From 51d6f8b57280e551f48212cae7ab75833a71a3f3 Mon Sep 17 00:00:00 2001 From: Martin Hutchinson Date: Tue, 3 Sep 2024 14:00:13 +0100 Subject: [PATCH] POSIX oneshot: refactor code out of main method The goal here is that the main method should contain only the interesting code for putting the entries in the log. This PR moves code into methods to aid readability: - initializing the verifier - initializing the signer - evaluating the glob This is a draft while #182 is under discussion as I don't want to create a merge conflict where it can be avoided. --- cmd/posix-oneshot/main.go | 151 +++++++++++++++++++++----------------- 1 file changed, 83 insertions(+), 68 deletions(-) diff --git a/cmd/posix-oneshot/main.go b/cmd/posix-oneshot/main.go index 287ad5b6..b993cb0c 100644 --- a/cmd/posix-oneshot/main.go +++ b/cmd/posix-oneshot/main.go @@ -53,86 +53,43 @@ var ( func main() { klog.InitFlags(nil) flag.Parse() - ctx := context.Background() - // Read log public key from file or environment variable - var pubKey string - var err error - if len(*pubKeyFile) > 0 { - pubKey, err = getKeyFile(*pubKeyFile) - if err != nil { - klog.Exitf("Unable to get public key: %q", err) - } - } else { - pubKey = os.Getenv("LOG_PUBLIC_KEY") - if len(pubKey) == 0 { - klog.Exit("Supply public key file path using --public_key or set LOG_PUBLIC_KEY environment variable") - } - } - // Read log private key from file or environment variable - var privKey string - if len(*privKeyFile) > 0 { - privKey, err = getKeyFile(*privKeyFile) - if err != nil { - klog.Exitf("Unable to get private key: %q", err) - } - } else { - privKey = os.Getenv("LOG_PRIVATE_KEY") - if len(privKey) == 0 { - klog.Exit("Supply private key file path using --private_key or set LOG_PRIVATE_KEY environment variable") - } - } - - s, err := note.NewSigner(privKey) - if err != nil { - klog.Exitf("Failed to instantiate signer: %q", err) - } + // Gather the info needed for reading/writing checkpoints + v := getVerifierOrDie() + s := getSignerOrDie() origin := s.Name() - writeCP := func(size uint64, root []byte) error { - cp := &fmtlog.Checkpoint{ - Origin: origin, - Size: size, - Hash: root, - } - n, err := note.Sign(¬e.Note{Text: string(cp.Marshal())}, s) - if err != nil { - return err - } - return posix.WriteCheckpoint(*storageDir, n) - } if *initialise { + // Create the directory structure and write out an empty checkpoint if err := os.MkdirAll(*storageDir, dirPerm); err != nil { klog.Exitf("Failed to create log directory: %q", err) } - if err := writeCP(0, rfc6962.DefaultHasher.EmptyRoot()); err != nil { - klog.Exitf("Failed to write empty checkpoint") + // TODO(mhutchinson): This empty checkpoint initialization should live in Tessera + emptyCP := &fmtlog.Checkpoint{ + Origin: origin, + Size: 0, + Hash: rfc6962.DefaultHasher.EmptyRoot(), + } + n, err := note.Sign(¬e.Note{Text: string(emptyCP.Marshal())}, s) + if err != nil { + klog.Exitf("Failed to sign empty checkpoint: %s", err) } + if err := posix.WriteCheckpoint(*storageDir, n); err != nil { + klog.Exitf("Failed to write empty checkpoint: %s", err) + } + // TODO(mhutchinson): This should continue if *entries is provided os.Exit(0) } - toAdd, err := filepath.Glob(*entries) - if err != nil { - klog.Exitf("Failed to glob entries %q: %q", *entries, err) - } - klog.V(1).Infof("toAdd: %v", toAdd) - if len(toAdd) == 0 { - klog.Exit("Sequence must be run with at least one valid entry") - } - - cpRaw, err := posix.ReadCheckpoint(*storageDir) - if err != nil { - klog.Exitf("Failed to read log checkpoint: %q", err) - } - - // Check signatures - v, err := note.NewVerifier(pubKey) - if err != nil { - klog.Exitf("Failed to instantiate Verifier: %q", err) - } + filesToAdd := readEntriesOrDie() + // TODO(mhutchinson): This function should be implemented inside Tessera (it has the verifier now) readCP := func() (uint64, []byte, error) { + cpRaw, err := posix.ReadCheckpoint(*storageDir) + if err != nil { + klog.Exitf("Failed to read log checkpoint: %q", err) + } cp, _, _, err := fmtlog.ParseCheckpoint(cpRaw, origin, v) if err != nil { return 0, []byte{}, fmt.Errorf("Failed to parse Checkpoint: %q", err) @@ -153,7 +110,7 @@ func main() { } entryChan := make(chan entryInfo, 100) go func() { - for _, fp := range toAdd { + for _, fp := range filesToAdd { b, err := os.ReadFile(fp) if err != nil { klog.Exitf("Failed to read entry file %q: %q", fp, err) @@ -164,7 +121,7 @@ func main() { }() numWorkers := 256 - if l := len(toAdd); l < numWorkers { + if l := len(filesToAdd); l < numWorkers { numWorkers = l } @@ -186,6 +143,52 @@ func main() { wg.Wait() } +// Read log public key from file or environment variable +func getVerifierOrDie() note.Verifier { + var pubKey string + var err error + if len(*pubKeyFile) > 0 { + pubKey, err = getKeyFile(*pubKeyFile) + if err != nil { + klog.Exitf("Unable to get public key: %q", err) + } + } else { + pubKey = os.Getenv("LOG_PUBLIC_KEY") + if len(pubKey) == 0 { + klog.Exit("Supply public key file path using --public_key or set LOG_PUBLIC_KEY environment variable") + } + } + // Check signatures + v, err := note.NewVerifier(pubKey) + if err != nil { + klog.Exitf("Failed to instantiate Verifier: %q", err) + } + + return v +} + +// Read log private key from file or environment variable +func getSignerOrDie() note.Signer { + var privKey string + var err error + if len(*privKeyFile) > 0 { + privKey, err = getKeyFile(*privKeyFile) + if err != nil { + klog.Exitf("Unable to get private key: %q", err) + } + } else { + privKey = os.Getenv("LOG_PRIVATE_KEY") + if len(privKey) == 0 { + klog.Exit("Supply private key file path using --private_key or set LOG_PRIVATE_KEY environment variable") + } + } + s, err := note.NewSigner(privKey) + if err != nil { + klog.Exitf("Failed to instantiate signer: %q", err) + } + return s +} + func getKeyFile(path string) (string, error) { k, err := os.ReadFile(path) if err != nil { @@ -193,3 +196,15 @@ func getKeyFile(path string) (string, error) { } return string(k), nil } + +func readEntriesOrDie() []string { + toAdd, err := filepath.Glob(*entries) + if err != nil { + klog.Exitf("Failed to glob entries %q: %q", *entries, err) + } + klog.V(1).Infof("toAdd: %v", toAdd) + if len(toAdd) == 0 { + klog.Exit("Sequence must be run with at least one valid entry") + } + return toAdd +}