From 1dfc76c54edc721ed2705246c0b2b093b2ae41c3 Mon Sep 17 00:00:00 2001
From: Alex Boden <alex.boden@uwaterloo.ca>
Date: Mon, 23 Dec 2024 19:27:18 -0500
Subject: [PATCH] Add automatic whitelist re-signing (#10)

Resolves #9 by adding a cron job to run the `cvmfs_server resign`
everyday as recommended
[here](https://cvmfs.readthedocs.io/en/stable/cpt-repo.html).

Also removes an unnecessary entrypoint.sh file.

Tried out Copilot Workspace:

For more details, open the [Copilot Workspace
session](https://copilot-workspace.githubnext.com/WATonomous/cvmfs-ephemeral/pull/10?shareId=a3561e63-52ca-4a52-8eb4-afe4f3ad1807).
---
 README.md                |  2 +-
 server/src/entrypoint.sh |  9 ---------
 server/src/main.py       | 12 ++++++++++++
 3 files changed, 13 insertions(+), 10 deletions(-)
 delete mode 100644 server/src/entrypoint.sh

diff --git a/README.md b/README.md
index 1954356..bc23008 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ Coming soon:
     - When using the custom FastAPI upload server, speeds reach over 400MiB/s easily. We'll adopt this approach.
 - [x] Garbage collection
 - [ ] Better documentation
-- [ ] Automatic [whitelist re-signing](https://cvmfs.readthedocs.io/en/stable/apx-security.html#signature-details)
+- [x] Automatic [whitelist re-signing](https://cvmfs.readthedocs.io/en/stable/apx-security.html#signature-details)
 
 ### Manual Testing
 
diff --git a/server/src/entrypoint.sh b/server/src/entrypoint.sh
deleted file mode 100644
index 349260a..0000000
--- a/server/src/entrypoint.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-set -o errexit -o nounset -o pipefail
-
-mkdir /srv/cvmfs
-ln -s /srv/cvmfs /var/www/cvmfs
-a2enmod headers expires proxy proxy_http
-service apache2 start
-
diff --git a/server/src/main.py b/server/src/main.py
index ca178db..8b9f2b9 100644
--- a/server/src/main.py
+++ b/server/src/main.py
@@ -137,6 +137,8 @@ async def fastapi_lifespan(app: FastAPI):
         scheduler.start()
         # Run housekeeping every minute
         scheduler.add_job(housekeeping, CronTrigger.from_crontab("* * * * *"))
+        # Run resign_whitelist daily
+        scheduler.add_job(resign_whitelist, CronTrigger.from_crontab("0 0 * * *"))
         yield
     finally:
         scheduler.shutdown()
@@ -426,6 +428,16 @@ def housekeeping():
     logger.info(f"Housekeeping completed. Took {housekeeping_end - housekeeping_start:.2f}s")
     return {"message": "Housekeeping completed", "housekeeping_time_s": housekeeping_end - housekeeping_start}
 
+@app.command()
+@fastapi_app.post("/resign")
+def resign_whitelist():
+    """
+    Function to run the cvmfs_server resign command.
+    """
+    logger.info("Running cvmfs_server resign")
+    subprocess.run(["cvmfs_server", "resign"], check=True)
+    return {"message": "cvmfs_server resign completed successfully"}
+
 @app.command()
 def start_server(port: int = 81):
     uvicorn.run(fastapi_app, host="0.0.0.0", port=port)