verify: verify active manifest at Coordinator

edgelesssys · Jun 26, 2024 · 3c57cd6 · 3c57cd6
1 parent afdc62e
commit 3c57cd6
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/cli/cmd/generate.go b/cli/cmd/generate.go
@@ -144,7 +144,7 @@ func runGenerate(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return fmt.Errorf("failed to marshal manifest: %w", err)
 	}
-	if err := os.WriteFile(flags.manifestPath, manifestData, 0o644); err != nil {
+	if err := os.WriteFile(flags.manifestPath, append(manifestData, '\n'), 0o644); err != nil {
 		return fmt.Errorf("failed to write manifest: %w", err)
 	}
 

diff --git a/cli/cmd/verify.go b/cli/cmd/verify.go
@@ -4,6 +4,7 @@
 package cmd
 
 import (
+	"bytes"
 	"crypto/sha256"
 	"encoding/json"
 	"fmt"
@@ -96,8 +97,6 @@ func runVerify(cmd *cobra.Command, _ []string) error {
 	}
 	log.Debug("Got response")
 
-	fmt.Fprintln(cmd.OutOrStdout(), "✔️ Successfully verified coordinator")
-
 	filelist := map[string][]byte{
 		coordRootPEMFilename: resp.RootCA,
 		meshCAPEMFilename:    resp.MeshCA,
@@ -117,6 +116,14 @@ func runVerify(cmd *cobra.Command, _ []string) error {
 	fmt.Fprintf(cmd.OutOrStdout(), "✔️ Wrote Coordinator configuration and keys to %s\n", filepath.Join(flags.workspaceDir, verifyDir))
 	fmt.Fprintln(cmd.OutOrStdout(), "  Please verify the manifest history and policies")
 
+	currentManifest := resp.Manifests[len(resp.Manifests)-1]
+	if bytes.Equal(currentManifest, manifestBytes) {
+		fmt.Fprintln(cmd.OutOrStdout(), "✔️ Successfully verified Coordinator")
+	} else {
+		fmt.Fprintln(cmd.OutOrStdout(), "❌Manifest at Coordinator does not match local manifest")
+		return fmt.Errorf("failed to verify Coordinator")
+	}
+
 	return nil
 }