Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package google-guest-agent for openSUSE:Factory checked in at 2023-02-27 13:55:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/google-guest-agent (Old) and /work/SRC/openSUSE:Factory/.google-guest-agent.new.31432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "google-guest-agent" Mon Feb 27 13:55:02 2023 rev:20 rq:1067974 version:20230221.00 Changes: -------- --- /work/SRC/openSUSE:Factory/google-guest-agent/google-guest-agent.changes 2023-01-18 17:11:24.923896928 +0100 +++ /work/SRC/openSUSE:Factory/.google-guest-agent.new.31432/google-guest-agent.changes 2023-02-27 13:55:03.621271936 +0100 @@ -1,0 +2,12 @@ +Mon Feb 27 10:30:35 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaub...@suse.com> + +- Update to version 20230221.00 + * Allow a comment part of a pub ssh key to have an arbitrary format (#198) + + Split GetUserKey() into two functions: get and validate + + Correct the name of ValidateUser func as it validates only users + + Update tests + * Update OWNERS (#201) +- from version 20230207.00 + * Update OWNERS file (#199) + +------------------------------------------------------------------- Old: ---- guest-agent-20230112.00.tar.gz New: ---- guest-agent-20230221.00.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ google-guest-agent.spec ++++++ --- /var/tmp/diff_new_pack.ApSeXn/_old 2023-02-27 13:55:04.309276104 +0100 +++ /var/tmp/diff_new_pack.ApSeXn/_new 2023-02-27 13:55:04.313276128 +0100 @@ -24,7 +24,7 @@ %global import_path %{provider_prefix} Name: google-guest-agent -Version: 20230112.00 +Version: 20230221.00 Release: 0 Summary: Google Cloud Guest Agent License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.ApSeXn/_old 2023-02-27 13:55:04.349276346 +0100 +++ /var/tmp/diff_new_pack.ApSeXn/_new 2023-02-27 13:55:04.353276371 +0100 @@ -3,8 +3,8 @@ <param name="url">https://github.com/GoogleCloudPlatform/guest-agent/</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">20230112.00</param> - <param name="revision">20230112.00</param> + <param name="versionformat">20230221.00</param> + <param name="revision">20230221.00</param> <param name="changesgenerate">enable</param> </service> <service name="recompress" mode="disabled"> @@ -15,7 +15,7 @@ <param name="basename">guest-agent</param> </service> <service name="go_modules" mode="disabled"> - <param name="archive">guest-agent-20230112.00.tar.gz</param> + <param name="archive">guest-agent-20230221.00.tar.gz</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.ApSeXn/_old 2023-02-27 13:55:04.369276467 +0100 +++ /var/tmp/diff_new_pack.ApSeXn/_new 2023-02-27 13:55:04.373276492 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/GoogleCloudPlatform/guest-agent/</param> - <param name="changesrevision">5ea74174d32403b37ca1c9c5e1436285c0312c78</param></service></servicedata> + <param name="changesrevision">56988fa888b46dc0796a958929dceed460f7a3e8</param></service></servicedata> (No newline at EOF) ++++++ guest-agent-20230112.00.tar.gz -> guest-agent-20230221.00.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/guest-agent-20230112.00/OWNERS new/guest-agent-20230221.00/OWNERS --- old/guest-agent-20230112.00/OWNERS 2023-01-09 19:51:58.000000000 +0100 +++ new/guest-agent-20230221.00/OWNERS 2023-02-21 18:14:40.000000000 +0100 @@ -2,18 +2,12 @@ # See the OWNERS docs at https://go.k8s.io/owners approvers: - - adjackura - - hopkiw - - zmarano - bkatyl + - chaitanyakulkarni28 - dorileo - jjerger + - karnvadaliya - koln67 -reviewers: - - adjackura - - hopkiw + - quintonamore + - vorakl - zmarano - - bkatyl - - dorileo - - jjerger - - koln67 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/guest-agent-20230112.00/google_authorized_keys/main.go new/guest-agent-20230221.00/google_authorized_keys/main.go --- old/guest-agent-20230112.00/google_authorized_keys/main.go 2023-01-09 19:51:58.000000000 +0100 +++ new/guest-agent-20230221.00/google_authorized_keys/main.go 2023-02-21 18:14:40.000000000 +0100 @@ -99,6 +99,10 @@ } user, keyVal, err := utils.GetUserKey(key) + if err == nil { + err = utils.ValidateUserKey(user, keyVal) + } + if err != nil { continue } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/guest-agent-20230112.00/google_guest_agent/non_windows_accounts.go new/guest-agent-20230221.00/google_guest_agent/non_windows_accounts.go --- old/guest-agent-20230112.00/google_guest_agent/non_windows_accounts.go 2023-01-09 19:51:58.000000000 +0100 +++ new/guest-agent-20230221.00/google_guest_agent/non_windows_accounts.go 2023-02-21 18:14:40.000000000 +0100 @@ -204,6 +204,10 @@ trimmedKey := strings.Trim(mdkeys[i], " ") if trimmedKey != "" { user, keyVal, err := utils.GetUserKey(trimmedKey) + if err == nil { + err = utils.ValidateUserKey(user, keyVal) + } + if err != nil { if !utils.ContainsString(trimmedKey, badSSHKeys) { logger.Errorf("%s: %s", err.Error(), trimmedKey) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/guest-agent-20230112.00/utils/main.go new/guest-agent-20230221.00/utils/main.go --- old/guest-agent-20230112.00/utils/main.go 2023-01-09 19:51:58.000000000 +0100 +++ new/guest-agent-20230221.00/utils/main.go 2023-02-21 18:14:40.000000000 +0100 @@ -41,8 +41,8 @@ UserName string } -// CheckExpiredKey validates whether a key has expired. Keys with invalid expiration formats will result in an -// error. +// CheckExpiredKey validates whether a key has expired. +// Keys with invalid expiration formats will result in an error. func CheckExpiredKey(key string) error { trimmedKey := strings.Trim(key, " ") if trimmedKey == "" { @@ -57,6 +57,10 @@ // expiring key without expiration format. return errors.New("Invalid ssh key entry - expiration missing") } + if len(fields) >= 3 && fields[2] != "google-ssh" { + // Non-expiring key with an arbitrary comment part + return nil + } if len(fields) > 3 { lkey := sshExpiration{} if err := json.Unmarshal([]byte(fields[3]), &lkey); err != nil { @@ -89,11 +93,15 @@ } -// ValidateUserKey checks for the presence of a characters which should not be +// ValidateUser checks for the presence of a characters which should not be // allowed in a username string, returns an error if any such characters are // detected, nil otherwise. // Currently, the only banned characters are whitespace characters. -func ValidateUserKey(user string) error { +func ValidateUser(user string) error { + if user == "" { + return errors.New("Invalid username - it is empty") + } + whiteSpaceRegexp, _ := regexp.Compile("\\s") if whiteSpaceRegexp.MatchString(user) { @@ -102,8 +110,8 @@ return nil } -// GetUserKey takes a string and determines if it is a valid SSH key and returns -// the user and key if valid, nil otherwise. +// GetUserKey returns a user and a SSH key if a rawKey has a correct format, nil otherwise. +// It doesn't validate entries. func GetUserKey(rawKey string) (string, string, error) { key := strings.Trim(rawKey, " ") if key == "" { @@ -111,22 +119,32 @@ } idx := strings.Index(key, ":") if idx == -1 { - return "", "", errors.New("Invalid ssh key entry - unrecognized format") + return "", "", errors.New("Invalid ssh key entry - unrecognized format. Expecting user:ssh-key") } user := key[:idx] if user == "" { return "", "", errors.New("Invalid ssh key entry - user missing") } - if err := ValidateUserKey(user); err != nil { - return "", "", err - } - if err := CheckExpiredKey(key[idx+1:]); err != nil { - return "", "", err + if key[idx+1:] == "" { + return "", "", errors.New("Invalid ssh key entry - key missing") } return user, key[idx+1:], nil } +// ValidateUserKey takes an user and a key received from GetUserKey() and +// validate the user for special characters and the key for expiration +func ValidateUserKey(user, key string) error { + if err := ValidateUser(user); err != nil { + return err + } + if err := CheckExpiredKey(key); err != nil { + return err + } + + return nil +} + // SerialPort is a type for writing to a named serial port. type SerialPort struct { Port string diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/guest-agent-20230112.00/utils/main_test.go new/guest-agent-20230221.00/utils/main_test.go --- old/guest-agent-20230112.00/utils/main_test.go 2023-01-09 19:51:58.000000000 +0100 +++ new/guest-agent-20230221.00/utils/main_test.go 2023-02-21 18:14:40.000000000 +0100 @@ -43,19 +43,44 @@ }{ {`usera:ssh-rsa AAAA1234 google-ssh {"userName":"us...@example.com","expireOn":"2095-04-23T12:34:56+0000"}`, "usera", `ssh-rsa AAAA1234 google-ssh {"userName":"us...@example.com","expireOn":"2095-04-23T12:34:56+0000"}`, false}, - {`usera:ssh-rsa AAAA1234 google-ssh {"userName":"us...@example.com","expireOn":"2021-04-23T12:34:56+0000"}`, "", "", true}, - {`usera:ssh-rsa AAAA1234 google-ssh {"userName":"us...@example.com","expireOn":"Apri 4, 2056"}`, "", "", true}, - {`usera:ssh-rsa AAAA1234 google-ssh`, "", "", true}, {" ", "", "", true}, {"ssh-rsa AAAA1234", "", "", true}, {":ssh-rsa AAAA1234", "", "", true}, + {"userb:", "", "", true}, + {"userc:ssh-rsa AAAA1234 info text", "userc", "ssh-rsa AAAA1234 info text", false}, } for _, tt := range table { u, k, err := GetUserKey(tt.key) e := err != nil if u != tt.user || k != tt.keyVal || e != tt.haserr { - t.Errorf("GetUserKey(%s) incorrect return: got user: %s, key: %s, error: %v - want user %s, key: %s, error: %v", tt.key, u, k, e, tt.user, tt.keyVal, tt.haserr) + t.Errorf("GetUserKey(%s) incorrect return: got user: %s, key: %s, error: %v - want user: %s, key: %s, error: %v", tt.key, u, k, e, tt.user, tt.keyVal, tt.haserr) + } + } +} + +func TestValidateUserKey(t *testing.T) { + table := []struct { + user string + key string + haserr bool + }{ + {"usera", `ssh-rsa AAAA1234 google-ssh {"userName":"us...@example.com","expireOn":"2095-04-23T12:34:56+0000"}`, false}, + {"user a", `ssh-rsa AAAA1234 google-ssh {"userName":"us...@example.com","expireOn":"2095-04-23T12:34:56+0000"}`, true}, + {"usera", `ssh-rsa AAAA1234 google-ssh {"userName":"us...@example.com","expireOn":"2021-04-23T12:34:56+0000"}`, true}, + {"usera", `ssh-rsa AAAA1234 google-ssh {"userName":"us...@example.com","expireOn":"Apri 4, 2056"}`, true}, + {"usera", `ssh-rsa AAAA1234 google-ssh`, true}, + {"usera", `ssh-rsa AAAA1234 test info`, false}, + {" ", "", true}, + {"", "ssh-rsa AAAA1234", true}, + {"userb", "", true}, + } + + for _, tt := range table { + err := ValidateUserKey(tt.user, tt.key) + e := err != nil + if e != tt.haserr { + t.Errorf("ValidateUserKey(%s, %s) incorrect return: expected: %t - got: %t", tt.user, tt.key, tt.haserr, e) } } } @@ -84,7 +109,7 @@ } } -func TestValidateUserKey(t *testing.T) { +func TestValidateUser(t *testing.T) { table := []struct { user string valid bool @@ -98,10 +123,10 @@ {"username\t-g\n27", false}, } for _, tt := range table { - err := ValidateUserKey(tt.user) + err := ValidateUser(tt.user) isValid := err == nil if isValid != tt.valid { - t.Errorf("Invalid ValidateUserKey(%s) return: expected: %t - got: %t", tt.user, isValid, tt.valid) + t.Errorf("ValidateUser(%s) incorrect return: expected: %t - got: %t", tt.user, tt.valid, isValid) } } } ++++++ vendor.tar.gz ++++++