-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: implement signing of extensions #79
Conversation
166a21d
to
21661f0
Compare
storage/artifactory.go
Outdated
for _, file := range extra { | ||
// TODO: I think this is correct? | ||
_, err := s.upload(ctx, path.Join(dir, file.RelativePath), bytes.NewReader(file.Content)) | ||
if err != nil { | ||
return "", err | ||
} | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That looks right to me!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No blocking comments, it looks great! I have not had a chance to run this with code-server or anything yet, and I definitely will, but no need to block on me doing that I think.
repo string | ||
) | ||
|
||
addFlags, opts := serverFlags() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oo yeah very nice
cmd.Flags().StringVar(&opts.Artifactory, "artifactory", "", "Artifactory server URL.") | ||
cmd.Flags().StringVar(&opts.Repo, "repo", "", "Artifactory repository.") | ||
cmd.Flags().DurationVar(&opts.ListCacheDuration, "list-cache-duration", time.Minute, "The duration of the extension cache.") | ||
cmd.Flags().BoolVar(&sign, "sign", false, "Sign extensions.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sort of a similar thought process here, I know it is hidden at the moment, but remove
with --sign
might not make sense, I think? Also not sure about add
, still need to go through the rest of the PR, but we are signing on demand right? So only with server
? I am assuming we just always create the signature manifest on add
.
Mostly thinking of it in terms of what a user might see and think when they run subcommand --help
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right it does not make the most sense, but it is hidden. The sign
flag will be removed though, replaced by something that will parse a key or cert.
See the flags in my other PR:
code-marketplace/cli/server.go
Lines 35 to 37 in 449f77c
cmd.Flags().StringArrayVar(&certificates, "certs", []string{}, "The path to certificates that match the signing key.") | |
cmd.Flags().StringVar(&signingKeyFile, "key", "", "The path to signing key file in PEM format.") | |
cmd.Flags().BoolVar(&opts.SaveSigZips, "save-sigs", false, "Save signed extensions to disk for debugging.") |
I do have a flag to save the signature to disk. Makes it easier to debug
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm going to leave sign
for now. I intend to fix it before being unhidden, anyone using it will be broken when I change things.
When I fix it, I'll make the flags make sense.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fabulous!
storage/artifactory.go
Outdated
for _, file := range extra { | ||
// TODO: I think this is correct? | ||
_, err := s.upload(ctx, path.Join(dir, file.RelativePath), bytes.NewReader(file.Content)) | ||
if err != nil { | ||
return "", err | ||
} | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That looks right to me!
}) | ||
} | ||
|
||
f := mem.NewFileHandle(mem.CreateFile(fp)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Possibly a stupid question, and I have not seen the rest of the usage yet, but would it make sense to return the reader to avoid having to hold the files in memory? Then the caller can decide to read it in if necessary (for signing, which then returns a reader for the sigzip after doing its thing) or just stream it as usual for any other file.
Edit: nvm, I see how this makes it easier because it mirrors the local one where we can just use http.Dir().Open()
which is nice.
Or...is it possible to implement a File
that Read
s from the HTTP response? Not sure how Stat
would be implemented though. In any case, probably not a big deal. The biggest file is probably the .vsix
, and surely there are not multi-gigabyte .vsix
files I would hope.
Although, could it maybe be an issue for large deployments serving many files to many people at once?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was really wondering about this too, but ended up not spending the time to try to fix it.
Or...is it possible to implement a File that Reads from the HTTP response? Not sure how Stat would be implemented though. In any case, probably not a big deal. The biggest file is probably the .vsix, and surely there are not multi-gigabyte .vsix files I would hope.
This would be ideal, you can implement Stat
rather easily, it's implementing the io.Seeker
that was problematic when I spent a few minutes on it.
I think we should revisit this and try to fix it. I'll throw on a comment. If we re-implement http.FileServer
, we might be able to make our own easier to implement interface too. Ignore things like Stat
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, that sounds good to me.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
What this does
Signs extensions so that this warning goes away. Will close #65
How it does this.
add
, the plaintext payload to sign is generated.--sign
to have the marketplace sign extensions, without this flag, the marketplace acts as it used to.code-marketplace/storage/signature.go
Lines 70 to 74 in cc33da1
code-marketplace/storage/signature.go
Lines 80 to 106 in cc33da1
This means no signed values ever hit the storage.
Work still needed
This implementation is MVP. It still needs to handle importing the signing key, and handling existing extensions. As the signature payload is generated on
add
. All of this will be handled in a follow up PR.Refactors
FileServer
used to return ahttp.Handler
. I changed this toOpen(ctx context.Context, name string) (fs.File, error)
. This makes the storage closer to afs.FS
, meaning I could implement Signatures as a wrapper. Rather than having to mutate stores.Unfortunate
afero
for mem files, and do not see a way to stream.