From 95955f17a38e7f517d4613c004e66d8232073f79 Mon Sep 17 00:00:00 2001 From: KatolaZ Date: Wed, 19 Jul 2017 11:45:02 +0100 Subject: [PATCH] tag checking and validation complete. --- commits.go | 63 +++++++++++++++++---- examples/worker1/allowed_users.asc | 86 +++++++++-------------------- examples/worker1/allowed_users.pgp | Bin 3073 -> 1402 bytes examples/worker1/worker1.cfg | 10 ++++ types.go | 1 + workers.go | 14 +++-- 6 files changed, 101 insertions(+), 73 deletions(-) diff --git a/commits.go b/commits.go index 45003d5..b015fab 100644 --- a/commits.go +++ b/commits.go @@ -71,9 +71,38 @@ func get_valid_keys(commit *git.Commit, keys *map[string]openpgp.KeyRing) []stri return ret } -func exec_tag(tag SCORSHtag, valid_keys []string) error { +func intersect_keys(ref map[string]bool, keys []string) []string { - return nil + var ret []string + + for _, k := range keys { + + if _, ok := ref[k]; ok { + ret = append(ret, k) + } + } + return ret +} + +func find_tag_config(tag_name string, w *SCORSHworker) (*SCORSHtag_cfg, bool) { + + for _, c := range w.Tags { + if c.Name == tag_name { + return &c, true + } + } + return nil, false +} + +func exec_tag(tag *SCORSHtag_cfg) []error { + + var ret []error + + for _, c := range tag.Commands { + debug.log("[tag: %s] attempting command: %s\n", tag.Name, c.URL) + ret = append(ret, nil) + } + return ret } // traverse all the commits between two references, looking for scorsh @@ -143,18 +172,32 @@ func walk_commits(msg SCORSHmsg, w *SCORSHworker) error { // 1) get the list of all the keys which verify the message valid_keys := get_valid_keys(commit, &(w.Keys)) - debug.log("validated keyrings on commit: %s\n", valid_keys) - // 2) Try to execute each of the tag included in the message + debug.log("[worker: %s] validated keyrings on commit: %s\n", w.Name, valid_keys) + // 2) then for each tag in the message for _, t := range tags.Tags { - err = exec_tag(t, valid_keys) - if err != nil { - log.Printf("[worker: %s] unable to execute tag: %s : %s", w.Name, t.Tag, err) - } else { - log.Printf("[worker: %s] tag %s executed\n", w.Name, t.Tag) + // a) check that the tag is among those accepted by the worker + tag_cfg, good_tag := find_tag_config(t.Tag, w) + debug.log("[worker: %s] good_tag: %s\n", w.Name, good_tag) + + if !good_tag { + continue + } + + // b) check that at least one of the accepted tag keys is in valid_keys + good_keys := intersect_keys(w.TagKeys[t.Tag], valid_keys) != nil + debug.log("[worker: %s] good_keys: %s\n", w.Name, good_keys) + + if !good_keys { + continue } - } + // c) If everything is OK, execute the tag + if good_tag && good_keys { + errs := exec_tag(tag_cfg) + debug.log("[worker: %s] errors in tag %s: %s\n", w.Name, t.Tag, errs) + } + } } //signature, signed, err := check_signature(commit, &w.Keys) diff --git a/examples/worker1/allowed_users.asc b/examples/worker1/allowed_users.asc index 38bee5a..956bf1c 100644 --- a/examples/worker1/allowed_users.asc +++ b/examples/worker1/allowed_users.asc @@ -1,62 +1,30 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQGiBEFi1/MRBADTOYQBLugy99OG588zPBaOhDPaCfeeB/XiMbMLdO6RzCCZtuU7 -e1G3I+8yIOLNUhfkmIT5Q7aU7FQA6OEexMvA3hijma7uLWs0GPGBC6U2XWEGVCcM -NNCVgZXv8JAEGdyWZmYBO+StYzp7tPhoujUMbY3ChPFes2IB1tlpJeYkuwCglKi6 -ENT7n1pp0ZL02HyW7sUeFIED/3X1G6hKpcO12KXhdl70bI1ELBEoXW8S6E5+zN9v -bj/3SDVMMc99k7vmxd8MVhQviCuwHdX9115fiuUcb6atSdtbXMvCR729rlH+QfCA -aEdJ5O784zcpaTaplRlSVhqbkqU0O0qs2Uwpzyq2YOmqOWaUoxWjaAEZ3MTinJ05 -FOIrA/4xN/kC0xJmqtAYg+IXnEM91pJaHVn1tlG0Us/ZUcV3qOBVzlxbELiYJY/P -f0RdSdJpsCglMeHMvKXYWDYeUwCxVnrX9QdY5U+o7jajW3CY+QXyiUOyB6Oxp1ZB -R9/Kzch8ZDG1efvhPS6Yl6c4VzrOEfmYfq0zA8dD81Q7fKoWKrQ0VmluY2Vuem8g -Tmljb3NpYSAoS2F0b2xhWikgPG1lQGthdG9sYXouaG9tZXVuaXgubmV0PoheBBMR -AgAeBQJBhMseAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEF8gs64LXwYv3+EA -n0DltQTOk4+jUcxj/EsAqlWRCeuwAJ0doTEepP8DZSP5CTdd6NFB1PdmzLQtVmlu -Y2Vuem8gTmljb3NpYSAoS2F0b2xhWikgPGthdG9sYXpAeWFob28uaXQ+iF4EExEC -AB4FAkFi1/MCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQXyCzrgtfBi+8mQCf -X/yJFPgwIwxh4DKNgaklCqp54sYAn0Y9gGbbx6GXgKq3HuUotw10uf5giEYEEBEC -AAYFAkFz0mYACgkQodsYiAfnHNnmGACfdDSOopfIhJ6QeoXO70s374CpTGMAn13h -Fo1L15WsRDGVmltPCyxgIkSWiEYEExECAAYFAkF0QPUACgkQAYe00nZD+a+ZSgCf -X/MNObMst8iZqavGJRQjWiHmJOUAn1SlDmC4El2Mv6UJB/MxZxDkoDcPiEYEExEC -AAYFAkF0CCkACgkQWDOBDtzNIgVcfgCgxIGF1+W/FNAavZ75fWBAgJXxdTcAoJFr -7rYllKXuaUbgzKRVgdO9JT9diEYEExECAAYFAkFz8ewACgkQnFc9aLrD67HS7wCg -nOXXrI+nJuMbyYIEejF2IOC0l/EAoKEfdFk5zx90P4qi/N0tyRsOARlmiEYEExEC -AAYFAkFzkv8ACgkQ6tyjHCMzLlp5DACfQLvi/Ob1x8Fs2YnRqSFlHvj7hh4AnAx2 -plP6AOvDL7VpB54Y7aAVN/55iEYEExECAAYFAkFyyqwACgkQTSZ6jadyvDFJegCf -UBEzE6Rct4w4wANQhiAbm2RSwYkAnj+mfaUghdVj6LjgqQn8d5+VmzBZiEYEExEC -AAYFAkFyMxQACgkQ9QhEMx2jMUK/FgCgodHF1MRE0r/MLNwv1IIrxCpncrkAn3vC -sEmGt3B41mc40kfmj+Pi30zViEYEEBECAAYFAkF4EroACgkQLUrLvHBE1gFRuQCf -ahlJgXhfpIJ2esi1taT5NtNSlncAoJhYo47lMvkRCIx25RUUoHl5GHH9iEYEEBEC -AAYFAkIkxE0ACgkQ02jWMQa6YLzHoACeOTBEUZKQjNf4BHLzW3TXizFOBqoAoJ+w -do4hRB2tJFdI3i1aVGQIju8aiEYEExECAAYFAkLz1FAACgkQG+p9XIlFCSBHjQCe -OJehivpP+jhioDeBKsPcNfK/7PgAmwTcEAkHzPTEcQcvLAxGMmV4KWnsiEYEEBEC -AAYFAkLEIWYACgkQeL/ecPnD1vDS+ACgsBa09BSGMVppYWkbsQKs1JpaWYwAn33Z -Z/Z9FbqVguZwbdjaA13VH08oiF4EExECAB4FAkFi1/MCGwMGCwkIBwMCAxUCAwMW -AgECHgECF4AACgkQXyCzrgtfBi+8mQCfUk2WzM0p3pM+MVeILWmKVemvwzgAniY+ -pALW1rL2IbIinW+1XtgIBa8NtDFWaW5jZW56byAoS2F0b2xhWikgTmljb3NpYSA8 -a2F0b2xhekBmcmVha25ldC5vcmc+iGIEExECACIFAlhnsMwCGwMGCwkIBwMCBhUI -AgkKCwQWAgMBAh4BAheAAAoJEF8gs64LXwYvdukAnjKbYH4UvZKVpVRkEpYidnWF -7ecNAJ4gcHdh+tYoqBlIIyDj/6X+p4CaA7QeS2F0b2xhWiA8a2F0b2xhekBmcmVh -a25ldC5vcmc+iGAEExECACAFAkT0JDcCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIX -gAAKCRBfILOuC18GL2wlAJ9s3FnaoAgftFyzkpWXHbguXqc+2QCggZKrTK+Z6b30 -3M5bpwkVPFO2tkm0I0Vuem8gTmljb3NpYSA8a2F0b2xhekBmcmVha25ldC5vcmc+ -iGAEExECACAFAkT0Sl4CGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBfILOu -C18GL9WmAJ9am98TX/t2THTAJlLrLqKC2+IKkgCfQBmOXi9B0rlucPfG5tc1ATop -Ice0LkVuem8gTmljb3NpYSAtLSBLYXRvbGFaIDxrYXRvbGF6QGZyZWFrbmV0Lm9y -Zz6IYAQTEQIAIAUCRPQmDAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEF8g -s64LXwYvJXUAnAm9EXFMUqbKQHpPptu1bevyXGieAJ0QuIFhr4CqcLIBt6eEYDOk -/Abhb7kCDQRBYtf/EAgAkRtE9UbyNVoZgBmctRNn1rZGOGh0D0pg7f7DhoNZfsel -CvzYTb6NN+CK4TPFE820nfi86xu6rBxL0NBmXMuhEQImSLZ3J5RbHpc6k+dXu8G7 -qbH8eWiee+vaebrMou4j5zJE5KZBeTa/IV0fGf9U9JxGMQvQfgPMiEEjMf4BpxCd -xyA4Y7MxfcNlTrsK0D2N9oO54L4OtBMyLQicj9vCGX9idXkstpFnu6XywrlFpzCM -t0j4DVTOFom4goYneTimoZvkhAmTsU9WUHdQF7bSEdzCLirD+eHwkq/EVk8x84tC -IxfzaRqRnPAD1OcCeoRqRbyJX7f5gEWqDUVGj9howwADBgf/RrEDF75RhVaqLbU0 -99wGe4pY5YpeZ44J0fO6LY44nu/0amDQ6Ijb9Bx2h31+z+/90Fm2b3o/AVoVbkj3 -D5qElFPLPJq3znaLeHVP3nV53qLYZqEgbkUFeyVTauavquy27Wrf7UQGZexGBjLb -ppJcsm27hswBZwDdkubiHiA5VcxJIhk2SyBgvjSiwLa9nVsPpp8P1PlGH7e8ijTk -ynF2rI4+P9tGkskagHPbs7gLSbpfHDiex/U3p1V9ry6OsoIKcrZAx5do5PQi7iaz -JGXmPPu/XM9XR1+Gj9vCoxg56AHgAE9RAX6SH99ECtRLiCVbwGpVj98A0LRy7Nf9 -SMX7gYhJBBgRAgAJBQJBYtf/AhsMAAoJEF8gs64LXwYvwWkAnAnoHai6n3a3WnM1 -zIolhmQMfsj3AJ4i/olraFAACc1BCJESK6dVFiSvoQ== -=aSn2 +mQENBFltDTcBCAC+ngq5DpxpDMJEnQUsB9m1CNE8Em8Fox24FzFLvcUiC3Gf9w2c +Pmh6EJSwrEuwzqGIJ+VRPxB+uVBZ2IJvwgCuQ6N4itBVsuCjduhkDZafRvsX1Tuh +6/DJiWcA/WYMtBJ8EacdxYMM8dwo4rt+8nffq1tZiDNzAfR5ezYnqi/ICmbdjVoA +oR0BW/gmXbaxSDc/CIotU2Z7omBS+44qVI6W4fi9RnbwRSl8C0dp+FJQcfkYBnP7 +GDNKdIZKARCUFJUz++HLvKneRXi0y+fZeQ/w7uQ8BO1lNoxRep3TpfztqnpMHUmC +S02InQFdebJRmywR88q32WB747sQ9OXQYM/PABEBAAG0EFNDT1JTSCB0ZXN0IHVz +ZXKJAVQEEwEIAD4WIQTFTNpoZyy96GDiAmtAyPC1m+DXVAUCWW0NNwIbAwUJA8Jn +AAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBAyPC1m+DXVKzBB/953d7i50CC +WyJwI4lYk0IeO7jFR9ml24Sm+5Cl/Wz8khPwVuT2qgCR6y3G0AUBtVpnVCMifPXX +CRi4IwKi3rnlhqeKzqXiffkzxD4pZW4fKM9dOT92j+97qvmacNj4eS5qO8gFea0W +dGuoUzd+/JJxfyVCL8hs14Fan1qzgpVB60OANKLWatljdAHwrAaaWQMGBd7RI0Et +Z0f6TNIzT2DUVnzoDRvcQpm4svrjJqcLnBbOJyGHrQPOQXBWsVroyPAg3Ho0bkdm +kZY4QdTlEmvPqtHAfc5bMvUXScOAzW5tbUPmFDHz4gBluoj7sBC93u0K2Y6hAh9+ +4+UPTBmygBoQuQENBFltDTcBCADB9qmGAMeJsDSiNbph/b9K2SYF3X6DXW2FShBo +mdYVElIQD56zub8wtZ70RZKIYogHjnudX7pMrLRZ/PeI7c2JPYnEUDq/zBoh8MfL +MFURyAaAmoXt4X1vUMIi8MDHawjPwnDbixoItT+jxO5WmjbSGRZT0fFZYeWwwCjh +IRSB8ufYffYnl2m01UMJ3M+a+PQY0UQA9znoaN0C9gt66IibgO6C1txppvG6QTAD +CuFH7UVs8J4RgL45+lCPo38zifhvxn5hhc8tR5L3eCKy4MXQofq2rHNDJc1Kak3u +SlFGX9LxrBe+53awCwzNPbMDhod0d0HlPdfjMw7X0dMLJdHJABEBAAGJATwEGAEI +ACYWIQTFTNpoZyy96GDiAmtAyPC1m+DXVAUCWW0NNwIbDAUJA8JnAAAKCRBAyPC1 +m+DXVKD/CACrxoPZ9on/cfNyxXHaNbTAJhEx7p6wQqTe4rnEIMGvn7STDhNKqYnn +5Fu2fqb5SWT5eN8V5tqHd8u09o+wtgSlVhhV+7LeYS9GwheTOSBBZtGFbKoUEx2y +6clGN7A/gSKjD/8y309c6eRPx+Jg3wv2lS6eZDurottV5Z2SV6MejsT/+8Mn792X +ff5zHO1sglFoK0GWb8yNyvv8l1UrhqwIm3LBGQcDDflN4Vgff6H2OxWaGw+gbVhC +TnHJWLj0HetmU+kTUrdRo1WAHndwZ7VP7IL7ePTq+8MfdOcqF2pGJhnQJsrIQ24D +thViyvX/Vq1G6UAEV2vP8xPxQ6rkJ40O +=rzVr -----END PGP PUBLIC KEY BLOCK----- diff --git a/examples/worker1/allowed_users.pgp b/examples/worker1/allowed_users.pgp index c083709cc29d6e24fc852e3536a85f64cfd4bea7..bfe95cdd3b7ef1f9afda7c7ab821942e2cd3155f 100644 GIT binary patch literal 1402 zcmZQzU{GLWWMJ}kib!Jsg2=p&ZXgU|LjY?O6C;>a$H2gHf`N%a=BUrDjC7s7FA^Rx zWjmbsuyyu>>mfiD3LsVgl`|xc>c+)(x-T{!8%_C#7}hy2uIRcDy6M5@Y57{8CwMroKx5 z1XtSK-YABJvW(F`)MB@7^f0&Q=+X^Nt6r24^t(?hq;J~8AA8-(KDcVuaJy&z2ns0t zDZy6!Tf*3@q|J*_V2a38(g@p6x83Y*_7`F%nJNpL(dnlBo7MCcL z7N-_6PqXpCl@ypix?9#Ba<8> zlXwFI7pDL$D%Tuj|6h6c-lOLZP0>mP%AFCDo#d={9Cg3B^mfa#-xHSp&G|D)_(Rx} zZ>tz4zScc**09ZrWM*T%cTw3DObm<=k_`&Z#T5uVp^x zSP-@`>cxo<3U{hZ^4!xVPP1^l@>D4M{HluwYR^R*eHHgS+;BE8H`n=@h~ei)45_<1 zes2)id+#mR&Ax?9@^z1&^7}|`YLF7xiAZ<{zpZRzINrIzWRdBv#J~H!ZmO}~t!s|W zZS@k!n0ZZ9C`f>R-sYYA4Ytnv;yS4#se`?*dT#tKpEX+||9tOwd$!ZI^GJZz{xedF zAC8|k2o*fR)-bE}?ZevqfI~_j4jj+sIDe?%cDEGAR{O-Ug>7_a5y$qHu8i{4JCDguPaF zK7SIut!~**&y=4P_eG!GYA-*%L_-(cUUw3z?D(S84zmrwkUKT5dI{cWn=ycFxzi*AQLojWOfv0UGg|Gy8bzrQ=Z z_Fu8g+nlDr3~k40`Dc1h{r)pORJ&~r$LykmlI+a9KYbrY$k#9YW-U5PntwrVgp*(4 z$%q|aWM8KRzZ4GI9=JHPL9V3 zW5^{HZS71*a*6F0(k3cwCSuPhC;L2SpVRrCXU+SrS?l{f|My$(_g@PDfPz2()O^1^ z0dR){5g*4pc=?whJP3uXWJ>@DwE!rPPjKic#JPTEW*yt(=!Po0Bkab%oqGq0cbB|P zgEHDuzq}8ATJGAyRlMn)5E}Py1Ku_6;0GcAKpEUjd*vL!c5@^8OD?dV8?j&WZf-<= z$pxLbQRQns#EqDhTmrzCzm6~0zVCN+&cDaCvsYIj4U!EvI?*{T4hJvvqac_u&AAuR zZ(6hrq!XgFULoeF0<%NdGU0&9BsMCIHL^RzszPN-6E*bAdgJhoD9!=a^$8m=Hi&F! zdeA46lXhnkeOg=QLxeCx$HkrB<_8h&*5rufsrOgmvb`w;0%Z5_ZI4|c%z5vsog!!B zA4Pp|Ejt0}=q9R-s#XK~^;=b9?F%$V;&aMO*N-WakCBoQu;sv6xm$-A_2pfRL6Ymt znRwhb@y#y28^(@=vHN{}_RX2@w7|B6UaKB`+%IA$xjklUiNedzovvwrQ7Q9gk_ zMhE+!K6~=xNo+ZJVQ>%TMryv^@mlx@n48r($2JDS-g-eJ-0g?}D6xD=; z%E9=B5rP6RC`<|pgGoanP$UGpF&qdX#8z9pe-O|NN6O*N*AjEA*dB}KpwKo6F7~esRR#uNp zjKCZD?ok;)3(!u;PJI$Zy&8O}dCFXOD!jnL1JGOsrQ^*zlZ$ZJBs!6IiDvhd+0GbVB9lmmd%au9? zLSP!}B{odgUB8wisKMjdYelTLgn?)lxa3c*F4I4}rRXo^*PW zrFNY$Ni-Q?=h{ZRs8!qNvW9d1!vv3$aeR+=RsDEr+Z3Q@jC2+y=BvM!`z;b4j3uE4 zn5iECJxejbLBB;YU|(GJ;_v9+}85mMf zEs0#`iYs~#U`L}-a_J|nAI1XezPwNd>e5S(vC4r0#Nq{7a{3O3wHz%;9%oh%r=^gC z-Crlot>F3N_6A&A9eZ2v_V&oF4O_hY?*UrKqY|^|3csKZFTJ*dqlvGF`Ym2^Ijhe- zXhRi`gFe(${jSaD~Zk~ND6a?6b*1wSb-&*kX6uui!E=r`^T`C|9p^&cpquodP;9V~_9`0y?dPl%RxD zxUG8Jv=8lQb5by2YSXv6_D{DT<#FWx2z8D%MxYMH1FBwXR@^7cPkJZlx)EFIdv|`U zo0tdb@Ln;50DGq4oWS;NA|{%iK^nw~HF_G9R{A-puFsEC-|@a}9?(mqnKP2nSVy8e zQLYqP)PB>^;R>LIc6lMu9rK08LH8${n>^tkjDePw&eb@G4kH?^i zakg)Z>-7LteQz$bqvP(MN_Ukreal_D1o?_Znb?2Xz&BG`wJC#D8zA_5x}WB{62{lx zYj4bnl`W>s2etPqVSlp%eknmHLP!`c4Tb#&cOtz7RLyjJm}D&_nPGEsLy9sf@Y1_C zqJWC>yWsw*WAiOpQx(+fWyVr|_)QoS`PCs&|DXZCq5;JR#m%Vde$xP#f(pX^LBSa{ zKs(dx@QN;|$aF5FB&RA=VqEk0b_03@Q+{^*qq8>^WQtWrxEF^P`rU<8ZYsVncmvNttk z{1v&1ojs}YMiV!jXGGSiQ*u$1UACFYFu@A9hQZh|Mk?4PNWNHRBTCPs3>#YSd8AsX zbx-`C7w-++U&oZtL&cxS1L^BMQxg;V=E)0e<17S zWu*^CA+D8L+8w=cbR(-xy!R1iOFd`sJ*Bw8&JsI)dB4iWY2v1&jQ6niH_+gyQ^qy1 zZWWwx<3dqmlf*9XdH~}WST-qzZM<)F$*vGxu07Yw9};Ij66flbfOtM#g-+0;PR*Rc zw~od1%*c~|4h?IW`rPWk@(tbxag_2gom+o1>iV%JgPRr2q{~5pmVJTbzU(eS7Rtw% zFGTIwsnO!X3D&z){qJ!6o)aegnmu_G=euXCquCHI@H=I62#M0SWt%C>>X@VO_qDSh zuxc}%*5}dIw{uJsD{A7jho7D!6(#K5*JDEYZBzL9p0Y||vnn@vJ!<2uZoX}3F(%<| zq>w+$urbwpct&|ry-d|})L@~`x#jplw`lGH=E&%eK?Z=O6(o$J*pCxxH;++sdT`1% zu^+TD{U