From 8fdffc94ca5ceb888cc721c2ff5d9682d95f994e Mon Sep 17 00:00:00 2001 From: Gergely Nagy Date: Thu, 29 Feb 2024 09:14:50 +0100 Subject: [PATCH] Add a migration to remove SSH signatures from release notes Because the `git` module did not recognize SSH signed tags, those signatures ended up in the `notes` column of the `release` table. While future signatures will not end up there, Forgejo should clean up the old ones. This migration does just that: finds all releases that have an SSH signature, and removes those signatures, preserving the rest of the note (if any). While this may seem like an expensive operation, it's only done once, and even on the largest known Forgejo instance as of this writing (Codeberg), the number of affected rows are just over a hundred, a tiny amount all things considered. Signed-off-by: Gergely Nagy --- models/forgejo_migrations/migrate.go | 2 + models/forgejo_migrations/v1_22/main_test.go | 14 +++++ models/forgejo_migrations/v1_22/v8.go | 51 +++++++++++++++++++ models/forgejo_migrations/v1_22/v8_test.go | 34 +++++++++++++ .../release.yml | 22 ++++++++ 5 files changed, 123 insertions(+) create mode 100644 models/forgejo_migrations/v1_22/main_test.go create mode 100644 models/forgejo_migrations/v1_22/v8.go create mode 100644 models/forgejo_migrations/v1_22/v8_test.go create mode 100644 models/migrations/fixtures/Test_RemoveSSHSignaturesFromReleaseNotes/release.yml diff --git a/models/forgejo_migrations/migrate.go b/models/forgejo_migrations/migrate.go index 39c8c8a142..3c85031e9a 100644 --- a/models/forgejo_migrations/migrate.go +++ b/models/forgejo_migrations/migrate.go @@ -52,6 +52,8 @@ var migrations = []*Migration{ NewMigration("Add wiki_branch to repository", forgejo_v1_22.AddWikiBranchToRepository), // v6 -> v7 NewMigration("Add enable_repo_unit_hints to the user table", forgejo_v1_22.AddUserRepoUnitHintsSetting), + // v7 -> v8 + NewMigration("Remove SSH signatures from Release notes", forgejo_v1_22.RemoveSSHSignaturesFromReleaseNotes), } // GetCurrentDBVersion returns the current Forgejo database version. diff --git a/models/forgejo_migrations/v1_22/main_test.go b/models/forgejo_migrations/v1_22/main_test.go new file mode 100644 index 0000000000..8ca5395a26 --- /dev/null +++ b/models/forgejo_migrations/v1_22/main_test.go @@ -0,0 +1,14 @@ +// Copyright 2024 The Forgejo Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package v1_22 //nolint + +import ( + "testing" + + "code.gitea.io/gitea/models/migrations/base" +) + +func TestMain(m *testing.M) { + base.MainTest(m) +} diff --git a/models/forgejo_migrations/v1_22/v8.go b/models/forgejo_migrations/v1_22/v8.go new file mode 100644 index 0000000000..2d3c0c594b --- /dev/null +++ b/models/forgejo_migrations/v1_22/v8.go @@ -0,0 +1,51 @@ +// Copyright 2024 The Forgejo Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package v1_22 //nolint + +import ( + "strings" + + "xorm.io/xorm" +) + +func RemoveSSHSignaturesFromReleaseNotes(x *xorm.Engine) error { + type Release struct { + ID int64 `xorm:"pk autoincr"` + Note string `xorm:"TEXT"` + } + + if err := x.Sync(&Release{}); err != nil { + return err + } + + var releaseNotes []struct { + ID int64 + Note string + } + + if err := x.Table("release").Where("note LIKE '%-----BEGIN SSH SIGNATURE-----%'").Find(&releaseNotes); err != nil { + return err + } + + sess := x.NewSession() + defer sess.Close() + + if err := sess.Begin(); err != nil { + return err + } + + for _, release := range releaseNotes { + idx := strings.LastIndex(release.Note, "-----BEGIN SSH SIGNATURE-----") + if idx == -1 { + continue + } + release.Note = release.Note[:idx] + _, err := sess.Exec("UPDATE `release` SET note = ? WHERE id = ?", release.Note, release.ID) + if err != nil { + return err + } + } + + return sess.Commit() +} diff --git a/models/forgejo_migrations/v1_22/v8_test.go b/models/forgejo_migrations/v1_22/v8_test.go new file mode 100644 index 0000000000..b8cd478daa --- /dev/null +++ b/models/forgejo_migrations/v1_22/v8_test.go @@ -0,0 +1,34 @@ +// Copyright 2024 The Forgejo Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package v1_22 //nolint + +import ( + "testing" + + "code.gitea.io/gitea/models/migrations/base" + + "github.com/stretchr/testify/assert" +) + +func Test_RemoveSSHSignaturesFromReleaseNotes(t *testing.T) { + // A reduced mock of the `repo_model.Release` struct. + type Release struct { + ID int64 `xorm:"pk autoincr"` + Note string `xorm:"TEXT"` + } + + x, deferable := base.PrepareTestEnv(t, 0, new(Release)) + defer deferable() + + assert.NoError(t, RemoveSSHSignaturesFromReleaseNotes(x)) + + var releases []Release + err := x.Table("release").OrderBy("id ASC").Find(&releases) + assert.NoError(t, err) + assert.Len(t, releases, 3) + + assert.Equal(t, "", releases[0].Note) + assert.Equal(t, "A message.\n", releases[1].Note) + assert.Equal(t, "no signature present here", releases[2].Note) +} diff --git a/models/migrations/fixtures/Test_RemoveSSHSignaturesFromReleaseNotes/release.yml b/models/migrations/fixtures/Test_RemoveSSHSignaturesFromReleaseNotes/release.yml new file mode 100644 index 0000000000..caa0b40b8a --- /dev/null +++ b/models/migrations/fixtures/Test_RemoveSSHSignaturesFromReleaseNotes/release.yml @@ -0,0 +1,22 @@ +# type Release struct { +# ID int64 `xorm:"pk autoincr"` +# Note string `xorm:"TEXT"` +# } +- + id: 1 + note: | + -----BEGIN SSH SIGNATURE----- + some signature + -----END SSH SIGNATURE----- + +- + id: 2 + note: | + A message. + -----BEGIN SSH SIGNATURE----- + some signature + -----END SSH SIGNATURE----- + +- + id: 3 + note: "no signature present here"