prevent got from creating unsigned tags when the key file is missing

If anyone asks, I don't know why ssh-keygen(1) is printing a CRLF for the missing key message to stderr. ----------------------------------------------- commit d21e91bdff17f707f5c492042baa2c2a6cbcf578 (missing_key) from: Josh Rickmar <jrick@zettaport.com> date: Sat Jul 2 22:14:04 2022 UTC fix tag signing when the key file does not exist This should fail without creating any tag. Before, ssh-keygen(1) would print an error to stderr, but got would create an unsigned tag. diff 4d5ee9564a9e46a1f634f619833c62f636cfbdc1 d21e91bdff17f707f5c492042baa2c2a6cbcf578 commit - 4d5ee9564a9e46a1f634f619833c62f636cfbdc1 commit + d21e91bdff17f707f5c492042baa2c2a6cbcf578 blob - 6feb1c3bbdd91673897061cb3ccbd9c80799d101 blob + a36f53457cad96d1bb25386660010bda0d14b278 --- got/got.c +++ got/got.c @@ -7214,7 +7214,7 @@ done: static const struct got_error * add_tag(struct got_repository *repo, const char *tagger, const char *tag_name, const char *commit_arg, const char *tagmsg_arg, - const char *key_file, int verbosity) + const char *signer_id, int verbosity) { const struct got_error *err = NULL; struct got_object_id *commit_id = NULL, *tag_id = NULL; @@ -7280,7 +7280,7 @@ add_tag(struct got_repository *repo, const char *tagge } err = got_object_tag_create(&tag_id, tag_name, commit_id, - tagger, time(NULL), tagmsg ? tagmsg : tagmsg_arg, key_file, repo, + tagger, time(NULL), tagmsg ? tagmsg : tagmsg_arg, signer_id, repo, verbosity); if (err) { if (tagmsg_path) blob - 4bfaed588e2d81e1b0578a939dd96553de6bc11b blob + 9dcd5b85b181ee63d76a75bf16c9ae0dc46aaa26 --- include/got_error.h +++ include/got_error.h @@ -171,6 +171,7 @@ #define GOT_ERR_PIN_PACK 153 #define GOT_ERR_BAD_TAG_SIGNATURE 154 #define GOT_ERR_VERIFY_TAG_SIGNATURE 155 +#define GOT_ERR_SIGNING_TAG 156 struct got_error { int code; blob - 3c092e61bab70845c184eb10f359eb6df3ee01ce blob + bde78fabea00a9c132a5ec2ea937fc0665428986 --- lib/error.c +++ lib/error.c @@ -219,6 +219,7 @@ static const struct got_error got_errors[] = { { GOT_ERR_PIN_PACK, "could not pin pack file" }, { GOT_ERR_BAD_TAG_SIGNATURE, "invalid tag signature" }, { GOT_ERR_VERIFY_TAG_SIGNATURE, "cannot verify signature" }, + { GOT_ERR_SIGNING_TAG, "unable to sign tag" }, }; static struct got_custom_error { blob - 8f33d6ba0309e1d8f43ef3b0c35b661bd6045211 blob + 2e773fde3898b103364cc053c27f666b78abea2d --- lib/object_create.c +++ lib/object_create.c @@ -612,7 +612,7 @@ done: const struct got_error * got_object_tag_create(struct got_object_id **id, const char *tag_name, struct got_object_id *object_id, const char *tagger, - time_t tagger_time, const char *tagmsg, const char *key_file, + time_t tagger_time, const char *tagmsg, const char *signer_id, struct got_repository *repo, int verbosity) { const struct got_error *err = NULL; @@ -687,7 +687,7 @@ got_object_tag_create(struct got_object_id **id, while (isspace((unsigned char)msg[0])) msg++; - if (key_file) { + if (signer_id) { FILE *out; pid_t pid; size_t len; @@ -721,7 +721,7 @@ got_object_tag_create(struct got_object_id **id, if (err) goto done; - err = got_sigs_sign_tag_ssh(&pid, &in_fd, &out_fd, key_file, + err = got_sigs_sign_tag_ssh(&pid, &in_fd, &out_fd, signer_id, verbosity); if (err) goto done; @@ -738,6 +738,10 @@ got_object_tag_create(struct got_object_id **id, err = got_error_from_errno("waitpid"); goto done; } + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + err = got_error(GOT_ERR_SIGNING_TAG); + goto done; + } out = fdopen(out_fd, "r"); if (out == NULL) { @@ -840,7 +844,7 @@ got_object_tag_create(struct got_object_id **id, } tagsize += n; - if (key_file && buf_len(buf) > 0) { + if (signer_id && buf_len(buf) > 0) { len = buf_len(buf); SHA1Update(&sha1_ctx, buf_get(buf), len); n = fwrite(buf_get(buf), 1, len, tagfile); blob - b39af2be74c1e13b37e5bb89219e62eed8046e23 blob + 4e419b6cf54d84e3a2f5547f84bacb65e3f5c5dc --- regress/cmdline/tag.sh +++ regress/cmdline/tag.sh @@ -417,8 +417,46 @@ test_tag_create_ssh_signed() { test_done "$testroot" "$ret" } +test_tag_create_ssh_signed_missing_key() { + local testroot=`test_init tag_create` + local commit_id=`git_show_head $testroot/repo` + local tag=1.0.0 + + # Fail to create a signed tag due to a missing SSH key + got tag -s $testroot/bogus -m 'test' -r $testroot/repo \ + -c HEAD $tag > $testroot/stdout 2> $testroot/stderr + ret=$? + if [ $ret -eq 0 ]; then + echo "got tag command succeeded unexpectedly" + test_done "$testroot" 1 + return 1 + fi + + got ref -r $testroot/repo -l > $testroot/stdout + echo "HEAD: refs/heads/master" > $testroot/stdout.expected + echo "refs/heads/master: $commit_id" >> $testroot/stdout.expected + cmp -s $testroot/stdout $testroot/stdout.expected + ret=$? + if [ $ret -ne 0 ]; then + diff -u $testroot/stdout.expected $testroot/stdout + test_done "$testroot" "$ret" + return 1 + fi + echo "Couldn't load public key $testroot/bogus: No such file or directory +"\ + >> $testroot/stderr.expected + echo "got: unable to sign tag" >> $testroot/stderr.expected + cmp -s $testroot/stderr $testroot/stderr.expected + ret=$? + if [ $ret -ne 0 ]; then + diff -u $testroot/stderr.expected $testroot/stderr + fi + test_done "$testroot" "$ret" +} + test_parseargs "$@" run_test test_tag_create run_test test_tag_list run_test test_tag_list_lightweight run_test test_tag_create_ssh_signed +run_test test_tag_create_ssh_signed_missing_key

2022-07-02 22:16 Josh Rickmar:
prevent got from creating unsigned tags when the key file is missing
- 2022-07-03 08:08 Omar Polo:
  prevent got from creating unsigned tags when the key file is missing
- - 2022-07-03 08:30 Omar Polo:
    prevent got from creating unsigned tags when the key file is missing