Merge pull request #17 from totem/develop

0.6.6 Release
totem · Aug 20, 2015 · fd02510 · fd02510
2 parents fd816f3 + 99e1fd1
commit fd02510
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 6 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -15,7 +15,7 @@ RUN apt-get update --fix-missing && \
 RUN mkdir -p  /root/.ssh && chmod  500 /root/.ssh && chown -R root:root /root/.ssh
 
 # Install Docker
-RUN curl -o /usr/local/bin/docker https://get.docker.io/builds/Linux/x86_64/docker-1.4.1
+RUN curl -L -o /usr/local/bin/docker https://get.docker.io/builds/Linux/x86_64/docker-1.4.1
 ADD .docker/wrapdocker /usr/local/bin/wrapdocker
 RUN chmod +x /usr/local/bin/docker /usr/local/bin/wrapdocker
 

diff --git a/README.md b/README.md
@@ -83,7 +83,7 @@ docker run -P -d -h image-factory.$USER -v /dev/log:/dev/log -v /var/run/docker.
 ```
 
 ### Docker in Docker (using privileged mode)  
-In this mode, imagefactury runs Docker-in-Docker and therefore has several unique requirements when running the image. 
+In this mode, imagefactory runs Docker-in-Docker and therefore has several unique requirements when running the image. 
 Most notably you need to run the image in a `--privileged` mode with custom LXC arguments to disable AppArmor. An example run command is below:
 
 ```bash
@@ -97,7 +97,7 @@ might be removed in future releases.
 ## Run Configuration (Environment Variables)  
 | Env Variable | Description | Default Value (Docker)|
 | ------------ | ----------- | --------------------- |
-| ETCD_HOST | Etcd server host. | 172.17.42.1 |
+| ETCD_HOST | Etcd server host. |      |
 | ETCD_PORT | Etcd server port. | 4001 |
 | ETCD_TOTEM_BASE | Base path for totem configurations | /totem |
 | HOOK_POST_URL | URL to be used for post build notification | |

diff --git a/bin/supervisord-wrapper.sh b/bin/supervisord-wrapper.sh
@@ -1,7 +1,9 @@
 #!/bin/bash -le
 
+HOST_IP="${HOST_IP:-$(/sbin/ip route|awk '/default/ { print $3 }')}"
+
 cat <<END>> /etc/profile.d/image-factory-env.sh
-export ETCD_HOST='${ETCD_HOST:-172.17.42.1}'
+export ETCD_HOST='${ETCD_HOST:-$HOST_IP}'
 export ETCD_PORT='${ETCD_PORT:-4001}'
 export ETCD_TOTEM_BASE='${ETCD_TOTEM_BASE:-/totem}'
 export SSH_HOST_KEY='${SSH_HOST_KEY:-/root/.ssh/id_rsa}'

diff --git a/lib/restify/authorize-signature.js b/lib/restify/authorize-signature.js
@@ -28,7 +28,7 @@ function usingSignedRequest(secret, header) {
 
   return function authorize(req, res, next) {
       var hmac = crypto.createHmac('sha1', secret);
-      hmac.update(req.body);
+      hmac.update(new Buffer(req.body, 'utf-8'));
       var calculatedSignature = 'sha1=' + hmac.digest('hex');
       var actualSignature = req.header(header);
       if (actualSignature !== calculatedSignature) {

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "image-factory",
-  "version": "0.6.5",
+  "version": "0.6.6",
   "description": "Docker Image Factory",
   "keywords": [
     "docker",

diff --git a/test/unit/restify/authorize-signature.js b/test/unit/restify/authorize-signature.js
@@ -0,0 +1,64 @@
+'use strict';
+
+var chai = require('chai'),
+  sinon = require('sinon'),
+  usingSignedRequest = require('../../../lib/restify/authorize-signature'),
+  constants = require('../../../lib/constants'),
+  EventEmitter = require('events').EventEmitter,
+  restify = require('restify'),
+  expect = chai.expect,
+  sinonChai = require('sinon-chai');
+
+describe('Image Factory - authorize', function () {
+  var authorize,signature,next;
+
+  beforeEach(function () {
+    authorize = usingSignedRequest('changeit');
+    signature = 'X-Hook-Signature';
+    next = sinon.stub();
+  });
+
+
+  it('should authorize request when valid signature is passed', function (done) {
+    var req = {
+      body: '{"test": "data"}',
+      header: sinon.stub()
+    };
+    req.header.withArgs(signature).returns('sha1=8c2dfb16db7498d0a1085c4b13f141282fbb75fd');
+
+    authorize(req, null, next);
+
+    next.should.have.been.calledWithExactly();
+    done()
+  });
+
+   it('should authorize request with utf-8 encoded characters', function (done) {
+    var req = {
+      body: '{"test": "a’s"}',
+      header: sinon.stub()
+    };
+    req.header.withArgs(signature).returns('sha1=d2b5883194460664a460e4523c2056d8e1a48512');
+
+    authorize(req, null, next);
+
+    next.should.have.been.calledWithExactly();
+    done()
+  });
+
+   it('should fail to authorize request when invalid signature is passed', function (done) {
+     var req = {
+       body: '{"test": "data"}',
+       header: sinon.stub()
+     };
+     req.header.withArgs(signature).returns('sha1=invalid');
+
+     authorize(req, null, next);
+
+     next.should.have.been.calledWithExactly(
+        new restify.errors.InvalidCredentialsError(
+            'Mismatch in computed signature and the passed signature of the request payload.'));
+
+     done()
+  });
+
+});