1612785103

Committed 06 Jan 2025 10:22AM UTC coverage: 77.077% (-0.05%) from 77.125%

Build # 1612785103

Build Type

Pull #659

gitlab-ci

Committed by

bahaa-ghazal

Commit Message

fix: fixed singing artifact via symlink

Changelog: Title
Ticket: MEN-3410
Signed-off-by: Bahaa Aldeen Ghazal <bahaa.ghazal@northern.tech>

Pull Request Pull Request #659: fix: fixed signing artifact via symlink

Run Details

11 of 18 new or added lines in 1 file covered. (61.11%)

5 existing lines in 1 file now uncovered.

5807 of 7534 relevant lines covered (77.08%)

134.08 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

65.38

/cli/sign.go

// Copyright 2023 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

package cli

import (
        "io/ioutil"
        "os"
        "path/filepath"

        "github.com/pkg/errors"
        "github.com/urfave/cli"

        "github.com/mendersoftware/mender-artifact/awriter"
)

func signExisting(c *cli.Context) error {
        if c.NArg() == 0 {
                return cli.NewExitError("Nothing specified, nothing signed. \nMaybe you wanted"+
                        " to say 'artifacts sign <pathspec>'?", 1)
        }

        privateKey, err := getKey(c)
        if err != nil {
                return cli.NewExitError("Can not use signing key provided: "+err.Error(), 1)
        }
        if privateKey == nil {
                return cli.NewExitError("Missing signing key; "+
                        "please provide a signing key parameter", 1)
        }

        artFile := c.Args().First()
        outputFile := artFile
        if len(c.String("output-path")) > 0 {
                outputFile = c.String("output-path")
        }
        tFile, err := ioutil.TempFile(filepath.Dir(outputFile), "mender-artifact")
        if err != nil {
                err = errors.Wrap(err, "Can not create temporary file for storing artifact")
                return cli.NewExitError(err, 1)
        }
        defer os.Remove(tFile.Name())
        defer tFile.Close()

        f, err := os.Open(artFile)
        if err != nil {
                err = errors.Wrapf(err, "Can not open: %s", artFile)
                return cli.NewExitError(err, 1)
        }

        artFileStat, err := os.Lstat(artFile)
        if err != nil {
                return cli.NewExitError("Could not get artifact file stat", 1)
        }

        if artFileStat.Mode()&os.ModeSymlink == os.ModeSymlink {
                f.Close()
                artFile, err = os.Readlink(artFile)
                if err != nil {
                        return cli.NewExitError(err, 1)
                }
                outputFile = artFile
                artFileStat, err = os.Stat(artFile)
                if err != nil {
                        return cli.NewExitError("Could not get artifact file stat", 1)
                }
                f, err = os.Open(artFile)
                if err != nil {
                        err = errors.Wrapf(err, "Can not open: %s", artFile)
                        return cli.NewExitError(err, 1)
                }
        }
        defer f.Close()
        err = CopyOwner(tFile, artFile)
        if err != nil {
                return cli.NewExitError("Could not set owner/group of signed artifact "+
                        "(needs root privileges)", 1)
        }
        err = os.Chmod(tFile.Name(), artFileStat.Mode())
        if err != nil {
                return cli.NewExitError("Could not give signed artifact same permissions", 1)
        }
        err = awriter.SignExisting(f, tFile, privateKey, c.Bool("force"))
        if err == awriter.ErrAlreadyExistingSignature {
                return cli.NewExitError(
                        "Artifact already signed, refusing to re-sign. Use force option to override",
                        1,
                )
        } else if err != nil {
                return cli.NewExitError(err, 1)
        }

        if err = tFile.Close(); err != nil {
                return err
        }

        err = os.Rename(tFile.Name(), outputFile)
        if err != nil {
                return cli.NewExitError("Can not store signed artifact: "+err.Error(), 1)
        }
        return nil
}

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	package cli
16
17	import (
18	"io/ioutil"
19	"os"
20	"path/filepath"
21
22	"github.com/pkg/errors"
23	"github.com/urfave/cli"
24
25	"github.com/mendersoftware/mender-artifact/awriter"
26	)
27
28	func signExisting(c *cli.Context) error {	23✔
29	if c.NArg() == 0 {	23✔
30	return cli.NewExitError("Nothing specified, nothing signed. \nMaybe you wanted"+	×
31	" to say 'artifacts sign <pathspec>'?", 1)	×
32	}	×
33
34	privateKey, err := getKey(c)	23✔
35	if err != nil {	25✔
36	return cli.NewExitError("Can not use signing key provided: "+err.Error(), 1)	2✔
37	}	2✔
38	if privateKey == nil {	23✔
39	return cli.NewExitError("Missing signing key; "+	2✔
40	"please provide a signing key parameter", 1)	2✔
41	}	2✔
42
43	artFile := c.Args().First()	19✔
44	outputFile := artFile	19✔
45	if len(c.String("output-path")) > 0 {	35✔
46	outputFile = c.String("output-path")	16✔
47	}	16✔
48	tFile, err := ioutil.TempFile(filepath.Dir(outputFile), "mender-artifact")	19✔
49	if err != nil {	19✔
50	err = errors.Wrap(err, "Can not create temporary file for storing artifact")	×
51	return cli.NewExitError(err, 1)	×
52	}	×
53	defer os.Remove(tFile.Name())	19✔
54	defer tFile.Close()	19✔
55		19✔
56	f, err := os.Open(artFile)	19✔
57	if err != nil {	19✔
58	err = errors.Wrapf(err, "Can not open: %s", artFile)	×
59	return cli.NewExitError(err, 1)	×
60	}	×
61
62	artFileStat, err := os.Lstat(artFile)	19✔
63	if err != nil {	19✔
UNCOV 64	return cli.NewExitError("Could not get artifact file stat", 1)	×
65	}	×
66
67	if artFileStat.Mode()&os.ModeSymlink == os.ModeSymlink {	21✔
68	f.Close()	2✔
69	artFile, err = os.Readlink(artFile)	2✔
70	if err != nil {	2✔
NEW 71	return cli.NewExitError(err, 1)	×
NEW 72	}	×
73	outputFile = artFile	2✔
74	artFileStat, err = os.Stat(artFile)	2✔
75	if err != nil {	2✔
NEW 76	return cli.NewExitError("Could not get artifact file stat", 1)	×
NEW 77	}	×
78	f, err = os.Open(artFile)	2✔
79	if err != nil {	2✔
NEW 80	err = errors.Wrapf(err, "Can not open: %s", artFile)	×
NEW 81	return cli.NewExitError(err, 1)	×
NEW 82	}	×
83	}
84	defer f.Close()	19✔
85	err = CopyOwner(tFile, artFile)	19✔
86	if err != nil {	19✔
UNCOV 87	return cli.NewExitError("Could not set owner/group of signed artifact "+	×
88	"(needs root privileges)", 1)	×
89	}	×
90	err = os.Chmod(tFile.Name(), artFileStat.Mode())	19✔
91	if err != nil {	19✔
UNCOV 92	return cli.NewExitError("Could not give signed artifact same permissions", 1)	×
93	}	×
94	err = awriter.SignExisting(f, tFile, privateKey, c.Bool("force"))	19✔
95	if err == awriter.ErrAlreadyExistingSignature {	21✔
96	return cli.NewExitError(	2✔
97	"Artifact already signed, refusing to re-sign. Use force option to override",	2✔
98	1,	2✔
99	)	2✔
100	} else if err != nil {	23✔
101	return cli.NewExitError(err, 1)	4✔
102	}	4✔
103
104	if err = tFile.Close(); err != nil {	13✔
UNCOV 105	return err	×
106	}	×
107
108	err = os.Rename(tFile.Name(), outputFile)	13✔
109	if err != nil {	13✔
UNCOV 110	return cli.NewExitError("Can not store signed artifact: "+err.Error(), 1)	×
111	}	×
112	return nil	13✔
113	}

mendersoftware / mender-artifact / 1612785103

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous