fix cd copy + rsa-pss-signingserver (#670)

## Description Two urgend fixes: - The component descriptor copy function does not copy the creation timestamp. This leads to various problems. For example a component version might be assumed to be changed, even if nothing has been done. - fix the used signing algorithm for the rsa-pss-signingserver handler. ## What type of PR is this? (check all applicable) - [ ] 🍕 Feature - [x] 🐛 Bug Fix - [ ] 📝 Documentation Update - [ ] 🎨 Style - [ ] 🧑‍💻 Code Refactor - [ ] 🔥 Performance Improvements - [x] ✅ Test - [ ] 🤖 Build - [ ] 🔁 CI - [ ] 📦 Chore (Release) - [ ] ⏩ Revert ## Related Tickets & Documents  - Related Issue # (issue) - Closes # (issue) - Fixes # (issue) > Remove if not applicable ## Screenshots  ## Added tests? - [ ] 👍 yes - [ ] 🙅 no, because they aren't needed - [ ] 🙋 no, because I need help - [ ] Separate ticket for tests # (issue/pr) Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration ## Added to documentation? - [ ] 📜 README.md - [ ] 🙅 no documentation needed ## Checklist: - [ ] My code follows the style guidelines of this project - [ ] I have performed a self-review of my code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have made corresponding changes to the documentation - [ ] My changes generate no new warnings - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] New and existing unit tests pass locally with my changes - [ ] Any dependent changes have been merged and published in downstream modules --------- Co-authored-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>
open-component-model · Feb 22, 2024 · b60bac1 · b60bac1
1 parent 944ddec
commit b60bac1
Show file tree

Hide file tree

Showing 3 changed files with 117 additions and 6 deletions.
diff --git a/pkg/contexts/ocm/compdesc/copy_test.go b/pkg/contexts/ocm/compdesc/copy_test.go
@@ -0,0 +1,110 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Open Component Model contributors.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package compdesc_test
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	. "github.com/open-component-model/ocm/pkg/testutils"
+
+	"github.com/go-test/deep"
+
+	"github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/ociartifact"
+	"github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc"
+	v1 "github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/meta/v1"
+	"github.com/open-component-model/ocm/pkg/contexts/ocm/valuemergehandler/handlers/defaultmerge"
+	"github.com/open-component-model/ocm/pkg/runtime"
+)
+
+var _ = Describe("Component Descripor Copy Test Suitet", func() {
+	Context("compdesc copy", func() {
+		It("copies CD", func() {
+
+			labels := v1.Labels{
+				*Must(v1.NewLabel("label", "value",
+					v1.WithVersion("v1"),
+					v1.WithSigning(true),
+					v1.WithMerging(defaultmerge.ALGORITHM, defaultmerge.NewConfig(defaultmerge.MODE_LOCAL)))),
+			}
+			cd := compdesc.New("mandelsoft.org/test", "1.0.0")
+			cd.Metadata.ConfiguredVersion = "xxx"
+			cd.ObjectMeta.CreationTime = compdesc.NewTimestampP()
+			cd.ObjectMeta.Provider = v1.Provider{
+				Name:   "mandelsoft",
+				Labels: labels,
+			}
+			cd.ObjectMeta.Labels = labels
+			cd.RepositoryContexts = runtime.UnstructuredTypedObjectList{
+				runtime.NewEmptyUnstructured("repo"),
+			}
+			cd.Resources = compdesc.Resources{
+				compdesc.Resource{
+					ResourceMeta: compdesc.ResourceMeta{
+						ElementMeta: compdesc.ElementMeta{
+							Name:          "resc1",
+							Version:       "v1",
+							ExtraIdentity: v1.NewExtraIdentity("id", "a"),
+							Labels:        labels,
+						},
+						Type:       "rsc",
+						Relation:   v1.LocalRelation,
+						SourceRefs: nil,
+						Digest: &v1.DigestSpec{
+							HashAlgorithm:          "hashalgo",
+							NormalisationAlgorithm: "normalgo",
+							Value:                  "digest",
+						},
+					},
+					Access: ociartifact.New("oci.com/image"),
+				},
+			}
+			cd.Sources = compdesc.Sources{
+				compdesc.Source{
+					SourceMeta: compdesc.SourceMeta{
+						ElementMeta: compdesc.ElementMeta{
+							Name:          "src1",
+							Version:       "v2",
+							ExtraIdentity: v1.NewExtraIdentity("id", "b"),
+							Labels:        labels,
+						},
+						Type: "src",
+					},
+					Access: ociartifact.New("oci.com/otherimage"),
+				},
+			}
+			cd.References = compdesc.References{
+				compdesc.ComponentReference{
+					ElementMeta:   compdesc.ElementMeta{},
+					ComponentName: "",
+					Digest:        nil,
+				},
+			}
+
+			cd.Signatures = v1.Signatures{
+				v1.Signature{
+					Name: "sig",
+					Digest: v1.DigestSpec{
+						HashAlgorithm:          "hashalgo2",
+						NormalisationAlgorithm: "normalgo2",
+						Value:                  "digest2",
+					},
+					Signature: v1.SignatureSpec{
+						Algorithm: "sigalgo",
+						Value:     "sig",
+						MediaType: "media",
+						Issuer:    "issuer",
+					},
+					Timestamp: &v1.TimestampSpec{
+						Value: "ts",
+						Time:  compdesc.NewTimestampP(),
+					},
+				},
+			}
+			cp := cd.Copy()
+
+			Expect(deep.Equal(cd, cp)).To(BeNil())
+		})
+	})
+})
diff --git a/pkg/contexts/ocm/compdesc/meta/v1/types.go b/pkg/contexts/ocm/compdesc/meta/v1/types.go
@@ -149,10 +149,11 @@ func (o *ObjectMeta) SetLabels(labels []Label) {
 // GetName returns the name of the object.
 func (o *ObjectMeta) Copy() *ObjectMeta {
 	return &ObjectMeta{
-		Name:     o.Name,
-		Version:  o.Version,
-		Labels:   o.Labels.Copy(),
-		Provider: *o.Provider.Copy(),
+		Name:         o.Name,
+		Version:      o.Version,
+		Labels:       o.Labels.Copy(),
+		Provider:     *o.Provider.Copy(),
+		CreationTime: o.CreationTime.DeepCopy(),
 	}
 }
 

diff --git a/pkg/signing/handlers/rsa-pss-signingservice/handler.go b/pkg/signing/handlers/rsa-pss-signingservice/handler.go
@@ -6,13 +6,13 @@ package rsa_pss_signingservice
 
 import (
 	"github.com/open-component-model/ocm/pkg/signing"
-	"github.com/open-component-model/ocm/pkg/signing/handlers/rsa"
+	"github.com/open-component-model/ocm/pkg/signing/handlers/rsa-pss"
 	rsa_signingservice "github.com/open-component-model/ocm/pkg/signing/handlers/rsa-signingservice"
 )
 
 // Algorithm defines the type for the RSA PKCS #1 v1.5 signature algorithm.
 const (
-	Algorithm = rsa.Algorithm
+	Algorithm = rsa_pss.Algorithm
 	Name      = "rsapss-signingservice"
 )