func (eds *encodeDigestSuite) TestEncodeDigestErrors(c *C) {
_, err := asserts.EncodeDigest(crypto.SHA1, nil)
c.Check(err, ErrorMatches, "unsupported hash")
_, err = asserts.EncodeDigest(crypto.SHA256, []byte{1, 2})
c.Check(err, ErrorMatches, "hash digest by sha256 should be 32 bytes")
}
func (eds *encodeDigestSuite) TestEncodeDigestOK(c *C) {
h := crypto.SHA256.New()
h.Write([]byte("some stuff to hash"))
digest := h.Sum(nil)
encoded, err := asserts.EncodeDigest(crypto.SHA256, digest)
c.Assert(err, IsNil)
c.Check(strings.HasPrefix(encoded, "sha256 "), Equals, true)
decoded, err := base64.RawURLEncoding.DecodeString(encoded[len("sha256 "):])
c.Assert(err, IsNil)
c.Check(decoded, DeepEquals, digest)
}
func (x *snapBuild) Execute(args []string) error {
authID := x.Positional.AuthorityID
if authID == "" {
return fmt.Errorf("missing devel/authority-id")
}
authKey, err := findPublicKey(db, authID)
if err != nil {
return err
}
snapFile := x.Positional.SnapFile
if snapFile == "" {
return fmt.Errorf("missing snap-file")
}
snap := squashfs.New(snapFile)
nameParts := strings.SplitN(snap.Name(), "_", 2)
snapID := nameParts[0] // XXX: cheat/guess
size, hashDigest, err := snap.HashDigest(crypto.SHA256)
if err != nil {
return fmt.Errorf("failed to hash snap: %v", err)
}
formattedDigest, err := asserts.EncodeDigest(crypto.SHA256, hashDigest)
if err != nil {
return err
}
now := time.Now().UTC()
headers := map[string]string{
"authority-id": strings.Split(authID, "/")[0],
"snap-id": snapID,
"snap-digest": formattedDigest,
"snap-size": fmt.Sprintf("%d", size),
"grade": "devel",
"timestamp": now.Format(time.RFC3339),
}
snapDecl, err := db.Sign(asserts.SnapBuildType, headers, nil, authKey.ID())
if err != nil {
return err
}
os.Stdout.Write(asserts.Encode(snapDecl))
return nil
}
