Example #1
0
func getArtifactVerifier(preparerConfig *PreparerConfig, logger *logging.Logger) (auth.ArtifactVerifier, error) {
	var verif ManifestVerification
	var err error
	switch t, _ := preparerConfig.ArtifactAuth["type"].(string); t {
	case "", auth.VerifyNone:
		return auth.NopVerifier(), nil
	case auth.VerifyManifest:
		err = castYaml(preparerConfig.ArtifactAuth, &verif)
		if err != nil {
			return nil, util.Errorf("error configuring artifact verification: %v", err)
		}
		return auth.NewBuildManifestVerifier(verif.KeyringPath, uri.DefaultFetcher, logger)
	case auth.VerifyBuild:
		err = castYaml(preparerConfig.ArtifactAuth, &verif)
		if err != nil {
			return nil, util.Errorf("error configuring artifact verification: %v", err)
		}
		return auth.NewBuildVerifier(verif.KeyringPath, uri.DefaultFetcher, logger)
	case auth.VerifyEither:
		err = castYaml(preparerConfig.ArtifactAuth, &verif)
		if err != nil {
			return nil, util.Errorf("error configuring artifact verification: %v", err)
		}
		return auth.NewCompositeVerifier(verif.KeyringPath, uri.DefaultFetcher, logger)
	default:
		return nil, util.Errorf("Unrecognized artifact verification type: %v", t)
	}
}
Example #2
0
func main() {
	kingpin.Version(version.VERSION)
	kingpin.Parse()

	dir, err := ioutil.TempDir("", "verify")
	defer os.RemoveAll(dir)
	if err != nil {
		log.Fatalf("Could not create tempdir for artifact download: %v", err)
	}

	localCopyPath := filepath.Join(dir, "temp.tar.gz")

	locationForSignature := *originalLocation

	var localCopy *os.File
	if *originalLocation != nil {
		err = uri.DefaultFetcher.CopyLocal(*originalLocation, localCopyPath)
		if err != nil {
			log.Fatalln(err)
		}
		localCopy, err = os.Open(localCopyPath)
		if err != nil {
			log.Fatalf("Could not open local copy of the file %v: %v", localCopyPath, err)
		}
	} else {
		localCopy, err = os.Open(*location)
		if err != nil {
			log.Fatalf("Could not open local copy of the file %v: %v", *location, err)
		}
	}

	res := struct {
		SignedManifest bool   `json:"signed_manifest"`
		SignedBuild    bool   `json:"signed_build"`
		ManifestErr    string `json:"manifest_error,omitempty"`
		BuildErr       string `json:"build_error,omitempty"`
	}{}

	verificationData := artifact.VerificationDataForLocation(locationForSignature)
	manifestVerifier, buildErr := auth.NewBuildManifestVerifier(*gpgKeyringPath, uri.DefaultFetcher, &logging.DefaultLogger)
	buildVerifier, manErr := auth.NewBuildVerifier(*gpgKeyringPath, uri.DefaultFetcher, &logging.DefaultLogger)

	if buildErr == nil {
		err := buildVerifier.VerifyHoistArtifact(localCopy, verificationData)
		if err == nil {
			res.SignedBuild = true
		} else {
			res.BuildErr = err.Error()
		}
	} else {
		res.BuildErr = buildErr.Error()
	}

	_, _ = localCopy.Seek(0, os.SEEK_SET)

	if manErr == nil {
		err := manifestVerifier.VerifyHoistArtifact(localCopy, verificationData)
		if err == nil {
			res.SignedManifest = true
		} else {
			res.ManifestErr = err.Error()
		}
	} else {
		res.ManifestErr = manErr.Error()
	}

	marshaled, _ := json.Marshal(res)
	fmt.Println(string(marshaled))
	os.Exit(0)
}