hancock

Check-in [3ef6a50ce4]
Login
Home Timeline Branches Tags Tickets Wiki

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:cmd/hancock: close store after use
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 3ef6a50ce48dc6485b71e130b282b4e5bb634cadcac78a9112b5d2b8f63815dc
User & Date: dnc 2020-01-03 02:45:37
Context
2020-01-03
17:20
store: introduce Iterable interface Allow processing of every testimony in local store. check-in: 2009980ac3 user: dnc tags: trunk
02:45
cmd/hancock: close store after use check-in: 3ef6a50ce4 user: dnc tags: trunk
02:30
model: produce error (not panic) on nil testimony check-in: 36225c7a6f user: dnc tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to cmd/hancock/hancock.go. 

1
2
3
4
5
6
7
8
..
70
71
72
73
74
75
76

77
78
79
80
81
82
83
...
160
161
162
163
164
165
166

167
168











// Copyright (C) 2019  David N. Cohen

// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.

// This program is distributed in the hope that it will be useful,
................................................................................
// This pipeline construction is intended to isolate signing code from
// the code which produces and publishes data. Isolation, in this
// case, minimizes the amount of code which handles secrets, and
// allows signing to be performed on an isolated machine.
//
package main


//go:generate sh -c "go doc | dumbdown > README.md"

import (
	"flag"
	"fmt"
	"log"
	"net/url"
................................................................................
		}

		// TODO(dnc): case "http(s)"

	default:
		return nil, fmt.Errorf("unexpected store sheme (%q)", u.Scheme)
	}

	return s, nil
}











|







 







>







 







>


>
>
>
>
>
>
>
>
>
>

1
2
3
4
5
6
7
8
..
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
...
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

// Copyright (C) 2019, 2020  David N. Cohen

// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.

// This program is distributed in the hope that it will be useful,
................................................................................
// This pipeline construction is intended to isolate signing code from
// the code which produces and publishes data. Isolation, in this
// case, minimizes the amount of code which handles secrets, and
// allows signing to be performed on an isolated machine.
//
package main

// use `go get src.d10.dev/dumbdown`
//go:generate sh -c "go doc | dumbdown > README.md"

import (
	"flag"
	"fmt"
	"log"
	"net/url"
................................................................................
		}

		// TODO(dnc): case "http(s)"

	default:
		return nil, fmt.Errorf("unexpected store sheme (%q)", u.Scheme)
	}
	stor[flag] = s
	return s, nil
}

func closeStore() error {
	for _, s := range stor {
		err := s.Close()
		if err != nil {
			return err
		}
	}
	return nil
}

Changes to cmd/hancock/testimony.go. 

115
116
117
118
119
120
121

122
123
124
125
126
127
128

	err = validateStoreFlag(defaultStore)
	if err != nil {
		return err
	}
	if len(storeFlag) == 0 {
		return errors.New("Storage URL required. Use flag `-store <URL>` or see configuration file.")
	}


	// decode input
	dec := json.NewDecoder(os.Stdin)

	// first input, the public key (corresponding to signing private key)
	var authorityEncoded model.Authority
	err = dec.Decode(&authorityEncoded)








>








115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

	err = validateStoreFlag(defaultStore)
	if err != nil {
		return err
	}
	if len(storeFlag) == 0 {
		return errors.New("Storage URL required. Use flag `-store <URL>` or see configuration file.")
	}
	defer closeStore() // cleanup; safe to call even if no stores initialized

	// decode input
	dec := json.NewDecoder(os.Stdin)

	// first input, the public key (corresponding to signing private key)
	var authorityEncoded model.Authority
	err = dec.Decode(&authorityEncoded)

Changes to cmd/hancock/verify.go. 

1
2
3
4
5
6
7
8
...
141
142
143
144
145
146
147



148
149
150
151
152
153
154
...
186
187
188
189
190
191
192

193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219

// Copyright (C) 2019  David N. Cohen

// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.

// This program is distributed in the hope that it will be useful,
................................................................................
	}

	noRecurse := errors.New("no recurse") // prepare for filepath.Walk

	// Exit status
	status := 0
	summary := make(Summary)




	// TODO(dnc): goroutines for performance
	for _, arg := range command.OperationFlagSet.Args() {
		err = filepath.Walk(arg, func(currentFile string, info os.FileInfo, err error) error {
			if err != nil {
				command.Error(err) // log error
				return nil         // continue walk
................................................................................

				tkey := model.TestimonyKey{
					Authority: auth,
					Content:   cid.Encode(),
				}

				for _, storeFlag := range verifyStoreFlag {

					command.V(3).Infof("querying %q for %q (%v)", storeFlag, currentFile, tkey)
					store, err := storeFromFlag(storeFlag)
					if err != nil {
						err = fmt.Errorf("failed to access testimony store (%q): %w", storeFlag, err)
						command.Check(err)
					}

					// TODO(dnc): concurrency for performance
					testimony, err := store.GetTestimony(tkey)
					if err != nil {
						// don't exit, as the testimony may be retrieved from another store
						command.Infof("failed to retrieve testimony via %q: %s", storeFlag, err)
						continue
					}

					// checks
					err = testimony.Verify()
					if err != nil {
						// may not be an error, if another valid testimony applies to the same file.
						command.Info(fmt.Errorf("invalid testimony (authority %q; file %q) ignored", authorityName, currentFile))
						continue
					}

					var manifest model.FileManifest
					err = model.Decode(&manifest, testimony.Encoded)

					// path check is disabled because an identical file may appear in more than one place.  TODO(dnc) fix this, or enable strict mode

|







 







>
>
>







 







>










|
|







|








1
2
3
4
5
6
7
8
...
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
...
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223

// Copyright (C) 2019, 2020  David N. Cohen

// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.

// This program is distributed in the hope that it will be useful,
................................................................................
	}

	noRecurse := errors.New("no recurse") // prepare for filepath.Walk

	// Exit status
	status := 0
	summary := make(Summary)

	// cleanup; safe to call even if no stores initialized
	defer closeStore()

	// TODO(dnc): goroutines for performance
	for _, arg := range command.OperationFlagSet.Args() {
		err = filepath.Walk(arg, func(currentFile string, info os.FileInfo, err error) error {
			if err != nil {
				command.Error(err) // log error
				return nil         // continue walk
................................................................................

				tkey := model.TestimonyKey{
					Authority: auth,
					Content:   cid.Encode(),
				}

				for _, storeFlag := range verifyStoreFlag {

					command.V(3).Infof("querying %q for %q (%v)", storeFlag, currentFile, tkey)
					store, err := storeFromFlag(storeFlag)
					if err != nil {
						err = fmt.Errorf("failed to access testimony store (%q): %w", storeFlag, err)
						command.Check(err)
					}

					// TODO(dnc): concurrency for performance
					testimony, err := store.GetTestimony(tkey)
					if err != nil {
						// not necessarily a problem; testimony may be found in another store
						command.V(2).Infof("no testimony for file %q by authority %q found via store %q: %s", currentFile, authorityName, storeFlag, err)
						continue
					}

					// checks
					err = testimony.Verify()
					if err != nil {
						// may not be an error, if another valid testimony applies to the same file.
						command.Info(fmt.Errorf("invalid testimony (authority %q; file %q) ignored: %w", authorityName, currentFile, err))
						continue
					}

					var manifest model.FileManifest
					err = model.Decode(&manifest, testimony.Encoded)

					// path check is disabled because an identical file may appear in more than one place.  TODO(dnc) fix this, or enable strict mode

This page was generated in about 0.021s by Fossil 2.10 [9d9ef82234] 2019-10-04 21:41:13