Merge pull request #1913 from SomtochiAma/gpg-signing

Add check for empty gpg key ring path
pull/1907/head
Stefan Prodan 3 years ago committed by GitHub
commit d9414f25d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -68,9 +68,9 @@ type bootstrapFlags struct {
authorName string authorName string
authorEmail string authorEmail string
gpgKeyPath string gpgKeyRingPath string
gpgPassphrase string gpgPassphrase string
gpgKeyID string gpgKeyID string
commitMessageAppendix string commitMessageAppendix string
} }
@ -123,8 +123,8 @@ func init() {
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.authorName, "author-name", "Flux", "author name for Git commits") bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.authorName, "author-name", "Flux", "author name for Git commits")
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.authorEmail, "author-email", "", "author email for Git commits") bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.authorEmail, "author-email", "", "author email for Git commits")
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.gpgKeyPath, "gpg-key", "", "path to secret gpg key for signing commits") bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.gpgKeyRingPath, "gpg-key-ring", "", "path to GPG key ring for signing commits")
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.gpgPassphrase, "gpg-passphrase", "", "passphrase for decrypting secret gpg key") bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.gpgPassphrase, "gpg-passphrase", "", "passphrase for decrypting GPG private key")
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.gpgKeyID, "gpg-key-id", "", "key id for selecting a particular key") bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.gpgKeyID, "gpg-key-id", "", "key id for selecting a particular key")
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.commitMessageAppendix, "commit-message-appendix", "", "string to add to the commit messages, e.g. '[ci skip]'") bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.commitMessageAppendix, "commit-message-appendix", "", "string to add to the commit messages, e.g. '[ci skip]'")

@ -224,7 +224,7 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
bootstrap.WithPostGenerateSecretFunc(promptPublicKey), bootstrap.WithPostGenerateSecretFunc(promptPublicKey),
bootstrap.WithLogger(logger), bootstrap.WithLogger(logger),
bootstrap.WithCABundle(caBundle), bootstrap.WithCABundle(caBundle),
bootstrap.WithGitCommitSigning(bootstrapArgs.gpgKeyPath, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID), bootstrap.WithGitCommitSigning(bootstrapArgs.gpgKeyRingPath, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID),
} }
// Setup bootstrapper with constructed configs // Setup bootstrapper with constructed configs

@ -53,9 +53,9 @@ type PlainGitBootstrapper struct {
author git.Author author git.Author
commitMessageAppendix string commitMessageAppendix string
gpgKeyPath string gpgKeyRingPath string
gpgPassphrase string gpgPassphrase string
gpgKeyID string gpgKeyID string
kubeconfig string kubeconfig string
kubecontext string kubecontext string
@ -146,7 +146,7 @@ func (b *PlainGitBootstrapper) ReconcileComponents(ctx context.Context, manifest
} }
// Git commit generated // Git commit generated
gpgOpts := git.WithGpgSigningOption(b.gpgKeyPath, b.gpgPassphrase, b.gpgKeyID) gpgOpts := git.WithGpgSigningOption(b.gpgKeyRingPath, b.gpgPassphrase, b.gpgKeyID)
commitMsg := fmt.Sprintf("Add Flux %s component manifests", options.Version) commitMsg := fmt.Sprintf("Add Flux %s component manifests", options.Version)
if b.commitMessageAppendix != "" { if b.commitMessageAppendix != "" {
commitMsg = commitMsg + "\n\n" + b.commitMessageAppendix commitMsg = commitMsg + "\n\n" + b.commitMessageAppendix
@ -311,7 +311,7 @@ func (b *PlainGitBootstrapper) ReconcileSyncConfig(ctx context.Context, options
b.logger.Successf("generated sync manifests") b.logger.Successf("generated sync manifests")
// Git commit generated // Git commit generated
gpgOpts := git.WithGpgSigningOption(b.gpgKeyPath, b.gpgPassphrase, b.gpgKeyID) gpgOpts := git.WithGpgSigningOption(b.gpgKeyRingPath, b.gpgPassphrase, b.gpgKeyID)
commitMsg := fmt.Sprintf("Add Flux sync manifests") commitMsg := fmt.Sprintf("Add Flux sync manifests")
if b.commitMessageAppendix != "" { if b.commitMessageAppendix != "" {
commitMsg = commitMsg + "\n\n" + b.commitMessageAppendix commitMsg = commitMsg + "\n\n" + b.commitMessageAppendix

@ -13,9 +13,9 @@ type CommitOptions struct {
// GPGSigningInfo contains information for signing a commit. // GPGSigningInfo contains information for signing a commit.
type GPGSigningInfo struct { type GPGSigningInfo struct {
PrivateKeyPath string KeyRingPath string
Passphrase string Passphrase string
KeyID string KeyID string
} }
type GpgSigningOption struct { type GpgSigningOption struct {
@ -27,11 +27,16 @@ func (w GpgSigningOption) ApplyToCommit(in *CommitOptions) {
} }
func WithGpgSigningOption(path, passphrase, keyID string) Option { func WithGpgSigningOption(path, passphrase, keyID string) Option {
// Return nil if no path is set, even if other options are configured.
if path == "" {
return GpgSigningOption{}
}
return GpgSigningOption{ return GpgSigningOption{
GPGSigningInfo: &GPGSigningInfo{ GPGSigningInfo: &GPGSigningInfo{
PrivateKeyPath: path, KeyRingPath: path,
Passphrase: passphrase, Passphrase: passphrase,
KeyID: keyID, KeyID: keyID,
}, },
} }
} }

@ -258,9 +258,9 @@ func isRemoteBranchNotFoundErr(err error, ref string) bool {
} }
func getOpenPgpEntity(info git.GPGSigningInfo) (*openpgp.Entity, error) { func getOpenPgpEntity(info git.GPGSigningInfo) (*openpgp.Entity, error) {
r, err := os.Open(info.PrivateKeyPath) r, err := os.Open(info.KeyRingPath)
if err != nil { if err != nil {
return nil, err return nil, fmt.Errorf("unable to open GPG key ring: %w", err)
} }
entityList, err := openpgp.ReadKeyRing(r) entityList, err := openpgp.ReadKeyRing(r)
@ -269,7 +269,7 @@ func getOpenPgpEntity(info git.GPGSigningInfo) (*openpgp.Entity, error) {
} }
if len(entityList) == 0 { if len(entityList) == 0 {
return nil, fmt.Errorf("no entity formed") return nil, fmt.Errorf("empty GPG key ring")
} }
var entity *openpgp.Entity var entity *openpgp.Entity
@ -281,7 +281,7 @@ func getOpenPgpEntity(info git.GPGSigningInfo) (*openpgp.Entity, error) {
} }
if entity == nil { if entity == nil {
return nil, fmt.Errorf("no key matching the key id was found") return nil, fmt.Errorf("no GPG private key matching key id '%s' found", info.KeyID)
} }
} else { } else {
entity = entityList[0] entity = entityList[0]
@ -289,7 +289,7 @@ func getOpenPgpEntity(info git.GPGSigningInfo) (*openpgp.Entity, error) {
err = entity.PrivateKey.Decrypt([]byte(info.Passphrase)) err = entity.PrivateKey.Decrypt([]byte(info.Passphrase))
if err != nil { if err != nil {
return nil, err return nil, fmt.Errorf("unable to decrypt GPG private key: %w", err)
} }
return entity, nil return entity, nil

@ -49,9 +49,9 @@ func TestGetOpenPgpEntity(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
gpgInfo := git.GPGSigningInfo{ gpgInfo := git.GPGSigningInfo{
PrivateKeyPath: tt.keyPath, KeyRingPath: tt.keyPath,
Passphrase: tt.passphrase, Passphrase: tt.passphrase,
KeyID: tt.id, KeyID: tt.id,
} }
_, err := getOpenPgpEntity(gpgInfo) _, err := getOpenPgpEntity(gpgInfo)

@ -115,21 +115,21 @@ func (o loggerOption) applyGitProvider(b *GitProviderBootstrapper) {
func WithGitCommitSigning(path, passphrase, keyID string) Option { func WithGitCommitSigning(path, passphrase, keyID string) Option {
return gitCommitSigningOption{ return gitCommitSigningOption{
gpgKeyPath: path, gpgKeyRingPath: path,
gpgPassphrase: passphrase, gpgPassphrase: passphrase,
gpgKeyID: keyID, gpgKeyID: keyID,
} }
} }
type gitCommitSigningOption struct { type gitCommitSigningOption struct {
gpgKeyPath string gpgKeyRingPath string
gpgPassphrase string gpgPassphrase string
gpgKeyID string gpgKeyID string
} }
func (o gitCommitSigningOption) applyGit(b *PlainGitBootstrapper) { func (o gitCommitSigningOption) applyGit(b *PlainGitBootstrapper) {
b.gpgKeyRingPath = o.gpgKeyRingPath
b.gpgPassphrase = o.gpgPassphrase b.gpgPassphrase = o.gpgPassphrase
b.gpgKeyPath = o.gpgKeyPath
b.gpgKeyID = o.gpgKeyID b.gpgKeyID = o.gpgKeyID
} }

Loading…
Cancel
Save