"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Josh Rickmar <openbsd+lists@zettaport.com>
Subject:
prevent got from creating unsigned tags when the key file is missing
To:
gameoftrees@openbsd.org
Date:
Sat, 2 Jul 2022 18:16:43 -0400

Download raw body.

Thread
If anyone asks, I don't know why ssh-keygen(1) is printing a CRLF for
the missing key message to stderr.

-----------------------------------------------
commit d21e91bdff17f707f5c492042baa2c2a6cbcf578 (missing_key)
from: Josh Rickmar <jrick@zettaport.com>
date: Sat Jul  2 22:14:04 2022 UTC
 
 fix tag signing when the key file does not exist
 
 This should fail without creating any tag.  Before, ssh-keygen(1)
 would print an error to stderr, but got would create an unsigned tag.
 
diff 4d5ee9564a9e46a1f634f619833c62f636cfbdc1 d21e91bdff17f707f5c492042baa2c2a6cbcf578
commit - 4d5ee9564a9e46a1f634f619833c62f636cfbdc1
commit + d21e91bdff17f707f5c492042baa2c2a6cbcf578
blob - 6feb1c3bbdd91673897061cb3ccbd9c80799d101
blob + a36f53457cad96d1bb25386660010bda0d14b278
--- got/got.c
+++ got/got.c
@@ -7214,7 +7214,7 @@ done:
 static const struct got_error *
 add_tag(struct got_repository *repo, const char *tagger,
     const char *tag_name, const char *commit_arg, const char *tagmsg_arg,
-    const char *key_file, int verbosity)
+    const char *signer_id, int verbosity)
 {
 	const struct got_error *err = NULL;
 	struct got_object_id *commit_id = NULL, *tag_id = NULL;
@@ -7280,7 +7280,7 @@ add_tag(struct got_repository *repo, const char *tagge
 	}
 
 	err = got_object_tag_create(&tag_id, tag_name, commit_id,
-	    tagger, time(NULL), tagmsg ? tagmsg : tagmsg_arg, key_file, repo,
+	    tagger, time(NULL), tagmsg ? tagmsg : tagmsg_arg, signer_id, repo,
 	    verbosity);
 	if (err) {
 		if (tagmsg_path)
blob - 4bfaed588e2d81e1b0578a939dd96553de6bc11b
blob + 9dcd5b85b181ee63d76a75bf16c9ae0dc46aaa26
--- include/got_error.h
+++ include/got_error.h
@@ -171,6 +171,7 @@
 #define GOT_ERR_PIN_PACK	153
 #define GOT_ERR_BAD_TAG_SIGNATURE 154
 #define GOT_ERR_VERIFY_TAG_SIGNATURE 155
+#define GOT_ERR_SIGNING_TAG	156
 
 struct got_error {
         int code;
blob - 3c092e61bab70845c184eb10f359eb6df3ee01ce
blob + bde78fabea00a9c132a5ec2ea937fc0665428986
--- lib/error.c
+++ lib/error.c
@@ -219,6 +219,7 @@ static const struct got_error got_errors[] = {
 	{ GOT_ERR_PIN_PACK, "could not pin pack file" },
 	{ GOT_ERR_BAD_TAG_SIGNATURE, "invalid tag signature" },
 	{ GOT_ERR_VERIFY_TAG_SIGNATURE, "cannot verify signature" },
+	{ GOT_ERR_SIGNING_TAG, "unable to sign tag" },
 };
 
 static struct got_custom_error {
blob - 8f33d6ba0309e1d8f43ef3b0c35b661bd6045211
blob + 2e773fde3898b103364cc053c27f666b78abea2d
--- lib/object_create.c
+++ lib/object_create.c
@@ -612,7 +612,7 @@ done:
 const struct got_error *
 got_object_tag_create(struct got_object_id **id,
     const char *tag_name, struct got_object_id *object_id, const char *tagger,
-    time_t tagger_time, const char *tagmsg, const char *key_file,
+    time_t tagger_time, const char *tagmsg, const char *signer_id,
     struct got_repository *repo, int verbosity)
 {
 	const struct got_error *err = NULL;
@@ -687,7 +687,7 @@ got_object_tag_create(struct got_object_id **id,
 	while (isspace((unsigned char)msg[0]))
 		msg++;
 
-	if (key_file) {
+	if (signer_id) {
 		FILE *out;
 		pid_t pid;
 		size_t len;
@@ -721,7 +721,7 @@ got_object_tag_create(struct got_object_id **id,
 		if (err)
 			goto done;
 
-		err = got_sigs_sign_tag_ssh(&pid, &in_fd, &out_fd, key_file,
+		err = got_sigs_sign_tag_ssh(&pid, &in_fd, &out_fd, signer_id,
 		    verbosity);
 		if (err)
 			goto done;
@@ -738,6 +738,10 @@ got_object_tag_create(struct got_object_id **id,
 			err = got_error_from_errno("waitpid");
 			goto done;
 		}
+		if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+			err = got_error(GOT_ERR_SIGNING_TAG);
+			goto done;
+		}
 
 		out = fdopen(out_fd, "r");
 		if (out == NULL) {
@@ -840,7 +844,7 @@ got_object_tag_create(struct got_object_id **id,
 	}
 	tagsize += n;
 
-	if (key_file && buf_len(buf) > 0) {
+	if (signer_id && buf_len(buf) > 0) {
 		len = buf_len(buf);
 		SHA1Update(&sha1_ctx, buf_get(buf), len);
 		n = fwrite(buf_get(buf), 1, len, tagfile);
blob - b39af2be74c1e13b37e5bb89219e62eed8046e23
blob + 4e419b6cf54d84e3a2f5547f84bacb65e3f5c5dc
--- regress/cmdline/tag.sh
+++ regress/cmdline/tag.sh
@@ -417,8 +417,46 @@ test_tag_create_ssh_signed() {
 	test_done "$testroot" "$ret"
 }
 
+test_tag_create_ssh_signed_missing_key() {
+	local testroot=`test_init tag_create`
+	local commit_id=`git_show_head $testroot/repo`
+	local tag=1.0.0
+
+	# Fail to create a signed tag due to a missing SSH key
+	got tag -s $testroot/bogus -m 'test' -r $testroot/repo \
+		-c HEAD	$tag > $testroot/stdout 2> $testroot/stderr
+	ret=$?
+	if [ $ret -eq 0 ]; then
+		echo "got tag command succeeded unexpectedly"
+		test_done "$testroot" 1
+		return 1
+	fi
+	
+	got ref -r $testroot/repo -l > $testroot/stdout
+	echo "HEAD: refs/heads/master" > $testroot/stdout.expected
+	echo "refs/heads/master: $commit_id" >> $testroot/stdout.expected
+	cmp -s $testroot/stdout $testroot/stdout.expected
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		diff -u $testroot/stdout.expected $testroot/stdout
+		test_done "$testroot" "$ret"
+		return 1
+	fi
+	echo "Couldn't load public key $testroot/bogus: No such file or directory
+"\
+		>> $testroot/stderr.expected
+	echo "got: unable to sign tag" >> $testroot/stderr.expected
+	cmp -s $testroot/stderr $testroot/stderr.expected
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		diff -u $testroot/stderr.expected $testroot/stderr
+	fi
+	test_done "$testroot" "$ret"
+}
+
 test_parseargs "$@"
 run_test test_tag_create
 run_test test_tag_list
 run_test test_tag_list_lightweight
 run_test test_tag_create_ssh_signed
+run_test test_tag_create_ssh_signed_missing_key