From ca1bdede7cdfd7b21febc95de34ddc3187e169cc Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Wed, 26 Feb 2020 15:13:55 +0100 Subject: [PATCH] garage-push: Always push the ostree ref. This was disabled long ago, apparently under the assumption that garage-sign would push the ref. That isn't how it works. No one really seems to miss the refs, but they make operating on the ostree repos easier if they are there. Signed-off-by: Patrick Vacek --- src/sota_tools/deploy.cc | 40 ++++++++----------------- src/sota_tools/deploy.h | 5 ++-- src/sota_tools/deploy_test.cc | 2 +- src/sota_tools/garage_push.cc | 16 +++++----- tests/sota_tools/repo/refs/heads/master | 2 +- 5 files changed, 24 insertions(+), 41 deletions(-) diff --git a/src/sota_tools/deploy.cc b/src/sota_tools/deploy.cc index 9277777475..799dbd404f 100644 --- a/src/sota_tools/deploy.cc +++ b/src/sota_tools/deploy.cc @@ -105,36 +105,20 @@ bool OfflineSignRepo(const ServerCredentials &push_credentials, const std::strin return true; } -bool PushRootRef(const ServerCredentials &push_credentials, const OSTreeRef &ref, const std::string &cacerts, - const RunMode mode) { - if (push_credentials.CanSignOffline()) { - // In general, this is the wrong thing. We should be using offline signing - // if private key material is present in credentials.zip - LOG_WARNING << "Pushing by refname despite that credentials.zip can be used to sign offline."; - } - - TreehubServer push_server; - - if (authenticate(cacerts, push_credentials, push_server) != EXIT_SUCCESS) { - LOG_FATAL << "Authentication failed"; +bool PushRootRef(const TreehubServer &push_server, const OSTreeRef &ref) { + CurlEasyWrapper easy_handle; + curlEasySetoptWrapper(easy_handle.get(), CURLOPT_VERBOSE, get_curlopt_verbose()); + ref.PushRef(push_server, easy_handle.get()); + CURLcode err = curl_easy_perform(easy_handle.get()); + if (err != 0u) { + LOG_ERROR << "Error pushing root ref: " << curl_easy_strerror(err); return false; } - - if (mode == RunMode::kDefault || mode == RunMode::kPushTree) { - CurlEasyWrapper easy_handle; - curlEasySetoptWrapper(easy_handle.get(), CURLOPT_VERBOSE, get_curlopt_verbose()); - ref.PushRef(push_server, easy_handle.get()); - CURLcode err = curl_easy_perform(easy_handle.get()); - if (err != 0u) { - LOG_ERROR << "Error pushing root ref: " << curl_easy_strerror(err); - return false; - } - long rescode; // NOLINT(google-runtime-int) - curl_easy_getinfo(easy_handle.get(), CURLINFO_RESPONSE_CODE, &rescode); - if (rescode != 200) { - LOG_ERROR << "Error pushing root ref, got " << rescode << " HTTP response"; - return false; - } + long rescode; // NOLINT(google-runtime-int) + curl_easy_getinfo(easy_handle.get(), CURLINFO_RESPONSE_CODE, &rescode); + if (rescode < 200 || rescode >= 400) { + LOG_ERROR << "Error pushing root ref, got " << rescode << " HTTP response"; + return false; } return true; diff --git a/src/sota_tools/deploy.h b/src/sota_tools/deploy.h index f257122304..7dff45f411 100644 --- a/src/sota_tools/deploy.h +++ b/src/sota_tools/deploy.h @@ -37,9 +37,8 @@ bool OfflineSignRepo(const ServerCredentials& push_credentials, const std::strin const std::string& hardwareids); /** - * Update images/targets.json by pushing the OSTree commit hash to /refs/heads/qemux86-64 + * Update the ref on Treehub to the new commit. */ -bool PushRootRef(const ServerCredentials& push_credentials, const OSTreeRef& ref, const std::string& cacerts, - RunMode mode); +bool PushRootRef(const TreehubServer& push_server, const OSTreeRef& ref); #endif diff --git a/src/sota_tools/deploy_test.cc b/src/sota_tools/deploy_test.cc index fa0d405780..6160bfb163 100644 --- a/src/sota_tools/deploy_test.cc +++ b/src/sota_tools/deploy_test.cc @@ -35,7 +35,7 @@ TEST(deploy, UploadToTreehub) { (std::string("diff -r ") + (temp_dir.Path() / "objects/").string() + " tests/sota_tools/repo/objects/").c_str()); EXPECT_EQ(result, 0) << "Diff between the source repo objects and the destination repo objects is nonzero."; - bool push_root_ref_res = PushRootRef(server_creds, test_ref, cert_path.string(), run_mode); + bool push_root_ref_res = PushRootRef(push_server, test_ref); EXPECT_TRUE(push_root_ref_res); result = diff --git a/src/sota_tools/garage_push.cc b/src/sota_tools/garage_push.cc index b5e957f841..deb2030461 100644 --- a/src/sota_tools/garage_push.cc +++ b/src/sota_tools/garage_push.cc @@ -140,14 +140,14 @@ int main(int argc, char **argv) { return EXIT_FAILURE; } - if (push_credentials.CanSignOffline()) { - LOG_INFO << "Credentials contain offline signing keys. Use garage-sign to push root ref"; - } else if (!is_ref) { - LOG_INFO << "Provided ref " << ref << " is a commit refhash. Cannot push root ref"; - } else { - if (!PushRootRef(push_credentials, ostree_ref, cacerts, mode)) { - LOG_FATAL << "Error pushing root ref to treehub"; - return EXIT_FAILURE; + if (mode != RunMode::kDryRun) { + if (is_ref) { + if (!PushRootRef(push_server, ostree_ref)) { + LOG_FATAL << "Error pushing root ref to treehub"; + return EXIT_FAILURE; + } + } else { + LOG_INFO << "Provided ref " << ref << " is a commit refhash. Cannot push root ref"; } } diff --git a/tests/sota_tools/repo/refs/heads/master b/tests/sota_tools/repo/refs/heads/master index 502d7d0ac8..d622b5b52b 100644 --- a/tests/sota_tools/repo/refs/heads/master +++ b/tests/sota_tools/repo/refs/heads/master @@ -1 +1 @@ -16ef2f2629dc9263fdf3c0f032563a2d757623bbc11cf99df25c3c3f258dccbe +16ef2f2629dc9263fdf3c0f032563a2d757623bbc11cf99df25c3c3f258dccbe \ No newline at end of file