Remove symlinking and symlink checking from key import-export.

Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-23 18:44:26 -07:00 · 2015-10-23 18:44:26 -07:00 · d5bbaae9c9
parent e409eb0dc3
commit d5bbaae9c9
3 changed files with 23 additions and 120 deletions
--- a/keystoremanager/import_export.go
+++ b/keystoremanager/import_export.go
@ -16,10 +16,7 @@ import (
 	"github.com/docker/notary/trustmanager"
 )

-const (
-	zipSymlinkAttr = 0xA1ED0000
-	zipMadeByUNIX  = 3 << 8
-)
+const zipMadeByUNIX = 3 << 8

 var (
 	// ErrNoValidPrivateKey is returned if a key being imported doesn't
@ -117,7 +114,6 @@ func (km *KeyStoreManager) ImportRootKey(source io.Reader, keyID string) error {
 }

 func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error {
-	// List all files but no symlinks
 	for f := range oldKeyStore.ListKeys() {
 		privateKey, alias, err := oldKeyStore.GetKey(f)
 		if err != nil {
@ -131,24 +127,6 @@ func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error {
 		}
 	}

-	// Recreate symlinks
-	for _, relKeyPath := range oldKeyStore.ListFiles(true) {
-		fullKeyPath := filepath.Join(oldKeyStore.BaseDir(), relKeyPath)
-
-		fi, err := os.Lstat(fullKeyPath)
-		if err != nil {
-			return err
-		}
-
-		if (fi.Mode() & os.ModeSymlink) != 0 {
-			target, err := os.Readlink(fullKeyPath)
-			if err != nil {
-				return err
-			}
-			os.Symlink(target, filepath.Join(newKeyStore.BaseDir(), relKeyPath))
-		}
-	}
-
 	return nil
 }

@ -168,39 +146,18 @@ func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileSt

 		infoHeader.Name = filepath.Join(subDir, relKeyPath)

-		// Is this a symlink? If so, encode properly in the zip file.
-		if (fi.Mode() & os.ModeSymlink) != 0 {
-			infoHeader.CreatorVersion = zipMadeByUNIX
-			infoHeader.ExternalAttrs = zipSymlinkAttr
+		zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
+		if err != nil {
+			return err
+		}

-			zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
-			if err != nil {
-				return err
-			}
+		fileContents, err := ioutil.ReadFile(fullKeyPath)
+		if err != nil {
+			return err
+		}

-			target, err := os.Readlink(fullKeyPath)
-			if err != nil {
-				return err
-			}
-
-			// Write relative path
-			if _, err = zipFileEntryWriter.Write([]byte(target)); err != nil {
-				return err
-			}
-		} else {
-			zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
-			if err != nil {
-				return err
-			}
-
-			fileContents, err := ioutil.ReadFile(fullKeyPath)
-			if err != nil {
-				return err
-			}
-
-			if _, err = zipFileEntryWriter.Write(fileContents); err != nil {
-				return err
-			}
+		if _, err = zipFileEntryWriter.Write(fileContents); err != nil {
+			return err
 		}
 	}

@ -250,12 +207,6 @@ func (km *KeyStoreManager) ExportAllKeys(dest io.Writer, newPassphraseRetriever
 	return nil
 }

-// IsZipSymlink returns true if the file described by the zip file header is a
-// symlink.
-func IsZipSymlink(f *zip.File) bool {
-	return f.CreatorVersion&0xFF00 == zipMadeByUNIX && f.ExternalAttrs == zipSymlinkAttr
-}
-
 // ImportKeysZip imports keys from a zip file provided as an zip.Reader. The
 // keys in the root_keys directory are left encrypted, but the other keys are
 // decrypted with the specified passphrase.
@ -289,33 +240,19 @@ func (km *KeyStoreManager) ImportKeysZip(zipReader zip.Reader) error {
 		// Note that using / as a separator is okay here - the zip
 		// package guarantees that the separator will be /
 		if strings.HasPrefix(fNameTrimmed, rootKeysPrefix) {
-			if IsZipSymlink(f) {
-				newName := filepath.Join(km.rootKeyStore.BaseDir(), strings.TrimPrefix(f.Name, rootKeysPrefix))
-				err = os.Symlink(string(fileBytes), newName)
-				if err != nil {
-					return err
-				}
-			} else {
-				if err = checkRootKeyIsEncrypted(fileBytes); err != nil {
-					rc.Close()
-					return err
-				}
-				// Root keys are preserved without decrypting
-				keyName := strings.TrimPrefix(fNameTrimmed, rootKeysPrefix)
-				newRootKeys[keyName] = fileBytes
+			if err = checkRootKeyIsEncrypted(fileBytes); err != nil {
+				rc.Close()
+				return err
 			}
+			// Root keys are preserved without decrypting
+			keyName := strings.TrimPrefix(fNameTrimmed, rootKeysPrefix)
+			newRootKeys[keyName] = fileBytes
+
 		} else if strings.HasPrefix(fNameTrimmed, nonRootKeysPrefix) {
-			if IsZipSymlink(f) {
-				newName := filepath.Join(km.nonRootKeyStore.BaseDir(), strings.TrimPrefix(f.Name, nonRootKeysPrefix))
-				err = os.Symlink(string(fileBytes), newName)
-				if err != nil {
-					return err
-				}
-			} else {
-				// Nonroot keys are preserved without decrypting
-				keyName := strings.TrimPrefix(fNameTrimmed, nonRootKeysPrefix)
-				newNonRootKeys[keyName] = fileBytes
-			}
+			// Nonroot keys are preserved without decrypting
+			keyName := strings.TrimPrefix(fNameTrimmed, nonRootKeysPrefix)
+			newNonRootKeys[keyName] = fileBytes
+
 		} else {
 			// This path inside the zip archive doesn't look like a
 			// root key, non-root key, or alias. To avoid adding a file
@ -345,7 +282,6 @@ func (km *KeyStoreManager) ImportKeysZip(zipReader zip.Reader) error {
 }

 func moveKeysByGUN(oldKeyStore, newKeyStore *trustmanager.KeyFileStore, gun string) error {
-	// List all files but no symlinks
 	for relKeyPath := range oldKeyStore.ListKeys() {
 		// Skip keys that aren't associated with this GUN
 		if !strings.HasPrefix(relKeyPath, filepath.FromSlash(gun)) {
--- a/keystoremanager/import_export_test.go
+++ b/keystoremanager/import_export_test.go
@ -100,10 +100,6 @@ func TestImportExportZip(t *testing.T) {
 	// Iterate through the files in the archive, checking that the files
 	// exist and are encrypted with the expected passphrase.
 	for _, f := range zipReader.File {
-		if keystoremanager.IsZipSymlink(f) {
-			continue
-		}
-
 		expectedPassphrase, present := passphraseByFile[f.Name]
 		if !present {
 			t.Fatalf("unexpected file %s in zip file", f.Name)
@ -175,35 +171,6 @@ func TestImportExportZip(t *testing.T) {
 	rootKeyFilename := rootCryptoService.ID() + "_root.key"
 	_, err = os.Stat(filepath.Join(tempBaseDir2, "private", "root_keys", rootKeyFilename))
 	assert.NoError(t, err, "missing root key")
-
-	// Look for symlinks in the new repo matching symlinks in the old repo
-	numSymlinks := 0
-
-	oldRootKeyStore := repo.KeyStoreManager.RootKeyStore()
-	newRootKeyStore := repo2.KeyStoreManager.RootKeyStore()
-
-	for _, relKeyPath := range oldRootKeyStore.ListFiles(true) {
-		fullKeyPath := filepath.Join(oldRootKeyStore.BaseDir(), relKeyPath)
-
-		fi, err := os.Lstat(fullKeyPath)
-		assert.NoError(t, err, "lstat failed")
-
-		if (fi.Mode() & os.ModeSymlink) != 0 {
-			numSymlinks++
-
-			oldTarget, err := os.Readlink(fullKeyPath)
-			assert.NoError(t, err, "readlink failed on old repo")
-
-			newTarget, err := os.Readlink(filepath.Join(newRootKeyStore.BaseDir(), relKeyPath))
-			assert.NoError(t, err, "symlink not found in new repo")
-
-			assert.Equal(t, oldTarget, newTarget, "symlink targets do not match")
-		}
-	}
-
-	if numSymlinks == 0 {
-		t.Fatal("no symlinks found in original repo")
-	}
 }

 func TestImportExportGUN(t *testing.T) {
--- a/signer/signer_trust_test.go
+++ b/signer/signer_trust_test.go
@ -40,7 +40,7 @@ func stubHealthFunction(t *testing.T, status map[string]string, err error) rpcHe
 		_, withDeadline := ctx.Deadline()
 		assert.True(t, withDeadline)

-		return &pb.HealthStatus{status}, err
+		return &pb.HealthStatus{Status: status}, err
 	}
 }