From e92cbbdd45ef101a509b88a373d968f686c49b78 Mon Sep 17 00:00:00 2001 From: stefanprodan Date: Tue, 30 Jun 2020 17:19:22 +0300 Subject: [PATCH] Migrate to fluxcd/pkg --- controllers/storage.go | 2 +- go.mod | 5 +- go.sum | 21 +- internal/crypto/ssh/knownhosts/LICENSE | 27 -- internal/crypto/ssh/knownhosts/knownhosts.go | 446 ------------------ .../crypto/ssh/knownhosts/knownhosts_test.go | 327 ------------- internal/git/transport.go | 2 +- internal/lockedfile/LICENSE | 27 -- .../lockedfile/internal/filelock/filelock.go | 98 ---- .../internal/filelock/filelock_unix.go | 44 -- internal/lockedfile/lockedfile.go | 187 -------- internal/lockedfile/lockedfile_filelock.go | 64 --- internal/lockedfile/mutex.go | 67 --- 13 files changed, 24 insertions(+), 1293 deletions(-) delete mode 100644 internal/crypto/ssh/knownhosts/LICENSE delete mode 100644 internal/crypto/ssh/knownhosts/knownhosts.go delete mode 100644 internal/crypto/ssh/knownhosts/knownhosts_test.go delete mode 100644 internal/lockedfile/LICENSE delete mode 100755 internal/lockedfile/internal/filelock/filelock.go delete mode 100755 internal/lockedfile/internal/filelock/filelock_unix.go delete mode 100755 internal/lockedfile/lockedfile.go delete mode 100755 internal/lockedfile/lockedfile_filelock.go delete mode 100755 internal/lockedfile/mutex.go diff --git a/controllers/storage.go b/controllers/storage.go index b5b6edbf..7838ecd7 100644 --- a/controllers/storage.go +++ b/controllers/storage.go @@ -32,8 +32,8 @@ import ( "github.com/go-git/go-git/v5/plumbing/format/gitignore" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/fluxcd/pkg/lockedfile" sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1" - "github.com/fluxcd/source-controller/internal/lockedfile" ) const ( diff --git a/go.mod b/go.mod index c5af2e34..acd05171 100644 --- a/go.mod +++ b/go.mod @@ -4,13 +4,14 @@ go 1.13 require ( github.com/blang/semver v3.5.0+incompatible + github.com/fluxcd/pkg v0.0.1 github.com/go-git/go-billy/v5 v5.0.0 - github.com/go-git/go-git/v5 v5.0.0 + github.com/go-git/go-git/v5 v5.1.0 github.com/go-logr/logr v0.1.0 github.com/onsi/ginkgo v1.11.0 github.com/onsi/gomega v1.8.1 github.com/sosedoff/gitkit v0.2.1-0.20191202022816-7182d43c6254 - golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 + golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 helm.sh/helm/v3 v3.1.2 k8s.io/api v0.17.2 k8s.io/apimachinery v0.17.2 diff --git a/go.sum b/go.sum index 1b2d0336..fa3b6617 100644 --- a/go.sum +++ b/go.sum @@ -159,6 +159,8 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZM github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fluxcd/pkg v0.0.1 h1:yECp5SBjX7vUBOjd3KYBoVQwt22A0u1SZJjYV4PduAk= +github.com/fluxcd/pkg v0.0.1/go.mod h1:3DgEcVmkVYrA/BDb/fyDIJllxK++c/ovLCMPRlkAp9Y= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= @@ -178,8 +180,8 @@ github.com/go-git/go-billy/v5 v5.0.0 h1:7NQHvd9FVid8VL4qVUMm8XifBK+2xCoZ2lSk0agR github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= github.com/go-git/go-git-fixtures/v4 v4.0.1 h1:q+IFMfLx200Q3scvt2hN79JsEzy4AmBTp/pqnefH+Bc= github.com/go-git/go-git-fixtures/v4 v4.0.1/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw= -github.com/go-git/go-git/v5 v5.0.0 h1:k5RWPm4iJwYtfWoxIJy4wJX9ON7ihPeZZYC1fLYDnpg= -github.com/go-git/go-git/v5 v5.0.0/go.mod h1:oYD8y9kWsGINPFJoLdaScGCN6dlKg23blmClfZwtUVA= +github.com/go-git/go-git/v5 v5.1.0 h1:HxJn9g/E7eYvKW3Fm7Jt4ee8LXfPOm/H1cdDu8vEssk= +github.com/go-git/go-git/v5 v5.1.0/go.mod h1:ZKfuPUoY1ZqIG4QG9BDBh3G4gLM5zvPuSJAozQrZuyM= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= @@ -268,6 +270,8 @@ github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-github/v32 v32.0.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI= +github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -296,7 +300,10 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= +github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -312,6 +319,8 @@ github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI= github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg= +github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -497,6 +506,7 @@ github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljT github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= +github.com/xanzy/go-gitlab v0.32.1/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= @@ -544,6 +554,8 @@ golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -558,6 +570,7 @@ golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -576,6 +589,7 @@ golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -618,6 +632,8 @@ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -646,6 +662,7 @@ gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmK google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= diff --git a/internal/crypto/ssh/knownhosts/LICENSE b/internal/crypto/ssh/knownhosts/LICENSE deleted file mode 100644 index 6a66aea5..00000000 --- a/internal/crypto/ssh/knownhosts/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/internal/crypto/ssh/knownhosts/knownhosts.go b/internal/crypto/ssh/knownhosts/knownhosts.go deleted file mode 100644 index b83d11fd..00000000 --- a/internal/crypto/ssh/knownhosts/knownhosts.go +++ /dev/null @@ -1,446 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Copyright 2020 The FluxCD contributors. All rights reserved. -// This package provides an in-memory known hosts database -// derived from the golang.org/x/crypto/ssh/knownhosts -// package. -// It has been slightly modified and adapted to work with -// in-memory host keys not related to any known_hosts files -// on disk, and the database can be initialized with just a -// known_hosts byte blob. -// https://pkg.go.dev/golang.org/x/crypto/ssh/knownhosts - -package knownhosts - -import ( - "bufio" - "bytes" - "crypto/hmac" - "crypto/sha1" - "encoding/base64" - "errors" - "fmt" - "io" - "net" - "strings" - - "golang.org/x/crypto/ssh" - "golang.org/x/crypto/ssh/knownhosts" -) - -// See the sshd manpage -// (http://man.openbsd.org/sshd#SSH_KNOWN_HOSTS_FILE_FORMAT) for -// background. - -type addr struct{ host, port string } - -func (a *addr) String() string { - h := a.host - if strings.Contains(h, ":") { - h = "[" + h + "]" - } - return h + ":" + a.port -} - -type matcher interface { - match(addr) bool -} - -type hostPattern struct { - negate bool - addr addr -} - -func (p *hostPattern) String() string { - n := "" - if p.negate { - n = "!" - } - - return n + p.addr.String() -} - -type hostPatterns []hostPattern - -func (ps hostPatterns) match(a addr) bool { - matched := false - for _, p := range ps { - if !p.match(a) { - continue - } - if p.negate { - return false - } - matched = true - } - return matched -} - -// See -// https://android.googlesource.com/platform/external/openssh/+/ab28f5495c85297e7a597c1ba62e996416da7c7e/addrmatch.c -// The matching of * has no regard for separators, unlike filesystem globs -func wildcardMatch(pat []byte, str []byte) bool { - for { - if len(pat) == 0 { - return len(str) == 0 - } - if len(str) == 0 { - return false - } - - if pat[0] == '*' { - if len(pat) == 1 { - return true - } - - for j := range str { - if wildcardMatch(pat[1:], str[j:]) { - return true - } - } - return false - } - - if pat[0] == '?' || pat[0] == str[0] { - pat = pat[1:] - str = str[1:] - } else { - return false - } - } -} - -func (p *hostPattern) match(a addr) bool { - return wildcardMatch([]byte(p.addr.host), []byte(a.host)) && p.addr.port == a.port -} - -type inMemoryHostKeyDB struct { - hostKeys []hostKey - revoked map[string]*ssh.PublicKey -} - -func newInMemoryHostKeyDB() *inMemoryHostKeyDB { - db := &inMemoryHostKeyDB{ - revoked: make(map[string]*ssh.PublicKey), - } - - return db -} - -func keyEq(a, b ssh.PublicKey) bool { - return bytes.Equal(a.Marshal(), b.Marshal()) -} - -type hostKey struct { - matcher matcher - cert bool - key ssh.PublicKey -} - -func (l *hostKey) match(a addr) bool { - return l.matcher.match(a) -} - -// IsAuthorityForHost can be used as a callback in ssh.CertChecker -func (db *inMemoryHostKeyDB) IsHostAuthority(remote ssh.PublicKey, address string) bool { - h, p, err := net.SplitHostPort(address) - if err != nil { - return false - } - a := addr{host: h, port: p} - - for _, l := range db.hostKeys { - if l.cert && keyEq(l.key, remote) && l.match(a) { - return true - } - } - return false -} - -// IsRevoked can be used as a callback in ssh.CertChecker -func (db *inMemoryHostKeyDB) IsRevoked(key *ssh.Certificate) bool { - _, ok := db.revoked[string(key.Marshal())] - return ok -} - -const markerCert = "@cert-authority" -const markerRevoked = "@revoked" - -func nextWord(line []byte) (string, []byte) { - i := bytes.IndexAny(line, "\t ") - if i == -1 { - return string(line), nil - } - - return string(line[:i]), bytes.TrimSpace(line[i:]) -} - -func parseLine(line []byte) (marker, host string, key ssh.PublicKey, err error) { - if w, next := nextWord(line); w == markerCert || w == markerRevoked { - marker = w - line = next - } - - host, line = nextWord(line) - if len(line) == 0 { - return "", "", nil, errors.New("knownhosts: missing host pattern") - } - - // ignore the keytype as it's in the key blob anyway. - _, line = nextWord(line) - if len(line) == 0 { - return "", "", nil, errors.New("knownhosts: missing key type pattern") - } - - keyBlob, _ := nextWord(line) - - keyBytes, err := base64.StdEncoding.DecodeString(keyBlob) - if err != nil { - return "", "", nil, err - } - key, err = ssh.ParsePublicKey(keyBytes) - if err != nil { - return "", "", nil, err - } - - return marker, host, key, nil -} - -func (db *inMemoryHostKeyDB) parseLine(line []byte) error { - marker, pattern, key, err := parseLine(line) - if err != nil { - return err - } - - if marker == markerRevoked { - db.revoked[string(key.Marshal())] = &key - return nil - } - - entry := hostKey{ - key: key, - cert: marker == markerCert, - } - - if pattern[0] == '|' { - entry.matcher, err = newHashedHost(pattern) - } else { - entry.matcher, err = newHostnameMatcher(pattern) - } - - if err != nil { - return err - } - - db.hostKeys = append(db.hostKeys, entry) - return nil -} - -func newHostnameMatcher(pattern string) (matcher, error) { - var hps hostPatterns - for _, p := range strings.Split(pattern, ",") { - if len(p) == 0 { - continue - } - - var a addr - var negate bool - if p[0] == '!' { - negate = true - p = p[1:] - } - - if len(p) == 0 { - return nil, errors.New("knownhosts: negation without following hostname") - } - - var err error - if p[0] == '[' { - a.host, a.port, err = net.SplitHostPort(p) - if err != nil { - return nil, err - } - } else { - a.host, a.port, err = net.SplitHostPort(p) - if err != nil { - a.host = p - a.port = "22" - } - } - hps = append(hps, hostPattern{ - negate: negate, - addr: a, - }) - } - return hps, nil -} - -// check checks a key against the host database. This should not be -// used for verifying certificates. -func (db *inMemoryHostKeyDB) check(address string, remote net.Addr, remoteKey ssh.PublicKey) error { - if revoked := db.revoked[string(remoteKey.Marshal())]; revoked != nil { - return &knownhosts.RevokedError{Revoked: knownhosts.KnownKey{Key: *revoked}} - } - - host, port, err := net.SplitHostPort(remote.String()) - if err != nil { - return fmt.Errorf("knownhosts: SplitHostPort(%s): %v", remote, err) - } - - hostToCheck := addr{host, port} - if address != "" { - // Give preference to the hostname if available. - host, port, err := net.SplitHostPort(address) - if err != nil { - return fmt.Errorf("knownhosts: SplitHostPort(%s): %v", address, err) - } - - hostToCheck = addr{host, port} - } - - return db.checkAddr(hostToCheck, remoteKey) -} - -// checkAddr checks if we can find the given public key for the -// given address. If we only find an entry for the IP address, -// or only the hostname, then this still succeeds. -func (db *inMemoryHostKeyDB) checkAddr(a addr, remoteKey ssh.PublicKey) error { - // TODO(hanwen): are these the right semantics? What if there - // is just a key for the IP address, but not for the - // hostname? - - // Algorithm => key. - knownKeys := map[string]ssh.PublicKey{} - for _, l := range db.hostKeys { - if l.match(a) { - typ := l.key.Type() - if _, ok := knownKeys[typ]; !ok { - knownKeys[typ] = l.key - } - } - } - - keyErr := &knownhosts.KeyError{} - for _, v := range knownKeys { - keyErr.Want = append(keyErr.Want, knownhosts.KnownKey{Key: v}) - } - - // Unknown remote host. - if len(knownKeys) == 0 { - return keyErr - } - - // If the remote host starts using a different, unknown key type, we - // also interpret that as a mismatch. - if known, ok := knownKeys[remoteKey.Type()]; !ok || !keyEq(known, remoteKey) { - return keyErr - } - - return nil -} - -// The Read function parses file contents. -func (db *inMemoryHostKeyDB) Read(r io.Reader) error { - scanner := bufio.NewScanner(r) - - lineNum := 0 - for scanner.Scan() { - lineNum++ - line := scanner.Bytes() - line = bytes.TrimSpace(line) - if len(line) == 0 || line[0] == '#' { - continue - } - - if err := db.parseLine(line); err != nil { - return fmt.Errorf("knownhosts: %v", err) - } - } - return scanner.Err() -} - -// New creates a host key callback from the given OpenSSH host key -// file bytes. The returned callback is for use in -// ssh.ClientConfig.HostKeyCallback. By preference, the key check -// operates on the hostname if available, i.e. if a server changes its -// IP address, the host key check will still succeed, even though a -// record of the new IP address is not available. -func New(b []byte) (ssh.HostKeyCallback, error) { - db := newInMemoryHostKeyDB() - r := bytes.NewReader(b) - if err := db.Read(r); err != nil { - return nil, err - } - - var certChecker ssh.CertChecker - certChecker.IsHostAuthority = db.IsHostAuthority - certChecker.IsRevoked = db.IsRevoked - certChecker.HostKeyFallback = db.check - - return certChecker.CheckHostKey, nil -} - -func decodeHash(encoded string) (hashType string, salt, hash []byte, err error) { - if len(encoded) == 0 || encoded[0] != '|' { - err = errors.New("knownhosts: hashed host must start with '|'") - return - } - components := strings.Split(encoded, "|") - if len(components) != 4 { - err = fmt.Errorf("knownhosts: got %d components, want 3", len(components)) - return - } - - hashType = components[1] - if salt, err = base64.StdEncoding.DecodeString(components[2]); err != nil { - return - } - if hash, err = base64.StdEncoding.DecodeString(components[3]); err != nil { - return - } - return -} - -func encodeHash(typ string, salt []byte, hash []byte) string { - return strings.Join([]string{"", - typ, - base64.StdEncoding.EncodeToString(salt), - base64.StdEncoding.EncodeToString(hash), - }, "|") -} - -// See https://android.googlesource.com/platform/external/openssh/+/ab28f5495c85297e7a597c1ba62e996416da7c7e/hostfile.c#120 -func hashHost(hostname string, salt []byte) []byte { - mac := hmac.New(sha1.New, salt) - mac.Write([]byte(hostname)) - return mac.Sum(nil) -} - -type hashedHost struct { - salt []byte - hash []byte -} - -const sha1HashType = "1" - -func newHashedHost(encoded string) (*hashedHost, error) { - typ, salt, hash, err := decodeHash(encoded) - if err != nil { - return nil, err - } - - // The type field seems for future algorithm agility, but it's - // actually hardcoded in openssh currently, see - // https://android.googlesource.com/platform/external/openssh/+/ab28f5495c85297e7a597c1ba62e996416da7c7e/hostfile.c#120 - if typ != sha1HashType { - return nil, fmt.Errorf("knownhosts: got hash type %s, must be '1'", typ) - } - - return &hashedHost{salt: salt, hash: hash}, nil -} - -func (h *hashedHost) match(a addr) bool { - return bytes.Equal(hashHost(knownhosts.Normalize(a.String()), h.salt), h.hash) -} diff --git a/internal/crypto/ssh/knownhosts/knownhosts_test.go b/internal/crypto/ssh/knownhosts/knownhosts_test.go deleted file mode 100644 index 8d057c5a..00000000 --- a/internal/crypto/ssh/knownhosts/knownhosts_test.go +++ /dev/null @@ -1,327 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Copyright 2020 The FluxCD contributors. All rights reserved. -// This package provides an in-memory known hosts database -// derived from the golang.org/x/crypto/ssh/knownhosts -// package. -// It has been slightly modified and adapted to work with -// in-memory host keys not related to any known_hosts files -// on disk, and the database can be initialized with just a -// known_hosts byte blob. -// https://pkg.go.dev/golang.org/x/crypto/ssh/knownhosts - -package knownhosts - -import ( - "bytes" - "fmt" - "net" - "reflect" - "testing" - - "golang.org/x/crypto/ssh" - "golang.org/x/crypto/ssh/knownhosts" -) - -const edKeyStr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBAarftlLeoyf+v+nVchEZII/vna2PCV8FaX4vsF5BX" -const alternateEdKeyStr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXffBYeYL+WVzVru8npl5JHt2cjlr4ornFTWzoij9sx" -const ecKeyStr = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNLCu01+wpXe3xB5olXCN4SqU2rQu0qjSRKJO4Bg+JRCPU+ENcgdA5srTU8xYDz/GEa4dzK5ldPw4J/gZgSXCMs=" - -var ecKey, alternateEdKey, edKey ssh.PublicKey -var testAddr = &net.TCPAddr{ - IP: net.IP{198, 41, 30, 196}, - Port: 22, -} - -var testAddr6 = &net.TCPAddr{ - IP: net.IP{198, 41, 30, 196, - 1, 2, 3, 4, - 1, 2, 3, 4, - 1, 2, 3, 4, - }, - Port: 22, -} - -func init() { - var err error - ecKey, _, _, _, err = ssh.ParseAuthorizedKey([]byte(ecKeyStr)) - if err != nil { - panic(err) - } - edKey, _, _, _, err = ssh.ParseAuthorizedKey([]byte(edKeyStr)) - if err != nil { - panic(err) - } - alternateEdKey, _, _, _, err = ssh.ParseAuthorizedKey([]byte(alternateEdKeyStr)) - if err != nil { - panic(err) - } -} - -func testDB(t *testing.T, s string) *inMemoryHostKeyDB { - db := newInMemoryHostKeyDB() - if err := db.Read(bytes.NewBufferString(s)); err != nil { - t.Fatalf("Read: %v", err) - } - - return db -} - -func TestRevoked(t *testing.T) { - db := testDB(t, "\n\n@revoked * "+edKeyStr+"\n") - want := &knownhosts.RevokedError{ - Revoked: knownhosts.KnownKey{ - Key: edKey, - }, - } - if err := db.check("", &net.TCPAddr{ - Port: 42, - }, edKey); err == nil { - t.Fatal("no error for revoked key") - } else if !reflect.DeepEqual(want, err) { - t.Fatalf("got %#v, want %#v", want, err) - } -} - -func TestHostAuthority(t *testing.T) { - for _, m := range []struct { - authorityFor string - address string - - good bool - }{ - {authorityFor: "localhost", address: "localhost:22", good: true}, - {authorityFor: "localhost", address: "localhost", good: false}, - {authorityFor: "localhost", address: "localhost:1234", good: false}, - {authorityFor: "[localhost]:1234", address: "localhost:1234", good: true}, - {authorityFor: "[localhost]:1234", address: "localhost:22", good: false}, - {authorityFor: "[localhost]:1234", address: "localhost", good: false}, - } { - db := testDB(t, `@cert-authority `+m.authorityFor+` `+edKeyStr) - if ok := db.IsHostAuthority(db.hostKeys[0].key, m.address); ok != m.good { - t.Errorf("IsHostAuthority: authority %s, address %s, wanted good = %v, got good = %v", - m.authorityFor, m.address, m.good, ok) - } - } -} - -func TestBracket(t *testing.T) { - db := testDB(t, `[git.eclipse.org]:29418,[198.41.30.196]:29418 `+edKeyStr) - - if err := db.check("git.eclipse.org:29418", &net.TCPAddr{ - IP: net.IP{198, 41, 30, 196}, - Port: 29418, - }, edKey); err != nil { - t.Errorf("got error %v, want none", err) - } - - if err := db.check("git.eclipse.org:29419", &net.TCPAddr{ - Port: 42, - }, edKey); err == nil { - t.Fatalf("no error for unknown address") - } else if ke, ok := err.(*knownhosts.KeyError); !ok { - t.Fatalf("got type %T, want *KeyError", err) - } else if len(ke.Want) > 0 { - t.Fatalf("got Want %v, want []", ke.Want) - } -} - -func TestNewKeyType(t *testing.T) { - str := fmt.Sprintf("%s %s", testAddr, edKeyStr) - db := testDB(t, str) - if err := db.check("", testAddr, ecKey); err == nil { - t.Fatalf("no error for unknown address") - } else if ke, ok := err.(*knownhosts.KeyError); !ok { - t.Fatalf("got type %T, want *KeyError", err) - } else if len(ke.Want) == 0 { - t.Fatalf("got empty KeyError.Want") - } -} - -func TestSameKeyType(t *testing.T) { - str := fmt.Sprintf("%s %s", testAddr, edKeyStr) - db := testDB(t, str) - if err := db.check("", testAddr, alternateEdKey); err == nil { - t.Fatalf("no error for unknown address") - } else if ke, ok := err.(*knownhosts.KeyError); !ok { - t.Fatalf("got type %T, want *KeyError", err) - } else if len(ke.Want) == 0 { - t.Fatalf("got empty KeyError.Want") - } else if got, want := ke.Want[0].Key.Marshal(), edKey.Marshal(); !bytes.Equal(got, want) { - t.Fatalf("got key %q, want %q", got, want) - } -} - -func TestIPAddress(t *testing.T) { - str := fmt.Sprintf("%s %s", testAddr, edKeyStr) - db := testDB(t, str) - if err := db.check("", testAddr, edKey); err != nil { - t.Errorf("got error %q, want none", err) - } -} - -func TestIPv6Address(t *testing.T) { - str := fmt.Sprintf("%s %s", testAddr6, edKeyStr) - db := testDB(t, str) - - if err := db.check("", testAddr6, edKey); err != nil { - t.Errorf("got error %q, want none", err) - } -} - -func TestBasic(t *testing.T) { - str := fmt.Sprintf("#comment\n\nserver.org,%s %s\notherhost %s", testAddr, edKeyStr, ecKeyStr) - db := testDB(t, str) - if err := db.check("server.org:22", testAddr, edKey); err != nil { - t.Errorf("got error %v, want none", err) - } - - want := knownhosts.KnownKey{ - Key: edKey, - } - if err := db.check("server.org:22", testAddr, ecKey); err == nil { - t.Errorf("succeeded, want KeyError") - } else if ke, ok := err.(*knownhosts.KeyError); !ok { - t.Errorf("got %T, want *KeyError", err) - } else if len(ke.Want) != 1 { - t.Errorf("got %v, want 1 entry", ke) - } else if !reflect.DeepEqual(ke.Want[0], want) { - t.Errorf("got %v, want %v", ke.Want[0], want) - } -} - -func TestHostNamePrecedence(t *testing.T) { - var evilAddr = &net.TCPAddr{ - IP: net.IP{66, 66, 66, 66}, - Port: 22, - } - - str := fmt.Sprintf("server.org,%s %s\nevil.org,%s %s", testAddr, edKeyStr, evilAddr, ecKeyStr) - db := testDB(t, str) - - if err := db.check("server.org:22", evilAddr, ecKey); err == nil { - t.Errorf("check succeeded") - } else if _, ok := err.(*knownhosts.KeyError); !ok { - t.Errorf("got %T, want *KeyError", err) - } -} - -func TestDBOrderingPrecedenceKeyType(t *testing.T) { - str := fmt.Sprintf("server.org,%s %s\nserver.org,%s %s", testAddr, edKeyStr, testAddr, alternateEdKeyStr) - db := testDB(t, str) - - if err := db.check("server.org:22", testAddr, alternateEdKey); err == nil { - t.Errorf("check succeeded") - } else if _, ok := err.(*knownhosts.KeyError); !ok { - t.Errorf("got %T, want *KeyError", err) - } -} - -func TestNegate(t *testing.T) { - str := fmt.Sprintf("%s,!server.org %s", testAddr, edKeyStr) - db := testDB(t, str) - if err := db.check("server.org:22", testAddr, ecKey); err == nil { - t.Errorf("succeeded") - } else if ke, ok := err.(*knownhosts.KeyError); !ok { - t.Errorf("got error type %T, want *KeyError", err) - } else if len(ke.Want) != 0 { - t.Errorf("got expected keys %d (first of type %s), want []", len(ke.Want), ke.Want[0].Key.Type()) - } -} - -func TestWildcard(t *testing.T) { - str := fmt.Sprintf("server*.domain %s", edKeyStr) - db := testDB(t, str) - - want := &knownhosts.KeyError{ - Want: []knownhosts.KnownKey{{ - Key: edKey, - }}, - } - - got := db.check("server.domain:22", &net.TCPAddr{}, ecKey) - if !reflect.DeepEqual(got, want) { - t.Errorf("got %s, want %s", got, want) - } -} - -func TestWildcardMatch(t *testing.T) { - for _, c := range []struct { - pat, str string - want bool - }{ - {"a?b", "abb", true}, - {"ab", "abc", false}, - {"abc", "ab", false}, - {"a*b", "axxxb", true}, - {"a*b", "axbxb", true}, - {"a*b", "axbxbc", false}, - {"a*?", "axbxc", true}, - {"a*b*", "axxbxxxxxx", true}, - {"a*b*c", "axxbxxxxxxc", true}, - {"a*b*?", "axxbxxxxxxc", true}, - {"a*b*z", "axxbxxbxxxz", true}, - {"a*b*z", "axxbxxzxxxz", true}, - {"a*b*z", "axxbxxzxxx", false}, - } { - got := wildcardMatch([]byte(c.pat), []byte(c.str)) - if got != c.want { - t.Errorf("wildcardMatch(%q, %q) = %v, want %v", c.pat, c.str, got, c.want) - } - - } -} - -// TODO(hanwen): test coverage for certificates. - -const testHostname = "hostname" - -// generated with keygen -H -f -const encodedTestHostnameHash = "|1|IHXZvQMvTcZTUU29+2vXFgx8Frs=|UGccIWfRVDwilMBnA3WJoRAC75Y=" - -func TestHostHash(t *testing.T) { - testHostHash(t, testHostname, encodedTestHostnameHash) -} - -func TestHashList(t *testing.T) { - encoded := knownhosts.HashHostname(testHostname) - testHostHash(t, testHostname, encoded) -} - -func testHostHash(t *testing.T, hostname, encoded string) { - typ, salt, hash, err := decodeHash(encoded) - if err != nil { - t.Fatalf("decodeHash: %v", err) - } - - if got := encodeHash(typ, salt, hash); got != encoded { - t.Errorf("got encoding %s want %s", got, encoded) - } - - if typ != sha1HashType { - t.Fatalf("got hash type %q, want %q", typ, sha1HashType) - } - - got := hashHost(hostname, salt) - if !bytes.Equal(got, hash) { - t.Errorf("got hash %x want %x", got, hash) - } -} - -func TestHashedHostkeyCheck(t *testing.T) { - str := fmt.Sprintf("%s %s", knownhosts.HashHostname(testHostname), edKeyStr) - db := testDB(t, str) - if err := db.check(testHostname+":22", testAddr, edKey); err != nil { - t.Errorf("check(%s): %v", testHostname, err) - } - want := &knownhosts.KeyError{ - Want: []knownhosts.KnownKey{{ - Key: edKey, - }}, - } - if got := db.check(testHostname+":22", testAddr, alternateEdKey); !reflect.DeepEqual(got, want) { - t.Errorf("got error %v, want %v", got, want) - } -} diff --git a/internal/git/transport.go b/internal/git/transport.go index ca0d20a7..d9176e41 100644 --- a/internal/git/transport.go +++ b/internal/git/transport.go @@ -25,7 +25,7 @@ import ( "github.com/go-git/go-git/v5/plumbing/transport/ssh" corev1 "k8s.io/api/core/v1" - "github.com/fluxcd/source-controller/internal/crypto/ssh/knownhosts" + "github.com/fluxcd/pkg/ssh/knownhosts" ) func AuthSecretStrategyForURL(url string) AuthSecretStrategy { diff --git a/internal/lockedfile/LICENSE b/internal/lockedfile/LICENSE deleted file mode 100644 index 6a66aea5..00000000 --- a/internal/lockedfile/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/internal/lockedfile/internal/filelock/filelock.go b/internal/lockedfile/internal/filelock/filelock.go deleted file mode 100755 index aba3eed7..00000000 --- a/internal/lockedfile/internal/filelock/filelock.go +++ /dev/null @@ -1,98 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package filelock provides a platform-independent API for advisory file -// locking. Calls to functions in this package on platforms that do not support -// advisory locks will return errors for which IsNotSupported returns true. -package filelock - -import ( - "errors" - "os" -) - -// A File provides the minimal set of methods required to lock an open file. -// File implementations must be usable as map keys. -// The usual implementation is *os.File. -type File interface { - // Name returns the name of the file. - Name() string - - // Fd returns a valid file descriptor. - // (If the File is an *os.File, it must not be closed.) - Fd() uintptr - - // Stat returns the FileInfo structure describing file. - Stat() (os.FileInfo, error) -} - -// Lock places an advisory write lock on the file, blocking until it can be -// locked. -// -// If Lock returns nil, no other process will be able to place a read or write -// lock on the file until this process exits, closes f, or calls Unlock on it. -// -// If f's descriptor is already read- or write-locked, the behavior of Lock is -// unspecified. -// -// Closing the file may or may not release the lock promptly. Callers should -// ensure that Unlock is always called when Lock succeeds. -func Lock(f File) error { - return lock(f, writeLock) -} - -// RLock places an advisory read lock on the file, blocking until it can be locked. -// -// If RLock returns nil, no other process will be able to place a write lock on -// the file until this process exits, closes f, or calls Unlock on it. -// -// If f is already read- or write-locked, the behavior of RLock is unspecified. -// -// Closing the file may or may not release the lock promptly. Callers should -// ensure that Unlock is always called if RLock succeeds. -func RLock(f File) error { - return lock(f, readLock) -} - -// Unlock removes an advisory lock placed on f by this process. -// -// The caller must not attempt to unlock a file that is not locked. -func Unlock(f File) error { - return unlock(f) -} - -// String returns the name of the function corresponding to lt -// (Lock, RLock, or Unlock). -func (lt lockType) String() string { - switch lt { - case readLock: - return "RLock" - case writeLock: - return "Lock" - default: - return "Unlock" - } -} - -// IsNotSupported returns a boolean indicating whether the error is known to -// report that a function is not supported (possibly for a specific input). -// It is satisfied by ErrNotSupported as well as some syscall errors. -func IsNotSupported(err error) bool { - return isNotSupported(underlyingError(err)) -} - -var ErrNotSupported = errors.New("operation not supported") - -// underlyingError returns the underlying error for known os error types. -func underlyingError(err error) error { - switch err := err.(type) { - case *os.PathError: - return err.Err - case *os.LinkError: - return err.Err - case *os.SyscallError: - return err.Err - } - return err -} diff --git a/internal/lockedfile/internal/filelock/filelock_unix.go b/internal/lockedfile/internal/filelock/filelock_unix.go deleted file mode 100755 index 00c42628..00000000 --- a/internal/lockedfile/internal/filelock/filelock_unix.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build darwin dragonfly freebsd linux netbsd openbsd - -package filelock - -import ( - "os" - "syscall" -) - -type lockType int16 - -const ( - readLock lockType = syscall.LOCK_SH - writeLock lockType = syscall.LOCK_EX -) - -func lock(f File, lt lockType) (err error) { - for { - err = syscall.Flock(int(f.Fd()), int(lt)) - if err != syscall.EINTR { - break - } - } - if err != nil { - return &os.PathError{ - Op: lt.String(), - Path: f.Name(), - Err: err, - } - } - return nil -} - -func unlock(f File) error { - return lock(f, syscall.LOCK_UN) -} - -func isNotSupported(err error) bool { - return err == syscall.ENOSYS || err == syscall.ENOTSUP || err == syscall.EOPNOTSUPP || err == ErrNotSupported -} diff --git a/internal/lockedfile/lockedfile.go b/internal/lockedfile/lockedfile.go deleted file mode 100755 index 59b2dba4..00000000 --- a/internal/lockedfile/lockedfile.go +++ /dev/null @@ -1,187 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package lockedfile creates and manipulates files whose contents should only -// change atomically. -package lockedfile - -import ( - "fmt" - "io" - "io/ioutil" - "os" - "runtime" -) - -// A File is a locked *os.File. -// -// Closing the file releases the lock. -// -// If the program exits while a file is locked, the operating system releases -// the lock but may not do so promptly: callers must ensure that all locked -// files are closed before exiting. -type File struct { - osFile - closed bool -} - -// osFile embeds a *os.File while keeping the pointer itself unexported. -// (When we close a File, it must be the same file descriptor that we opened!) -type osFile struct { - *os.File -} - -// OpenFile is like os.OpenFile, but returns a locked file. -// If flag includes os.O_WRONLY or os.O_RDWR, the file is write-locked; -// otherwise, it is read-locked. -func OpenFile(name string, flag int, perm os.FileMode) (*File, error) { - var ( - f = new(File) - err error - ) - f.osFile.File, err = openFile(name, flag, perm) - if err != nil { - return nil, err - } - - // Although the operating system will drop locks for open files when the go - // command exits, we want to hold locks for as little time as possible, and we - // especially don't want to leave a file locked after we're done with it. Our - // Close method is what releases the locks, so use a finalizer to report - // missing Close calls on a best-effort basis. - runtime.SetFinalizer(f, func(f *File) { - panic(fmt.Sprintf("lockedfile.File %s became unreachable without a call to Close", f.Name())) - }) - - return f, nil -} - -// Open is like os.Open, but returns a read-locked file. -func Open(name string) (*File, error) { - return OpenFile(name, os.O_RDONLY, 0) -} - -// Create is like os.Create, but returns a write-locked file. -func Create(name string) (*File, error) { - return OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0666) -} - -// Edit creates the named file with mode 0666 (before umask), -// but does not truncate existing contents. -// -// If Edit succeeds, methods on the returned File can be used for I/O. -// The associated file descriptor has mode O_RDWR and the file is write-locked. -func Edit(name string) (*File, error) { - return OpenFile(name, os.O_RDWR|os.O_CREATE, 0666) -} - -// Close unlocks and closes the underlying file. -// -// Close may be called multiple times; all calls after the first will return a -// non-nil error. -func (f *File) Close() error { - if f.closed { - return &os.PathError{ - Op: "close", - Path: f.Name(), - Err: os.ErrClosed, - } - } - f.closed = true - - err := closeFile(f.osFile.File) - runtime.SetFinalizer(f, nil) - return err -} - -// Read opens the named file with a read-lock and returns its contents. -func Read(name string) ([]byte, error) { - f, err := Open(name) - if err != nil { - return nil, err - } - defer f.Close() - - return ioutil.ReadAll(f) -} - -// Write opens the named file (creating it with the given permissions if needed), -// then write-locks it and overwrites it with the given content. -func Write(name string, content io.Reader, perm os.FileMode) (err error) { - f, err := OpenFile(name, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, perm) - if err != nil { - return err - } - - _, err = io.Copy(f, content) - if closeErr := f.Close(); err == nil { - err = closeErr - } - return err -} - -// Transform invokes t with the result of reading the named file, with its lock -// still held. -// -// If t returns a nil error, Transform then writes the returned contents back to -// the file, making a best effort to preserve existing contents on error. -// -// t must not modify the slice passed to it. -func Transform(name string, t func([]byte) ([]byte, error)) (err error) { - f, err := Edit(name) - if err != nil { - return err - } - defer f.Close() - - old, err := ioutil.ReadAll(f) - if err != nil { - return err - } - - new, err := t(old) - if err != nil { - return err - } - - if len(new) > len(old) { - // The overall file size is increasing, so write the tail first: if we're - // about to run out of space on the disk, we would rather detect that - // failure before we have overwritten the original contents. - if _, err := f.WriteAt(new[len(old):], int64(len(old))); err != nil { - // Make a best effort to remove the incomplete tail. - f.Truncate(int64(len(old))) - return err - } - } - - // We're about to overwrite the old contents. In case of failure, make a best - // effort to roll back before we close the file. - defer func() { - if err != nil { - if _, err := f.WriteAt(old, 0); err == nil { - f.Truncate(int64(len(old))) - } - } - }() - - if len(new) >= len(old) { - if _, err := f.WriteAt(new[:len(old)], 0); err != nil { - return err - } - } else { - if _, err := f.WriteAt(new, 0); err != nil { - return err - } - // The overall file size is decreasing, so shrink the file to its final size - // after writing. We do this after writing (instead of before) so that if - // the write fails, enough filesystem space will likely still be reserved - // to contain the previous contents. - if err := f.Truncate(int64(len(new))); err != nil { - return err - } - } - - return nil -} diff --git a/internal/lockedfile/lockedfile_filelock.go b/internal/lockedfile/lockedfile_filelock.go deleted file mode 100755 index ed565e02..00000000 --- a/internal/lockedfile/lockedfile_filelock.go +++ /dev/null @@ -1,64 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build !plan9 - -package lockedfile - -import ( - "os" - - "github.com/fluxcd/source-controller/internal/lockedfile/internal/filelock" -) - -func openFile(name string, flag int, perm os.FileMode) (*os.File, error) { - // On BSD systems, we could add the O_SHLOCK or O_EXLOCK flag to the OpenFile - // call instead of locking separately, but we have to support separate locking - // calls for Linux and Windows anyway, so it's simpler to use that approach - // consistently. - - f, err := os.OpenFile(name, flag&^os.O_TRUNC, perm) - if err != nil { - return nil, err - } - - switch flag & (os.O_RDONLY | os.O_WRONLY | os.O_RDWR) { - case os.O_WRONLY, os.O_RDWR: - err = filelock.Lock(f) - default: - err = filelock.RLock(f) - } - if err != nil { - f.Close() - return nil, err - } - - if flag&os.O_TRUNC == os.O_TRUNC { - if err := f.Truncate(0); err != nil { - // The documentation for os.O_TRUNC says “if possible, truncate file when - // opened”, but doesn't define “possible” (golang.org/issue/28699). - // We'll treat regular files (and symlinks to regular files) as “possible” - // and ignore errors for the rest. - if fi, statErr := f.Stat(); statErr != nil || fi.Mode().IsRegular() { - filelock.Unlock(f) - f.Close() - return nil, err - } - } - } - - return f, nil -} - -func closeFile(f *os.File) error { - // Since locking syscalls operate on file descriptors, we must unlock the file - // while the descriptor is still valid — that is, before the file is closed — - // and avoid unlocking files that are already closed. - err := filelock.Unlock(f) - - if closeErr := f.Close(); err == nil { - err = closeErr - } - return err -} diff --git a/internal/lockedfile/mutex.go b/internal/lockedfile/mutex.go deleted file mode 100755 index 180a36c6..00000000 --- a/internal/lockedfile/mutex.go +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package lockedfile - -import ( - "fmt" - "os" - "sync" -) - -// A Mutex provides mutual exclusion within and across processes by locking a -// well-known file. Such a file generally guards some other part of the -// filesystem: for example, a Mutex file in a directory might guard access to -// the entire tree rooted in that directory. -// -// Mutex does not implement sync.Locker: unlike a sync.Mutex, a lockedfile.Mutex -// can fail to lock (e.g. if there is a permission error in the filesystem). -// -// Like a sync.Mutex, a Mutex may be included as a field of a larger struct but -// must not be copied after first use. The Path field must be set before first -// use and must not be change thereafter. -type Mutex struct { - Path string // The path to the well-known lock file. Must be non-empty. - mu sync.Mutex // A redundant mutex. The race detector doesn't know about file locking, so in tests we may need to lock something that it understands. -} - -// MutexAt returns a new Mutex with Path set to the given non-empty path. -func MutexAt(path string) *Mutex { - if path == "" { - panic("lockedfile.MutexAt: path must be non-empty") - } - return &Mutex{Path: path} -} - -func (mu *Mutex) String() string { - return fmt.Sprintf("lockedfile.Mutex(%s)", mu.Path) -} - -// Lock attempts to lock the Mutex. -// -// If successful, Lock returns a non-nil unlock function: it is provided as a -// return-value instead of a separate method to remind the caller to check the -// accompanying error. (See https://golang.org/issue/20803.) -func (mu *Mutex) Lock() (unlock func(), err error) { - if mu.Path == "" { - panic("lockedfile.Mutex: missing Path during Lock") - } - - // We could use either O_RDWR or O_WRONLY here. If we choose O_RDWR and the - // file at mu.Path is write-only, the call to OpenFile will fail with a - // permission error. That's actually what we want: if we add an RLock method - // in the future, it should call OpenFile with O_RDONLY and will require the - // files must be readable, so we should not let the caller make any - // assumptions about Mutex working with write-only files. - f, err := OpenFile(mu.Path, os.O_RDWR|os.O_CREATE, 0666) - if err != nil { - return nil, err - } - mu.mu.Lock() - - return func() { - mu.mu.Unlock() - f.Close() - }, nil -}