pkg/cache/upstream: Fix the cache with no signatures (#78)

The cache was failing if no public signatures were given; Fix it.
kalbasit · Dec 12, 2024 · 03c5dfa · 03c5dfa
1 parent c9fbf7c
commit 03c5dfa
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 52 deletions.
diff --git a/pkg/cache/upstream/cache.go b/pkg/cache/upstream/cache.go
@@ -114,8 +114,10 @@ func (c Cache) GetNarInfo(ctx context.Context, hash string) (*narinfo.NarInfo, e
 		return ni, fmt.Errorf("error while checking the narInfo: %w", err)
 	}
 
-	if !signature.VerifyFirst(ni.Fingerprint(), ni.Signatures, c.publicKeys) {
-		return ni, ErrSignatureValidationFailed
+	if len(c.publicKeys) > 0 {
+		if !signature.VerifyFirst(ni.Fingerprint(), ni.Signatures, c.publicKeys) {
+			return ni, ErrSignatureValidationFailed
+		}
 	}
 
 	return ni, nil

diff --git a/pkg/cache/upstream/cache_test.go b/pkg/cache/upstream/cache_test.go
@@ -83,74 +83,103 @@ func TestNew(t *testing.T) {
 }
 
 func TestGetNarInfo(t *testing.T) {
-	c, err := upstream.New(
-		logger,
-		"cache.nixos.org",
-		testdata.PublicKeys(),
-	)
-	require.NoError(t, err)
+	t.Parallel()
 
-	t.Run("hash not found", func(t *testing.T) {
-		t.Parallel()
+	testFn := func(withKeys bool) func(*testing.T) {
+		return func(t *testing.T) {
+			t.Parallel()
 
-		_, err := c.GetNarInfo(context.Background(), "abc123")
-		assert.ErrorIs(t, err, upstream.ErrNotFound)
-	})
+			var (
+				c upstream.Cache
 
-	t.Run("hash is found", func(t *testing.T) {
-		t.Parallel()
+				err error
+			)
 
-		ni, err := c.GetNarInfo(context.Background(), testdata.Nar1.NarInfoHash)
-		require.NoError(t, err)
+			if withKeys {
+				c, err = upstream.New(
+					logger,
+					"cache.nixos.org",
+					testdata.PublicKeys(),
+				)
+			} else {
+				c, err = upstream.New(
+					logger,
+					"cache.nixos.org",
+					nil,
+				)
+			}
 
-		assert.Equal(t, "/nix/store/n5glp21rsz314qssw9fbvfswgy3kc68f-hello-2.12.1", ni.StorePath)
-	})
+			require.NoError(t, err)
 
-	t.Run("check has failed", func(t *testing.T) {
-		t.Parallel()
+			t.Run("hash not found", func(t *testing.T) {
+				t.Parallel()
 
-		hash := "broken-" + testdata.Nar1.NarInfoHash
+				_, err := c.GetNarInfo(context.Background(), "abc123")
+				assert.ErrorIs(t, err, upstream.ErrNotFound)
+			})
 
-		ts := testdata.HTTPTestServer(t, 40)
-		defer ts.Close()
+			t.Run("hash is found", func(t *testing.T) {
+				t.Parallel()
 
-		tu, err := url.Parse(ts.URL)
-		require.NoError(t, err)
+				ni, err := c.GetNarInfo(context.Background(), testdata.Nar1.NarInfoHash)
+				require.NoError(t, err)
 
-		c, err := upstream.New(
-			logger,
-			tu.Host,
-			testdata.PublicKeys(),
-		)
-		require.NoError(t, err)
+				assert.Equal(t, "/nix/store/n5glp21rsz314qssw9fbvfswgy3kc68f-hello-2.12.1", ni.StorePath)
+			})
 
-		_, err = c.GetNarInfo(context.Background(), hash)
-		assert.ErrorContains(t, err, "error while checking the narInfo: invalid Reference[0]: notfound-path")
-	})
+			t.Run("check has failed", func(t *testing.T) {
+				t.Parallel()
 
-	for _, entry := range testdata.Entries {
-		t.Run("check does not fail", func(t *testing.T) {
-			t.Parallel()
+				hash := "broken-" + testdata.Nar1.NarInfoHash
 
-			hash := entry.NarInfoHash
+				ts := testdata.HTTPTestServer(t, 40)
+				defer ts.Close()
 
-			ts := testdata.HTTPTestServer(t, 40)
-			defer ts.Close()
+				tu, err := url.Parse(ts.URL)
+				require.NoError(t, err)
 
-			tu, err := url.Parse(ts.URL)
-			require.NoError(t, err)
+				c, err := upstream.New(
+					logger,
+					tu.Host,
+					testdata.PublicKeys(),
+				)
+				require.NoError(t, err)
 
-			c, err := upstream.New(
-				logger,
-				tu.Host,
-				testdata.PublicKeys(),
-			)
-			require.NoError(t, err)
+				_, err = c.GetNarInfo(context.Background(), hash)
+				assert.ErrorContains(t, err, "error while checking the narInfo: invalid Reference[0]: notfound-path")
+			})
 
-			_, err = c.GetNarInfo(context.Background(), hash)
-			assert.NoError(t, err)
-		})
+			for _, entry := range testdata.Entries {
+				t.Run("check does not fail", func(t *testing.T) {
+					t.Parallel()
+
+					hash := entry.NarInfoHash
+
+					ts := testdata.HTTPTestServer(t, 40)
+					defer ts.Close()
+
+					tu, err := url.Parse(ts.URL)
+					require.NoError(t, err)
+
+					c, err := upstream.New(
+						logger,
+						tu.Host,
+						testdata.PublicKeys(),
+					)
+					require.NoError(t, err)
+
+					_, err = c.GetNarInfo(context.Background(), hash)
+					assert.NoError(t, err)
+				})
+			}
+		}
 	}
+
+	//nolint:paralleltest
+	t.Run("upstream without public keys", testFn(false))
+
+	//nolint:paralleltest
+	t.Run("upstream with public keys", testFn(true))
 }
 
 func TestGetNar(t *testing.T) {