Clean up exported public keys if a recipient is removed (#2328)

Fixes #2315

RELEASE_NOTES=[BUGFIX] Remove exported public keys of removed
recipients.

Signed-off-by: Dominik Schulz <[email protected]>

Signed-off-by: Dominik Schulz <[email protected]>

Author: dominikschulz

internal/action/clone.go

@@ -218,7 +218,7 @@ func (s *Action) cloneCheckDecryptionKeys(ctx context.Context, mount string) err
 	var exported bool
 	if sub, err := s.Store.GetSubStore(mount); err == nil {
 		debug.Log("exporting public keys: %v", idSet.Elements())
-		exported, err = sub.ExportMissingPublicKeys(ctx, idSet.Elements())
+		exported, err = sub.UpdateExportedPublicKeys(ctx, idSet.Elements())
 		if err != nil {
 			debug.Log("failed to export missing public keys: %w", err)
 		}

internal/action/sync.go

@@ -217,7 +217,7 @@ func syncExportKeys(ctx context.Context, sub *leaf.Store, name string) error {
 
 		return err
 	}
-	exported, err := sub.ExportMissingPublicKeys(ctx, rs)
+	exported, err := sub.UpdateExportedPublicKeys(ctx, rs)
 	if err != nil {
 		out.Errorf(ctx, "Failed to export missing public keys for %q: %s", name, err)
 

internal/backend/storage/fs/store.go

@@ -157,7 +157,7 @@ func (s *Store) List(ctx context.Context, prefix string) ([]string, error) {
 			return err
 		}
 		relPath := strings.TrimPrefix(path, s.path+string(filepath.Separator)) + string(filepath.Separator)
-		if info.IsDir() && strings.HasPrefix(info.Name(), ".") && path != s.path && !strings.HasPrefix(prefix, relPath) {
+		if info.IsDir() && strings.HasPrefix(info.Name(), ".") && path != s.path && !strings.HasPrefix(prefix, relPath) && filepath.Base(path) != filepath.Base(prefix) {
 			debug.Log("skipping dot dir (relPath: %s, prefix: %s)", relPath, prefix)
 
 			return filepath.SkipDir

internal/store/leaf/crypto.go

@@ -133,6 +133,8 @@ func (s *Store) exportPublicKey(ctx context.Context, exp keyExporter, r string)
 		return "", fmt.Errorf("failed to write exported public key to store: %w", err)
 	}
 
+	debug.Log("exported public keys for %s to %s", r, filename)
+
 	return filename, nil
 }
 

internal/store/leaf/recipients.go

@@ -219,18 +219,24 @@ type keyExporter interface {
 	ExportPublicKey(ctx context.Context, id string) ([]byte, error)
 }
 
-// ExportMissingPublicKeys will export any possibly missing public keys to the
+// UpdateExportedPublicKeys will export any possibly missing public keys to the
 // stores .public-keys directory.
-func (s *Store) ExportMissingPublicKeys(ctx context.Context, rs []string) (bool, error) {
+func (s *Store) UpdateExportedPublicKeys(ctx context.Context, rs []string) (bool, error) {
 	exp, ok := s.crypto.(keyExporter)
 	if !ok {
 		debug.Log("not exporting public keys for %T", s.crypto)
 
 		return false, nil
 	}
 
-	var failed, exported bool
+	recipients := make(map[string]bool, len(rs))
 	for _, r := range rs {
+		recipients[r] = true
+	}
+
+	// add any missing keys
+	var failed, exported bool
+	for r := range recipients {
 		if r == "" {
 			continue
 		}
@@ -258,13 +264,43 @@ func (s *Store) ExportMissingPublicKeys(ctx context.Context, rs []string) (bool,
 
 			continue
 		}
+	}
+
+	// remove any extra key files
+	keys, err := s.storage.List(ctx, keyDir)
+	if err != nil {
+		failed = true
+
+		out.Errorf(ctx, "Failed to list keys: %s", err)
+	}
+
+	debug.Log("Checking %q for extra keys that need to be removed", keys)
+	for _, key := range keys {
+		key := strings.TrimPrefix(key, keyDir+string(filepath.Separator))
+		if !recipients[key] {
+			if err := s.storage.Delete(ctx, filepath.Join(keyDir, key)); err != nil {
+				out.Errorf(ctx, "Failed to remove extra key %q: %s", key, err)
+
+				continue
+			}
+
+			if err := s.storage.Add(ctx, filepath.Join(keyDir, key)); err != nil {
+				out.Errorf(ctx, "Failed to mark extra key for removal %q: %s", key, err)
+
+				continue
+			}
+
+			// to ensure the commit
+			exported = true
+			debug.Log("Removed extra key %s", key)
+		}
+	}
 
-		if err := s.storage.Commit(ctx, fmt.Sprintf("Exported Public Keys %s", r)); err != nil && !errors.Is(err, store.ErrGitNothingToCommit) {
+	if exported {
+		if err := s.storage.Commit(ctx, fmt.Sprintf("Updated exported Public Keys")); err != nil && !errors.Is(err, store.ErrGitNothingToCommit) {
 			failed = true
 
 			out.Errorf(ctx, "Failed to git commit: %s", err)
-
-			continue
 		}
 	}
 
@@ -302,9 +338,12 @@ func (s *Store) saveRecipients(ctx context.Context, rs []string, msg string) err
 
 	// save all recipients public keys to the repo
 	if ctxutil.IsExportKeys(ctx) {
-		if _, err := s.ExportMissingPublicKeys(ctx, rs); err != nil {
+		debug.Log("updating exported keys")
+		if _, err := s.UpdateExportedPublicKeys(ctx, rs); err != nil {
 			out.Errorf(ctx, "Failed to export missing public keys: %s", err)
 		}
+	} else {
+		debug.Log("updating exported keys not requested")
 	}
 
 	// push to remote repo