mirror of https://github.com/go-gitea/gitea.git
Merge 9b7585c673
into bb0e4ce581
This commit is contained in:
commit
9ad4f4f53a
|
@ -0,0 +1,39 @@
|
|||
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package rpm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/packages"
|
||||
|
||||
"github.com/sassoftware/go-rpmutils"
|
||||
"golang.org/x/crypto/openpgp"
|
||||
)
|
||||
|
||||
func SignPackage(rpm *packages.HashedBuffer, privateKey string) (io.Reader, int64, error) {
|
||||
keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewReader([]byte(privateKey)))
|
||||
if err != nil {
|
||||
// failed to parse key
|
||||
return nil, 0, err
|
||||
}
|
||||
entity := keyring[0]
|
||||
h, err := rpmutils.SignRpmStream(rpm, entity.PrivateKey, nil)
|
||||
if err != nil {
|
||||
// error signing rpm
|
||||
return nil, 0, err
|
||||
}
|
||||
signBlob, err := h.DumpSignatureHeader(false)
|
||||
if err != nil {
|
||||
// error writing sig header
|
||||
return nil, 0, err
|
||||
}
|
||||
if len(signBlob)%8 != 0 {
|
||||
log.Info("incorrect padding: got %d bytes, expected a multiple of 8", len(signBlob))
|
||||
return nil, 0, err
|
||||
}
|
||||
return bytes.NewReader(signBlob), int64(h.OriginalSignatureHeaderSize()), nil
|
||||
}
|
|
@ -133,7 +133,30 @@ func UploadPackageFile(ctx *context.Context) {
|
|||
}
|
||||
defer buf.Close()
|
||||
|
||||
pck, err := rpm_module.ParsePackage(buf)
|
||||
pri, _, err := rpm_service.GetOrCreateKeyPair(ctx.Package.Owner.ID)
|
||||
if err != nil {
|
||||
apiError(ctx, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
hBuf, seek, err := rpm_module.SignPackage(buf, pri)
|
||||
if _, err := buf.Seek(seek, io.SeekStart); err != nil {
|
||||
apiError(ctx, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
signBuf, err := packages_module.CreateHashedBufferFromReader(io.MultiReader(hBuf, buf))
|
||||
if err != nil {
|
||||
apiError(ctx, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
|
||||
defer signBuf.Close()
|
||||
|
||||
if _, err := signBuf.Seek(0, io.SeekStart); err != nil {
|
||||
apiError(ctx, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
|
||||
pck, err := rpm_module.ParsePackage(signBuf)
|
||||
if err != nil {
|
||||
if errors.Is(err, util.ErrInvalidArgument) {
|
||||
apiError(ctx, http.StatusBadRequest, err)
|
||||
|
@ -142,8 +165,7 @@ func UploadPackageFile(ctx *context.Context) {
|
|||
}
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := buf.Seek(0, io.SeekStart); err != nil {
|
||||
if _, err := signBuf.Seek(0, io.SeekStart); err != nil {
|
||||
apiError(ctx, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
|
@ -172,7 +194,7 @@ func UploadPackageFile(ctx *context.Context) {
|
|||
CompositeKey: group,
|
||||
},
|
||||
Creator: ctx.Doer,
|
||||
Data: buf,
|
||||
Data: signBuf,
|
||||
IsLead: true,
|
||||
Properties: map[string]string{
|
||||
rpm_module.PropertyGroup: group,
|
||||
|
|
Loading…
Reference in New Issue