Remove verification step from keykeeper

Signed-off-by: Mustafa Gezen <mustafa@ctrliq.com>
2024-12-18 08:58:30 +00:00 · 2022-08-16 14:45:03 +02:00 · 2022-08-16 14:45:03 +02:00 · 70c45775cb
commit 70c45775cb
parent 302c68a383
2 changed files with 50 additions and 103 deletions
--- a/peridot/keykeeper/v1/keywarming.go
+++ b/peridot/keykeeper/v1/keywarming.go
@ -85,24 +85,6 @@ func (s *Server) importGpgKey(armoredKey string) error {
 	return err
 }

-func (s *Server) importRpmKey(publicKey string) error {
-	tmpFile, err := ioutil.TempFile("/tmp", "peridot-key-")
-	if err != nil {
-		return err
-	}
-	defer os.Remove(tmpFile.Name())
-	_, err = tmpFile.Write([]byte(publicKey))
-	if err != nil {
-		return err
-	}
-	cmd := gpgCmdEnv(exec.Command("rpm", "--import", tmpFile.Name()))
-	out, err := logCmdRun(cmd)
-	if err != nil {
-		s.log.Errorf("failed to import rpm key: %s", out.String())
-	}
-	return err
-}
-
 // WarmGPGKey warms up a specific GPG key
 // This involves shelling out to GPG to import the key
 func (s *Server) WarmGPGKey(key string, armoredKey string, gpgKey *crypto.Key, db *models.Key) (*LoadedKey, error) {
@ -120,11 +102,6 @@ func (s *Server) WarmGPGKey(key string, armoredKey string, gpgKey *crypto.Key, d
 		return nil, err
 	}

-	err = s.importRpmKey(db.PublicKey)
-	if err != nil {
-		return nil, err
-	}
-
 	if cachedKey == nil {
 		s.keys[key] = &LoadedKey{
 			keyUuid: db.ID,
--- a/peridot/keykeeper/v1/sign.go
+++ b/peridot/keykeeper/v1/sign.go
@ -188,7 +188,6 @@ func (s *Server) SignArtifactActivity(ctx context.Context, artifactId string, ke

 	switch ext {
 	case ".rpm":
-		rpmSign := func() (*keykeeperpb.SignedArtifact, error) {
 		var outBuf bytes.Buffer
 		opts := []string{
 			"--define", "_gpg_name " + keyName,
@ -243,35 +242,6 @@ func (s *Server) SignArtifactActivity(ctx context.Context, artifactId string, ke
 			Path:       newObjectKey,
 			HashSha256: hash,
 		}, nil
-		}
-		verifySig := func() error {
-			opts := []string{
-				"--define", "_gpg_name " + keyName,
-				"--define", "_peridot_keykeeper_key " + key.keyUuid.String(),
-				"--checksig", localPath,
-			}
-			cmd := gpgCmdEnv(exec.Command("rpm", opts...))
-			cmd.Stdout = os.Stdout
-			cmd.Stderr = os.Stderr
-			err := cmd.Run()
-			if err != nil {
-				s.log.Errorf("failed to verify artifact %s: %v", artifact.Name, err)
-				return fmt.Errorf("failed to verify artifact %s: %v", artifact.Name, err)
-			}
-			return nil
-		}
-		var tries int
-		for {
-			res, _ := rpmSign()
-			err := verifySig()
-			if err == nil {
-				return res, nil
-			}
-			if err != nil && tries > 3 {
-				return nil, err
-			}
-			tries++
-		}
 	default:
 		s.log.Infof("skipping artifact %s, extension %s not supported", artifact.Name, ext)
 		return nil, ErrUnsupportedExtension