diff --git a/cmd/container-suseconnect/main.go b/cmd/container-suseconnect/main.go index cbeca4b..e8bbce3 100644 --- a/cmd/container-suseconnect/main.go +++ b/cmd/container-suseconnect/main.go @@ -126,7 +126,7 @@ func requestProducts() ([]cs.Product, error) { suseConnectData.Insecure = false if cloudCfg.Ca != "" { - regionsrv.SafeCAFile(cloudCfg.Ca) + regionsrv.SaveCAFile(cloudCfg.Ca) } regionsrv.UpdateHostsFile(cloudCfg.ServerFqdn, cloudCfg.ServerIP) diff --git a/internal/regionsrv/ca.go b/internal/regionsrv/ca.go index 381bb4c..b08ecb7 100644 --- a/internal/regionsrv/ca.go +++ b/internal/regionsrv/ca.go @@ -15,7 +15,7 @@ package regionsrv import ( - "crypto/md5" + "crypto/sha256" "io" "os" "os/exec" @@ -23,8 +23,9 @@ import ( ) var ( - hashFilePath = "/etc/pki/containerbuild-regionsrv.md5" - caFilePath = "/etc/pki/trust/anchors/containerbuild-regionsrv.pem" + oldHashFilePath = "/etc/pki/containerbuild-regionsrv.md5" + hashFilePath = "/etc/pki/containerbuild-regionsrv.sha256" + caFilePath = "/etc/pki/trust/anchors/containerbuild-regionsrv.pem" ) // commander is a very simple interface that just implements the `Run` function, @@ -34,7 +35,7 @@ type commander interface { Run() error } -// Returns true if the CA file has to be updated, false otherwise. +// Returns true if the CA file needs an update, false otherwise. func updateNeeded(contents string) bool { if _, err := os.Stat(hashFilePath); os.IsNotExist(err) { return true @@ -45,24 +46,25 @@ func updateNeeded(contents string) bool { return true } - hash := md5.New() + hash := sha256.New() io.WriteString(hash, contents) return strings.TrimSpace(string(data)) != string(hash.Sum(nil)) } -// safeCAFile implements `SafeCAFile` by assuming a `commander` type will be +// saveCAFile implements `SaveCAFile` by assuming a `commander` type will be // given. -func safeCAFile(cmd commander, contents string) error { +func saveCAFile(cmd commander, contents string) error { if !updateNeeded(contents) { return nil } // Nuke everything before populating things back again. + os.Remove(oldHashFilePath) os.Remove(hashFilePath) os.Remove(caFilePath) - // Safe the file + // Save the file err := os.WriteFile(caFilePath, []byte(contents), 0o644) if err != nil { return err @@ -73,18 +75,18 @@ func safeCAFile(cmd commander, contents string) error { return err } - // Safe the new checksum - hash := md5.New() + // Save the new checksum + hash := sha256.New() io.WriteString(hash, contents) os.WriteFile(hashFilePath, hash.Sum(nil), 0o644) return nil } -// SafeCAFile creates a certificate file into the right location if it isn't +// SaveCAFile creates a certificate file into the right location if it isn't // already there. This function will call `update-ca-certificates` whenever the // CA file has been updated. -func SafeCAFile(contents string) error { +func SaveCAFile(contents string) error { cmd := exec.Command("update-ca-certificates") - return safeCAFile(cmd, contents) + return saveCAFile(cmd, contents) } diff --git a/internal/regionsrv/ca_test.go b/internal/regionsrv/ca_test.go index db86b84..87a70de 100644 --- a/internal/regionsrv/ca_test.go +++ b/internal/regionsrv/ca_test.go @@ -15,7 +15,7 @@ package regionsrv import ( - "crypto/md5" + "crypto/sha256" "errors" "fmt" "io" @@ -41,7 +41,7 @@ func (t testCommand) Run() error { // Run this before each test to get the fixtures path right. func beforeTest() { - hashFilePath = fixturesPath("valid.md5") + hashFilePath = fixturesPath("valid.sha256") caFilePath = fixturesPath("valid.pem") } @@ -85,14 +85,14 @@ func TestUpdateIsNeededCouldNotReadFile(t *testing.T) { } } -func TestSafeCAFileBadWrite(t *testing.T) { +func TestSaveCAFileBadWrite(t *testing.T) { beforeTest() - hashFilePath = fixturesPath(fmt.Sprintf("file%v.md5", rand.Int())) + hashFilePath = fixturesPath(fmt.Sprintf("file%v.sha256", rand.Int())) caFilePath = "/wubalubadubdub" cmd := testCommand{shouldFail: false} - err := safeCAFile(cmd, "valid") + err := saveCAFile(cmd, "valid") os.Remove(hashFilePath) os.Remove(caFilePath) @@ -101,14 +101,14 @@ func TestSafeCAFileBadWrite(t *testing.T) { } } -func TestSafeCAFileBadCommand(t *testing.T) { +func TestSaveCAFileBadCommand(t *testing.T) { beforeTest() - hashFilePath = fixturesPath(fmt.Sprintf("file%v.md5", rand.Int())) + hashFilePath = fixturesPath(fmt.Sprintf("file%v.sha256", rand.Int())) caFilePath = fixturesPath(fmt.Sprintf("file%v.pem", rand.Int())) cmd := testCommand{shouldFail: true} - err := safeCAFile(cmd, "valid") + err := saveCAFile(cmd, "valid") os.Remove(hashFilePath) os.Remove(caFilePath) @@ -121,13 +121,13 @@ func TestSafeCAFileBadCommand(t *testing.T) { } } -func TestSafeCAFileSuccess(t *testing.T) { +func TestSaveCAFileSuccess(t *testing.T) { beforeTest() - hashFilePath = fixturesPath("tmp.md5") + hashFilePath = fixturesPath("tmp.sha256") cmd := testCommand{shouldFail: false} - err := safeCAFile(cmd, "valid") + err := saveCAFile(cmd, "valid") if err != nil { os.Remove(hashFilePath) t.Fatalf("Expected error to be nil: %v\n", err) @@ -136,7 +136,7 @@ func TestSafeCAFileSuccess(t *testing.T) { b, _ := os.ReadFile(hashFilePath) os.Remove(hashFilePath) - hash := md5.New() + hash := sha256.New() io.WriteString(hash, "valid") if string(b) != string(hash.Sum(nil)) { t.Fatal("Bad checksum") diff --git a/internal/regionsrv/fixtures/valid.md5 b/internal/regionsrv/fixtures/valid.md5 deleted file mode 100644 index 659a8f1..0000000 --- a/internal/regionsrv/fixtures/valid.md5 +++ /dev/null @@ -1 +0,0 @@ -�}�+jl����A�%0Y \ No newline at end of file diff --git a/internal/regionsrv/fixtures/valid.sha256 b/internal/regionsrv/fixtures/valid.sha256 new file mode 100644 index 0000000..683befc --- /dev/null +++ b/internal/regionsrv/fixtures/valid.sha256 @@ -0,0 +1 @@ +�eO����.y�pj��=�|������M���ѳ \ No newline at end of file diff --git a/internal/regionsrv/zypper.go b/internal/regionsrv/zypper.go index 328f450..8ab547a 100644 --- a/internal/regionsrv/zypper.go +++ b/internal/regionsrv/zypper.go @@ -75,8 +75,8 @@ func PrintResponse(params map[string]string) error { return errors.New("no credentials given") } - // Safe the contents of the CA file if it doesn't exist already. - if err = SafeCAFile(cfg.Ca); err != nil { + // Save the contents of the CA file if it doesn't exist already. + if err = SaveCAFile(cfg.Ca); err != nil { return err }