tags are correctly authenticated

8 years ago · 37a6d33f46
parent 95955f17a3
commit 37a6d33f46
4 changed files with 44 additions and 37 deletions
--- a/commits.go
+++ b/commits.go
@ -57,7 +57,7 @@ func find_scorsh_message(commit *git.Commit) (string, error) {
 	return msg[idx:], nil
 }

-// return a list of keyring names which verify the signature of this commit
+// return a list of keyring names which verify the signature of a given commit
 func get_valid_keys(commit *git.Commit, keys *map[string]openpgp.KeyRing) []string {

 	var ret []string
@ -100,6 +100,7 @@ func exec_tag(tag *SCORSHtag_cfg) []error {

 	for _, c := range tag.Commands {
 		debug.log("[tag: %s] attempting command: %s\n", tag.Name, c.URL)
+
 		ret = append(ret, nil)
 	}
 	return ret
--- a/examples/scorsh_example.cfg
+++ b/examples/scorsh_example.cfg
@ -11,9 +11,6 @@ s_workers:
       w_folder: ./worker1,
       w_logfile: ./worker1/worker1.log,
       w_tagfile: "./worker1/worker1.cfg",
-       w_keyrings: [
-                    "./worker1/allowed_users.asc"
-                   ]
     },
     {
       w_name: worker2,
@ -21,9 +18,6 @@ s_workers:
       w_folder: ./worker2,
       w_logfile: ./worker2/worker2.log,
       w_tagfile: "./worker2/worker2.cfg",
-       w_keyrings: [
-                    "./worker2/allowed_users.asc"
-                   ]
     }
 ]
 ...
--- a/examples/worker2/worker2.cfg
+++ b/examples/worker2/worker2.cfg
@ -9,6 +9,15 @@ w_tags:
                     c_url: "file:///home/katolaz/bin/deploy.sh"
                    }
                   ]
+      },
+      {
+       t_name: "build",
+       t_keyrings: ["allowed_users.asc"],
+       t_commands: [
+                    {
+                     c_url: "file:///home/katolaz/bin/scorsh_build.sh"
+                    }
+                   ]
      }
    ]
 ...
--- a/workers.go
+++ b/workers.go
@ -31,27 +31,38 @@ func (worker *SCORSHworker) Matches(repo, branch string) bool {
 func (w *SCORSHworker) LoadKeyrings() error {

 	w.Keys = make(map[string]openpgp.KeyRing, len(w.Keyrings))
+	w.TagKeys = make(map[string]map[string]bool)

-	// Open the keyring files
-	for _, keyring := range w.Keyrings {
-		f, err_file := os.Open(keyring)
+	for _, t := range w.Tags {
+		w.TagKeys[t.Name] = make(map[string]bool)

-		if err_file != nil {
-			log.Printf("[worker] cannot open keyring:", err_file)
-			f.Close()
-			return fmt.Errorf("Unable to open keyring: ", err_file)
-		}
+		// Open the keyring files
+		for _, keyring := range t.Keyrings {
+			if _, ok := w.Keys[keyring]; ok {
+				// keyring has been loaded: just add it to the TagKeys map
+				w.TagKeys[t.Name][keyring] = true
+				continue
+			}
+			k_file := fmt.Sprintf("%s/%s", w.Folder, keyring)
+			debug.log("[worker: %s] Trying to open keyring at %s\n", w.Name, k_file)
+			f, err_file := os.Open(k_file)
+			if err_file != nil {
+				log.Printf("[worker] cannot open keyring: %s", err_file)
+				f.Close()
+			}

-		// load the keyring
-		kr, err_key := openpgp.ReadArmoredKeyRing(f)
+			// load the keyring
+			kr, err_key := openpgp.ReadArmoredKeyRing(f)

-		if err_key != nil {
-			log.Printf("[worker] cannot load keyring: ", err_key)
+			if err_key != nil {
+				log.Printf("[worker] cannot load keyring: %s", err_key)
+				f.Close()
+				//return fmt.Errorf("Unable to load keyring: ", err_key)
+			}
+			w.Keys[keyring] = kr
+			w.TagKeys[t.Name][keyring] = true
 			f.Close()
-			return fmt.Errorf("Unable to load keyring: ", err_key)
 		}
-		w.Keys[keyring] = kr
-		f.Close()
 	}
 	return nil
 }
@ -80,7 +91,6 @@ func Worker(w *SCORSHworker) {
 	var msg SCORSHmsg

 	log.Printf("[worker: %s] Started\n", w.Name)
-	debug.log("[worker: %s] MsgChan: %s\n", w.Name, w.MsgChan)

 	// notify that we have been started!
 	w.StatusChan <- msg
@ -117,26 +127,19 @@ func StartWorkers(master *SCORSHmaster) error {
 		// Set the Status and Msg channels
 		worker.StatusChan = master.StatusChan
 		worker.MsgChan = make(chan SCORSHmsg, 10)
-		// Load worker keyrings
-		err := worker.LoadKeyrings()
-		if err != nil {
-			close(worker.MsgChan)
-			return fmt.Errorf("[Starting worker: %s] Unable to load keyrings: %s\n", worker.Name, err)
-		}
+
 		// Load worker tags from worker.Tagfile
-		err = worker.LoadTags()
+		err := worker.LoadTags()
 		if err != nil {
 			close(worker.MsgChan)
 			return fmt.Errorf("[Starting worker: %s] Unable to load tags: %s\n", worker.Name, err)
 		}

-		// Create the map of keyring for each tag
-		worker.TagKeys = make(map[string]map[string]bool)
-		for _, t := range worker.Tags {
-			worker.TagKeys[t.Name] = make(map[string]bool)
-			for _, k := range t.Keyrings {
-				worker.TagKeys[t.Name][k] = true
-			}
+		// Load worker keyrings -- this must be called *after* LoadTags!!!!
+		err = worker.LoadKeyrings()
+		if err != nil {
+			close(worker.MsgChan)
+			return fmt.Errorf("[Starting worker: %s] Unable to load keyrings: %s\n", worker.Name, err)
 		}

 		// Add the repos definitions to the map master.Repos