diff options
author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2023-07-28 12:08:49 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2023-07-28 12:59:17 +0300 |
commit | b42e7fc1ebaddf814ea4a0046a55bedf009dae5d (patch) | |
tree | 8bc25fe87a5ddc6739353eb37d87d599e2d213f3 | |
parent | 2b2217ebc175d49984d5980af4ff7c3dcefe4e1d (diff) |
commit: Implement SHA256 support for CommitSignatures
Implement support for the SHA256 object format in the CommitSignatures
RPC.
Changelog: added
-rw-r--r-- | internal/gitaly/service/commit/commit_signatures.go | 31 | ||||
-rw-r--r-- | internal/gitaly/service/commit/commit_signatures_test.go | 38 |
2 files changed, 50 insertions, 19 deletions
diff --git a/internal/gitaly/service/commit/commit_signatures.go b/internal/gitaly/service/commit/commit_signatures.go index 5fa47f17b..4ac24dd90 100644 --- a/internal/gitaly/service/commit/commit_signatures.go +++ b/internal/gitaly/service/commit/commit_signatures.go @@ -9,7 +9,6 @@ import ( "gitlab.com/gitlab-org/gitaly/v16/internal/git" "gitlab.com/gitlab-org/gitaly/v16/internal/git/catfile" - "gitlab.com/gitlab-org/gitaly/v16/internal/gitaly/storage" "gitlab.com/gitlab-org/gitaly/v16/internal/signature" "gitlab.com/gitlab-org/gitaly/v16/internal/structerr" "gitlab.com/gitlab-org/gitaly/v16/proto/go/gitalypb" @@ -17,17 +16,23 @@ import ( ) func (s *server) GetCommitSignatures(request *gitalypb.GetCommitSignaturesRequest, stream gitalypb.CommitService_GetCommitSignaturesServer) error { - if err := validateGetCommitSignaturesRequest(s.locator, request); err != nil { - return structerr.NewInvalidArgument("%w", err) - } + ctx := stream.Context() - return s.getCommitSignatures(request, stream) -} + if err := s.locator.ValidateRepository(request.GetRepository()); err != nil { + return err + } -func (s *server) getCommitSignatures(request *gitalypb.GetCommitSignaturesRequest, stream gitalypb.CommitService_GetCommitSignaturesServer) error { - ctx := stream.Context() repo := s.localrepo(request.GetRepository()) + objectHash, err := repo.ObjectHash(ctx) + if err != nil { + return fmt.Errorf("detecting object hash: %w", err) + } + + if err := validateGetCommitSignaturesRequest(objectHash, request); err != nil { + return structerr.NewInvalidArgument("%w", err) + } + objectReader, cancel, err := s.catfileCache.ObjectReader(ctx, repo) if err != nil { return structerr.NewInternal("%w", err) @@ -92,7 +97,7 @@ func extractSignature(reader io.Reader) ([]byte, []byte, error) { } if !sawSignature && !inSignature { - for _, signatureField := range [][]byte{[]byte("gpgsig ")} { + for _, signatureField := range [][]byte{[]byte("gpgsig "), []byte("gpgsig-sha256 ")} { if !bytes.HasPrefix(line, signatureField) { continue } @@ -154,18 +159,14 @@ func sendResponse( return nil } -func validateGetCommitSignaturesRequest(locator storage.Locator, request *gitalypb.GetCommitSignaturesRequest) error { - if err := locator.ValidateRepository(request.GetRepository()); err != nil { - return err - } - +func validateGetCommitSignaturesRequest(objectHash git.ObjectHash, request *gitalypb.GetCommitSignaturesRequest) error { if len(request.GetCommitIds()) == 0 { return errors.New("empty CommitIds") } // Do not support shorthand or invalid commit SHAs for _, commitID := range request.CommitIds { - if err := git.ObjectHashSHA1.ValidateHex(commitID); err != nil { + if err := objectHash.ValidateHex(commitID); err != nil { return err } } diff --git a/internal/gitaly/service/commit/commit_signatures_test.go b/internal/gitaly/service/commit/commit_signatures_test.go index 05305a010..b9d32f8a1 100644 --- a/internal/gitaly/service/commit/commit_signatures_test.go +++ b/internal/gitaly/service/commit/commit_signatures_test.go @@ -1,5 +1,3 @@ -//go:build !gitaly_test_sha256 - package commit import ( @@ -254,6 +252,29 @@ func testGetCommitSignatures(t *testing.T, ctx context.Context) { }, }, { + desc: "SHA256-signed commit", + setup: func(t *testing.T) setupData { + commitID, commitData := createCommitWithSignature(t, cfg, repoPath, "gpgsig-sha256", sshSignature, "sha256-signed commit message") + + return setupData{ + request: &gitalypb.GetCommitSignaturesRequest{ + Repository: repoProto, + CommitIds: []string{ + commitID.String(), + }, + }, + expectedResponses: []*gitalypb.GetCommitSignaturesResponse{ + { + CommitId: commitID.String(), + Signature: []byte(sshSignature), + SignedText: []byte(commitData), + Signer: gitalypb.GetCommitSignaturesResponse_SIGNER_USER, + }, + }, + } + }, + }, + { desc: "signed by Gitaly", setup: func(t *testing.T) setupData { repo := localrepo.NewTestRepo(t, cfg, repoProto) @@ -294,13 +315,22 @@ func testGetCommitSignatures(t *testing.T, ctx context.Context) { []*gitalypb.GetCommitSignaturesResponse{ { CommitId: commitID.String(), - Signature: []byte(`-----BEGIN SSH SIGNATURE----- + Signature: []byte(gittest.ObjectHashDependent(t, map[string]string{ + "sha1": `-----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgVzKQNpRPvHihfJQJ+Com F8BdFuG2wuXh+LjXjbOs8IgAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3Nz aC1lZDI1NTE5AAAAQB6uCeUpvnFGR/cowe1pQyTZiTzKsi1tnez0EO8o2LtrJr+g k8fZo+m7jSM0TpefrL0iyHxevrbKslyXw1lJVAM= -----END SSH SIGNATURE----- -`), +`, + "sha256": `-----BEGIN SSH SIGNATURE----- +U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgVzKQNpRPvHihfJQJ+Com +F8BdFuG2wuXh+LjXjbOs8IgAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3Nz +aC1lZDI1NTE5AAAAQKgC1TFLVZOqvVs2AqCp2lhkRAUtZsDa89RgHOOsYAC3T1kB +4lOayj2uzBahoM0gc7REITUyg5MTzfIhcIPfhAQ= +-----END SSH SIGNATURE----- +`, + })), SignedText: []byte(fmt.Sprintf( "tree %s\nauthor %s\ncommitter %s\n\nmessage", tree.OID, |