Skip to content

Clean up exported public keys if a recipient is removed #2328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 7, 2022
Merged

Clean up exported public keys if a recipient is removed #2328

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion internal/action/clone.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,7 +218,7 @@ func (s *Action) cloneCheckDecryptionKeys(ctx context.Context, mount string) err
var exported bool
if sub, err := s.Store.GetSubStore(mount); err == nil {
debug.Log("exporting public keys: %v", idSet.Elements())
exported, err = sub.ExportMissingPublicKeys(ctx, idSet.Elements())
exported, err = sub.UpdateExportedPublicKeys(ctx, idSet.Elements())
if err != nil {
debug.Log("failed to export missing public keys: %w", err)
}
Expand Down
2 changes: 1 addition & 1 deletion internal/action/sync.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ func syncExportKeys(ctx context.Context, sub *leaf.Store, name string) error {

return err
}
exported, err := sub.ExportMissingPublicKeys(ctx, rs)
exported, err := sub.UpdateExportedPublicKeys(ctx, rs)
if err != nil {
out.Errorf(ctx, "Failed to export missing public keys for %q: %s", name, err)

Expand Down
2 changes: 1 addition & 1 deletion internal/backend/storage/fs/store.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ func (s *Store) List(ctx context.Context, prefix string) ([]string, error) {
return err
}
relPath := strings.TrimPrefix(path, s.path+string(filepath.Separator)) + string(filepath.Separator)
if info.IsDir() && strings.HasPrefix(info.Name(), ".") && path != s.path && !strings.HasPrefix(prefix, relPath) {
if info.IsDir() && strings.HasPrefix(info.Name(), ".") && path != s.path && !strings.HasPrefix(prefix, relPath) && filepath.Base(path) != filepath.Base(prefix) {
debug.Log("skipping dot dir (relPath: %s, prefix: %s)", relPath, prefix)

return filepath.SkipDir
Expand Down
2 changes: 2 additions & 0 deletions internal/store/leaf/crypto.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,8 @@ func (s *Store) exportPublicKey(ctx context.Context, exp keyExporter, r string)
return "", fmt.Errorf("failed to write exported public key to store: %w", err)
}

debug.Log("exported public keys for %s to %s", r, filename)

return filename, nil
}

Expand Down
53 changes: 46 additions & 7 deletions internal/store/leaf/recipients.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -219,18 +219,24 @@ type keyExporter interface {
ExportPublicKey(ctx context.Context, id string) ([]byte, error)
}

// ExportMissingPublicKeys will export any possibly missing public keys to the
// UpdateExportedPublicKeys will export any possibly missing public keys to the
// stores .public-keys directory.
func (s *Store) ExportMissingPublicKeys(ctx context.Context, rs []string) (bool, error) {
func (s *Store) UpdateExportedPublicKeys(ctx context.Context, rs []string) (bool, error) {
exp, ok := s.crypto.(keyExporter)
if !ok {
debug.Log("not exporting public keys for %T", s.crypto)

return false, nil
}

var failed, exported bool
recipients := make(map[string]bool, len(rs))
for _, r := range rs {
recipients[r] = true
}

// add any missing keys
var failed, exported bool
for r := range recipients {
if r == "" {
continue
}
Expand Down Expand Up @@ -258,13 +264,43 @@ func (s *Store) ExportMissingPublicKeys(ctx context.Context, rs []string) (bool,

continue
}
}

// remove any extra key files
keys, err := s.storage.List(ctx, keyDir)
if err != nil {
failed = true

out.Errorf(ctx, "Failed to list keys: %s", err)
}

debug.Log("Checking %q for extra keys that need to be removed", keys)
for _, key := range keys {
key := strings.TrimPrefix(key, keyDir+string(filepath.Separator))
if !recipients[key] {
if err := s.storage.Delete(ctx, filepath.Join(keyDir, key)); err != nil {
out.Errorf(ctx, "Failed to remove extra key %q: %s", key, err)

continue
}

if err := s.storage.Add(ctx, filepath.Join(keyDir, key)); err != nil {
out.Errorf(ctx, "Failed to mark extra key for removal %q: %s", key, err)

continue
}

// to ensure the commit
exported = true
debug.Log("Removed extra key %s", key)
}
}

if err := s.storage.Commit(ctx, fmt.Sprintf("Exported Public Keys %s", r)); err != nil && !errors.Is(err, store.ErrGitNothingToCommit) {
if exported {
if err := s.storage.Commit(ctx, fmt.Sprintf("Updated exported Public Keys")); err != nil && !errors.Is(err, store.ErrGitNothingToCommit) {
failed = true

out.Errorf(ctx, "Failed to git commit: %s", err)

continue
}
}

Expand Down Expand Up @@ -302,9 +338,12 @@ func (s *Store) saveRecipients(ctx context.Context, rs []string, msg string) err

// save all recipients public keys to the repo
if ctxutil.IsExportKeys(ctx) {
if _, err := s.ExportMissingPublicKeys(ctx, rs); err != nil {
debug.Log("updating exported keys")
if _, err := s.UpdateExportedPublicKeys(ctx, rs); err != nil {
out.Errorf(ctx, "Failed to export missing public keys: %s", err)
}
} else {
debug.Log("updating exported keys not requested")
}

// push to remote repo
Expand Down