github.com/altoros/juju-vmware@v0.0.0-20150312064031-f19ae857ccca/cmd/plugins/juju-metadata/signmetadata.go (about) 1 // Copyright 2013 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package main 5 6 import ( 7 "fmt" 8 "io/ioutil" 9 "os" 10 "path/filepath" 11 "strings" 12 13 "github.com/juju/cmd" 14 "github.com/juju/loggo" 15 "launchpad.net/gnuflag" 16 17 "github.com/juju/juju/environs/simplestreams" 18 ) 19 20 var signMetadataDoc = ` 21 sign searches for json files in the specified directory tree and inline signs 22 them using the private key in the specified keyring file. For each .json file, a 23 corresponding .sjson file is procduced. 24 25 The specified keyring file is expected to contain an amored private key. If the key 26 is encrypted, then the specified passphrase is used to decrypt the key. 27 ` 28 29 // SignMetadataCommand is used to sign simplestreams metadata json files. 30 type SignMetadataCommand struct { 31 cmd.CommandBase 32 dir string 33 keyFile string 34 passphrase string 35 } 36 37 func (c *SignMetadataCommand) Info() *cmd.Info { 38 return &cmd.Info{ 39 Name: "sign", 40 Purpose: "sign simplestreams metadata", 41 Doc: signMetadataDoc, 42 } 43 } 44 45 func (c *SignMetadataCommand) SetFlags(f *gnuflag.FlagSet) { 46 c.CommandBase.SetFlags(f) 47 f.StringVar(&c.dir, "d", "", "directory in which to look for metadata") 48 f.StringVar(&c.keyFile, "k", "", "file containing the amored private signing key") 49 f.StringVar(&c.passphrase, "p", "", "passphrase used to decrypt the private key") 50 } 51 52 func (c *SignMetadataCommand) Init(args []string) error { 53 if c.dir == "" { 54 return fmt.Errorf("directory must be specified") 55 } 56 if c.keyFile == "" { 57 return fmt.Errorf("keyfile must be specified") 58 } 59 return cmd.CheckEmpty(args) 60 } 61 62 func (c *SignMetadataCommand) Run(context *cmd.Context) error { 63 loggo.RegisterWriter("signmetadata", cmd.NewCommandLogWriter("juju.plugins.metadata", context.Stdout, context.Stderr), loggo.INFO) 64 defer loggo.RemoveWriter("signmetadata") 65 keyData, err := ioutil.ReadFile(c.keyFile) 66 if err != nil { 67 return err 68 } 69 dir := context.AbsPath(c.dir) 70 return process(dir, string(keyData), c.passphrase) 71 } 72 73 func process(dir, key, passphrase string) error { 74 logger.Debugf("processing directory %q", dir) 75 // Do any json files in dir 76 filenames, err := filepath.Glob(filepath.Join(dir, "*"+simplestreams.UnsignedSuffix)) 77 if len(filenames) > 0 { 78 logger.Infof("signing %d file(s) in %q", len(filenames), dir) 79 } 80 for _, filename := range filenames { 81 logger.Infof("signing file %q", filename) 82 f, err := os.Open(filename) 83 if err != nil { 84 return fmt.Errorf("opening file %q: %v", filename, err) 85 } 86 encoded, err := simplestreams.Encode(f, key, passphrase) 87 if err != nil { 88 return fmt.Errorf("encoding file %q: %v", filename, err) 89 } 90 signedFilename := strings.Replace(filename, simplestreams.UnsignedSuffix, simplestreams.SignedSuffix, -1) 91 if err = ioutil.WriteFile(signedFilename, encoded, 0644); err != nil { 92 return fmt.Errorf("writing signed file %q: %v", signedFilename, err) 93 } 94 } 95 // Now process any directories in dir. 96 files, err := ioutil.ReadDir(dir) 97 if err != nil { 98 return err 99 } 100 for _, f := range files { 101 if f.IsDir() { 102 if err = process(filepath.Join(dir, f.Name()), key, passphrase); err != nil { 103 return err 104 } 105 } 106 } 107 return nil 108 }