// signJob signs the Unit of a Job using the public keys in the local SSH
// agent, and pushes the resulting SignatureSet to the Registry
func signJob(j *job.Job) error {
sc, err := sign.NewSignatureCreatorFromSSHAgent()
if err != nil {
return fmt.Errorf("failed creating SignatureCreator: %v", err)
}
ss, err := sc.SignJob(j)
if err != nil {
return fmt.Errorf("failed signing Job(%s): %v", j.Name, err)
}
err = registryCtl.CreateSignatureSet(ss)
if err != nil {
return fmt.Errorf("failed storing Job signature in registry: %v", err)
}
log.V(1).Infof("Signed Job(%s)", j.Name)
return nil
}
func submitUnitsAction(c *cli.Context) {
toSign := c.Bool("sign")
var sc *sign.SignatureCreator
if toSign {
var err error
sc, err = sign.NewSignatureCreatorFromSSHAgent()
if err != nil {
fmt.Println("Fail to create SignatureVerifier:", err)
return
}
}
// First, validate each of the provided payloads
payloads := make([]job.JobPayload, len(c.Args()))
for i, v := range c.Args() {
payload, err := getJobPayloadFromFile(v)
if err != nil {
fmt.Println(err.Error())
return
}
payloads[i] = *payload
}
// Only after all the provided payloads have been validated
// do we push any changes to the Registry
for _, payload := range payloads {
err := registryCtl.CreatePayload(&payload)
if err != nil {
fmt.Printf("Creation of payload %s failed: %v\n", payload.Name, err)
return
}
if toSign {
s, err := sc.SignPayload(&payload)
if err != nil {
fmt.Printf("Creation of sign for payload %s failed: %v\n", payload.Name, err)
return
}
registryCtl.CreateSignatureSet(s)
}
}
}
func startUnitAction(c *cli.Context) {
var err error
// If signing is explicitly set to on, verification will be done also.
toSign := c.Bool("sign")
var sc *sign.SignatureCreator
var sv *sign.SignatureVerifier
if toSign {
var err error
sc, err = sign.NewSignatureCreatorFromSSHAgent()
if err != nil {
fmt.Println("Fail to create SignatureCreator:", err)
return
}
sv, err = sign.NewSignatureVerifierFromSSHAgent()
if err != nil {
fmt.Println("Fail to create SignatureVerifier:", err)
return
}
}
payloads := make([]job.JobPayload, len(c.Args()))
for i, v := range c.Args() {
name := path.Base(v)
payload := registryCtl.GetPayload(name)
if payload == nil {
payload, err = getJobPayloadFromFile(v)
if err != nil {
fmt.Println(err.Error())
return
}
err = registryCtl.CreatePayload(payload)
if err != nil {
fmt.Printf("Creation of payload %s failed: %v\n", payload.Name, err)
return
}
if toSign {
s, err := sc.SignPayload(payload)
if err != nil {
fmt.Printf("Creation of sign for payload %s failed: %v\n", payload.Name, err)
return
}
registryCtl.CreateSignatureSet(s)
}
}
if toSign {
s := registryCtl.GetSignatureSetOfPayload(name)
ok, err := sv.VerifyPayload(payload, s)
if !ok || err != nil {
fmt.Printf("Check of payload %s failed: %v\n", payload.Name, err)
return
}
}
payloads[i] = *payload
}
requirements := parseRequirements(c.String("require"))
// TODO: This must be done in a transaction!
for _, jp := range payloads {
j := job.NewJob(jp.Name, requirements, &jp, nil)
err := registryCtl.CreateJob(j)
if err != nil {
fmt.Printf("Creation of job %s failed: %v\n", j.Name, err)
}
}
}