mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-11-21 20:51:26 +00:00
Add support for V3 signature headers
Currently the signing process assumes that the "Package" size stays consistent post-build and post-sign. This is a small backwards-compatible change that properly sets a post-sign size in the metadata during sync.
This commit is contained in:
parent
65b877b7e5
commit
1e93acfa76
@ -66,6 +66,7 @@ import (
|
|||||||
yumrepofspb "peridot.resf.org/peridot/yumrepofs/pb"
|
yumrepofspb "peridot.resf.org/peridot/yumrepofs/pb"
|
||||||
"peridot.resf.org/utils"
|
"peridot.resf.org/utils"
|
||||||
"regexp"
|
"regexp"
|
||||||
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
@ -1400,6 +1401,9 @@ func (c *Controller) makeRepoChanges(tx peridotdb.Access, req *UpdateRepoRequest
|
|||||||
|
|
||||||
pkgPrimary.Packages[0].Location.Href = fmt.Sprintf("Packages/%s", newObjectKey)
|
pkgPrimary.Packages[0].Location.Href = fmt.Sprintf("Packages/%s", newObjectKey)
|
||||||
pkgPrimary.Packages[0].Checksum.Value = signedArtifact.HashSha256
|
pkgPrimary.Packages[0].Checksum.Value = signedArtifact.HashSha256
|
||||||
|
if signedArtifact.SignedSize > 0 {
|
||||||
|
pkgPrimary.Packages[0].Size.Package = strconv.FormatInt(signedArtifact.SignedSize, 10)
|
||||||
|
}
|
||||||
|
|
||||||
for _, pkg := range pkgFilelists.Packages {
|
for _, pkg := range pkgFilelists.Packages {
|
||||||
pkg.PkgId = signedArtifact.HashSha256
|
pkg.PkgId = signedArtifact.HashSha256
|
||||||
|
@ -246,9 +246,16 @@ func (s *Server) SignArtifactActivity(ctx context.Context, artifactId string, ke
|
|||||||
return nil, fmt.Errorf("failed to create task artifact signature: %v", err)
|
return nil, fmt.Errorf("failed to create task artifact signature: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Get the size of the file
|
||||||
|
fi, err := f.Stat()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
return &keykeeperpb.SignedArtifact{
|
return &keykeeperpb.SignedArtifact{
|
||||||
Path: newObjectKey,
|
Path: newObjectKey,
|
||||||
HashSha256: hash,
|
HashSha256: hash,
|
||||||
|
SignedSize: fi.Size(),
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
verifySig := func() error {
|
verifySig := func() error {
|
||||||
|
@ -86,6 +86,7 @@ message ImportKeyResponse {}
|
|||||||
message SignedArtifact {
|
message SignedArtifact {
|
||||||
string path = 1;
|
string path = 1;
|
||||||
string hash_sha256 = 2;
|
string hash_sha256 = 2;
|
||||||
|
int64 signed_size = 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
message SignArtifactsRequest {
|
message SignArtifactsRequest {
|
||||||
|
Loading…
Reference in New Issue
Block a user