1131601108

Committed 08 Jan 2024 12:29PM UTC coverage: 79.166% (-0.06%) from 79.23%

Build # 1131601108

Build Type

push

gitlab-ci

Committed by

web-flow

Commit Message

Merge pull request #581 from mendersoftware/cherry-3.11.x-permissions

[Cherry 3.11.x]: fix: signing an existing artifact now preserves file permissions

Run Details

12 of 21 new or added lines in 2 files covered. (57.14%)

5715 of 7219 relevant lines covered (79.17%)

186.62 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

68.25

/cli/sign.go

// Copyright 2023 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

package cli

import (
        "io/ioutil"
        "os"
        "path/filepath"

        "github.com/pkg/errors"
        "github.com/urfave/cli"

        "github.com/mendersoftware/mender-artifact/awriter"
)

func signExisting(c *cli.Context) error {
        if c.NArg() == 0 {
                return cli.NewExitError("Nothing specified, nothing signed. \nMaybe you wanted"+
                        " to say 'artifacts sign <pathspec>'?", 1)
        }

        privateKey, err := getKey(c)
        if err != nil {
                return cli.NewExitError("Can not use signing key provided: "+err.Error(), 1)
        }
        if privateKey == nil {
                return cli.NewExitError("Missing signing key; "+
                        "please provide a signing key parameter", 1)
        }

        artFile := c.Args().First()
        outputFile := artFile
        if len(c.String("output-path")) > 0 {
                outputFile = c.String("output-path")
        }
        tFile, err := ioutil.TempFile(filepath.Dir(outputFile), "mender-artifact")
        if err != nil {
                err = errors.Wrap(err, "Can not create temporary file for storing artifact")
                return cli.NewExitError(err, 1)
        }
        defer os.Remove(tFile.Name())
        defer tFile.Close()

        f, err := os.Open(artFile)
        if err != nil {
                err = errors.Wrapf(err, "Can not open: %s", artFile)
                return cli.NewExitError(err, 1)
        }
        defer f.Close()

        artFileStat, err := os.Stat(artFile)
        if err != nil {
                return cli.NewExitError("Could not get artifact file stat", 1)
        }
        err = CopyOwner(tFile, artFile)
        if err != nil {
                return cli.NewExitError("Could not set owner/group of signed artifact "+
                        "(needs root privileges)", 1)
        }
        err = os.Chmod(tFile.Name(), artFileStat.Mode())
        if err != nil {
                return cli.NewExitError("Could not give signed artifact same permissions", 1)
        }
        err = awriter.SignExisting(f, tFile, privateKey, c.Bool("force"))
        if err == awriter.ErrAlreadyExistingSignature {
                return cli.NewExitError(
                        "Artifact already signed, refusing to re-sign. Use force option to override",
                        1,
                )
        } else if err != nil {
                return cli.NewExitError(err, 1)
        }

        if err = tFile.Close(); err != nil {
                return err
        }

        err = os.Rename(tFile.Name(), outputFile)
        if err != nil {
                return cli.NewExitError("Can not store signed artifact: "+err.Error(), 1)
        }
        return nil
}

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	package cli
16
17	import (
18	"io/ioutil"
19	"os"
20	"path/filepath"
21
22	"github.com/pkg/errors"
23	"github.com/urfave/cli"
24
25	"github.com/mendersoftware/mender-artifact/awriter"
26	)
27
28	func signExisting(c *cli.Context) error {	21✔
29	if c.NArg() == 0 {	21✔
30	return cli.NewExitError("Nothing specified, nothing signed. \nMaybe you wanted"+	×
31	" to say 'artifacts sign <pathspec>'?", 1)	×
32	}	×
33
34	privateKey, err := getKey(c)	21✔
35	if err != nil {	23✔
36	return cli.NewExitError("Can not use signing key provided: "+err.Error(), 1)	2✔
37	}	2✔
38	if privateKey == nil {	21✔
39	return cli.NewExitError("Missing signing key; "+	2✔
40	"please provide a signing key parameter", 1)	2✔
41	}	2✔
42
43	artFile := c.Args().First()	17✔
44	outputFile := artFile	17✔
45	if len(c.String("output-path")) > 0 {	33✔
46	outputFile = c.String("output-path")	16✔
47	}	16✔
48	tFile, err := ioutil.TempFile(filepath.Dir(outputFile), "mender-artifact")	17✔
49	if err != nil {	17✔
50	err = errors.Wrap(err, "Can not create temporary file for storing artifact")	×
51	return cli.NewExitError(err, 1)	×
52	}	×
53	defer os.Remove(tFile.Name())	17✔
54	defer tFile.Close()	17✔
55		17✔
56	f, err := os.Open(artFile)	17✔
57	if err != nil {	17✔
58	err = errors.Wrapf(err, "Can not open: %s", artFile)	×
59	return cli.NewExitError(err, 1)	×
60	}	×
61	defer f.Close()	17✔
62		17✔
63	artFileStat, err := os.Stat(artFile)	17✔
64	if err != nil {	17✔
NEW 65	return cli.NewExitError("Could not get artifact file stat", 1)	×
NEW 66	}	×
67	err = CopyOwner(tFile, artFile)	17✔
68	if err != nil {	17✔
NEW 69	return cli.NewExitError("Could not set owner/group of signed artifact "+	×
NEW 70	"(needs root privileges)", 1)	×
NEW 71	}	×
72	err = os.Chmod(tFile.Name(), artFileStat.Mode())	17✔
73	if err != nil {	17✔
NEW 74	return cli.NewExitError("Could not give signed artifact same permissions", 1)	×
NEW 75	}	×
76	err = awriter.SignExisting(f, tFile, privateKey, c.Bool("force"))	17✔
77	if err == awriter.ErrAlreadyExistingSignature {	19✔
78	return cli.NewExitError(	2✔
79	"Artifact already signed, refusing to re-sign. Use force option to override",	2✔
80	1,	2✔
81	)	2✔
82	} else if err != nil {	21✔
83	return cli.NewExitError(err, 1)	4✔
84	}	4✔
85
86	if err = tFile.Close(); err != nil {	11✔
87	return err	×
88	}	×
89
90	err = os.Rename(tFile.Name(), outputFile)	11✔
91	if err != nil {	11✔
92	return cli.NewExitError("Can not store signed artifact: "+err.Error(), 1)	×
93	}	×
94	return nil	11✔
95	}

mendersoftware / mender-artifact / 1131601108

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous