Fixing bug with standalone mode

Signed-off-by: Janos Bonic <[email protected]>

downloader.go

@@ -46,7 +46,20 @@ func New(opts ...ConfigOpt) (Downloader, error) {
 		}
 	}
 
-	key, err := crypto.NewKeyFromArmored(cfg.GPGKey)
+	keyRing, err := createKeyRing(cfg.GPGKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return &downloader{
+		cfg,
+		tpl,
+		keyRing,
+	}, nil
+}
+
+func createKeyRing(armoredKey string) (*crypto.KeyRing, error) {
+	key, err := crypto.NewKeyFromArmored(armoredKey)
 	if err != nil {
 		return nil, &InvalidConfigurationError{
 			Message: "Failed to decode GPG key",
@@ -61,12 +74,7 @@ func New(opts ...ConfigOpt) (Downloader, error) {
 	if err != nil {
 		return nil, &InvalidConfigurationError{Message: "Cannot create keyring", Cause: err}
 	}
-
-	return &downloader{
-		cfg,
-		tpl,
-		keyRing,
-	}, nil
+	return keyRing, nil
 }
 
 type downloader struct {

mirror.go

@@ -8,6 +8,9 @@ import (
 	"fmt"
 	"net/http"
 	"time"
+
+	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/opentofu/tofudl/branding"
 )
 
 // NewMirror creates a new mirror, optionally acting as a pull-through cache when passing a pullThroughDownloader.
@@ -17,10 +20,20 @@ func NewMirror(config MirrorConfig, storage MirrorStorage, pullThroughDownloader
 			"no storage and no pull-through downloader passed to NewMirror, cannot create a working mirror",
 		)
 	}
+	if config.GPGKey == "" {
+		config.GPGKey = branding.DefaultGPGKey
+	}
+
+	keyRing, err := createKeyRing(config.GPGKey)
+	if err != nil {
+		return nil, err
+	}
+
 	return &mirror{
 		storage,
 		pullThroughDownloader,
 		config,
+		keyRing,
 	}, nil
 }
 
@@ -57,10 +70,14 @@ type MirrorConfig struct {
 	// ArtifactCacheTimeout is the time the cached artifacts should be considered valid. A duration of 0 means that
 	// artifacts should not be cached. A duration of -1 means that artifacts should be cached indefinitely.
 	ArtifactCacheTimeout time.Duration `json:"artifact_cache_timeout"`
+
+	//GPGKey is the ASCII-armored key to verify downloaded artifacts against. This is only needed in standalone mode.
+	GPGKey string `json:"gpg_key"`
 }
 
 type mirror struct {
 	storage               MirrorStorage
 	pullThroughDownloader Downloader
 	config                MirrorConfig
+	keyRing               *crypto.KeyRing
 }

mirror_download_version.go

@@ -8,5 +8,5 @@ import (
 )
 
 func (m *mirror) DownloadVersion(ctx context.Context, version VersionWithArtifacts, platform Platform, architecture Architecture) ([]byte, error) {
-	return downloadVersion(ctx, version, platform, architecture, m.DownloadArtifact, m.pullThroughDownloader.VerifyArtifact)
+	return downloadVersion(ctx, version, platform, architecture, m.DownloadArtifact, m.VerifyArtifact)
 }

mirror_verify_artifact.go

@@ -4,5 +4,8 @@
 package tofudl
 
 func (m *mirror) VerifyArtifact(artifactName string, artifactContents []byte, sumsFileContents []byte, signatureFileContent []byte) error {
-	return m.pullThroughDownloader.VerifyArtifact(artifactName, artifactContents, sumsFileContents, signatureFileContent)
+	if m.pullThroughDownloader != nil {
+		return m.pullThroughDownloader.VerifyArtifact(artifactName, artifactContents, sumsFileContents, signatureFileContent)
+	}
+	return verifyArtifact(m.keyRing, artifactName, artifactContents, sumsFileContents, signatureFileContent)
 }