1279561887

Committed 06 May 2024 07:18AM UTC coverage: 73.657% (-3.8%) from 77.428%

Build # 1279561887

Build Type

Pull #605

gitlab-ci

Committed by

alfrunes

Commit Message

chore(make): Refactor `coverage` target and disable pkcs11 on non-linux

Signed-off-by: Alf-Rune Siqveland <alf.rune@northern.tech>

Pull Request Pull Request #605: Allow using mender-artifact without `cgo`

Run Details

4 of 6 new or added lines in 1 file covered. (66.67%)

271 existing lines in 13 files now uncovered.

5469 of 7425 relevant lines covered (73.66%)

77.7 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

58.33

/awriter/signer.go

// Copyright 2021 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

package awriter

import (
        "archive/tar"
        "io"

        "github.com/pkg/errors"

        "github.com/mendersoftware/mender-artifact/artifact"
)

var ErrAlreadyExistingSignature = errors.New(
        "The Artifact is already signed, will not overwrite existing signature",
)
var ErrManifestNotFound = errors.New("`manifest` not found. Corrupt Artifact?")

// Special fast-track to just sign, nothing else. This skips all the expensive
// and complicated repacking, and simply adds the manifest.sig file.
func SignExisting(src io.Reader, dst io.Writer, key artifact.Signer, overwrite bool) error {
        var foundManifest bool
        rTar := tar.NewReader(src)
        wTar := tar.NewWriter(dst)
        for {
                header, err := rTar.Next()
                if err == io.EOF {
                        break
                } else if err != nil {
                        return errors.Wrap(err, "Could not read tar header")
                }

                switch header.Name {
                case "manifest":
                        err = signManifestAndOutputSignature(header, rTar, wTar, key)
                        if err != nil {
                                return err
                        }
                        foundManifest = true
                        continue
                case "manifest.sig":
                        if overwrite {
                                continue
                        } else {
                                return ErrAlreadyExistingSignature
                        }
                }

                err = wTar.WriteHeader(header)
                if err != nil {
                        return errors.Wrap(err, "Could not write tar header")
                }

                _, err = io.Copy(wTar, rTar)
                if err != nil {
                        return errors.Wrap(err, "Failed to copy tar body")
                }
        }

        err := wTar.Close()
        if err != nil {
                return errors.Wrap(err, "Could not finalize tar archive")
        }

        if !foundManifest {
                return ErrManifestNotFound
        }

        return nil
}

func signManifestAndOutputSignature(
        header *tar.Header,
        src *tar.Reader,
        dst *tar.Writer,
        key artifact.Signer,
) error {
        buf := make([]byte, header.Size)
        read, err := src.Read(buf)
        if err != nil && err != io.EOF {
                return errors.Wrap(err, "Could not read manifest")
        } else if int64(read) != header.Size {
                return errors.New("Unexpected mismatch between header size and read size")
        }

        err = dst.WriteHeader(header)
        if err != nil {
                return errors.Wrap(err, "Could not write manifest header")
        }
        written, err := dst.Write(buf)
        if err != nil {
                return errors.Wrap(err, "Could not write manifest")
        } else if written != read {
                return errors.New("Could not write entire manifest")
        }

        signedBuf, err := key.Sign(buf)
        if err != nil {
                return errors.Wrap(err, "Could not sign manifest")
        }

        signedHeader := &tar.Header{
                Name: "manifest.sig",
                Size: int64(len(signedBuf)),
                Mode: 0644,
        }

        err = dst.WriteHeader(signedHeader)
        if err != nil {
                return errors.Wrap(err, "Could not write signature header")
        }
        written, err = dst.Write(signedBuf)
        if err != nil {
                return errors.Wrap(err, "Could not write signature")
        } else if written != len(signedBuf) {
                return errors.New("Could not write entire manifest.sig")
        }

        read, err = src.Read(buf)
        if err != io.EOF || read != 0 {
                return errors.New("File bigger than its header size")
        }

        return nil
}

1	// Copyright 2021 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	package awriter
16
17	import (
18	"archive/tar"
19	"io"
20
21	"github.com/pkg/errors"
22
23	"github.com/mendersoftware/mender-artifact/artifact"
24	)
25
26	var ErrAlreadyExistingSignature = errors.New(
27	"The Artifact is already signed, will not overwrite existing signature",
28	)
29	var ErrManifestNotFound = errors.New("`manifest` not found. Corrupt Artifact?")
30
31	// Special fast-track to just sign, nothing else. This skips all the expensive
32	// and complicated repacking, and simply adds the manifest.sig file.
33	func SignExisting(src io.Reader, dst io.Writer, key artifact.Signer, overwrite bool) error {	1✔
34	var foundManifest bool	1✔
35	rTar := tar.NewReader(src)	1✔
36	wTar := tar.NewWriter(dst)	1✔
37	for {	2✔
38	header, err := rTar.Next()	1✔
39	if err == io.EOF {	2✔
40	break	1✔
41	} else if err != nil {	1✔
UNCOV 42	return errors.Wrap(err, "Could not read tar header")	×
UNCOV 43	}	×
44
45	switch header.Name {	1✔
46	case "manifest":	1✔
47	err = signManifestAndOutputSignature(header, rTar, wTar, key)	1✔
48	if err != nil {	1✔
49	return err	×
50	}	×
51	foundManifest = true	1✔
52	continue	1✔
UNCOV 53	case "manifest.sig":	×
UNCOV 54	if overwrite {	×
UNCOV 55	continue	×
UNCOV 56	} else {	×
UNCOV 57	return ErrAlreadyExistingSignature	×
UNCOV 58	}	×
59	}
60
61	err = wTar.WriteHeader(header)	1✔
62	if err != nil {	1✔
63	return errors.Wrap(err, "Could not write tar header")	×
64	}	×
65
66	_, err = io.Copy(wTar, rTar)	1✔
67	if err != nil {	1✔
68	return errors.Wrap(err, "Failed to copy tar body")	×
69	}	×
70	}
71
72	err := wTar.Close()	1✔
73	if err != nil {	1✔
74	return errors.Wrap(err, "Could not finalize tar archive")	×
75	}	×
76
77	if !foundManifest {	1✔
UNCOV 78	return ErrManifestNotFound	×
UNCOV 79	}	×
80
81	return nil	1✔
82	}
83
84	func signManifestAndOutputSignature(
85	header *tar.Header,
86	src *tar.Reader,
87	dst *tar.Writer,
88	key artifact.Signer,
89	) error {	1✔
90	buf := make([]byte, header.Size)	1✔
91	read, err := src.Read(buf)	1✔
92	if err != nil && err != io.EOF {	1✔
93	return errors.Wrap(err, "Could not read manifest")	×
94	} else if int64(read) != header.Size {	1✔
95	return errors.New("Unexpected mismatch between header size and read size")	×
96	}	×
97
98	err = dst.WriteHeader(header)	1✔
99	if err != nil {	1✔
100	return errors.Wrap(err, "Could not write manifest header")	×
101	}	×
102	written, err := dst.Write(buf)	1✔
103	if err != nil {	1✔
104	return errors.Wrap(err, "Could not write manifest")	×
105	} else if written != read {	1✔
106	return errors.New("Could not write entire manifest")	×
107	}	×
108
109	signedBuf, err := key.Sign(buf)	1✔
110	if err != nil {	1✔
111	return errors.Wrap(err, "Could not sign manifest")	×
112	}	×
113
114	signedHeader := &tar.Header{	1✔
115	Name: "manifest.sig",	1✔
116	Size: int64(len(signedBuf)),	1✔
117	Mode: 0644,	1✔
118	}	1✔
119		1✔
120	err = dst.WriteHeader(signedHeader)	1✔
121	if err != nil {	1✔
122	return errors.Wrap(err, "Could not write signature header")	×
123	}	×
124	written, err = dst.Write(signedBuf)	1✔
125	if err != nil {	1✔
126	return errors.Wrap(err, "Could not write signature")	×
127	} else if written != len(signedBuf) {	1✔
128	return errors.New("Could not write entire manifest.sig")	×
129	}	×
130
131	read, err = src.Read(buf)	1✔
132	if err != io.EOF \|\| read != 0 {	1✔
133	return errors.New("File bigger than its header size")	×
134	}	×
135
136	return nil	1✔
137	}

mendersoftware / mender-artifact / 1279561887

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous