1124655793

Committed 02 Jan 2024 03:45PM UTC coverage: 79.174% (-0.06%) from 79.23%

Build # 1124655793

Build Type

Pull #574

gitlab-ci

Committed by

danielskinstad

Commit Message

test: checking if signing an existing artifact preserves file permissions

Signed-off-by: Daniel Skinstad Drabitzius <daniel.drabitzius@northern.tech>

Pull Request Pull Request #574: fix: signing an existing artifact now preserves file permissions

Run Details

7 of 14 new or added lines in 1 file covered. (50.0%)

9 existing lines in 1 file now uncovered.

5710 of 7212 relevant lines covered (79.17%)

187.2 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

68.75

/cli/sign.go

// Copyright 2023 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

package cli

import (
        "io/ioutil"
        "os"
        "path/filepath"
        "syscall"

        "github.com/pkg/errors"
        "github.com/urfave/cli"

        "github.com/mendersoftware/mender-artifact/awriter"
)

func signExisting(c *cli.Context) error {
        if c.NArg() == 0 {
                return cli.NewExitError("Nothing specified, nothing signed. \nMaybe you wanted"+
                        " to say 'artifacts sign <pathspec>'?", 1)
        }

        privateKey, err := getKey(c)
        if err != nil {
                return cli.NewExitError("Can not use signing key provided: "+err.Error(), 1)
        }
        if privateKey == nil {
                return cli.NewExitError("Missing signing key; "+
                        "please provide a signing key parameter", 1)
        }

        artFile := c.Args().First()
        outputFile := artFile
        if len(c.String("output-path")) > 0 {
                outputFile = c.String("output-path")
        }
        tFile, err := ioutil.TempFile(filepath.Dir(outputFile), "mender-artifact")
        if err != nil {
                err = errors.Wrap(err, "Can not create temporary file for storing artifact")
                return cli.NewExitError(err, 1)
        }
        defer os.Remove(tFile.Name())
        defer tFile.Close()

        f, err := os.Open(artFile)
        if err != nil {
                err = errors.Wrapf(err, "Can not open: %s", artFile)
                return cli.NewExitError(err, 1)
        }
        defer f.Close()

        artFileStat, err := os.Stat(artFile)
        if err != nil {
                return cli.NewExitError("Could not get artifact file stat", 1)
        }
        err = os.Chown(tFile.Name(), int(artFileStat.Sys().(*syscall.Stat_t).Uid),
                int(artFileStat.Sys().(*syscall.Stat_t).Gid))
        if err != nil {
                return cli.NewExitError("Could not set owner/group of signed artifact "+
                        "(needs root privileges)", 1)
        }
        err = os.Chmod(tFile.Name(), artFileStat.Mode())
        if err != nil {
                return cli.NewExitError("Could not give signed artifact same permissions", 1)
        }
        err = awriter.SignExisting(f, tFile, privateKey, c.Bool("force"))
        if err == awriter.ErrAlreadyExistingSignature {
                return cli.NewExitError(
                        "Artifact already signed, refusing to re-sign. Use force option to override",
                        1,
                )
        } else if err != nil {
                return cli.NewExitError(err, 1)
        }

        if err = tFile.Close(); err != nil {
                return err
        }

        err = os.Rename(tFile.Name(), outputFile)
        if err != nil {
                return cli.NewExitError("Can not store signed artifact: "+err.Error(), 1)
        }
        return nil
}

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	package cli
16
17	import (
18	"io/ioutil"
19	"os"
20	"path/filepath"
21	"syscall"
22
23	"github.com/pkg/errors"
24	"github.com/urfave/cli"
25
26	"github.com/mendersoftware/mender-artifact/awriter"
27	)
28
29	func signExisting(c *cli.Context) error {	21✔
30	if c.NArg() == 0 {	21✔
31	return cli.NewExitError("Nothing specified, nothing signed. \nMaybe you wanted"+	×
32	" to say 'artifacts sign <pathspec>'?", 1)	×
UNCOV 33	}	×
34
35	privateKey, err := getKey(c)	21✔
36	if err != nil {	23✔
37	return cli.NewExitError("Can not use signing key provided: "+err.Error(), 1)	2✔
38	}	2✔
39	if privateKey == nil {	21✔
40	return cli.NewExitError("Missing signing key; "+	2✔
41	"please provide a signing key parameter", 1)	2✔
42	}	2✔
43
44	artFile := c.Args().First()	17✔
45	outputFile := artFile	17✔
46	if len(c.String("output-path")) > 0 {	33✔
47	outputFile = c.String("output-path")	16✔
48	}	16✔
49	tFile, err := ioutil.TempFile(filepath.Dir(outputFile), "mender-artifact")	17✔
50	if err != nil {	17✔
51	err = errors.Wrap(err, "Can not create temporary file for storing artifact")	×
52	return cli.NewExitError(err, 1)	×
UNCOV 53	}	×
54	defer os.Remove(tFile.Name())	17✔
55	defer tFile.Close()	17✔
56		17✔
57	f, err := os.Open(artFile)	17✔
58	if err != nil {	17✔
59	err = errors.Wrapf(err, "Can not open: %s", artFile)	×
60	return cli.NewExitError(err, 1)	×
UNCOV 61	}	×
62	defer f.Close()	17✔
63		17✔
64	artFileStat, err := os.Stat(artFile)	17✔
65	if err != nil {	17✔
NEW 66	return cli.NewExitError("Could not get artifact file stat", 1)	×
NEW 67	}	×
68	err = os.Chown(tFile.Name(), int(artFileStat.Sys().(*syscall.Stat_t).Uid),	17✔
69	int(artFileStat.Sys().(*syscall.Stat_t).Gid))	17✔
70	if err != nil {	17✔
NEW 71	return cli.NewExitError("Could not set owner/group of signed artifact "+	×
NEW 72	"(needs root privileges)", 1)	×
NEW 73	}	×
74	err = os.Chmod(tFile.Name(), artFileStat.Mode())	17✔
75	if err != nil {	17✔
NEW UNCOV 76	return cli.NewExitError("Could not give signed artifact same permissions", 1)	×
NEW UNCOV 77	}	×
78	err = awriter.SignExisting(f, tFile, privateKey, c.Bool("force"))	17✔
79	if err == awriter.ErrAlreadyExistingSignature {	19✔
80	return cli.NewExitError(	2✔
81	"Artifact already signed, refusing to re-sign. Use force option to override",	2✔
82	1,	2✔
83	)	2✔
84	} else if err != nil {	21✔
85	return cli.NewExitError(err, 1)	4✔
86	}	4✔
87
88	if err = tFile.Close(); err != nil {	11✔
UNCOV 89	return err	×
UNCOV 90	}	×
91
92	err = os.Rename(tFile.Name(), outputFile)	11✔
93	if err != nil {	11✔
UNCOV 94	return cli.NewExitError("Can not store signed artifact: "+err.Error(), 1)	×
UNCOV 95	}	×
96	return nil	11✔
97	}

mendersoftware / mender-artifact / 1124655793

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous