1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
package main
import (
"fmt"
"github.com/KatolaZ/git2go"
"github.com/go-yaml/yaml"
"golang.org/x/crypto/openpgp"
"log"
"os"
"strings"
// "log"
)
func CommitToString(commit *git.Commit) string {
var ret string
ret += fmt.Sprintf("type: %s\n", commit.Type())
ret += fmt.Sprintf("Id: %s\n", commit.Id())
ret += fmt.Sprintf("Author: %s\n", commit.Author())
ret += fmt.Sprintf("Message: %s\n", commit.Message())
ret += fmt.Sprintf("Parent-count: %d\n", commit.ParentCount())
return ret
}
// FIXME: RETURN THE ENTITY PROVIDED BY THE CHECK, OR nil
func check_signature(commit *git.Commit, keyring *openpgp.KeyRing) (signature, signed string, err error) {
signature, signed, err = commit.ExtractSignature()
if err == nil {
_, err_sig :=
openpgp.CheckArmoredDetachedSignature(*keyring, strings.NewReader(signed),
strings.NewReader(signature))
if err_sig == nil {
fmt.Printf("Good signature \n")
return signature, signed, nil
}
err = err_sig
}
return "", "", err
}
func find_scorsh_message(commit *git.Commit) (string, error) {
sep := "---\n"
msg := commit.RawMessage()
debug.log("[find_scorsg_msg] found message:\n %s\n", msg)
// FIXME!!! replace the following with a proper regexp.Match
idx := strings.Index(msg, sep)
return msg[idx:], nil
}
// return a list of keyring names which verify the signature of this commit
func get_valid_keys(commit *git.Commit, keys *map[string]openpgp.KeyRing) []string {
var ret []string
for k_name, k_val := range *keys {
_, _, err := check_signature(commit, &k_val)
if err == nil {
ret = append(ret, k_name)
}
}
return ret
}
func exec_tag(tag SCORSHtag, valid_keys []string) error {
return nil
}
// traverse all the commits between two references, looking for scorsh
// commands
// fixme: we don't have just one keyring here....
func walk_commits(msg SCORSHmsg, w *SCORSHworker) error {
var tags SCORSHclient_msg
var commit_msg string
fmt.Printf("Inside parse_commits\n")
reponame := msg.Repo
old_rev := msg.Old_rev
new_rev := msg.New_rev
repo, err := git.OpenRepository(reponame)
if err != nil {
fmt.Fprintf(os.Stderr, "Error while opening repository %s (%s)\n",
reponame, err)
return SCORSHerr(SCORSH_ERR_NO_REPO)
}
old_rev_oid, err := git.NewOid(old_rev)
oldrev_commit, err := repo.LookupCommit(old_rev_oid)
if err != nil {
fmt.Fprintf(os.Stderr, "Commit: %s does not exist\n", old_rev)
return SCORSHerr(SCORSH_ERR_NO_COMMIT)
}
new_rev_oid, err := git.NewOid(new_rev)
newrev_commit, err := repo.LookupCommit(new_rev_oid)
if err != nil {
fmt.Fprintf(os.Stderr, "Commit: %s does not exist\n", new_rev)
return SCORSHerr(SCORSH_ERR_NO_COMMIT)
}
cur_commit := newrev_commit
for cur_commit.Id().String() != oldrev_commit.Id().String() {
commit, err := repo.LookupCommit(cur_commit.Id())
if err == nil {
//debug.log("commit: %s", CommitToString(commit))
// We should look for scorsh-tags, and if the commit has any,
// check if it can be verified by any of the keyrings associated
// with that specific scorsh-tag
// check if the commit contains a scorsh command
commit_msg, err = find_scorsh_message(commit)
if err != nil {
log.Printf("[worker: %s] %s\n", w.Name, SCORSHerr(SCORSH_ERR_SIGNATURE))
}
// Check if is the comment contains a valid scorsh message
err = yaml.Unmarshal([]byte(commit_msg), &tags)
if err != nil {
// no scorsh message found
log.Printf("[worker: %s] no scorsh message found: %s", err)
} else {
// there is a scorsh message there so
// 1) get the list of all the keys which verify the message
valid_keys := get_valid_keys(commit, &(w.Keys))
debug.log("validated keyrings on commit: %s\n", valid_keys)
// 2) Try to execute each of the tag included in the message
for _, t := range tags.Tags {
err = exec_tag(t, valid_keys)
if err != nil {
log.Printf("[worker: %s] unable to execute tag: %s : %s", w.Name, t.Tag, err)
} else {
log.Printf("[worker: %s] tag %s executed\n", w.Name, t.Tag)
}
}
}
//signature, signed, err := check_signature(commit, &w.Keys)
//_, _, err := check_signature(commit, w.keys)
cur_commit = commit.Parent(0)
} else {
fmt.Printf("Commit %x not found!\n", cur_commit.Id())
return SCORSHerr(SCORSH_ERR_NO_COMMIT)
}
}
return nil
}
|
