github.com/makyo/juju@v0.0.0-20160425123129-2608902037e9/cmd/plugins/juju-metadata/signmetadata.go (about) 1 // Copyright 2013 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package main 5 6 import ( 7 "fmt" 8 "io/ioutil" 9 "os" 10 "path/filepath" 11 "strings" 12 13 "github.com/juju/cmd" 14 "github.com/juju/loggo" 15 "launchpad.net/gnuflag" 16 17 "github.com/juju/juju/environs/simplestreams" 18 ) 19 20 func newSignMetadataCommand() cmd.Command { 21 return &signMetadataCommand{} 22 } 23 24 var signMetadataDoc = ` 25 sign searches for json files in the specified directory tree and inline signs 26 them using the private key in the specified keyring file. For each .json file, a 27 corresponding .sjson file is procduced. 28 29 The specified keyring file is expected to contain an amored private key. If the key 30 is encrypted, then the specified passphrase is used to decrypt the key. 31 ` 32 33 // signMetadataCommand is used to sign simplestreams metadata json files. 34 type signMetadataCommand struct { 35 cmd.CommandBase 36 dir string 37 keyFile string 38 passphrase string 39 } 40 41 func (c *signMetadataCommand) Info() *cmd.Info { 42 return &cmd.Info{ 43 Name: "sign", 44 Purpose: "sign simplestreams metadata", 45 Doc: signMetadataDoc, 46 } 47 } 48 49 func (c *signMetadataCommand) SetFlags(f *gnuflag.FlagSet) { 50 c.CommandBase.SetFlags(f) 51 f.StringVar(&c.dir, "d", "", "directory in which to look for metadata") 52 f.StringVar(&c.keyFile, "k", "", "file containing the amored private signing key") 53 f.StringVar(&c.passphrase, "p", "", "passphrase used to decrypt the private key") 54 } 55 56 func (c *signMetadataCommand) Init(args []string) error { 57 if c.dir == "" { 58 return fmt.Errorf("directory must be specified") 59 } 60 if c.keyFile == "" { 61 return fmt.Errorf("keyfile must be specified") 62 } 63 return cmd.CheckEmpty(args) 64 } 65 66 func (c *signMetadataCommand) Run(context *cmd.Context) error { 67 loggo.RegisterWriter("signmetadata", cmd.NewCommandLogWriter("juju.plugins.metadata", context.Stdout, context.Stderr), loggo.INFO) 68 defer loggo.RemoveWriter("signmetadata") 69 keyData, err := ioutil.ReadFile(c.keyFile) 70 if err != nil { 71 return err 72 } 73 dir := context.AbsPath(c.dir) 74 return process(dir, string(keyData), c.passphrase) 75 } 76 77 func process(dir, key, passphrase string) error { 78 logger.Debugf("processing directory %q", dir) 79 // Do any json files in dir 80 filenames, err := filepath.Glob(filepath.Join(dir, "*"+simplestreams.UnsignedSuffix)) 81 if len(filenames) > 0 { 82 logger.Infof("signing %d file(s) in %q", len(filenames), dir) 83 } 84 for _, filename := range filenames { 85 logger.Infof("signing file %q", filename) 86 f, err := os.Open(filename) 87 if err != nil { 88 return fmt.Errorf("opening file %q: %v", filename, err) 89 } 90 encoded, err := simplestreams.Encode(f, key, passphrase) 91 if err != nil { 92 return fmt.Errorf("encoding file %q: %v", filename, err) 93 } 94 signedFilename := strings.Replace(filename, simplestreams.UnsignedSuffix, simplestreams.SignedSuffix, -1) 95 if err = ioutil.WriteFile(signedFilename, encoded, 0644); err != nil { 96 return fmt.Errorf("writing signed file %q: %v", signedFilename, err) 97 } 98 } 99 // Now process any directories in dir. 100 files, err := ioutil.ReadDir(dir) 101 if err != nil { 102 return err 103 } 104 for _, f := range files { 105 if f.IsDir() { 106 if err = process(filepath.Join(dir, f.Name()), key, passphrase); err != nil { 107 return err 108 } 109 } 110 } 111 return nil 112 }