[provenance] More sensitive GIt status use

Author: csweichel

cmd/provenance-export.go

@@ -60,14 +60,18 @@ var provenanceExportCmd = &cobra.Command{
 			}
 			defer f.Close()
 			err = provutil.DecodeBundle(f, export)
+			if err != nil {
+				log.WithError(err).Fatal("cannot extract attestation bundle")
+			}
 		} else {
 			err = leeway.AccessAttestationBundleInCachedArchive(pkgFN, func(bundle io.Reader) error {
 				return provutil.DecodeBundle(bundle, export)
 			})
+			if err != nil {
+				log.WithError(err).Fatal("cannot extract attestation bundle")
+			}
 		}
-		if err != nil {
-			log.WithError(err).Fatal("cannot extract attestation bundle")
-		}
+
 	},
 }
 

pkg/leeway/gitinfo.go

@@ -0,0 +1,126 @@
+package leeway
+
+import (
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/xerrors"
+)
+
+type GitInfo struct {
+	WorkingCopyLoc string
+	Commit         string
+	Origin         string
+
+	dirty      bool
+	dirtyFiles map[string]struct{}
+}
+
+// GetGitInfo returns the git status required during a leeway build
+func GetGitInfo(loc string) (*GitInfo, error) {
+	gitfc := filepath.Join(loc, ".git")
+	stat, err := os.Stat(gitfc)
+	if err != nil || !stat.IsDir() {
+		return nil, nil
+	}
+
+	cmd := exec.Command("git", "rev-parse", "HEAD")
+	cmd.Dir = loc
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return nil, err
+	}
+	res := GitInfo{
+		WorkingCopyLoc: loc,
+		Commit:         strings.TrimSpace(string(out)),
+	}
+
+	cmd = exec.Command("git", "config", "--get", "remote.origin.url")
+	cmd.Dir = loc
+	out, err = cmd.CombinedOutput()
+	if err != nil && len(out) > 0 {
+		return nil, err
+	}
+	res.Origin = strings.TrimSpace(string(out))
+
+	cmd = exec.Command("git", "status", "--porcelain")
+	cmd.Dir = loc
+	out, err = cmd.CombinedOutput()
+	if serr, ok := err.(*exec.ExitError); ok && serr.ExitCode() != 128 {
+		// git status --short seems to exit with 128 all the time - that's ok, but we need to account for that.
+		log.WithField("exitCode", serr.ExitCode()).Debug("git status --porcelain exited with failed exit code. Working copy is dirty.")
+		res.dirty = true
+	} else if _, ok := err.(*exec.ExitError); !ok && err != nil {
+		return nil, err
+	} else if len(strings.TrimSpace(string(out))) != 0 {
+		log.WithField("out", string(out)).Debug("`git status --porcelain` produced output. Working copy is dirty.")
+
+		res.dirty = true
+		res.dirtyFiles, err = parseGitStatus(out)
+		if err != nil {
+			log.WithError(err).Warn("cannot parse git status: assuming all files are dirty")
+		}
+	}
+
+	return &res, nil
+}
+
+// parseGitStatus parses the output of "git status --porcelain"
+func parseGitStatus(out []byte) (files map[string]struct{}, err error) {
+	in := strings.TrimSpace(string(out))
+	if len(in) == 0 {
+		// no files - nothing's dirty
+		return nil, nil
+	}
+
+	lines := strings.Split(in, "\n")
+	files = make(map[string]struct{}, len(lines))
+	for _, l := range lines {
+		segs := strings.Fields(l)
+		if len(segs) == 0 {
+			continue
+		}
+		if len(segs) != 2 {
+			return nil, xerrors.Errorf("cannot parse git status \"%s\": expected two segments, got %d", l, len(segs))
+		}
+		files[segs[1]] = struct{}{}
+	}
+	return
+}
+
+// DirtyFiles returns true if a single file of the file list
+// is dirty.
+func (gi *GitInfo) DirtyFiles(files []string) bool {
+	if !gi.dirty {
+		// nothing's dirty
+		log.WithField("workingCopy", gi.WorkingCopyLoc).Debug("building from a clean working copy")
+		return false
+	}
+	if len(gi.dirtyFiles) == 0 {
+		// we don't have any record of dirty files, just that the
+		// working copy is dirty. Hence, we assume all files are dirty.
+		log.WithField("workingCopy", gi.WorkingCopyLoc).Debug("no records of dirty files - assuming dirty Git working copy")
+		return true
+	}
+	for _, f := range files {
+		if !strings.HasPrefix(f, gi.WorkingCopyLoc) {
+			// We don't know anything about this file, but the caller
+			// might make important decisions on the dirty-state of
+			// the files. For good measure we assume the file is dirty.
+			log.WithField("workingCopy", gi.WorkingCopyLoc).WithField("fn", f).Debug("no records of this file - assuming it's dirty")
+			return true
+		}
+
+		fn := strings.TrimPrefix(f, gi.WorkingCopyLoc)
+		fn = strings.TrimPrefix(fn, "/")
+		_, dirty := gi.dirtyFiles[fn]
+		if dirty {
+			log.WithField("workingCopy", gi.WorkingCopyLoc).WithField("fn", f).Debug("found dirty source file")
+			return true
+		}
+	}
+	return false
+}

pkg/leeway/gitinfo_test.go

@@ -0,0 +1,131 @@
+package leeway
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+)
+
+func TestParseGitStatus(t *testing.T) {
+	type Expectation struct {
+		Files map[string]struct{}
+		Err   string
+	}
+	tests := []struct {
+		Name        string
+		In          string
+		Expectation Expectation
+	}{
+		{
+			Name:        "empty input",
+			Expectation: Expectation{},
+		},
+		{
+			Name: "garbage",
+			In:   "hello world, this is garbage\nand some more",
+			Expectation: Expectation{
+				Err: `cannot parse git status "hello world, this is garbage": expected two segments, got 5`,
+			},
+		},
+		{
+			Name: "valid input",
+			In:   " M foobar\n M this/is/a/file",
+			Expectation: Expectation{
+				Files: map[string]struct{}{
+					"foobar":         {},
+					"this/is/a/file": {},
+				},
+			},
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.Name, func(t *testing.T) {
+			files, err := parseGitStatus([]byte(test.In))
+			var act Expectation
+			act.Files = files
+			if err != nil {
+				act.Err = err.Error()
+			}
+			if diff := cmp.Diff(test.Expectation, act); diff != "" {
+				t.Errorf("ParseGitStatus() mismatch (-want +got):\n%s", diff)
+			}
+		})
+	}
+}
+
+func TestGitInfoDirtyFiles(t *testing.T) {
+	tests := []struct {
+		Name        string
+		In          *GitInfo
+		Files       []string
+		Expectation bool
+	}{
+		{
+			Name:        "empty input",
+			In:          &GitInfo{},
+			Expectation: false,
+		},
+		{
+			Name: "dirty working copy",
+			In: &GitInfo{
+				dirty: true,
+			},
+			Files:       []string{"foo"},
+			Expectation: true,
+		},
+		{
+			Name: "dirty file",
+			In: &GitInfo{
+				dirty: true,
+				dirtyFiles: map[string]struct{}{
+					"foo": {},
+				},
+			},
+			Files:       []string{"foo"},
+			Expectation: true,
+		},
+		{
+			Name: "dirty file loc",
+			In: &GitInfo{
+				WorkingCopyLoc: "bar/",
+				dirty:          true,
+				dirtyFiles: map[string]struct{}{
+					"foo": {},
+				},
+			},
+			Files:       []string{"bar/foo"},
+			Expectation: true,
+		},
+		{
+			Name: "unknown file",
+			In: &GitInfo{
+				WorkingCopyLoc: "bar/",
+				dirty:          true,
+				dirtyFiles: map[string]struct{}{
+					"foo": {},
+				},
+			},
+			Files:       []string{"not/in/this/working/copy"},
+			Expectation: true,
+		},
+		{
+			Name: "clean file",
+			In: &GitInfo{
+				dirty: true,
+				dirtyFiles: map[string]struct{}{
+					"foo": {},
+				},
+			},
+			Files:       []string{"bar"},
+			Expectation: false,
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.Name, func(t *testing.T) {
+			act := test.In.DirtyFiles(test.Files)
+			if diff := cmp.Diff(test.Expectation, act); diff != "" {
+				t.Errorf("ParseGitStatus() mismatch (-want +got):\n%s", diff)
+			}
+		})
+	}
+}

pkg/leeway/provenance.go

@@ -36,7 +36,7 @@ const (
 	// provenanceProcessVersion is the version of the provenance generating process.
 	// If provenance is enabled in a workspace, this version becomes part of the manifest,
 	// hence changing it will invalidate previously built packages.
-	provenanceProcessVersion = 2
+	provenanceProcessVersion = 3
 
 	// ProvenanceBuilderID is the prefix we use as Builder ID when issuing provenance
 	ProvenanceBuilderID = "github.com/gitpod-io/leeway"
@@ -184,7 +184,7 @@ func (p *Package) produceSLSAEnvelope(buildctx *buildContext, subjects []in_toto
 		now            = time.Now()
 		pred           = provenance.NewSLSAPredicate()
 	)
-	if p.C.Git().Dirty {
+	if p.C.Git().DirtyFiles(p.Sources) {
 		files, err := p.inTotoMaterials()
 		if err != nil {
 			return nil, err

pkg/leeway/workspace.go

@@ -50,12 +50,6 @@ type Workspace struct {
 	ignores []string
 }
 
-type GitInfo struct {
-	Commit string
-	Origin string
-	Dirty  bool
-}
-
 type WorkspaceProvenance struct {
 	Enabled bool `yaml:"enabled"`
 	SLSA    bool `yaml:"slsa"`
@@ -456,48 +450,6 @@ func loadWorkspace(ctx context.Context, path string, args Arguments, variant str
 	return workspace, nil
 }
 
-// GetGitInfo returns the git status required during a leeway build
-func GetGitInfo(loc string) (*GitInfo, error) {
-	gitfc := filepath.Join(loc, ".git")
-	stat, err := os.Stat(gitfc)
-	if err != nil || !stat.IsDir() {
-		return nil, nil
-	}
-
-	var res GitInfo
-	cmd := exec.Command("git", "rev-parse", "HEAD")
-	cmd.Dir = loc
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		return nil, err
-	}
-	res.Commit = strings.TrimSpace(string(out))
-
-	cmd = exec.Command("git", "config", "--get", "remote.origin.url")
-	cmd.Dir = loc
-	out, err = cmd.CombinedOutput()
-	if err != nil && len(out) > 0 {
-		return nil, err
-	}
-	res.Origin = strings.TrimSpace(string(out))
-
-	cmd = exec.Command("git", "status", "--short")
-	cmd.Dir = loc
-	out, err = cmd.CombinedOutput()
-	if serr, ok := err.(*exec.ExitError); ok && serr.ExitCode() != 128 {
-		// git status --short seems to exit with 128 all the time - that's ok, but we need to account for that.
-		log.WithField("exitCode", serr.ExitCode()).Debug("git status --short exited with failed exit code. Working copy is dirty.")
-		res.Dirty = true
-	} else if _, ok := err.(*exec.ExitError); !ok && err != nil {
-		return nil, err
-	} else if len(strings.TrimSpace(string(out))) != 0 {
-		res.Dirty = true
-		log.WithField("out", string(out)).Debug("`git status --short` produced output. Working copy is dirty.")
-	}
-
-	return &res, nil
-}
-
 // buildEnvironmentManifest executes the commands of an env manifest and updates the values
 func buildEnvironmentManifest(entries EnvironmentManifest, pkgtpes map[PackageType]struct{}) (res EnvironmentManifest, err error) {
 	t0 := time.Now()