Skip to content
Snippets Groups Projects
Select Git revision
  • evidentia default
  • wip
  • main protected
  • v0.9.1
  • v0.9.0
  • v0.8.2
  • v0.8.1
  • v0.8.0
  • v0.7.0
  • v0.6.0
  • v0.5.0
  • v0.4.0
  • v0.3.0
  • v0.2.0
  • v0.1.1
  • v0.1.0
16 results
Blame Permalink
  • Bob Callaway's avatar
    8b28f05b
    Remove gzip processing flow completely from rekor (#221) · 8b28f05b
    Bob Callaway authored 
    
* Remove gzip processing flow completely from rekor

Issue #208 reported different handling of gzipped content via fetch vs
direct upload to rekor server. The code should be consistent, regardless
of whether content was compressed or not - by always attempting to
verify the signature against the (unmodified) byte stream.

This patch removes the gzip decoding completely from rekor and verifies
the bytes supplied or referenced.

Also fixes issue in E2E tests where sending SIGKILL to watch process
caused message to be printed to stderr, which fails the test when
running on MacOS.

Fixes #208

Signed-off-by: default avatarBob Callaway <bcallawa@redhat.com>
    Unverified
    8b28f05b
    History
    Remove gzip processing flow completely from rekor (#221)
    Bob Callaway authored 
    
* Remove gzip processing flow completely from rekor

Issue #208 reported different handling of gzipped content via fetch vs
direct upload to rekor server. The code should be consistent, regardless
of whether content was compressed or not - by always attempting to
verify the signature against the (unmodified) byte stream.

This patch removes the gzip decoding completely from rekor and verifies
the bytes supplied or referenced.

Also fixes issue in E2E tests where sending SIGKILL to watch process
caused message to be printed to stderr, which fails the test when
running on MacOS.

Fixes #208

Signed-off-by: default avatarBob Callaway <bcallawa@redhat.com>
fetch.go 1.39 KiB 
/*
Copyright © 2021 Bob Callaway <bcallawa@redhat.com>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package util

import (
	"bytes"
	"context"
	"fmt"
	"io"
	"io/ioutil"
	"net/http"
)

// FileOrURLReadCloser Note: caller is responsible for closing ReadCloser returned from method!
func FileOrURLReadCloser(ctx context.Context, url string, content []byte) (io.ReadCloser, error) {
	var dataReader io.ReadCloser
	if url != "" {
		//TODO: set timeout here, SSL settings?
		client := &http.Client{}
		req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
		if err != nil {
			return nil, err
		}
		resp, err := client.Do(req)
		if err != nil {
			return nil, err
		}
		if resp.StatusCode < 200 || resp.StatusCode > 299 {
			return nil, fmt.Errorf("error received while fetching artifact: %v", resp.Status)
		}

		dataReader = resp.Body
	} else {
		dataReader = ioutil.NopCloser(bytes.NewReader(content))
	}
	return dataReader, nil
}