Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix agent downloader with new signing key for 1.46.0 #3513

Merged
merged 7 commits into from Feb 6, 2024
Merged

Fix agent downloader with new signing key for 1.46.0 #3513

merged 7 commits into from Feb 6, 2024

Conversation

SylvainJuge
Copy link
Member

@SylvainJuge SylvainJuge commented Feb 2, 2024
edited

What does this PR do?

The signing key for deployed artifacts in maven central has changed, so we need to update the Key ID and public key used for validation.

Apart from breaking unit tests, this only impacts the agent downloader that attemps to validate the downloaded agent with an embedded copy of the public key and key ID.
So the 1.46.0 agent won't be able to download itself.

This fix adds support for multiple keys and embeds the new key.

Checklist

  • This is something else
    • I have updated CHANGELOG.asciidoc
    • tests added/modified to verify it works as expected
    • update PR with new public key

@elastic-apm-tech elastic-apm-tech added this to In Progress in APM-Agents (OLD) Feb 2, 2024
@SylvainJuge SylvainJuge changed the title Test using new signing key ID Fix agent downloader with new signing key for 1.46.0 Feb 2, 2024
SylvainJuge
SylvainJuge commented Feb 5, 2024
View reviewed changes
apm-agent-attach-cli/src/main/java/co/elastic/apm/attach/AgentDownloader.java

private static byte[] toByteArray(InputStream inputStream, int size) throws IOException {
byte[] result = new byte[size];
if (size == 0 || size != inputStream.read(result) || inputStream.read() >= 0) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[for reviewer] we can get away without a loop here as the content has known size and is rather small (less than 1kb).

apm-agent-attach-cli/src/test/java/co/elastic/apm/attach/AgentDownloaderTest.java
@@ -36,6 +41,7 @@

class AgentDownloaderTest {

// valid key stored in valid_key.asc, but not the one used to sign agent artifacts
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[for reviewer] here we need to have a valid GPG key.

@SylvainJuge SylvainJuge marked this pull request as ready for review February 5, 2024 15:08
@SylvainJuge SylvainJuge merged commit 00c1f35 into elastic:main Feb 6, 2024
17 of 24 checks passed
APM-Agents (OLD) automation moved this from In Progress to Done Feb 6, 2024
@SylvainJuge SylvainJuge deleted the signing-key-id branch February 6, 2024 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JonasKunz JonasKunz JonasKunz approved these changes

Assignees
No one assigned
Labels
agent-java
Projects
APM-Agents (OLD)
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@SylvainJuge @JonasKunz