From 4d820ecd0cd9441c70c9fc77214e6e297dd606d2 Mon Sep 17 00:00:00 2001 From: Manish Kumar Singh Date: Fri, 13 Dec 2024 07:31:20 +0000 Subject: [PATCH] add root command to list unverified upstream sources This new root command is part of the `stest` and is designed to list all upstream sources with the `skip-check` flag set to `true`. - If `-p ` is specified, it lists unverified sources for the specified package. - If not forund in repo, error is thrown The output is written to stdout This will enable better tracking of unverified sources. --- cmd/list_unverified_sources.go | 32 ++++++++++++ impl/list_unverified_sources.go | 58 +++++++++++++++++++++ impl/list_unverified_sources_test.go | 70 ++++++++++++++++++++++++++ impl/testData/unverified-src/eext.yaml | 25 +++++++++ 4 files changed, 185 insertions(+) create mode 100644 cmd/list_unverified_sources.go create mode 100644 impl/list_unverified_sources.go create mode 100644 impl/list_unverified_sources_test.go create mode 100644 impl/testData/unverified-src/eext.yaml diff --git a/cmd/list_unverified_sources.go b/cmd/list_unverified_sources.go new file mode 100644 index 0000000..668f025 --- /dev/null +++ b/cmd/list_unverified_sources.go @@ -0,0 +1,32 @@ +// Copyright (c) 2022 Arista Networks, Inc. All rights reserved. +// Arista Networks, Inc. Confidential and Proprietary. + +package cmd + +import ( + "code.arista.io/eos/tools/eext/impl" + "github.com/spf13/cobra" +) + +// listUnverifiedSourcesCmd represents the list-unverified-sources command +var listUnverifiedSourcesCmd = &cobra.Command{ + Use: "list-unverified-sources", + Short: "list unverified upstream sources", + Long: `Checks for the upstream sources within package which don't +have a valid signature check return prints the upstreamSrc +to stdout.`, + Args: cobra.ExactArgs(0), + RunE: func(cmd *cobra.Command, args []string) error { + repo, _ := cmd.Flags().GetString("repo") + pkg, _ := cmd.Flags().GetString("package") + err := impl.ListUnverifiedSources(repo, pkg) + return err + }, +} + +func init() { + listUnverifiedSourcesCmd.Flags().StringP("repo", "r", "", "Repository name (OPTIONAL)") + listUnverifiedSourcesCmd.Flags().StringP("package", "p", "", "specify package name (REQUIRED)") + listUnverifiedSourcesCmd.MarkFlagRequired("package") + rootCmd.AddCommand(listUnverifiedSourcesCmd) +} diff --git a/impl/list_unverified_sources.go b/impl/list_unverified_sources.go new file mode 100644 index 0000000..81afb97 --- /dev/null +++ b/impl/list_unverified_sources.go @@ -0,0 +1,58 @@ +// Copyright (c) 2022 Arista Networks, Inc. All rights reserved. +// Arista Networks, Inc. Confidential and Proprietary. + +package impl + +import ( + "fmt" + + "code.arista.io/eos/tools/eext/manifest" + "gopkg.in/yaml.v3" +) + +// fetch upstream sources from manifest +func getUpstreamSrcsWithSkipCheck(upstreamSrcManifest []manifest.UpstreamSrc) []manifest.UpstreamSrc { + upstreamSrcs := []manifest.UpstreamSrc{} + + for _, upstreamSrcFromManifest := range upstreamSrcManifest { + if upstreamSrcFromManifest.Signature.SkipCheck { + upstreamSrcs = append(upstreamSrcs, upstreamSrcFromManifest) + } + } + + return upstreamSrcs +} + +// ListUnverifiedSources lists all the upstream sources within a package +// which do not have valid signature check. +func ListUnverifiedSources(repo string, pkg string) error { + repoManifest, loadManifestErr := manifest.LoadManifest(repo) + if loadManifestErr != nil { + return loadManifestErr + } + + upstreamSources := []manifest.UpstreamSrc{} + pkgFound := false + for _, pkgSpec := range repoManifest.Package { + pkgName := pkgSpec.Name + if pkgName != pkg { + continue + } + pkgFound = true + upstreamSources = getUpstreamSrcsWithSkipCheck(pkgSpec.UpstreamSrc) + break + } + + if !pkgFound { + return fmt.Errorf("impl.ListUnVerifiedSources: '%s' package is not part of this repo", pkg) + } + + if len(upstreamSources) != 0 { + yamlUpstreamSources, err := yaml.Marshal(upstreamSources) + if err != nil { + return fmt.Errorf("impl.ListUnVerifiedSources: '%s' unmarshaling yaml", err) + } + fmt.Println(string(yamlUpstreamSources)) + } + return nil +} diff --git a/impl/list_unverified_sources_test.go b/impl/list_unverified_sources_test.go new file mode 100644 index 0000000..05ed273 --- /dev/null +++ b/impl/list_unverified_sources_test.go @@ -0,0 +1,70 @@ +// Copyright (c) 2023 Arista Networks, Inc. All rights reserved. +// Arista Networks, Inc. Confidential and Proprietary. + +package impl + +import ( + "bytes" + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestListUnverifiedSources(t *testing.T) { + cwd, _ := os.Getwd() + repo := filepath.Join(cwd, "testData/unverified-src") + + testpkgs := map[string]string{ + "foo1": "", + "foo2": `- source-bundle: + name: srpm + override: + version: 1.7.7-1.fc40 + src-suffix: "" + sig-suffix: "" + full-url: "" + git: + url: "" + revision: "" + signature: + skip-check: true + detached-sig: + full-url: "" + public-key: "" + on-uncompressed: false + +`, + } + + var r, w, rescueStdout *(os.File) + var buffer bytes.Buffer + + for pkg, outputExpected := range testpkgs { + rescueStdout = os.Stdout + r, w, _ = os.Pipe() + os.Stdout = w + + ListUnverifiedSources(repo, pkg) + + w.Close() + buffer.ReadFrom(r) + outputGot := buffer.String() + os.Stdout = rescueStdout + + require.Equal(t, outputExpected, outputGot) + } + + t.Log("TestListUnverifiedSources test Passed") +} + +func TestListUnverifiedSourcesFail(t *testing.T) { + cwd, _ := os.Getwd() + repo := filepath.Join(cwd, "testData/unverified-src") + + err := ListUnverifiedSources(repo, "foo3") + require.NotEqual(t, nil, err) + + t.Log("TestListUnverifiedSourcesFail test Passed") +} diff --git a/impl/testData/unverified-src/eext.yaml b/impl/testData/unverified-src/eext.yaml new file mode 100644 index 0000000..6a3744a --- /dev/null +++ b/impl/testData/unverified-src/eext.yaml @@ -0,0 +1,25 @@ +--- +package: + - name: foo1 + upstream-sources: + - source-bundle: + name: srpm + override: + version: 1.7.7-1.fc40 + type: srpm + build: + repo-bundle: + - name: el9 + + - name: foo2 + upstream-sources: + - source-bundle: + name: srpm + override: + version: 1.7.7-1.fc40 + signature: + skip-check: true + type: srpm + build: + repo-bundle: + - name: el9