err := element(val) |
||||
if err != nil { |
||||
return nil, err |
||||
} |
||||
|
||||
fieldVal = reflect.Indirect(fieldVal) |
||||
if fieldVal.Kind() != reflect.Struct { |
||||
return nil, fmt.Errorf("cannot marshal non-struct type %T", fieldVal.Interface()) |
||||
} |
||||
|
||||
structFields := make([]reflect.StructField, 0, len(nonTypeFields)+2) |
||||
structFields = append(structFields, |
||||
reflect.StructField{ |
||||
Name: "Type", |
||||
Type: typeOfString, |
||||
Tag: `yaml:"type"`, |
||||
}, |
||||
reflect.StructField{ |
||||
Name: "Val", |
||||
Type: fieldVal.Type(), |
||||
Tag: `yaml:",inline"`, |
||||
}, |
||||
) |
||||
|
||||
nonTypeFieldVals := make([]reflect.Value, len(nonTypeFields)) |
||||
for i, fieldIndex := range nonTypeFields { |
||||
fieldVal, fieldType := val.Field(fieldIndex), typ.Field(fieldIndex) |
||||
structFields = append(structFields, fieldType) |
||||
nonTypeFieldVals[i] = fieldVal |
||||
} |
||||
|
||||
outVal := reflect.New(reflect.StructOf(structFields)) |
||||
outVal.Elem().Field(0).Set(reflect.ValueOf(typeTag)) |
||||
outVal.Elem().Field(1).Set(fieldVal) |
||||
for i, fieldVal := range nonTypeFieldVals { |
||||
outVal.Elem().Field(2 + i).Set(fieldVal) |
||||
} |
||||
|
||||
return outVal.Interface(), nil |
||||
} |
@ -1,114 +0,0 @@ |
||||
package typeobj |
||||
|
||||
import ( |
||||
"reflect" |
||||
"testing" |
||||
|
||||
"github.com/davecgh/go-spew/spew" |
||||
"gopkg.in/yaml.v2" |
||||
) |
||||
|
||||
type foo struct { |
||||
A int `yaml:"a"` |
||||
} |
||||
|
||||
type bar struct { |
||||
B int `yaml:"b"` |
||||
} |
||||
|
||||
type outer struct { |
||||
Foo foo `type:"foo"` |
||||
Bar *bar `type:"bar"` |
||||
|
||||
Other string `yaml:"other_field,omitempty"` |
||||
} |
||||
|
||||
func (o outer) MarshalYAML() (interface{}, error) { |
||||
return MarshalYAML(o) |
||||
} |
||||
|
||||
func (o *outer) UnmarshalYAML(unmarshal func(interface{}) error) error { |
||||
return UnmarshalYAML(o, unmarshal) |
||||
} |
||||
|
||||
func TestTypeObj(t *testing.T) { |
||||
|
||||
type test struct { |
||||
descr string |
||||
str string |
||||
err bool |
||||
other string |
||||
|
||||
obj outer |
||||
typeTag string |
||||
elem interface{} |
||||
} |
||||
|
||||
tests := []test{ |
||||
{ |
||||
descr: "no type set", |
||||
str: `{}`, |
||||
err: true, |
||||
}, |
||||
{ |
||||
descr: "unknown type set", |
||||
str: "type: baz", |
||||
err: true, |
||||
}, |
||||
{ |
||||
descr: "foo set", |
||||
str: "type: foo\na: 1\n", |
||||
obj: outer{Foo: foo{A: 1}}, |
||||
typeTag: "foo", |
||||
elem: foo{A: 1}, |
||||
}, |
||||
{ |
||||
descr: "bar set", |
||||
str: "type: bar\nb: 1\n", |
||||
obj: outer{Bar: &bar{B: 1}}, |
||||
typeTag: "bar", |
||||
elem: &bar{B: 1}, |
||||
}, |
||||
{ |
||||
descr: "foo and other_field set", |
||||
str: "type: foo\na: 1\nother_field: aaa\n", |
||||
obj: outer{Foo: foo{A: 1}, Other: "aaa"}, |
||||
typeTag: "foo", |
||||
elem: foo{A: 1}, |
||||
}, |
||||
} |
||||
|
||||
for _, test := range tests { |
||||
t.Run(test.descr, func(t *testing.T) { |
||||
var o outer |
||||
err := yaml.Unmarshal([]byte(test.str), &o) |
||||
if test.err && err != nil { |
||||
return |
||||
} else if test.err && err == nil { |
||||
t.Fatal("expected error when unmarshaling but there was none") |
||||
} else if !test.err && err != nil { |
||||
t.Fatalf("unmarshaling %q returned unexpected error: %v", test.str, err) |
||||
} |
||||
|
||||
if !reflect.DeepEqual(o, test.obj) { |
||||
t.Fatalf("test expected value:\n%s\nbut got value:\n%s", spew.Sprint(test.obj), spew.Sprint(o)) |
||||
} |
||||
|
||||
elem, typeTag, err := Element(o) |
||||
if err != nil { |
||||
t.Fatalf("error when calling Element(%s): %v", spew.Sprint(o), err) |
||||
} else if !reflect.DeepEqual(elem, test.elem) { |
||||
t.Fatalf("test expected elem value:\n%s\nbut got value:\n%s", spew.Sprint(test.elem), spew.Sprint(elem)) |
||||
} else if typeTag != test.typeTag { |
||||
t.Fatalf("test expected typeTag value %q but got %q", test.typeTag, typeTag) |
||||
} |
||||
|
||||
b, err := yaml.Marshal(o) |
||||
if err != nil { |
||||
t.Fatalf("error marshaling %s: %v", spew.Sprint(o), err) |
||||
} else if test.str != string(b) { |
||||
t.Fatalf("test expected to marshal to %q, but instead marshaled to %q", test.str, b) |
||||
} |
||||
}) |
||||
} |
||||
} |
@ -1,32 +0,0 @@ |
||||
// Package yamlutil contains utility types which are useful for dealing with the
|
||||
// yaml package.
|
||||
package yamlutil |
||||
|
||||
import ( |
||||
"encoding/base64" |
||||
) |
||||
|
||||
// Blob encodes and decodes a byte slice as a standard base-64 encoded yaml
|
||||
// string.
|
||||
type Blob []byte |
||||
|
||||
// MarshalYAML implements the yaml.Marshaler interface.
|
||||
func (b Blob) MarshalYAML() (interface{}, error) { |
||||
return base64.StdEncoding.EncodeToString([]byte(b)), nil |
||||
} |
||||
|
||||
// UnmarshalYAML implements the yaml.Unmarshaler interface.
|
||||
func (b *Blob) UnmarshalYAML(unmarshal func(interface{}) error) error { |
||||
var b64 string |
||||
if err := unmarshal(&b64); err != nil { |
||||
return err |
||||
} |
||||
|
||||
b64Dec, err := base64.StdEncoding.DecodeString(b64) |
||||
if err != nil { |
||||
return err |
||||
} |
||||
|
||||
*b = b64Dec |
||||
return nil |
||||
} |
@ -1,55 +0,0 @@ |
||||
package yamlutil |
||||
|
||||
import ( |
||||
"bytes" |
||||
"testing" |
||||
|
||||
yaml "gopkg.in/yaml.v2" |
||||
) |
||||
|
||||
func TestBlob(t *testing.T) { |
||||
testCases := []struct { |
||||
descr string |
||||
in Blob |
||||
exp string |
||||
}{ |
||||
{ |
||||
descr: "empty", |
||||
in: Blob(""), |
||||
exp: `""`, |
||||
}, |
||||
{ |
||||
descr: "zero", |
||||
in: Blob{0}, |
||||
exp: "AA==", |
||||
}, |
||||
{ |
||||
descr: "zeros", |
||||
in: Blob{0, 0, 0}, |
||||
exp: "AAAA", |
||||
}, |
||||
{ |
||||
descr: "foo", |
||||
in: Blob("foo"), |
||||
exp: "Zm9v", |
||||
}, |
||||
} |
||||
|
||||
for _, test := range testCases { |
||||
t.Run(test.descr, func(t *testing.T) { |
||||
out, err := yaml.Marshal(test.in) |
||||
if err != nil { |
||||
t.Fatalf("error marshaling %q: %v", test.in, err) |
||||
} else if test.exp+"\n" != string(out) { |
||||
t.Fatalf("marshal exp:%q got:%q", test.exp+"\n", out) |
||||
} |
||||
|
||||
var blob Blob |
||||
if err := yaml.Unmarshal(out, &blob); err != nil { |
||||
t.Fatalf("error unmarshaling %q: %v", out, err) |
||||
} else if !bytes.Equal([]byte(blob), []byte(test.in)) { |
||||
t.Fatalf("unmarshal exp:%q got:%q", test.in, blob) |
||||
} |
||||
}) |
||||
} |
||||
} |
Loading…
Reference in new issue