advancedtelematic · pattivacek · Sep 12, 2019 · Sep 11, 2019 · Sep 11, 2019 · Sep 11, 2019
diff --git a/src/sota_tools/CMakeLists.txt b/src/sota_tools/CMakeLists.txt
@@ -317,7 +317,7 @@ if (BUILD_SOTA_TOOLS)
     add_test(NAME garage-deploy-online-signing
     COMMAND ${PROJECT_SOURCE_DIR}/tests/sota_tools/test-garage-deploy-online-signing $<TARGET_FILE:garage-deploy>
     WORKING_DIRECTORY ${PROJECT_SOURCE_DIR})
-    set_tests_properties(garage-deploy-online-signing PROPERTIES PASS_REGULAR_EXPRESSION "Online signing with garage-deploy is currently unsupported")
+    set_tests_properties(garage-deploy-online-signing PROPERTIES PASS_REGULAR_EXPRESSION "Provided push credentials are missing required components to sign Targets metadata")
 
     # Abort if destination server is unavailable.
     add_test(NAME garage-deploy-upload-failed

diff --git a/src/sota_tools/deploy.cc b/src/sota_tools/deploy.cc
@@ -23,15 +23,9 @@ bool CheckPoolState(const OSTreeObject::ptr &root_object, const RequestPool &req
   }
 }
 
-bool UploadToTreehub(const OSTreeRepo::ptr &src_repo, const ServerCredentials &push_credentials,
-                     const OSTreeHash &ostree_commit, const std::string &cacerts, const RunMode mode,
-                     const int max_curl_requests) {
-  TreehubServer push_server;
+bool UploadToTreehub(const OSTreeRepo::ptr &src_repo, TreehubServer &push_server, const OSTreeHash &ostree_commit,
+                     const RunMode mode, const int max_curl_requests) {
   assert(max_curl_requests > 0);
-  if (authenticate(cacerts, push_credentials, push_server) != EXIT_SUCCESS) {
-    LOG_FATAL << "Authentication failed";
-    return false;
-  }
 
   OSTreeObject::ptr root_object;
   try {

diff --git a/src/sota_tools/deploy.h b/src/sota_tools/deploy.h
@@ -21,14 +21,13 @@ bool CheckPoolState(const OSTreeObject::ptr& root_object, const RequestPool& req
  * \param src_repo Maybe either a OSTreeDirRepo (in which case the objects
  *                 are fetched from disk), or OSTreeHttpRepo (in which case
  *                 the objects will be pulled over https).
- * \param push_credentials
+ * \param push_server
  * \param ostree_commit
- * \param cacerts
  * \param mode
  * \param max_curl_requests
  */
-bool UploadToTreehub(const OSTreeRepo::ptr& src_repo, const ServerCredentials& push_credentials,
-                     const OSTreeHash& ostree_commit, const std::string& cacerts, RunMode mode, int max_curl_requests);
+bool UploadToTreehub(const OSTreeRepo::ptr& src_repo, TreehubServer& push_server, const OSTreeHash& ostree_commit,
+                     RunMode mode, int max_curl_requests);
 
 /**
  * Use the garage-sign tool and the images targets.json keys in credentials.zip

diff --git a/src/sota_tools/deploy_test.cc b/src/sota_tools/deploy_test.cc
@@ -1,6 +1,8 @@
 #include <gtest/gtest.h>
 
 #include <boost/process.hpp>
+
+#include "authenticate.h"
 #include "crypto/crypto.h"
 #include "deploy.h"
 #include "garage_common.h"
@@ -25,7 +27,9 @@ TEST(deploy, UploadToTreehub) {
   const uint8_t hash[32] = {0x16, 0xef, 0x2f, 0x26, 0x29, 0xdc, 0x92, 0x63, 0xfd, 0xf3, 0xc0,
                             0xf0, 0x32, 0x56, 0x3a, 0x2d, 0x75, 0x76, 0x23, 0xbb, 0xc1, 0x1c,
                             0xf9, 0x9d, 0xf2, 0x5c, 0x3c, 0x3f, 0x25, 0x8d, 0xcc, 0xbe};
-  UploadToTreehub(src_repo, server_creds, OSTreeHash(hash), cert_path.string(), run_mode, 2);
+  TreehubServer push_server;
+  EXPECT_EQ(authenticate(cert_path.string(), server_creds, push_server), EXIT_SUCCESS);
+  UploadToTreehub(src_repo, push_server, OSTreeHash(hash), run_mode, 2);
 
   int result = system(
       (std::string("diff -r ") + (temp_dir.Path() / "objects/").string() + " tests/sota_tools/repo/objects/").c_str());

diff --git a/src/sota_tools/garage_check.cc b/src/sota_tools/garage_check.cc
@@ -88,21 +88,12 @@ int main(int argc, char **argv) {
       mode = RunMode::kWalkTree;
     }
 
-    TreehubServer treehub;
-    if (cacerts != "") {
-      if (boost::filesystem::exists(cacerts)) {
-        treehub.ca_certs(cacerts);
-      } else {
-        LOG_FATAL << "--cacert path " << cacerts << " does not exist";
-        return EXIT_FAILURE;
-      }
-    }
-
     if (max_curl_requests < 1) {
       LOG_FATAL << "--jobs must be greater than 0";
       return EXIT_FAILURE;
     }
 
+    TreehubServer treehub;
     if (authenticate(cacerts, ServerCredentials(credentials_path), treehub) != EXIT_SUCCESS) {
       LOG_FATAL << "Authentication failed";
       return EXIT_FAILURE;

diff --git a/src/sota_tools/garage_deploy.cc b/src/sota_tools/garage_deploy.cc
@@ -92,40 +92,44 @@ int main(int argc, char **argv) {
     return EXIT_FAILURE;
   }
 
-  ServerCredentials push_credentials(push_cred);
   ServerCredentials fetch_credentials(fetch_cred);
-
   TreehubServer fetch_server;
   if (authenticate(cacerts, fetch_credentials, fetch_server) != EXIT_SUCCESS) {
-    LOG_FATAL << "Authentication failed";
+    LOG_FATAL << "Authentication with fetch server failed";
+    return EXIT_FAILURE;
+  }
+
+  ServerCredentials push_credentials(push_cred);
+  TreehubServer push_server;
+  if (authenticate(cacerts, push_credentials, push_server) != EXIT_SUCCESS) {
+    LOG_FATAL << "Authentication with push server failed";
     return EXIT_FAILURE;
   }
-  OSTreeRepo::ptr src_repo = std::make_shared<OSTreeHttpRepo>(&fetch_server);
 
+  OSTreeRepo::ptr src_repo = std::make_shared<OSTreeHttpRepo>(&fetch_server);
   try {
     OSTreeHash commit(OSTreeHash::Parse(ostree_commit));
     // Since the fetches happen on a single thread in OSTreeHttpRepo, there
     // isn't much reason to upload in parallel, but why hold the system back if
     // the fetching is faster than the uploading?
-    if (!UploadToTreehub(src_repo, push_credentials, commit, cacerts, mode, max_curl_requests)) {
+    if (!UploadToTreehub(src_repo, push_server, commit, mode, max_curl_requests)) {
       LOG_FATAL << "Upload to treehub failed";
       return EXIT_FAILURE;
     }
 
-    if (mode == RunMode::kDefault) {
-      if (push_credentials.CanSignOffline()) {
-        bool ok = OfflineSignRepo(ServerCredentials(push_credentials.GetPathOnDisk()), name, commit, hardwareids);
-        if (ok) {
-          if (CheckRefValid(fetch_server, ostree_commit, mode, max_curl_requests) != EXIT_SUCCESS) {
-            LOG_FATAL << "Check if the ref is present on the server or in targets.json failed";
-            return EXIT_FAILURE;
-          }
-        } else {
-          return EXIT_FAILURE;
-        }
+    if (mode == RunMode::kDefault || mode == RunMode::kPushTree) {
+      if (!push_credentials.CanSignOffline()) {
+        LOG_FATAL << "Provided push credentials are missing required components to sign Targets metadata.";
+        return EXIT_FAILURE;
+      }
+      if (!OfflineSignRepo(ServerCredentials(push_credentials.GetPathOnDisk()), name, commit, hardwareids)) {
+        return EXIT_FAILURE;
+      }
+
+      if (CheckRefValid(push_server, ostree_commit, mode, max_curl_requests) != EXIT_SUCCESS) {
+        LOG_FATAL << "Check if the ref is present on the server or in targets.json failed";
+        return EXIT_FAILURE;
       }
-      LOG_FATAL << "Online signing with garage-deploy is currently unsupported";
-      return EXIT_FAILURE;
     } else {
       LOG_INFO << "Dry run. Not attempting offline signing.";
     }

diff --git a/src/sota_tools/garage_push.cc b/src/sota_tools/garage_push.cc
@@ -4,6 +4,7 @@
 #include <boost/program_options.hpp>
 
 #include "accumulator.h"
+#include "authenticate.h"
 #include "deploy.h"
 #include "garage_common.h"
 #include "garage_tools_version.h"
@@ -112,8 +113,6 @@ int main(int argc, char **argv) {
   try {
     std::unique_ptr<OSTreeHash> commit;
     bool is_ref = true;
-
-    ServerCredentials push_credentials(credentials_path);
     OSTreeRef ostree_ref = src_repo->GetRef(ref);
     if (ostree_ref.IsValid()) {
       commit = std_::make_unique<OSTreeHash>(ostree_ref.GetHash());
@@ -127,7 +126,13 @@ int main(int argc, char **argv) {
       is_ref = false;
     }
 
-    if (!UploadToTreehub(src_repo, push_credentials, *commit, cacerts, mode, max_curl_requests)) {
+    ServerCredentials push_credentials(credentials_path);
+    TreehubServer push_server;
+    if (authenticate(cacerts, push_credentials, push_server) != EXIT_SUCCESS) {
+      LOG_FATAL << "Authentication with push server failed";
+      return EXIT_FAILURE;
+    }
+    if (!UploadToTreehub(src_repo, push_server, *commit, mode, max_curl_requests)) {
       LOG_FATAL << "Upload to treehub failed";
       return EXIT_FAILURE;
     }

diff --git a/src/sota_tools/ostree_http_repo_test.cc b/src/sota_tools/ostree_http_repo_test.cc
@@ -2,6 +2,7 @@
 
 #include <boost/process.hpp>
 
+#include "authenticate.h"
 #include "deploy.h"
 #include "garage_common.h"
 #include "ostree_http_repo.h"
@@ -92,7 +93,9 @@ TEST(http_repo, bad_connection) {
   boost::filesystem::path cert_path = "tests/fake_http_server/server.crt";
 
   auto hash = OSTreeHash::Parse("b9ac1e45f9227df8ee191b6e51e09417bd36c6ebbeff999431e3073ac50f0563");
-  UploadToTreehub(src_repo, ServerCredentials(filepath), hash, cert_path.string(), RunMode::kDefault, 1);
+  TreehubServer push_server;
+  EXPECT_EQ(authenticate(cert_path.string(), ServerCredentials(filepath), push_server), EXIT_SUCCESS);
+  UploadToTreehub(src_repo, push_server, hash, RunMode::kDefault, 1);
 
   std::string diff("diff -r ");
   std::string src_path((src_dir.Path() / "objects").string() + " ");