From 37a6d33f46d81109ce5dfa0f79ea52395ac7762d Mon Sep 17 00:00:00 2001
From: KatolaZ <katolaz@freaknet.org>
Date: Thu, 20 Jul 2017 06:57:50 +0100
Subject: tags are correctly authenticated

---
 commits.go                   |  3 ++-
 examples/scorsh_example.cfg  |  6 -----
 examples/worker2/worker2.cfg |  9 +++++++
 workers.go                   | 63 +++++++++++++++++++++++---------------------
 4 files changed, 44 insertions(+), 37 deletions(-)

diff --git a/commits.go b/commits.go
index b015fab..4f2f451 100644
--- a/commits.go
+++ b/commits.go
@@ -57,7 +57,7 @@ func find_scorsh_message(commit *git.Commit) (string, error) {
 	return msg[idx:], nil
 }
 
-// return a list of keyring names which verify the signature of this commit
+// return a list of keyring names which verify the signature of a given commit
 func get_valid_keys(commit *git.Commit, keys *map[string]openpgp.KeyRing) []string {
 
 	var ret []string
@@ -100,6 +100,7 @@ func exec_tag(tag *SCORSHtag_cfg) []error {
 
 	for _, c := range tag.Commands {
 		debug.log("[tag: %s] attempting command: %s\n", tag.Name, c.URL)
+
 		ret = append(ret, nil)
 	}
 	return ret
diff --git a/examples/scorsh_example.cfg b/examples/scorsh_example.cfg
index 91bd413..c51926b 100644
--- a/examples/scorsh_example.cfg
+++ b/examples/scorsh_example.cfg
@@ -11,9 +11,6 @@ s_workers:
        w_folder: ./worker1,
        w_logfile: ./worker1/worker1.log,
        w_tagfile: "./worker1/worker1.cfg",
-       w_keyrings: [
-                    "./worker1/allowed_users.asc"
-                   ]
      },
      {
        w_name: worker2,
@@ -21,9 +18,6 @@ s_workers:
        w_folder: ./worker2,
        w_logfile: ./worker2/worker2.log,
        w_tagfile: "./worker2/worker2.cfg",
-       w_keyrings: [
-                    "./worker2/allowed_users.asc"
-                   ]
      }
 ]
 ...
diff --git a/examples/worker2/worker2.cfg b/examples/worker2/worker2.cfg
index 5624cb0..d1538ac 100644
--- a/examples/worker2/worker2.cfg
+++ b/examples/worker2/worker2.cfg
@@ -9,6 +9,15 @@ w_tags:
                      c_url: "file:///home/katolaz/bin/deploy.sh"
                     }
                    ]
+      },
+      {
+       t_name: "build",
+       t_keyrings: ["allowed_users.asc"],
+       t_commands: [
+                    {
+                     c_url: "file:///home/katolaz/bin/scorsh_build.sh"
+                    }
+                   ]
       }
     ]
 ...
\ No newline at end of file
diff --git a/workers.go b/workers.go
index b92d3cb..415d169 100644
--- a/workers.go
+++ b/workers.go
@@ -31,27 +31,38 @@ func (worker *SCORSHworker) Matches(repo, branch string) bool {
 func (w *SCORSHworker) LoadKeyrings() error {
 
 	w.Keys = make(map[string]openpgp.KeyRing, len(w.Keyrings))
+	w.TagKeys = make(map[string]map[string]bool)
 
-	// Open the keyring files
-	for _, keyring := range w.Keyrings {
-		f, err_file := os.Open(keyring)
+	for _, t := range w.Tags {
+		w.TagKeys[t.Name] = make(map[string]bool)
 
-		if err_file != nil {
-			log.Printf("[worker] cannot open keyring:", err_file)
-			f.Close()
-			return fmt.Errorf("Unable to open keyring: ", err_file)
-		}
+		// Open the keyring files
+		for _, keyring := range t.Keyrings {
+			if _, ok := w.Keys[keyring]; ok {
+				// keyring has been loaded: just add it to the TagKeys map
+				w.TagKeys[t.Name][keyring] = true
+				continue
+			}
+			k_file := fmt.Sprintf("%s/%s", w.Folder, keyring)
+			debug.log("[worker: %s] Trying to open keyring at %s\n", w.Name, k_file)
+			f, err_file := os.Open(k_file)
+			if err_file != nil {
+				log.Printf("[worker] cannot open keyring: %s", err_file)
+				f.Close()
+			}
 
-		// load the keyring
-		kr, err_key := openpgp.ReadArmoredKeyRing(f)
+			// load the keyring
+			kr, err_key := openpgp.ReadArmoredKeyRing(f)
 
-		if err_key != nil {
-			log.Printf("[worker] cannot load keyring: ", err_key)
+			if err_key != nil {
+				log.Printf("[worker] cannot load keyring: %s", err_key)
+				f.Close()
+				//return fmt.Errorf("Unable to load keyring: ", err_key)
+			}
+			w.Keys[keyring] = kr
+			w.TagKeys[t.Name][keyring] = true
 			f.Close()
-			return fmt.Errorf("Unable to load keyring: ", err_key)
 		}
-		w.Keys[keyring] = kr
-		f.Close()
 	}
 	return nil
 }
@@ -80,7 +91,6 @@ func Worker(w *SCORSHworker) {
 	var msg SCORSHmsg
 
 	log.Printf("[worker: %s] Started\n", w.Name)
-	debug.log("[worker: %s] MsgChan: %s\n", w.Name, w.MsgChan)
 
 	// notify that we have been started!
 	w.StatusChan <- msg
@@ -117,26 +127,19 @@ func StartWorkers(master *SCORSHmaster) error {
 		// Set the Status and Msg channels
 		worker.StatusChan = master.StatusChan
 		worker.MsgChan = make(chan SCORSHmsg, 10)
-		// Load worker keyrings
-		err := worker.LoadKeyrings()
-		if err != nil {
-			close(worker.MsgChan)
-			return fmt.Errorf("[Starting worker: %s] Unable to load keyrings: %s\n", worker.Name, err)
-		}
+
 		// Load worker tags from worker.Tagfile
-		err = worker.LoadTags()
+		err := worker.LoadTags()
 		if err != nil {
 			close(worker.MsgChan)
 			return fmt.Errorf("[Starting worker: %s] Unable to load tags: %s\n", worker.Name, err)
 		}
 
-		// Create the map of keyring for each tag
-		worker.TagKeys = make(map[string]map[string]bool)
-		for _, t := range worker.Tags {
-			worker.TagKeys[t.Name] = make(map[string]bool)
-			for _, k := range t.Keyrings {
-				worker.TagKeys[t.Name][k] = true
-			}
+		// Load worker keyrings -- this must be called *after* LoadTags!!!!
+		err = worker.LoadKeyrings()
+		if err != nil {
+			close(worker.MsgChan)
+			return fmt.Errorf("[Starting worker: %s] Unable to load keyrings: %s\n", worker.Name, err)
 		}
 
 		// Add the repos definitions to the map master.Repos
-- 
cgit v1.2.3