Skip to content

Commit

Permalink
Merge pull request #142 from alanssitis/iss136
Browse files Browse the repository at this point in the history 
fix: added lineNormalization parameter to RecordArtifact
  • Loading branch information
@adityasaky
adityasaky authored Oct 16, 2021
2 parents 66fb113 + 7915c1c commit 26b6a96
Show file tree
Hide file tree
Showing 18 changed files with 245 additions and 112 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ jobs:
strategy:
matrix:
go-version: [1.16.x, 1.17.x]
os: [ubuntu-latest, macos-latest]
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Install Go
Expand Down
107 changes: 58 additions & 49 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,35 +115,36 @@ Usage:
in-toto run [flags]
Flags:
-c, --cert string Path to a PEM formatted certificate that corresponds with
the provided key.
-e, --exclude stringArray path patterns to match paths that should not be recorded as 0
‘materials’ or ‘products’. Passed patterns override patterns defined
in environment variables or config files. See Config docs for details.
-h, --help help for run
-k, --key string Path to a PEM formatted private key file used to sign
the resulting link metadata. (passing one of '--key'
or '--gpg' is required)
-l, --lstrip-paths stringArray path prefixes used to left-strip artifact paths before storing
them to the resulting link metadata. If multiple prefixes
are specified, only a single prefix can match the path of
any artifact and that is then left-stripped. All prefixes
are checked to ensure none of them are a left substring
of another.
-m, --materials stringArray Paths to files or directories, whose paths and hashes
are stored in the resulting link metadata before the
command is executed. Symlinks are followed.
-n, --name string Name used to associate the resulting link metadata
with the corresponding step defined in an in-toto
layout.
-d, --metadata-directory string directory to store link metadata (default "./")
-p, --products stringArray Paths to files or directories, whose paths and hashes
are stored in the resulting link metadata after the
command is executed. Symlinks are followed.
-r, --run-dir string runDir specifies the working directory of the command.
If runDir is the empty string, the command will run in the
calling process's current directory. The runDir directory must
exist, be writable, and not be a symlink.
-c, --cert string Path to a PEM formatted certificate that corresponds with
the provided key.
-e, --exclude stringArray Path patterns to match paths that should not be recorded as 0
‘materials’ or ‘products’. Passed patterns override patterns defined
in environment variables or config files. See Config docs for details.
-h, --help help for run
-k, --key string Path to a PEM formatted private key file used to sign
the resulting link metadata.
-l, --lstrip-paths stringArray Path prefixes used to left-strip artifact paths before storing
them to the resulting link metadata. If multiple prefixes
are specified, only a single prefix can match the path of
any artifact and that is then left-stripped. All prefixes
are checked to ensure none of them are a left substring
of another.
-m, --materials stringArray Paths to files or directories, whose paths and hashes
are stored in the resulting link metadata before the
command is executed. Symlinks are followed.
-d, --metadata-directory string Directory to store link metadata (default "./")
-n, --name string Name used to associate the resulting link metadata
with the corresponding step defined in an in-toto layout.
--normalize-line-endings Enable line normalization in order to support different
operating systems. It is done by replacing all line separators
with a new line character.
-p, --products stringArray Paths to files or directories, whose paths and hashes
are stored in the resulting link metadata after the
command is executed. Symlinks are followed.
-r, --run-dir string runDir specifies the working directory of the command.
If runDir is the empty string, the command will run in the
calling process's current directory. The runDir directory must
exist, be writable, and not be a symlink.
```

### sign
Expand Down Expand Up @@ -188,6 +189,9 @@ Flags:
-d, --link-dir string Path to directory where link metadata files for steps defined in
the root layout should be loaded from. If not passed links are
loaded from the current working directory.
--normalize-line-endings Enable line normalization in order to support different
operating systems. It is done by replacing all line separators
with a new line character.
```

### record
Expand All @@ -202,29 +206,34 @@ Usage:
in-toto record [command]
Available Commands:
start Creates a preliminary link file recording the paths and hashes of the passed materials and signs it with the passed functionary’s key.
start Creates a preliminary link file recording the paths and hashes of the
passed materials and signs it with the passed functionary’s key.
stop Records and adds the paths and hashes of the passed products to the link metadata file and updates the signature.
Flags:
-c, --cert string Path to a PEM formatted certificate that corresponds with the provided key.
-e, --exclude stringArray Path patterns to match paths that should not be recorded as
‘materials’ or ‘products’. Passed patterns override patterns defined
in environment variables or config files. See Config docs for details.
-h, --help help for record
-k, --key string Path to a private key file to sign the resulting link metadata.
The keyid prefix is used as an infix for the link metadata filename,
i.e. ‘<name>.<keyid prefix>.link’. See ‘–key-type’ for available
formats. Passing one of ‘–key’ or ‘–gpg’ is required.
-l, --lstrip-paths stringArray Path prefixes used to left-strip artifact paths before storing
them to the resulting link metadata. If multiple prefixes
are specified, only a single prefix can match the path of
any artifact and that is then left-stripped. All prefixes
are checked to ensure none of them are a left substring
of another.
-d, --metadata-directory string directory to store link metadata (default "./")
-n, --name string name for the resulting link metadata file.
It is also used to associate the link with a step defined
in an in-toto layout.
-c, --cert string Path to a PEM formatted certificate that corresponds
with the provided key.
-e, --exclude stringArray Path patterns to match paths that should not be recorded as
‘materials’ or ‘products’. Passed patterns override patterns defined
in environment variables or config files. See Config docs for details.
-h, --help help for record
-k, --key string Path to a private key file to sign the resulting link metadata.
The keyid prefix is used as an infix for the link metadata filename,
i.e. ‘<name>.<keyid prefix>.link’. See ‘–key-type’ for available
formats. Passing one of ‘–key’ or ‘–gpg’ is required.
-l, --lstrip-paths stringArray Path prefixes used to left-strip artifact paths before storing
them to the resulting link metadata. If multiple prefixes
are specified, only a single prefix can match the path of
any artifact and that is then left-stripped. All prefixes
are checked to ensure none of them are a left substring
of another.
-d, --metadata-directory string Directory to store link metadata (default "./")
-n, --name string Name for the resulting link metadata file.
It is also used to associate the link with a step defined
in an in-toto layout.
--normalize-line-endings Enable line normalization in order to support different
operating systems. It is done by replacing all line separators
with a new line character.
Use "in-toto record [command] --help" for more information about a command.
```
Expand Down
13 changes: 11 additions & 2 deletions cmd/record.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,15 @@ command is executed. Symlinks are followed.`,
are stored in the resulting link metadata after the
command is executed. Symlinks are followed.`,
)

recordCmd.Flags().BoolVar(
&lineNormalization,
"normalize-line-endings",
false,
`Enable line normalization in order to support different
operating systems. It is done by replacing all line separators
with a new line character.`,
)
}

func recordPreRun(cmd *cobra.Command, args []string) error {
Expand Down Expand Up @@ -172,7 +181,7 @@ func recordPreRun(cmd *cobra.Command, args []string) error {
}

func recordStart(cmd *cobra.Command, args []string) error {
block, err := intoto.InTotoRecordStart(recordStepName, recordMaterialsPaths, key, []string{"sha256"}, exclude, lStripPaths)
block, err := intoto.InTotoRecordStart(recordStepName, recordMaterialsPaths, key, []string{"sha256"}, exclude, lStripPaths, lineNormalization)
if err != nil {
return fmt.Errorf("failed to create start link file: %w", err)
}
Expand All @@ -195,7 +204,7 @@ func recordStop(cmd *cobra.Command, args []string) error {
return fmt.Errorf("failed to load start link file at %s: %w", prelimLinkName, err)
}

linkMb, err := intoto.InTotoRecordStop(prelimLinkMb, recordProductsPaths, key, []string{"sha256"}, exclude, lStripPaths)
linkMb, err := intoto.InTotoRecordStop(prelimLinkMb, recordProductsPaths, key, []string{"sha256"}, exclude, lStripPaths, lineNormalization)
if err != nil {
return fmt.Errorf("failed to create stop link file: %w", err)
}
Expand Down
17 changes: 9 additions & 8 deletions cmd/root.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,15 @@ import (
)

var (
layoutPath string
keyPath string
certPath string
key intoto.Key
cert intoto.Key
lStripPaths []string
exclude []string
outDir string
layoutPath string
keyPath string
certPath string
key intoto.Key
cert intoto.Key
lStripPaths []string
exclude []string
outDir string
lineNormalization bool
)

var rootCmd = &cobra.Command{
Expand Down
11 changes: 10 additions & 1 deletion cmd/run.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,15 @@ in environment variables or config files. See Config docs for details.`,
)

runCmd.MarkFlagRequired("name")

runCmd.Flags().BoolVar(
&lineNormalization,
"normalize-line-endings",
false,
`Enable line normalization in order to support different
operating systems. It is done by replacing all line separators
with a new line character.`,
)
}

func runPreRun(cmd *cobra.Command, args []string) error {
Expand Down Expand Up @@ -156,7 +165,7 @@ func runPreRun(cmd *cobra.Command, args []string) error {
}

func run(cmd *cobra.Command, args []string) error {
block, err := intoto.InTotoRun(stepName, runDir, materialsPaths, productsPaths, args, key, []string{"sha256"}, exclude, lStripPaths)
block, err := intoto.InTotoRun(stepName, runDir, materialsPaths, productsPaths, args, key, []string{"sha256"}, exclude, lStripPaths, lineNormalization)
if err != nil {
return fmt.Errorf("failed to create link metadata: %w", err)
}
Expand Down
11 changes: 10 additions & 1 deletion cmd/verify.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,15 @@ addition to any intermediates in the layout.`,

verifyCmd.MarkFlagRequired("layout")
verifyCmd.MarkFlagRequired("layout-keys")

verifyCmd.Flags().BoolVar(
&lineNormalization,
"normalize-line-endings",
false,
`Enable line normalization in order to support different
operating systems. It is done by replacing all line separators
with a new line character.`,
)
}

func verify(cmd *cobra.Command, args []string) error {
Expand Down Expand Up @@ -111,7 +120,7 @@ func verify(cmd *cobra.Command, args []string) error {
}
}

_, err := intoto.InTotoVerify(layoutMb, layoutKeys, linkDir, "", make(map[string]string), intermediatePems)
_, err := intoto.InTotoVerify(layoutMb, layoutKeys, linkDir, "", make(map[string]string), intermediatePems, lineNormalization)
if err != nil {
return fmt.Errorf("inspection failed: %w", err)
}
Expand Down
3 changes: 3 additions & 0 deletions doc/in-toto_record.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ failure and zero otherwise.
-n, --name string Name for the resulting link metadata file.
It is also used to associate the link with a step defined
in an in-toto layout.
--normalize-line-endings Enable line normalization in order to support different
operating systems. It is done by replacing all line separators
with a new line character.
```

### SEE ALSO
Expand Down
3 changes: 3 additions & 0 deletions doc/in-toto_run.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ in-toto run [flags]
-d, --metadata-directory string Directory to store link metadata (default "./")
-n, --name string Name used to associate the resulting link metadata
with the corresponding step defined in an in-toto layout.
--normalize-line-endings Enable line normalization in order to support different
operating systems. It is done by replacing all line separators
with a new line character.
-p, --products stringArray Paths to files or directories, whose paths and hashes
are stored in the resulting link metadata after the
command is executed. Symlinks are followed.
Expand Down
3 changes: 3 additions & 0 deletions doc/in-toto_verify.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ in-toto verify [flags]
-d, --link-dir string Path to directory where link metadata files for steps defined in
the root layout should be loaded from. If not passed links are
loaded from the current working directory.
--normalize-line-endings Enable line normalization in order to support different
operating systems. It is done by replacing all line separators
with a new line character.
```

### SEE ALSO
Expand Down
2 changes: 1 addition & 1 deletion in_toto/examples_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ func ExampleInTotoVerify() {
fmt.Printf("Invalid metadata found: %s", err)
}
if _, err := InTotoVerify(layoutMb, layoutKeys, LinkDirectory, "",
make(map[string]string), [][]byte{}); err != nil {
make(map[string]string), [][]byte{}, testOSisWindows()); err != nil {
fmt.Printf("In-toto verification failed: %s", err)
} else {
fmt.Println("In-toto verification succeeded!")
Expand Down
Loading

0 comments on commit 26b6a96

Please sign in to comment.