diff --git a/Makefile b/Makefile index 378de6e8f4..0f72f97673 100644 --- a/Makefile +++ b/Makefile @@ -137,7 +137,7 @@ TAGS ?= TAGS_SPLIT := $(subst $(COMMA), ,$(TAGS)) TAGS_EVIDENCE := $(MAKE_EVIDENCE_DIR)/tags -TEST_TAGS ?= sqlite sqlite_unlock_notify +TEST_TAGS ?= $(TAGS_SPLIT) sqlite sqlite_unlock_notify TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR) diff --git a/modules/git/blame_sha256_test.go b/modules/git/blame_sha256_test.go index 8cd345714f..da451f22fc 100644 --- a/modules/git/blame_sha256_test.go +++ b/modules/git/blame_sha256_test.go @@ -14,6 +14,11 @@ func TestReadingBlameOutputSha256(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() + if isGogit { + t.Skip("Skipping test since gogit does not support sha256") + return + } + t.Run("Without .git-blame-ignore-revs", func(t *testing.T) { repo, err := OpenRepository(ctx, "./tests/repos/repo5_pulls_sha256") assert.NoError(t, err) diff --git a/modules/git/repo_tree_gogit.go b/modules/git/repo_tree_gogit.go index dc97ce1344..651794a5aa 100644 --- a/modules/git/repo_tree_gogit.go +++ b/modules/git/repo_tree_gogit.go @@ -6,11 +6,20 @@ package git -import "github.com/go-git/go-git/v5/plumbing" +import ( + "errors" + + "github.com/go-git/go-git/v5/plumbing" +) func (repo *Repository) getTree(id ObjectID) (*Tree, error) { gogitTree, err := repo.gogitRepo.TreeObject(plumbing.Hash(id.RawValue())) if err != nil { + if errors.Is(err, plumbing.ErrObjectNotFound) { + return nil, ErrNotExist{ + ID: id.String(), + } + } return nil, err } diff --git a/routers/api/packages/rpm/rpm.go b/routers/api/packages/rpm/rpm.go index 4c822e0999..a00a61c079 100644 --- a/routers/api/packages/rpm/rpm.go +++ b/routers/api/packages/rpm/rpm.go @@ -133,19 +133,20 @@ func UploadPackageFile(ctx *context.Context) { } defer buf.Close() - // if rpm sign enabled if setting.Packages.DefaultRPMSignEnabled || ctx.FormBool("sign") { - pri, _, err := rpm_service.GetOrCreateKeyPair(ctx, ctx.Package.Owner.ID) + priv, _, err := rpm_service.GetOrCreateKeyPair(ctx, ctx.Package.Owner.ID) if err != nil { apiError(ctx, http.StatusInternalServerError, err) return } - buf, err = rpm_service.SignPackage(buf, pri) + signedBuf, err := rpm_service.SignPackage(buf, priv) if err != nil { - // Not in rpm format, parsing failed. apiError(ctx, http.StatusBadRequest, err) return } + defer signedBuf.Close() + + buf = signedBuf } pck, err := rpm_module.ParsePackage(buf) diff --git a/services/packages/rpm/repository.go b/services/packages/rpm/repository.go index 19968f9b30..bc342e53ab 100644 --- a/services/packages/rpm/repository.go +++ b/services/packages/rpm/repository.go @@ -21,7 +21,6 @@ import ( rpm_model "code.gitea.io/gitea/models/packages/rpm" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/json" - "code.gitea.io/gitea/modules/log" packages_module "code.gitea.io/gitea/modules/packages" rpm_module "code.gitea.io/gitea/modules/packages/rpm" "code.gitea.io/gitea/modules/util" @@ -30,7 +29,6 @@ import ( "github.com/ProtonMail/go-crypto/openpgp" "github.com/ProtonMail/go-crypto/openpgp/armor" "github.com/ProtonMail/go-crypto/openpgp/packet" - "github.com/sassoftware/go-rpmutils" ) // GetOrCreateRepositoryVersion gets or creates the internal repository package @@ -643,33 +641,3 @@ func addDataAsFileToRepo(ctx context.Context, pv *packages_model.PackageVersion, OpenSize: wc.Written(), }, nil } - -func SignPackage(rpm *packages_module.HashedBuffer, privateKey string) (*packages_module.HashedBuffer, error) { - keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewReader([]byte(privateKey))) - if err != nil { - // failed to parse key - return nil, err - } - entity := keyring[0] - h, err := rpmutils.SignRpmStream(rpm, entity.PrivateKey, nil) - if err != nil { - // error signing rpm - return nil, err - } - signBlob, err := h.DumpSignatureHeader(false) - if err != nil { - // error writing sig header - return nil, err - } - if len(signBlob)%8 != 0 { - log.Info("incorrect padding: got %d bytes, expected a multiple of 8", len(signBlob)) - return nil, err - } - - // move fp to sign end - if _, err := rpm.Seek(int64(h.OriginalSignatureHeaderSize()), io.SeekStart); err != nil { - return nil, err - } - // create signed rpm buf - return packages_module.CreateHashedBufferFromReader(io.MultiReader(bytes.NewReader(signBlob), rpm)) -} diff --git a/services/packages/rpm/sign.go b/services/packages/rpm/sign.go new file mode 100644 index 0000000000..820355a638 --- /dev/null +++ b/services/packages/rpm/sign.go @@ -0,0 +1,39 @@ +// Copyright 2024 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package rpm + +import ( + "bytes" + "io" + "strings" + + packages_module "code.gitea.io/gitea/modules/packages" + + "github.com/ProtonMail/go-crypto/openpgp" + "github.com/sassoftware/go-rpmutils" +) + +func SignPackage(buf *packages_module.HashedBuffer, privateKey string) (*packages_module.HashedBuffer, error) { + keyring, err := openpgp.ReadArmoredKeyRing(strings.NewReader(privateKey)) + if err != nil { + return nil, err + } + + h, err := rpmutils.SignRpmStream(buf, keyring[0].PrivateKey, nil) + if err != nil { + return nil, err + } + + signBlob, err := h.DumpSignatureHeader(false) + if err != nil { + return nil, err + } + + if _, err := buf.Seek(int64(h.OriginalSignatureHeaderSize()), io.SeekStart); err != nil { + return nil, err + } + + // create new buf with signature prefix + return packages_module.CreateHashedBufferFromReader(io.MultiReader(bytes.NewReader(signBlob), buf)) +}