Add automatic whitelist re-signing (#10)

Resolves #9 by adding a cron job to run the `cvmfs_server resign` everyday as recommended [here](https://cvmfs.readthedocs.io/en/stable/cpt-repo.html). Also removes an unnecessary entrypoint.sh file. Tried out Copilot Workspace: For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/WATonomous/cvmfs-ephemeral/pull/10?shareId=a3561e63-52ca-4a52-8eb4-afe4f3ad1807).
WATonomous · Dec 24, 2024 · 1dfc76c · 1dfc76c
1 parent c29662d
commit 1dfc76c
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ Coming soon:
     - When using the custom FastAPI upload server, speeds reach over 400MiB/s easily. We'll adopt this approach.
 - [x] Garbage collection
 - [ ] Better documentation
-- [ ] Automatic [whitelist re-signing](https://cvmfs.readthedocs.io/en/stable/apx-security.html#signature-details)
+- [x] Automatic [whitelist re-signing](https://cvmfs.readthedocs.io/en/stable/apx-security.html#signature-details)
 
 ### Manual Testing
 

diff --git a/server/src/entrypoint.sh b/server/src/entrypoint.sh
diff --git a/server/src/main.py b/server/src/main.py
@@ -137,6 +137,8 @@ async def fastapi_lifespan(app: FastAPI):
         scheduler.start()
         # Run housekeeping every minute
         scheduler.add_job(housekeeping, CronTrigger.from_crontab("* * * * *"))
+        # Run resign_whitelist daily
+        scheduler.add_job(resign_whitelist, CronTrigger.from_crontab("0 0 * * *"))
         yield
     finally:
         scheduler.shutdown()
@@ -426,6 +428,16 @@ def housekeeping():
     logger.info(f"Housekeeping completed. Took {housekeeping_end - housekeeping_start:.2f}s")
     return {"message": "Housekeeping completed", "housekeeping_time_s": housekeeping_end - housekeeping_start}
 
+@app.command()
+@fastapi_app.post("/resign")
+def resign_whitelist():
+    """
+    Function to run the cvmfs_server resign command.
+    """
+    logger.info("Running cvmfs_server resign")
+    subprocess.run(["cvmfs_server", "resign"], check=True)
+    return {"message": "cvmfs_server resign completed successfully"}
+
 @app.command()
 def start_server(port: int = 81):
     uvicorn.run(fastapi_app, host="0.0.0.0", port=port)