Add support for V3 signature headers

Currently the signing process assumes that the "Package" size stays
consistent post-build and post-sign. This is a small
backwards-compatible change that properly sets a post-sign size in the
metadata during sync.
This commit is contained in:
Mustafa Gezen 2024-04-30 01:17:10 +02:00
parent 65b877b7e5
commit 1e93acfa76
Signed by untrusted user who does not match committer: mustafa
GPG Key ID: DCDF010D946438C1
3 changed files with 12 additions and 0 deletions

View File

@ -66,6 +66,7 @@ import (
yumrepofspb "peridot.resf.org/peridot/yumrepofs/pb" yumrepofspb "peridot.resf.org/peridot/yumrepofs/pb"
"peridot.resf.org/utils" "peridot.resf.org/utils"
"regexp" "regexp"
"strconv"
"strings" "strings"
"time" "time"
) )
@ -1400,6 +1401,9 @@ func (c *Controller) makeRepoChanges(tx peridotdb.Access, req *UpdateRepoRequest
pkgPrimary.Packages[0].Location.Href = fmt.Sprintf("Packages/%s", newObjectKey) pkgPrimary.Packages[0].Location.Href = fmt.Sprintf("Packages/%s", newObjectKey)
pkgPrimary.Packages[0].Checksum.Value = signedArtifact.HashSha256 pkgPrimary.Packages[0].Checksum.Value = signedArtifact.HashSha256
if signedArtifact.SignedSize > 0 {
pkgPrimary.Packages[0].Size.Package = strconv.FormatInt(signedArtifact.SignedSize, 10)
}
for _, pkg := range pkgFilelists.Packages { for _, pkg := range pkgFilelists.Packages {
pkg.PkgId = signedArtifact.HashSha256 pkg.PkgId = signedArtifact.HashSha256

View File

@ -246,9 +246,16 @@ func (s *Server) SignArtifactActivity(ctx context.Context, artifactId string, ke
return nil, fmt.Errorf("failed to create task artifact signature: %v", err) return nil, fmt.Errorf("failed to create task artifact signature: %v", err)
} }
// Get the size of the file
fi, err := f.Stat()
if err != nil {
return nil, err
}
return &keykeeperpb.SignedArtifact{ return &keykeeperpb.SignedArtifact{
Path: newObjectKey, Path: newObjectKey,
HashSha256: hash, HashSha256: hash,
SignedSize: fi.Size(),
}, nil }, nil
} }
verifySig := func() error { verifySig := func() error {

View File

@ -86,6 +86,7 @@ message ImportKeyResponse {}
message SignedArtifact { message SignedArtifact {
string path = 1; string path = 1;
string hash_sha256 = 2; string hash_sha256 = 2;
int64 signed_size = 3;
} }
message SignArtifactsRequest { message SignArtifactsRequest {