Fixes a resource leak introduced by #27069.
- add defer
- move sign code out of `repository.go`
}
defer buf.Close()
- // if rpm sign enabled
if setting.Packages.DefaultRPMSignEnabled || ctx.FormBool("sign") {
- pri, _, err := rpm_service.GetOrCreateKeyPair(ctx, ctx.Package.Owner.ID)
+ priv, _, err := rpm_service.GetOrCreateKeyPair(ctx, ctx.Package.Owner.ID)
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
- buf, err = rpm_service.SignPackage(buf, pri)
+ signedBuf, err := rpm_service.SignPackage(buf, priv)
if err != nil {
- // Not in rpm format, parsing failed.
apiError(ctx, http.StatusBadRequest, err)
return
}
+ defer signedBuf.Close()
+
+ buf = signedBuf
}
pck, err := rpm_module.ParsePackage(buf)
rpm_model "code.gitea.io/gitea/models/packages/rpm"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/json"
- "code.gitea.io/gitea/modules/log"
packages_module "code.gitea.io/gitea/modules/packages"
rpm_module "code.gitea.io/gitea/modules/packages/rpm"
"code.gitea.io/gitea/modules/util"
"github.com/ProtonMail/go-crypto/openpgp"
"github.com/ProtonMail/go-crypto/openpgp/armor"
"github.com/ProtonMail/go-crypto/openpgp/packet"
- "github.com/sassoftware/go-rpmutils"
)
// GetOrCreateRepositoryVersion gets or creates the internal repository package
OpenSize: wc.Written(),
}, nil
}
-
-func SignPackage(rpm *packages_module.HashedBuffer, privateKey string) (*packages_module.HashedBuffer, error) {
- keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewReader([]byte(privateKey)))
- if err != nil {
- // failed to parse key
- return nil, err
- }
- entity := keyring[0]
- h, err := rpmutils.SignRpmStream(rpm, entity.PrivateKey, nil)
- if err != nil {
- // error signing rpm
- return nil, err
- }
- signBlob, err := h.DumpSignatureHeader(false)
- if err != nil {
- // error writing sig header
- return nil, err
- }
- if len(signBlob)%8 != 0 {
- log.Info("incorrect padding: got %d bytes, expected a multiple of 8", len(signBlob))
- return nil, err
- }
-
- // move fp to sign end
- if _, err := rpm.Seek(int64(h.OriginalSignatureHeaderSize()), io.SeekStart); err != nil {
- return nil, err
- }
- // create signed rpm buf
- return packages_module.CreateHashedBufferFromReader(io.MultiReader(bytes.NewReader(signBlob), rpm))
-}
--- /dev/null
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package rpm
+
+import (
+ "bytes"
+ "io"
+ "strings"
+
+ packages_module "code.gitea.io/gitea/modules/packages"
+
+ "github.com/ProtonMail/go-crypto/openpgp"
+ "github.com/sassoftware/go-rpmutils"
+)
+
+func SignPackage(buf *packages_module.HashedBuffer, privateKey string) (*packages_module.HashedBuffer, error) {
+ keyring, err := openpgp.ReadArmoredKeyRing(strings.NewReader(privateKey))
+ if err != nil {
+ return nil, err
+ }
+
+ h, err := rpmutils.SignRpmStream(buf, keyring[0].PrivateKey, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ signBlob, err := h.DumpSignatureHeader(false)
+ if err != nil {
+ return nil, err
+ }
+
+ if _, err := buf.Seek(int64(h.OriginalSignatureHeaderSize()), io.SeekStart); err != nil {
+ return nil, err
+ }
+
+ // create new buf with signature prefix
+ return packages_module.CreateHashedBufferFromReader(io.MultiReader(bytes.NewReader(signBlob), buf))
+}
projects / gitea.git / commitdiff