From 8a0cb0bcf5dc6a3f4451d785ae68faff4ccd9da8 Mon Sep 17 00:00:00 2001 From: Manish Kumar Singh Date: Fri, 13 Dec 2024 07:31:20 +0000 Subject: [PATCH] add root command to list unverified upstream sources This new root command is part of the `stest` and is designed to list all upstream sources with the `skip-check` flag set to `true`. - If `-p ` is specified, it lists unverified sources for the specified package. - Otherwise, it lists all unverified upstream sources in the repository. The output is written to: `/dest/code.arista.io/eos/eext/{rep}/{package}.unverifiedSources.json`. This file will be included in the Barney snapshot build, enabling better tracking of unverified sources. --- cmd/list_unverified_sources.go | 29 ++++++++++ impl/list_unverified_sources.go | 78 ++++++++++++++++++++++++++ impl/list_unverified_sources_test.go | 33 +++++++++++ impl/testData/unverified-src/eext.yaml | 25 +++++++++ 4 files changed, 165 insertions(+) create mode 100644 cmd/list_unverified_sources.go create mode 100644 impl/list_unverified_sources.go create mode 100644 impl/list_unverified_sources_test.go create mode 100644 impl/testData/unverified-src/eext.yaml diff --git a/cmd/list_unverified_sources.go b/cmd/list_unverified_sources.go new file mode 100644 index 0000000..15bf996 --- /dev/null +++ b/cmd/list_unverified_sources.go @@ -0,0 +1,29 @@ +// Copyright (c) 2022 Arista Networks, Inc. All rights reserved. +// Arista Networks, Inc. Confidential and Proprietary. + +package cmd + +import ( + "code.arista.io/eos/tools/eext/impl" + "github.com/spf13/cobra" +) + +// listUnverifiedSourcescmd represents the list-unverified-sources command +var listUnverifiedSourcescmd = &cobra.Command{ + Use: "list-unverified-sources", + Short: "list unverified upstream sources", + Long: `Checks for the upstream sources within package which don't have a valid signature check i.e, skip-check flag is true + and generates content hash for the upstream sources.`, + RunE: func(cmd *cobra.Command, args []string) error { + repo, _ := cmd.Flags().GetString("repo") + pkg, _ := cmd.Flags().GetString("package") + err := impl.ListUnverifiedSources(repo, pkg) + return err + }, +} + +func init() { + listUnverifiedSourcescmd.Flags().StringP("repo", "r", "", "Repository name (OPTIONAL)") + listUnverifiedSourcescmd.Flags().StringP("package", "p", "", "specify package name (OPTIONAL)") + rootCmd.AddCommand(listUnverifiedSourcescmd) +} diff --git a/impl/list_unverified_sources.go b/impl/list_unverified_sources.go new file mode 100644 index 0000000..1f8c1ed --- /dev/null +++ b/impl/list_unverified_sources.go @@ -0,0 +1,78 @@ +// Copyright (c) 2022 Arista Networks, Inc. All rights reserved. +// Arista Networks, Inc. Confidential and Proprietary. + +package impl + +import ( + "encoding/json" + "fmt" + "os" + "path/filepath" + "strings" + + "code.arista.io/eos/tools/eext/manifest" + "code.arista.io/eos/tools/eext/util" +) + +// ListUnverifiedSources lists all the upstream sources within a package +// which do not have valid signature check. For The upstream sources with +// `skip-check` flag as true content hash is generated +func ListUnverifiedSources(repo string, pkg string) error { + + // load the eext yaml + repoManifest, loadManifestErr := manifest.LoadManifest(repo) + if loadManifestErr != nil { + return loadManifestErr + } + curPath, _ := os.Getwd() + splittedCurPath := strings.Split(curPath, "/") + repoName := splittedCurPath[len(splittedCurPath)-1] + + var checkAllPackages bool = (pkg == "") + + // check for skip-check flag in thr manifest + for _, pkgSpec := range repoManifest.Package { + thisPkgName := pkgSpec.Name + + if !checkAllPackages && thisPkgName != pkg { + continue + } + errPrefix := util.ErrPrefix(fmt.Sprintf("listUnverifiedSources(%s)", thisPkgName)) + upstreamSources := []manifest.UpstreamSrc{} + + for _, upstreamSrcFromManifest := range pkgSpec.UpstreamSrc { + if !upstreamSrcFromManifest.Signature.SkipCheck { + continue + } + upstreamSources = append(upstreamSources, upstreamSrcFromManifest) + } + + if len(upstreamSources) == 0 { + return nil + } + + JsonUpstreamSrcHashes, err := json.MarshalIndent(upstreamSources, "", " ") + if err != nil { + return fmt.Errorf("%s unable to convert map to json \n errored with %s ", + errPrefix, err) + } + + upstreamInfoFile := fmt.Sprintf("/dest/code.arista.io/eos/eext/%s/%s/unVerifiedSources.json", repoName, thisPkgName) + upstreamInfoDir := filepath.Dir(upstreamInfoFile) + if err := os.MkdirAll(upstreamInfoDir, 0755); err != nil { + return fmt.Errorf("%s unable to create empty dir path \n errored with %s ", + errPrefix, err) + } + + if err := os.WriteFile(upstreamInfoFile, JsonUpstreamSrcHashes, 0777); err != nil { + return fmt.Errorf("%s unable to write to file \n errored with %s ", + errPrefix, err) + } + } + + // sudo eext list-unverified-sources -p pkg + // if skip-check is true download the upstream source + // calculate the sha-256 hash for the upstream source tarball + + return nil +} diff --git a/impl/list_unverified_sources_test.go b/impl/list_unverified_sources_test.go new file mode 100644 index 0000000..44b1890 --- /dev/null +++ b/impl/list_unverified_sources_test.go @@ -0,0 +1,33 @@ +// Copyright (c) 2023 Arista Networks, Inc. All rights reserved. +// Arista Networks, Inc. Confidential and Proprietary. + +//go:build containerized + +package impl + +import ( + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/require" +) + +func checkFileExists(filePath string) error { + _, err := os.Stat(filePath) + return err +} + +func TestListUnverifiedSources(t *testing.T) { + curPath, _ := os.Getwd() + repo := filepath.Join(curPath, "testData/unverified-src") + + ListUnverifiedSources(repo, "foo1") + filePath := "/dest/code.arista.io/eos/eext/impl/foo1/unVerifiedSources.json" + require.NotEqual(t, nil, checkFileExists(filePath)) + + ListUnverifiedSources(repo, "foo2") + filePath = "/dest/code.arista.io/eos/eext/impl/foo2/unVerifiedSources.json" + require.Equal(t, nil, checkFileExists(filePath)) + t.Log("TestListUnverifiedSources test Passed") +} diff --git a/impl/testData/unverified-src/eext.yaml b/impl/testData/unverified-src/eext.yaml new file mode 100644 index 0000000..6a3744a --- /dev/null +++ b/impl/testData/unverified-src/eext.yaml @@ -0,0 +1,25 @@ +--- +package: + - name: foo1 + upstream-sources: + - source-bundle: + name: srpm + override: + version: 1.7.7-1.fc40 + type: srpm + build: + repo-bundle: + - name: el9 + + - name: foo2 + upstream-sources: + - source-bundle: + name: srpm + override: + version: 1.7.7-1.fc40 + signature: + skip-check: true + type: srpm + build: + repo-bundle: + - name: el9