Remove shared cred p12 from the archive after provisioning

[pattivacek]

It should never be needed again and presents a potential security risk if left available for an attacker who gains access to the device.

Also remove treehub.json. It shouldn't be there in the first place, but in the distant past it was often accidentally left there.

There is now an explicit config option to prevent this behavior if you don't want it, which should only be used for tests. Set provision.mode = "SharedCredReuse" to use that.

[codecov-commenter]

Codecov Report

Merging #1697 into master will decrease coverage by 1.06%.
The diff coverage is 60.40%.

@@            Coverage Diff             @@
##           master    #1697      +/-   ##
==========================================
- Coverage   76.57%   75.50%   -1.07%     
==========================================
  Files         195      195              
  Lines       13353    13642     +289     
==========================================
+ Hits        10225    10301      +76     
- Misses       3128     3341     +213     

Impacted Files	Coverage Δ
src/libaktualizr/config/config.h	50.00% <ø> (-50.00%)	⬇️
src/libaktualizr/utilities/utils.h	60.86% <ø> (-32.47%)	⬇️
src/libaktualizr/bootstrap/bootstrap.cc	57.77% <25.00%> (ø)
src/libaktualizr/config/config.cc	74.67% <58.53%> (-19.60%)	⬇️
src/libaktualizr/utilities/utils.cc	71.14% <62.92%> (-13.67%)	⬇️
src/libaktualizr/primary/initializer.cc	76.23% <70.00%> (-13.99%)	⬇️
...baktualizr-c/test/api-test-utils/api-test-utils.cc	85.71% <100.00%> (-10.12%)	⬇️
... and 10 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d706a54...a6758dc. Read the comment docs.

[eu-siemann]

Would it make sense to fail early if provision.provision_path.empty()? Probably, doesn't matter, really

[pattivacek]

You mean if using shared creds but the path is empty? Maybe, but it will fail during initialization anyway. Also, nothing would stop you from still importing device creds even if you claim you want to use shared creds (I think). And if you've already provisioned and you get the URL from elsewhere, technically you don't need to keep the provisioning path configured; it'll never get used again.

[eu-siemann]

Don't we need archive_read_free here?

[pattivacek]

Yep, good call. I did some RAII cleanup to this code and it should be better now. Also rebased.

[eu-siemann]

Cool! I always forget that we have StructGuard for such cases.

[eu-siemann]

Overall looks good!

[kbushgit]

Should we also add this call to try-catch block

[pattivacek]

I don't think so; it should succeed. treehub.json is in a try-catch because normally it should fail; that file should not be there.

[kbushgit]

I would prefer to return bool value in case of entry wasn't found in the archive, instead of throwing an exception

[pattivacek]

To be honest, I just copied the style of the existing functions readFileFromArchive and writeArchive. I think consistency is good, and I don't see a compelling reason to prefer error codes over exceptions. Can you explain your preference?

[pattivacek]

I don't understand why the github CI job is failing; I fixed the problem and it works on my laptop. The line it is quoting as failing has been fixed; you can compare it with the actual code here.