From 95955f17a38e7f517d4613c004e66d8232073f79 Mon Sep 17 00:00:00 2001 From: KatolaZ Date: Wed, 19 Jul 2017 11:45:02 +0100 Subject: tag checking and validation complete. --- commits.go | 63 ++++++++++++++++++++++----- examples/worker1/allowed_users.asc | 86 ++++++++++++------------------------- examples/worker1/allowed_users.pgp | Bin 3073 -> 1402 bytes examples/worker1/worker1.cfg | 10 +++++ types.go | 1 + workers.go | 14 ++++-- 6 files changed, 101 insertions(+), 73 deletions(-) diff --git a/commits.go b/commits.go index 45003d5..b015fab 100644 --- a/commits.go +++ b/commits.go @@ -71,9 +71,38 @@ func get_valid_keys(commit *git.Commit, keys *map[string]openpgp.KeyRing) []stri return ret } -func exec_tag(tag SCORSHtag, valid_keys []string) error { +func intersect_keys(ref map[string]bool, keys []string) []string { - return nil + var ret []string + + for _, k := range keys { + + if _, ok := ref[k]; ok { + ret = append(ret, k) + } + } + return ret +} + +func find_tag_config(tag_name string, w *SCORSHworker) (*SCORSHtag_cfg, bool) { + + for _, c := range w.Tags { + if c.Name == tag_name { + return &c, true + } + } + return nil, false +} + +func exec_tag(tag *SCORSHtag_cfg) []error { + + var ret []error + + for _, c := range tag.Commands { + debug.log("[tag: %s] attempting command: %s\n", tag.Name, c.URL) + ret = append(ret, nil) + } + return ret } // traverse all the commits between two references, looking for scorsh @@ -143,18 +172,32 @@ func walk_commits(msg SCORSHmsg, w *SCORSHworker) error { // 1) get the list of all the keys which verify the message valid_keys := get_valid_keys(commit, &(w.Keys)) - debug.log("validated keyrings on commit: %s\n", valid_keys) - // 2) Try to execute each of the tag included in the message + debug.log("[worker: %s] validated keyrings on commit: %s\n", w.Name, valid_keys) + // 2) then for each tag in the message for _, t := range tags.Tags { - err = exec_tag(t, valid_keys) - if err != nil { - log.Printf("[worker: %s] unable to execute tag: %s : %s", w.Name, t.Tag, err) - } else { - log.Printf("[worker: %s] tag %s executed\n", w.Name, t.Tag) + // a) check that the tag is among those accepted by the worker + tag_cfg, good_tag := find_tag_config(t.Tag, w) + debug.log("[worker: %s] good_tag: %s\n", w.Name, good_tag) + + if !good_tag { + continue + } + + // b) check that at least one of the accepted tag keys is in valid_keys + good_keys := intersect_keys(w.TagKeys[t.Tag], valid_keys) != nil + debug.log("[worker: %s] good_keys: %s\n", w.Name, good_keys) + + if !good_keys { + continue } - } + // c) If everything is OK, execute the tag + if good_tag && good_keys { + errs := exec_tag(tag_cfg) + debug.log("[worker: %s] errors in tag %s: %s\n", w.Name, t.Tag, errs) + } + } } //signature, signed, err := check_signature(commit, &w.Keys) diff --git a/examples/worker1/allowed_users.asc b/examples/worker1/allowed_users.asc index 38bee5a..956bf1c 100644 --- a/examples/worker1/allowed_users.asc +++ b/examples/worker1/allowed_users.asc @@ -1,62 +1,30 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQGiBEFi1/MRBADTOYQBLugy99OG588zPBaOhDPaCfeeB/XiMbMLdO6RzCCZtuU7 -e1G3I+8yIOLNUhfkmIT5Q7aU7FQA6OEexMvA3hijma7uLWs0GPGBC6U2XWEGVCcM -NNCVgZXv8JAEGdyWZmYBO+StYzp7tPhoujUMbY3ChPFes2IB1tlpJeYkuwCglKi6 -ENT7n1pp0ZL02HyW7sUeFIED/3X1G6hKpcO12KXhdl70bI1ELBEoXW8S6E5+zN9v -bj/3SDVMMc99k7vmxd8MVhQviCuwHdX9115fiuUcb6atSdtbXMvCR729rlH+QfCA -aEdJ5O784zcpaTaplRlSVhqbkqU0O0qs2Uwpzyq2YOmqOWaUoxWjaAEZ3MTinJ05 -FOIrA/4xN/kC0xJmqtAYg+IXnEM91pJaHVn1tlG0Us/ZUcV3qOBVzlxbELiYJY/P -f0RdSdJpsCglMeHMvKXYWDYeUwCxVnrX9QdY5U+o7jajW3CY+QXyiUOyB6Oxp1ZB -R9/Kzch8ZDG1efvhPS6Yl6c4VzrOEfmYfq0zA8dD81Q7fKoWKrQ0VmluY2Vuem8g -Tmljb3NpYSAoS2F0b2xhWikgPG1lQGthdG9sYXouaG9tZXVuaXgubmV0PoheBBMR -AgAeBQJBhMseAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEF8gs64LXwYv3+EA -n0DltQTOk4+jUcxj/EsAqlWRCeuwAJ0doTEepP8DZSP5CTdd6NFB1PdmzLQtVmlu -Y2Vuem8gTmljb3NpYSAoS2F0b2xhWikgPGthdG9sYXpAeWFob28uaXQ+iF4EExEC -AB4FAkFi1/MCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQXyCzrgtfBi+8mQCf -X/yJFPgwIwxh4DKNgaklCqp54sYAn0Y9gGbbx6GXgKq3HuUotw10uf5giEYEEBEC -AAYFAkFz0mYACgkQodsYiAfnHNnmGACfdDSOopfIhJ6QeoXO70s374CpTGMAn13h -Fo1L15WsRDGVmltPCyxgIkSWiEYEExECAAYFAkF0QPUACgkQAYe00nZD+a+ZSgCf -X/MNObMst8iZqavGJRQjWiHmJOUAn1SlDmC4El2Mv6UJB/MxZxDkoDcPiEYEExEC -AAYFAkF0CCkACgkQWDOBDtzNIgVcfgCgxIGF1+W/FNAavZ75fWBAgJXxdTcAoJFr -7rYllKXuaUbgzKRVgdO9JT9diEYEExECAAYFAkFz8ewACgkQnFc9aLrD67HS7wCg -nOXXrI+nJuMbyYIEejF2IOC0l/EAoKEfdFk5zx90P4qi/N0tyRsOARlmiEYEExEC -AAYFAkFzkv8ACgkQ6tyjHCMzLlp5DACfQLvi/Ob1x8Fs2YnRqSFlHvj7hh4AnAx2 -plP6AOvDL7VpB54Y7aAVN/55iEYEExECAAYFAkFyyqwACgkQTSZ6jadyvDFJegCf -UBEzE6Rct4w4wANQhiAbm2RSwYkAnj+mfaUghdVj6LjgqQn8d5+VmzBZiEYEExEC -AAYFAkFyMxQACgkQ9QhEMx2jMUK/FgCgodHF1MRE0r/MLNwv1IIrxCpncrkAn3vC -sEmGt3B41mc40kfmj+Pi30zViEYEEBECAAYFAkF4EroACgkQLUrLvHBE1gFRuQCf -ahlJgXhfpIJ2esi1taT5NtNSlncAoJhYo47lMvkRCIx25RUUoHl5GHH9iEYEEBEC -AAYFAkIkxE0ACgkQ02jWMQa6YLzHoACeOTBEUZKQjNf4BHLzW3TXizFOBqoAoJ+w -do4hRB2tJFdI3i1aVGQIju8aiEYEExECAAYFAkLz1FAACgkQG+p9XIlFCSBHjQCe -OJehivpP+jhioDeBKsPcNfK/7PgAmwTcEAkHzPTEcQcvLAxGMmV4KWnsiEYEEBEC -AAYFAkLEIWYACgkQeL/ecPnD1vDS+ACgsBa09BSGMVppYWkbsQKs1JpaWYwAn33Z -Z/Z9FbqVguZwbdjaA13VH08oiF4EExECAB4FAkFi1/MCGwMGCwkIBwMCAxUCAwMW -AgECHgECF4AACgkQXyCzrgtfBi+8mQCfUk2WzM0p3pM+MVeILWmKVemvwzgAniY+ -pALW1rL2IbIinW+1XtgIBa8NtDFWaW5jZW56byAoS2F0b2xhWikgTmljb3NpYSA8 -a2F0b2xhekBmcmVha25ldC5vcmc+iGIEExECACIFAlhnsMwCGwMGCwkIBwMCBhUI -AgkKCwQWAgMBAh4BAheAAAoJEF8gs64LXwYvdukAnjKbYH4UvZKVpVRkEpYidnWF -7ecNAJ4gcHdh+tYoqBlIIyDj/6X+p4CaA7QeS2F0b2xhWiA8a2F0b2xhekBmcmVh -a25ldC5vcmc+iGAEExECACAFAkT0JDcCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIX -gAAKCRBfILOuC18GL2wlAJ9s3FnaoAgftFyzkpWXHbguXqc+2QCggZKrTK+Z6b30 -3M5bpwkVPFO2tkm0I0Vuem8gTmljb3NpYSA8a2F0b2xhekBmcmVha25ldC5vcmc+ -iGAEExECACAFAkT0Sl4CGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBfILOu -C18GL9WmAJ9am98TX/t2THTAJlLrLqKC2+IKkgCfQBmOXi9B0rlucPfG5tc1ATop -Ice0LkVuem8gTmljb3NpYSAtLSBLYXRvbGFaIDxrYXRvbGF6QGZyZWFrbmV0Lm9y -Zz6IYAQTEQIAIAUCRPQmDAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEF8g -s64LXwYvJXUAnAm9EXFMUqbKQHpPptu1bevyXGieAJ0QuIFhr4CqcLIBt6eEYDOk -/Abhb7kCDQRBYtf/EAgAkRtE9UbyNVoZgBmctRNn1rZGOGh0D0pg7f7DhoNZfsel -CvzYTb6NN+CK4TPFE820nfi86xu6rBxL0NBmXMuhEQImSLZ3J5RbHpc6k+dXu8G7 -qbH8eWiee+vaebrMou4j5zJE5KZBeTa/IV0fGf9U9JxGMQvQfgPMiEEjMf4BpxCd -xyA4Y7MxfcNlTrsK0D2N9oO54L4OtBMyLQicj9vCGX9idXkstpFnu6XywrlFpzCM -t0j4DVTOFom4goYneTimoZvkhAmTsU9WUHdQF7bSEdzCLirD+eHwkq/EVk8x84tC -IxfzaRqRnPAD1OcCeoRqRbyJX7f5gEWqDUVGj9howwADBgf/RrEDF75RhVaqLbU0 -99wGe4pY5YpeZ44J0fO6LY44nu/0amDQ6Ijb9Bx2h31+z+/90Fm2b3o/AVoVbkj3 -D5qElFPLPJq3znaLeHVP3nV53qLYZqEgbkUFeyVTauavquy27Wrf7UQGZexGBjLb -ppJcsm27hswBZwDdkubiHiA5VcxJIhk2SyBgvjSiwLa9nVsPpp8P1PlGH7e8ijTk -ynF2rI4+P9tGkskagHPbs7gLSbpfHDiex/U3p1V9ry6OsoIKcrZAx5do5PQi7iaz -JGXmPPu/XM9XR1+Gj9vCoxg56AHgAE9RAX6SH99ECtRLiCVbwGpVj98A0LRy7Nf9 -SMX7gYhJBBgRAgAJBQJBYtf/AhsMAAoJEF8gs64LXwYvwWkAnAnoHai6n3a3WnM1 -zIolhmQMfsj3AJ4i/olraFAACc1BCJESK6dVFiSvoQ== -=aSn2 +mQENBFltDTcBCAC+ngq5DpxpDMJEnQUsB9m1CNE8Em8Fox24FzFLvcUiC3Gf9w2c +Pmh6EJSwrEuwzqGIJ+VRPxB+uVBZ2IJvwgCuQ6N4itBVsuCjduhkDZafRvsX1Tuh +6/DJiWcA/WYMtBJ8EacdxYMM8dwo4rt+8nffq1tZiDNzAfR5ezYnqi/ICmbdjVoA +oR0BW/gmXbaxSDc/CIotU2Z7omBS+44qVI6W4fi9RnbwRSl8C0dp+FJQcfkYBnP7 +GDNKdIZKARCUFJUz++HLvKneRXi0y+fZeQ/w7uQ8BO1lNoxRep3TpfztqnpMHUmC +S02InQFdebJRmywR88q32WB747sQ9OXQYM/PABEBAAG0EFNDT1JTSCB0ZXN0IHVz +ZXKJAVQEEwEIAD4WIQTFTNpoZyy96GDiAmtAyPC1m+DXVAUCWW0NNwIbAwUJA8Jn +AAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBAyPC1m+DXVKzBB/953d7i50CC +WyJwI4lYk0IeO7jFR9ml24Sm+5Cl/Wz8khPwVuT2qgCR6y3G0AUBtVpnVCMifPXX +CRi4IwKi3rnlhqeKzqXiffkzxD4pZW4fKM9dOT92j+97qvmacNj4eS5qO8gFea0W +dGuoUzd+/JJxfyVCL8hs14Fan1qzgpVB60OANKLWatljdAHwrAaaWQMGBd7RI0Et +Z0f6TNIzT2DUVnzoDRvcQpm4svrjJqcLnBbOJyGHrQPOQXBWsVroyPAg3Ho0bkdm +kZY4QdTlEmvPqtHAfc5bMvUXScOAzW5tbUPmFDHz4gBluoj7sBC93u0K2Y6hAh9+ +4+UPTBmygBoQuQENBFltDTcBCADB9qmGAMeJsDSiNbph/b9K2SYF3X6DXW2FShBo +mdYVElIQD56zub8wtZ70RZKIYogHjnudX7pMrLRZ/PeI7c2JPYnEUDq/zBoh8MfL +MFURyAaAmoXt4X1vUMIi8MDHawjPwnDbixoItT+jxO5WmjbSGRZT0fFZYeWwwCjh +IRSB8ufYffYnl2m01UMJ3M+a+PQY0UQA9znoaN0C9gt66IibgO6C1txppvG6QTAD +CuFH7UVs8J4RgL45+lCPo38zifhvxn5hhc8tR5L3eCKy4MXQofq2rHNDJc1Kak3u +SlFGX9LxrBe+53awCwzNPbMDhod0d0HlPdfjMw7X0dMLJdHJABEBAAGJATwEGAEI +ACYWIQTFTNpoZyy96GDiAmtAyPC1m+DXVAUCWW0NNwIbDAUJA8JnAAAKCRBAyPC1 +m+DXVKD/CACrxoPZ9on/cfNyxXHaNbTAJhEx7p6wQqTe4rnEIMGvn7STDhNKqYnn +5Fu2fqb5SWT5eN8V5tqHd8u09o+wtgSlVhhV+7LeYS9GwheTOSBBZtGFbKoUEx2y +6clGN7A/gSKjD/8y309c6eRPx+Jg3wv2lS6eZDurottV5Z2SV6MejsT/+8Mn792X +ff5zHO1sglFoK0GWb8yNyvv8l1UrhqwIm3LBGQcDDflN4Vgff6H2OxWaGw+gbVhC +TnHJWLj0HetmU+kTUrdRo1WAHndwZ7VP7IL7ePTq+8MfdOcqF2pGJhnQJsrIQ24D +thViyvX/Vq1G6UAEV2vP8xPxQ6rkJ40O +=rzVr -----END PGP PUBLIC KEY BLOCK----- diff --git a/examples/worker1/allowed_users.pgp b/examples/worker1/allowed_users.pgp index c083709..bfe95cd 100644 Binary files a/examples/worker1/allowed_users.pgp and b/examples/worker1/allowed_users.pgp differ diff --git a/examples/worker1/worker1.cfg b/examples/worker1/worker1.cfg index 233afdd..0eabdf7 100644 --- a/examples/worker1/worker1.cfg +++ b/examples/worker1/worker1.cfg @@ -19,6 +19,16 @@ w_tags: ## c_hash: "12da324fb76s924acbce" } ] + }, + { + t_name: "build", + t_keyrings: ["allowed_users.asc"], + t_commands: [ + { + c_url: "file:///home/katolaz/bin/scorsh_build.sh" + } + ] } + ] ... \ No newline at end of file diff --git a/types.go b/types.go index a163640..faf9f6c 100644 --- a/types.go +++ b/types.go @@ -45,6 +45,7 @@ type SCORSHworker_cfg struct { Tagfile string `yaml:"w_tagfile"` Keyrings []string `yaml:"w_keyrings"` Tags []SCORSHtag_cfg `yaml:"w_tags"` + TagKeys map[string]map[string]bool } // State of a worker diff --git a/workers.go b/workers.go index c48c65f..b92d3cb 100644 --- a/workers.go +++ b/workers.go @@ -9,7 +9,6 @@ import ( "os" "regexp" "strings" - "time" ) func (worker *SCORSHworker) Matches(repo, branch string) bool { @@ -96,9 +95,6 @@ func Worker(w *SCORSHworker) { if err != nil { log.Printf("[worker: %s] error in walk_commits: %s", err) } - debug.log("[worker: %s] Received message: %s", w.Name, msg) - debug.log("[worker: %s] StatusChan: %s\n", w.Name, w.StatusChan) - time.Sleep(1000 * time.Millisecond) w.StatusChan <- msg debug.log("[worker: %s] Sent message back: %s", w.Name, msg) } @@ -133,6 +129,16 @@ func StartWorkers(master *SCORSHmaster) error { close(worker.MsgChan) return fmt.Errorf("[Starting worker: %s] Unable to load tags: %s\n", worker.Name, err) } + + // Create the map of keyring for each tag + worker.TagKeys = make(map[string]map[string]bool) + for _, t := range worker.Tags { + worker.TagKeys[t.Name] = make(map[string]bool) + for _, k := range t.Keyrings { + worker.TagKeys[t.Name][k] = true + } + } + // Add the repos definitions to the map master.Repos for _, repo_name := range worker.Repos { master.Repos[repo_name] = append(master.Repos[repo_name], worker) -- cgit v1.2.3