diff --git a/app/models/concerns/packages/debian/distribution.rb b/app/models/concerns/packages/debian/distribution.rb index 159f0044c82f9167d79a37fcb0ae86e5bd5b65a9..196bec04be63e172aeaeb78009efd3bd5561f7a9 100644 --- a/app/models/concerns/packages/debian/distribution.rb +++ b/app/models/concerns/packages/debian/distribution.rb @@ -77,23 +77,16 @@ module Packages validates container_type, presence: true validates :file_store, presence: true - - validates :file_signature, absence: true - validates :signing_keys, absence: true + validates :signed_file_store, presence: true scope :with_container, ->(subject) { where(container_type => subject) } scope :with_codename, ->(codename) { where(codename: codename) } scope :with_suite, ->(suite) { where(suite: suite) } scope :with_codename_or_suite, ->(codename_or_suite) { with_codename(codename_or_suite).or(with_suite(codename_or_suite)) } - attr_encrypted :signing_keys, - mode: :per_attribute_iv, - key: Settings.attr_encrypted_db_key_base_32, - algorithm: 'aes-256-gcm', - encode: false, - encode_iv: false - mount_file_store_uploader Packages::Debian::DistributionReleaseFileUploader + mount_uploader :signed_file, Packages::Debian::DistributionReleaseFileUploader + after_save :update_signed_file_store, if: :saved_change_to_signed_file? def component_names components.pluck(:name).sort @@ -131,6 +124,12 @@ module Packages self.class.with_container(container).with_codename(suite).exists? end + + def update_signed_file_store + # The signed_file.object_store is set during `uploader.store!` + # which happens after object is inserted/updated + self.update_column(:signed_file_store, signed_file.object_store) + end end end end diff --git a/app/uploaders/packages/debian/distribution_release_file_uploader.rb b/app/uploaders/packages/debian/distribution_release_file_uploader.rb index 9a30aac6396e434a28bfc7daf1d06eb5f722e1cd..a6ff3767b22d8b5e43c7cf1fd4122ec7809ea7f4 100644 --- a/app/uploaders/packages/debian/distribution_release_file_uploader.rb +++ b/app/uploaders/packages/debian/distribution_release_file_uploader.rb @@ -10,7 +10,12 @@ class Packages::Debian::DistributionReleaseFileUploader < GitlabUploader alias_method :upload, :model def filename - 'Release' + case mounted_as + when :signed_file + 'InRelease' + else + 'Release' + end end def store_dir diff --git a/db/migrate/20210721125525_add_signed_file_to_packages_debian_project_distributions.rb b/db/migrate/20210721125525_add_signed_file_to_packages_debian_project_distributions.rb new file mode 100644 index 0000000000000000000000000000000000000000..7e4a785cb54e68e73acf9efc810799b614f4100b --- /dev/null +++ b/db/migrate/20210721125525_add_signed_file_to_packages_debian_project_distributions.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class AddSignedFileToPackagesDebianProjectDistributions < ActiveRecord::Migration[6.1] + include Gitlab::Database::MigrationHelpers + + # rubocop:disable Migration/AddLimitToTextColumns + # limit is added in 20210721125620_add_text_limit_to_packages_debian_project_distributions_signed_files + def change + add_column :packages_debian_project_distributions, :signed_file, :text + add_column :packages_debian_project_distributions, :signed_file_store, :integer, limit: 2, default: 1, null: false + end + # rubocop:enable Migration/AddLimitToTextColumns +end diff --git a/db/migrate/20210721125545_add_signed_file_to_packages_debian_group_distributions.rb b/db/migrate/20210721125545_add_signed_file_to_packages_debian_group_distributions.rb new file mode 100644 index 0000000000000000000000000000000000000000..f27c158bed2d9cc3016c544a782e69187060d8f0 --- /dev/null +++ b/db/migrate/20210721125545_add_signed_file_to_packages_debian_group_distributions.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class AddSignedFileToPackagesDebianGroupDistributions < ActiveRecord::Migration[6.1] + include Gitlab::Database::MigrationHelpers + + # rubocop:disable Migration/AddLimitToTextColumns + # limit is added in 20210721125637_add_text_limit_to_packages_debian_group_distributions_signed_files + def change + add_column :packages_debian_group_distributions, :signed_file, :text + add_column :packages_debian_group_distributions, :signed_file_store, :integer, limit: 2, default: 1, null: false + end + # rubocop:enable Migration/AddLimitToTextColumns +end diff --git a/db/migrate/20210721125620_add_text_limit_to_packages_debian_project_distributions_signed_files.rb b/db/migrate/20210721125620_add_text_limit_to_packages_debian_project_distributions_signed_files.rb new file mode 100644 index 0000000000000000000000000000000000000000..77524a5b06878b5b4965e14d653d8314c51b0941 --- /dev/null +++ b/db/migrate/20210721125620_add_text_limit_to_packages_debian_project_distributions_signed_files.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +class AddTextLimitToPackagesDebianProjectDistributionsSignedFiles < ActiveRecord::Migration[6.1] + include Gitlab::Database::MigrationHelpers + disable_ddl_transaction! + + def up + add_text_limit :packages_debian_project_distributions, :signed_file, 255 + end + + def down + remove_text_limit :packages_debian_project_distributions, :signed_file + end +end diff --git a/db/migrate/20210721125637_add_text_limit_to_packages_debian_group_distributions_signed_files.rb b/db/migrate/20210721125637_add_text_limit_to_packages_debian_group_distributions_signed_files.rb new file mode 100644 index 0000000000000000000000000000000000000000..ef203cb2ff7695670efab96227b96d882103226b --- /dev/null +++ b/db/migrate/20210721125637_add_text_limit_to_packages_debian_group_distributions_signed_files.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +class AddTextLimitToPackagesDebianGroupDistributionsSignedFiles < ActiveRecord::Migration[6.1] + include Gitlab::Database::MigrationHelpers + disable_ddl_transaction! + + def up + add_text_limit :packages_debian_group_distributions, :signed_file, 255 + end + + def down + remove_text_limit :packages_debian_group_distributions, :signed_file + end +end diff --git a/db/post_migrate/20210721125804_remove_signing_keys_from_packages_debian_project_distributions.rb b/db/post_migrate/20210721125804_remove_signing_keys_from_packages_debian_project_distributions.rb new file mode 100644 index 0000000000000000000000000000000000000000..076a238381ed43241df98fc6be643304018f1f09 --- /dev/null +++ b/db/post_migrate/20210721125804_remove_signing_keys_from_packages_debian_project_distributions.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +class RemoveSigningKeysFromPackagesDebianProjectDistributions < ActiveRecord::Migration[6.1] + include Gitlab::Database::MigrationHelpers + + def change + remove_column :packages_debian_project_distributions, :encrypted_signing_keys, :text + remove_column :packages_debian_project_distributions, :encrypted_signing_keys_iv, :text + end +end diff --git a/db/post_migrate/20210721125820_remove_signing_keys_from_packages_debian_group_distributions.rb b/db/post_migrate/20210721125820_remove_signing_keys_from_packages_debian_group_distributions.rb new file mode 100644 index 0000000000000000000000000000000000000000..4b751c069729fced1682a1b6c52b6aed12222624 --- /dev/null +++ b/db/post_migrate/20210721125820_remove_signing_keys_from_packages_debian_group_distributions.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +class RemoveSigningKeysFromPackagesDebianGroupDistributions < ActiveRecord::Migration[6.1] + include Gitlab::Database::MigrationHelpers + + def change + remove_column :packages_debian_group_distributions, :encrypted_signing_keys, :text + remove_column :packages_debian_group_distributions, :encrypted_signing_keys_iv, :text + end +end diff --git a/db/schema_migrations/20210721125525 b/db/schema_migrations/20210721125525 new file mode 100644 index 0000000000000000000000000000000000000000..fa11899d7b4586b810c409841e6cf888a384e2ed --- /dev/null +++ b/db/schema_migrations/20210721125525 @@ -0,0 +1 @@ +8ffb00b1a86fb1f9574b3811f88a65a1478f64cf59dc99a3324e04c4f4f0c7dd \ No newline at end of file diff --git a/db/schema_migrations/20210721125545 b/db/schema_migrations/20210721125545 new file mode 100644 index 0000000000000000000000000000000000000000..372de21e15149560307ff052b1ead09db16cb2d1 --- /dev/null +++ b/db/schema_migrations/20210721125545 @@ -0,0 +1 @@ +8b43136ea6df74ad379537e28392c43770ecd8586eff8e830c52e65976f6978a \ No newline at end of file diff --git a/db/schema_migrations/20210721125620 b/db/schema_migrations/20210721125620 new file mode 100644 index 0000000000000000000000000000000000000000..4b72ac2437935a647fb15b5cc2b190a3cc03d51d --- /dev/null +++ b/db/schema_migrations/20210721125620 @@ -0,0 +1 @@ +fa27f8e932f47946a67b2e739a978573e5f375ac0b1058ee79353e22d514755d \ No newline at end of file diff --git a/db/schema_migrations/20210721125637 b/db/schema_migrations/20210721125637 new file mode 100644 index 0000000000000000000000000000000000000000..dd4b29fdf1c0c08f1e66eb66cba62a083a01abc2 --- /dev/null +++ b/db/schema_migrations/20210721125637 @@ -0,0 +1 @@ +40f99f3c05290fe967cac6c1b90d913decacb491e1253fb166d4dd06363dd38b \ No newline at end of file diff --git a/db/schema_migrations/20210721125804 b/db/schema_migrations/20210721125804 new file mode 100644 index 0000000000000000000000000000000000000000..41756d62a7fdd4bf531a15cba2c79914848b6959 --- /dev/null +++ b/db/schema_migrations/20210721125804 @@ -0,0 +1 @@ +5c6cc14f49d8fa9d0f0610eab731f93f874d6e9b5e3d49d5a127830241528488 \ No newline at end of file diff --git a/db/schema_migrations/20210721125820 b/db/schema_migrations/20210721125820 new file mode 100644 index 0000000000000000000000000000000000000000..0c281f8587a72f9c39e0c6a76ec16a7ace3257d7 --- /dev/null +++ b/db/schema_migrations/20210721125820 @@ -0,0 +1 @@ +7cba2fedb94fb5dc7fa5b796c6a93d2c5c8b57aee64b294e0c20dde07bf5253a \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index de8408a8b241829fe5b44dc7e95befd593992ef1..6075cd812f9825bf0c4309fe1da8e0c97874f2dd 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -15866,17 +15866,16 @@ CREATE TABLE packages_debian_group_distributions ( label text, version text, description text, - encrypted_signing_keys text, - encrypted_signing_keys_iv text, file text, file_signature text, + signed_file text, + signed_file_store smallint DEFAULT 1 NOT NULL, + CONSTRAINT check_0007e0bf61 CHECK ((char_length(signed_file) <= 255)), CONSTRAINT check_310ac457b8 CHECK ((char_length(description) <= 255)), CONSTRAINT check_3d6f87fc31 CHECK ((char_length(file_signature) <= 4096)), CONSTRAINT check_3fdadf4a0c CHECK ((char_length(version) <= 255)), CONSTRAINT check_590e18405a CHECK ((char_length(codename) <= 255)), - CONSTRAINT check_9b90bc0f07 CHECK ((char_length(encrypted_signing_keys_iv) <= 255)), CONSTRAINT check_b057cd840a CHECK ((char_length(origin) <= 255)), - CONSTRAINT check_b811ec1218 CHECK ((char_length(encrypted_signing_keys) <= 2048)), CONSTRAINT check_be5ed8d307 CHECK ((char_length(file) <= 255)), CONSTRAINT check_d3244bfc0b CHECK ((char_length(label) <= 255)), CONSTRAINT check_e7c928a24b CHECK ((char_length(suite) <= 255)) @@ -15992,20 +15991,19 @@ CREATE TABLE packages_debian_project_distributions ( label text, version text, description text, - encrypted_signing_keys text, - encrypted_signing_keys_iv text, file text, file_signature text, + signed_file text, + signed_file_store smallint DEFAULT 1 NOT NULL, CONSTRAINT check_6177ccd4a6 CHECK ((char_length(origin) <= 255)), CONSTRAINT check_6f6b55a4c4 CHECK ((char_length(label) <= 255)), CONSTRAINT check_834dabadb6 CHECK ((char_length(codename) <= 255)), CONSTRAINT check_96965792c2 CHECK ((char_length(version) <= 255)), + CONSTRAINT check_9e5e22b7ff CHECK ((char_length(signed_file) <= 255)), CONSTRAINT check_a56ae58a17 CHECK ((char_length(suite) <= 255)), CONSTRAINT check_a5a2ac6af2 CHECK ((char_length(file_signature) <= 4096)), CONSTRAINT check_b93154339f CHECK ((char_length(description) <= 255)), - CONSTRAINT check_c25603a25b CHECK ((char_length(encrypted_signing_keys) <= 2048)), - CONSTRAINT check_cb4ac9599e CHECK ((char_length(file) <= 255)), - CONSTRAINT check_d488f8cce3 CHECK ((char_length(encrypted_signing_keys_iv) <= 255)) + CONSTRAINT check_cb4ac9599e CHECK ((char_length(file) <= 255)) ); CREATE SEQUENCE packages_debian_project_distributions_id_seq diff --git a/spec/support/shared_examples/models/packages/debian/distribution_shared_examples.rb b/spec/support/shared_examples/models/packages/debian/distribution_shared_examples.rb index 5459d17b1df6d3e050d08542b2b8b557eb492a46..274fbae3dfd8e7cdc306912e4e7dcdf135e32ab8 100644 --- a/spec/support/shared_examples/models/packages/debian/distribution_shared_examples.rb +++ b/spec/support/shared_examples/models/packages/debian/distribution_shared_examples.rb @@ -128,10 +128,6 @@ RSpec.shared_examples 'Debian Distribution' do |factory, container, can_freeze| it { is_expected.not_to allow_value(12.hours.to_i).for(:valid_time_duration_seconds) } end - describe '#signing_keys' do - it { is_expected.to validate_absence_of(:signing_keys) } - end - describe '#file' do it { is_expected.not_to validate_presence_of(:file) } end @@ -141,7 +137,15 @@ RSpec.shared_examples 'Debian Distribution' do |factory, container, can_freeze| end describe '#file_signature' do - it { is_expected.to validate_absence_of(:file_signature) } + it { is_expected.not_to validate_absence_of(:file_signature) } + end + + describe '#signed_file' do + it { is_expected.not_to validate_presence_of(:signed_file) } + end + + describe '#signed_file_store' do + it { is_expected.to validate_presence_of(:signed_file_store) } end end diff --git a/spec/uploaders/packages/debian/distribution_release_file_uploader_spec.rb b/spec/uploaders/packages/debian/distribution_release_file_uploader_spec.rb index d36bfac4de84e6dc241378f2ba22a9f272075453..203a453bcdd5d8232aa6917c0d07f2bef13dc93c 100644 --- a/spec/uploaders/packages/debian/distribution_release_file_uploader_spec.rb +++ b/spec/uploaders/packages/debian/distribution_release_file_uploader_spec.rb @@ -47,6 +47,16 @@ RSpec.describe Packages::Debian::DistributionReleaseFileUploader do end end end + + describe '#filename' do + it { expect(subject.filename).to eq('Release')} + + context 'with signed_file' do + let(:uploader) { described_class.new(distribution, :signed_file) } + + it { expect(subject.filename).to eq('InRelease')} + end + end end end end