github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/snap/cmd_sign.go

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/snap/cmd_sign.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2014-2015 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package main
    21  
    22  import (
    23  	"fmt"
    24  	"io/ioutil"
    25  
    26  	"github.com/jessevdk/go-flags"
    27  
    28  	"github.com/snapcore/snapd/asserts"
    29  	"github.com/snapcore/snapd/asserts/signtool"
    30  	"github.com/snapcore/snapd/i18n"
    31  )
    32  
    33  var shortSignHelp = i18n.G("Sign an assertion")
    34  var longSignHelp = i18n.G(`
    35  The sign command signs an assertion using the specified key, using the
    36  input for headers from a JSON mapping provided through stdin. The body
    37  of the assertion can be specified through a "body" pseudo-header.
    38  `)
    39  
    40  type cmdSign struct {
    41  	Positional struct {
    42  		Filename flags.Filename
    43  	} `positional-args:"yes"`
    44  
    45  	KeyName keyName `short:"k" default:"default"`
    46  }
    47  
    48  func init() {
    49  	cmd := addCommand("sign", shortSignHelp, longSignHelp, func() flags.Commander {
    50  		return &cmdSign{}
    51  	}, map[string]string{
    52  		// TRANSLATORS: This should not start with a lowercase letter.
    53  		"k": i18n.G("Name of the key to use, otherwise use the default key"),
    54  	}, []argDesc{{
    55  		// TRANSLATORS: This needs to begin with < and end with >
    56  		name: i18n.G("<filename>"),
    57  		// TRANSLATORS: This should not start with a lowercase letter.
    58  		desc: i18n.G("File to sign (defaults to stdin)"),
    59  	}})
    60  	cmd.hidden = true
    61  	cmd.completeHidden = true
    62  }
    63  
    64  func (x *cmdSign) Execute(args []string) error {
    65  	if len(args) > 0 {
    66  		return ErrExtraArgs
    67  	}
    68  
    69  	useStdin := x.Positional.Filename == "" || x.Positional.Filename == "-"
    70  
    71  	var (
    72  		statement []byte
    73  		err       error
    74  	)
    75  	if !useStdin {
    76  		statement, err = ioutil.ReadFile(string(x.Positional.Filename))
    77  	} else {
    78  		statement, err = ioutil.ReadAll(Stdin)
    79  	}
    80  	if err != nil {
    81  		return fmt.Errorf(i18n.G("cannot read assertion input: %v"), err)
    82  	}
    83  
    84  	keypairMgr := asserts.NewGPGKeypairManager()
    85  	privKey, err := keypairMgr.GetByName(string(x.KeyName))
    86  	if err != nil {
    87  		// TRANSLATORS: %q is the key name, %v the error message
    88  		return fmt.Errorf(i18n.G("cannot use %q key: %v"), x.KeyName, err)
    89  	}
    90  
    91  	signOpts := signtool.Options{
    92  		KeyID:     privKey.PublicKey().ID(),
    93  		Statement: statement,
    94  	}
    95  
    96  	encodedAssert, err := signtool.Sign(&signOpts, keypairMgr)
    97  	if err != nil {
    98  		return err
    99  	}
   100  
   101  	_, err = Stdout.Write(encodedAssert)
   102  	if err != nil {
   103  		return err
   104  	}
   105  	return nil
   106  }