diff --git a/src/sota_tools/CMakeLists.txt b/src/sota_tools/CMakeLists.txt index a7e5ae0184..87a1ecbd49 100644 --- a/src/sota_tools/CMakeLists.txt +++ b/src/sota_tools/CMakeLists.txt @@ -317,7 +317,7 @@ if (BUILD_SOTA_TOOLS) add_test(NAME garage-deploy-online-signing COMMAND ${PROJECT_SOURCE_DIR}/tests/sota_tools/test-garage-deploy-online-signing $ WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}) - set_tests_properties(garage-deploy-online-signing PROPERTIES PASS_REGULAR_EXPRESSION "Online signing with garage-deploy is currently unsupported") + set_tests_properties(garage-deploy-online-signing PROPERTIES PASS_REGULAR_EXPRESSION "Provided push credentials are missing required components to sign Targets metadata") # Abort if destination server is unavailable. add_test(NAME garage-deploy-upload-failed diff --git a/src/sota_tools/deploy.cc b/src/sota_tools/deploy.cc index e789d3f5dd..9277777475 100644 --- a/src/sota_tools/deploy.cc +++ b/src/sota_tools/deploy.cc @@ -23,15 +23,9 @@ bool CheckPoolState(const OSTreeObject::ptr &root_object, const RequestPool &req } } -bool UploadToTreehub(const OSTreeRepo::ptr &src_repo, const ServerCredentials &push_credentials, - const OSTreeHash &ostree_commit, const std::string &cacerts, const RunMode mode, - const int max_curl_requests) { - TreehubServer push_server; +bool UploadToTreehub(const OSTreeRepo::ptr &src_repo, TreehubServer &push_server, const OSTreeHash &ostree_commit, + const RunMode mode, const int max_curl_requests) { assert(max_curl_requests > 0); - if (authenticate(cacerts, push_credentials, push_server) != EXIT_SUCCESS) { - LOG_FATAL << "Authentication failed"; - return false; - } OSTreeObject::ptr root_object; try { diff --git a/src/sota_tools/deploy.h b/src/sota_tools/deploy.h index d54078418d..f257122304 100644 --- a/src/sota_tools/deploy.h +++ b/src/sota_tools/deploy.h @@ -21,14 +21,13 @@ bool CheckPoolState(const OSTreeObject::ptr& root_object, const RequestPool& req * \param src_repo Maybe either a OSTreeDirRepo (in which case the objects * are fetched from disk), or OSTreeHttpRepo (in which case * the objects will be pulled over https). - * \param push_credentials + * \param push_server * \param ostree_commit - * \param cacerts * \param mode * \param max_curl_requests */ -bool UploadToTreehub(const OSTreeRepo::ptr& src_repo, const ServerCredentials& push_credentials, - const OSTreeHash& ostree_commit, const std::string& cacerts, RunMode mode, int max_curl_requests); +bool UploadToTreehub(const OSTreeRepo::ptr& src_repo, TreehubServer& push_server, const OSTreeHash& ostree_commit, + RunMode mode, int max_curl_requests); /** * Use the garage-sign tool and the images targets.json keys in credentials.zip diff --git a/src/sota_tools/deploy_test.cc b/src/sota_tools/deploy_test.cc index e5dc25345c..fa0d405780 100644 --- a/src/sota_tools/deploy_test.cc +++ b/src/sota_tools/deploy_test.cc @@ -1,6 +1,8 @@ #include #include + +#include "authenticate.h" #include "crypto/crypto.h" #include "deploy.h" #include "garage_common.h" @@ -25,7 +27,9 @@ TEST(deploy, UploadToTreehub) { const uint8_t hash[32] = {0x16, 0xef, 0x2f, 0x26, 0x29, 0xdc, 0x92, 0x63, 0xfd, 0xf3, 0xc0, 0xf0, 0x32, 0x56, 0x3a, 0x2d, 0x75, 0x76, 0x23, 0xbb, 0xc1, 0x1c, 0xf9, 0x9d, 0xf2, 0x5c, 0x3c, 0x3f, 0x25, 0x8d, 0xcc, 0xbe}; - UploadToTreehub(src_repo, server_creds, OSTreeHash(hash), cert_path.string(), run_mode, 2); + TreehubServer push_server; + EXPECT_EQ(authenticate(cert_path.string(), server_creds, push_server), EXIT_SUCCESS); + UploadToTreehub(src_repo, push_server, OSTreeHash(hash), run_mode, 2); int result = system( (std::string("diff -r ") + (temp_dir.Path() / "objects/").string() + " tests/sota_tools/repo/objects/").c_str()); diff --git a/src/sota_tools/garage_check.cc b/src/sota_tools/garage_check.cc index e194900553..dfdb0da0ed 100644 --- a/src/sota_tools/garage_check.cc +++ b/src/sota_tools/garage_check.cc @@ -88,21 +88,12 @@ int main(int argc, char **argv) { mode = RunMode::kWalkTree; } - TreehubServer treehub; - if (cacerts != "") { - if (boost::filesystem::exists(cacerts)) { - treehub.ca_certs(cacerts); - } else { - LOG_FATAL << "--cacert path " << cacerts << " does not exist"; - return EXIT_FAILURE; - } - } - if (max_curl_requests < 1) { LOG_FATAL << "--jobs must be greater than 0"; return EXIT_FAILURE; } + TreehubServer treehub; if (authenticate(cacerts, ServerCredentials(credentials_path), treehub) != EXIT_SUCCESS) { LOG_FATAL << "Authentication failed"; return EXIT_FAILURE; diff --git a/src/sota_tools/garage_deploy.cc b/src/sota_tools/garage_deploy.cc index ac179b6597..daf083c491 100644 --- a/src/sota_tools/garage_deploy.cc +++ b/src/sota_tools/garage_deploy.cc @@ -92,40 +92,44 @@ int main(int argc, char **argv) { return EXIT_FAILURE; } - ServerCredentials push_credentials(push_cred); ServerCredentials fetch_credentials(fetch_cred); - TreehubServer fetch_server; if (authenticate(cacerts, fetch_credentials, fetch_server) != EXIT_SUCCESS) { - LOG_FATAL << "Authentication failed"; + LOG_FATAL << "Authentication with fetch server failed"; + return EXIT_FAILURE; + } + + ServerCredentials push_credentials(push_cred); + TreehubServer push_server; + if (authenticate(cacerts, push_credentials, push_server) != EXIT_SUCCESS) { + LOG_FATAL << "Authentication with push server failed"; return EXIT_FAILURE; } - OSTreeRepo::ptr src_repo = std::make_shared(&fetch_server); + OSTreeRepo::ptr src_repo = std::make_shared(&fetch_server); try { OSTreeHash commit(OSTreeHash::Parse(ostree_commit)); // Since the fetches happen on a single thread in OSTreeHttpRepo, there // isn't much reason to upload in parallel, but why hold the system back if // the fetching is faster than the uploading? - if (!UploadToTreehub(src_repo, push_credentials, commit, cacerts, mode, max_curl_requests)) { + if (!UploadToTreehub(src_repo, push_server, commit, mode, max_curl_requests)) { LOG_FATAL << "Upload to treehub failed"; return EXIT_FAILURE; } - if (mode == RunMode::kDefault) { - if (push_credentials.CanSignOffline()) { - bool ok = OfflineSignRepo(ServerCredentials(push_credentials.GetPathOnDisk()), name, commit, hardwareids); - if (ok) { - if (CheckRefValid(fetch_server, ostree_commit, mode, max_curl_requests) != EXIT_SUCCESS) { - LOG_FATAL << "Check if the ref is present on the server or in targets.json failed"; - return EXIT_FAILURE; - } - } else { - return EXIT_FAILURE; - } + if (mode == RunMode::kDefault || mode == RunMode::kPushTree) { + if (!push_credentials.CanSignOffline()) { + LOG_FATAL << "Provided push credentials are missing required components to sign Targets metadata."; + return EXIT_FAILURE; + } + if (!OfflineSignRepo(ServerCredentials(push_credentials.GetPathOnDisk()), name, commit, hardwareids)) { + return EXIT_FAILURE; + } + + if (CheckRefValid(push_server, ostree_commit, mode, max_curl_requests) != EXIT_SUCCESS) { + LOG_FATAL << "Check if the ref is present on the server or in targets.json failed"; + return EXIT_FAILURE; } - LOG_FATAL << "Online signing with garage-deploy is currently unsupported"; - return EXIT_FAILURE; } else { LOG_INFO << "Dry run. Not attempting offline signing."; } diff --git a/src/sota_tools/garage_push.cc b/src/sota_tools/garage_push.cc index ccd6ba2696..73aad97014 100644 --- a/src/sota_tools/garage_push.cc +++ b/src/sota_tools/garage_push.cc @@ -4,6 +4,7 @@ #include #include "accumulator.h" +#include "authenticate.h" #include "deploy.h" #include "garage_common.h" #include "garage_tools_version.h" @@ -112,8 +113,6 @@ int main(int argc, char **argv) { try { std::unique_ptr commit; bool is_ref = true; - - ServerCredentials push_credentials(credentials_path); OSTreeRef ostree_ref = src_repo->GetRef(ref); if (ostree_ref.IsValid()) { commit = std_::make_unique(ostree_ref.GetHash()); @@ -127,7 +126,13 @@ int main(int argc, char **argv) { is_ref = false; } - if (!UploadToTreehub(src_repo, push_credentials, *commit, cacerts, mode, max_curl_requests)) { + ServerCredentials push_credentials(credentials_path); + TreehubServer push_server; + if (authenticate(cacerts, push_credentials, push_server) != EXIT_SUCCESS) { + LOG_FATAL << "Authentication with push server failed"; + return EXIT_FAILURE; + } + if (!UploadToTreehub(src_repo, push_server, *commit, mode, max_curl_requests)) { LOG_FATAL << "Upload to treehub failed"; return EXIT_FAILURE; } diff --git a/src/sota_tools/ostree_http_repo_test.cc b/src/sota_tools/ostree_http_repo_test.cc index 92b334f3eb..3a3c896c14 100644 --- a/src/sota_tools/ostree_http_repo_test.cc +++ b/src/sota_tools/ostree_http_repo_test.cc @@ -2,6 +2,7 @@ #include +#include "authenticate.h" #include "deploy.h" #include "garage_common.h" #include "ostree_http_repo.h" @@ -92,7 +93,9 @@ TEST(http_repo, bad_connection) { boost::filesystem::path cert_path = "tests/fake_http_server/server.crt"; auto hash = OSTreeHash::Parse("b9ac1e45f9227df8ee191b6e51e09417bd36c6ebbeff999431e3073ac50f0563"); - UploadToTreehub(src_repo, ServerCredentials(filepath), hash, cert_path.string(), RunMode::kDefault, 1); + TreehubServer push_server; + EXPECT_EQ(authenticate(cert_path.string(), ServerCredentials(filepath), push_server), EXIT_SUCCESS); + UploadToTreehub(src_repo, push_server, hash, RunMode::kDefault, 1); std::string diff("diff -r "); std::string src_path((src_dir.Path() / "objects").string() + " ");