From 6b2a1b1eafb2de1106c60c02397c448c89d3e132 Mon Sep 17 00:00:00 2001 From: jon-stewart Date: Thu, 12 Oct 2023 16:15:09 +0100 Subject: [PATCH] fix: CDK v1 signature verify --- cli/cmd/component.go | 2 +- lwcomponent/catalog.go | 30 +++++++++++++++++++----------- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/cli/cmd/component.go b/cli/cmd/component.go index f6ac8f131..fc33bc9ec 100644 --- a/cli/cmd/component.go +++ b/cli/cmd/component.go @@ -373,7 +373,7 @@ func installComponent(cmd *cobra.Command, args []string) (err error) { err = errors.Wrap(err, "Install of component failed") return } - cli.OutputChecklist(successIcon, "Component installed\n") + cli.OutputChecklist(successIcon, "Component version %s installed\n", component.InstalledVersion()) // @jon-stewart: TODO: Component lifecycle `cdk-init` command diff --git a/lwcomponent/catalog.go b/lwcomponent/catalog.go index 700083cda..4bbc7e5ca 100644 --- a/lwcomponent/catalog.go +++ b/lwcomponent/catalog.go @@ -6,6 +6,7 @@ import ( "path/filepath" "runtime" + "aead.dev/minisign" "github.com/Masterminds/semver" "github.com/lacework/go-sdk/api" "github.com/lacework/go-sdk/internal/cache" @@ -164,22 +165,22 @@ func (c *Catalog) Stage(component *CDKComponent, version string) (stageClose fun } func (c *Catalog) Verify(component *CDKComponent) (err error) { - _, err = component.stage.Signature() + data, err := os.ReadFile(filepath.Join(component.stage.Directory(), component.Name)) if err != nil { return } - // var publicKey string + sig, err := component.stage.Signature() + if err != nil { + return + } - // @jon-stewart: TODO: signature failures - // rootPublicKey := minisign.PublicKey{} - // if err := rootPublicKey.UnmarshalText([]byte(publicKey)); err != nil { - // return errors.Wrap(err, "unable to load root public key") - // } + rootPublicKey := minisign.PublicKey{} + if err := rootPublicKey.UnmarshalText([]byte(publicKey)); err != nil { + return errors.Wrap(err, "unable to load root public key") + } - // @jon-stewart: TODO: signature failures - // return verifySignature(rootPublicKey, data, sig) - return + return verifySignature(rootPublicKey, data, sig) } func (c *Catalog) Install(component *CDKComponent) (err error) { @@ -197,7 +198,14 @@ func (c *Catalog) Install(component *CDKComponent) (err error) { return } - return component.stage.Commit(componentDir) + err = component.stage.Commit(componentDir) + if err != nil { + return + } + + component.hostInfo = NewHostInfo(componentDir) + + return } // Delete a CDKComponent